uamanyip patch

lc chilli at
Fri Apr 4 05:10:09 UTC 2008


This is an interesting point. I use a different subnet to have access  
to access points on the chilli network. So I think the suggested  
uamanyipignorelan option would be excellent if the network to be  
ignored could be defined.


Am 04.04.2008 um 00:07 schrieb Gunther Mayer:

> Hi David,
> I've recently tried out the uamanyip option in coova and was very  
> pleased at how well it works. I want to use it all the time in  
> future across our network to simplify troubleshooting, should save a  
> couple of support calls ;-)
> However, I found a very annoying side effect of uamanyip: It spoofs  
> ARP requests for just about anything. While that's the point of  
> uamanyip, it makes it impossible to have other devices such as  
> access points that you have to access for management purposes on the  
> chilli network. Say chilli listens on and there's  
> another access point with static ip (of course not  
> part of the dynip range) to increase wireless coverage. As soon as  
> anybody tries to ping or otherwise access because  
> chilli will immediately claim it through arp before the real device  
> has a chance to answer - it creates a race condition. Putting such  
> devices on entirely different subnets makes no difference as their  
> ip's will be stolen too. The only though somewhat ugly way I found  
> around that was to clear the arp cache on my client and then force a  
> mapping with arp -s.
> So, I thought wouldn't it be cool to let chilli ignore arp requests  
> for anything other than itself but only on its own subnet. Anything  
> else will still be caught and spoofed as usual. Hence I came up with  
> the below patch, I created it against 1.0.11-stable but applying it  
> to svn (r161) proved trivial, as it's a very short patch.
> I think this should be done by default as it allows devices on the  
> chilli subnet to talk to each other properly (of course for real  
> isolation one would use something like ebtables or a/p isolation).  
> But of course the patch could be extended to make this optional  
> (uamanyipignorelan?) if people wanted to keep the current behaviour.  
> Thoughts?
> Gunther
> Index: dhcp.c
> ===================================================================
> --- dhcp.c      (revision 161)
> +++ dhcp.c      (working copy)
> @@ -2595,6 +2595,14 @@
>      return 0; /* Only reply if he asked for his router address */
>    }
>  }
> +  else if ((taraddr.s_addr != options.dhcplisten.s_addr) &&
> +        ((conn->hisip.s_addr & conn->hismask.s_addr) ==
> +        (reqaddr.s_addr & conn->hismask.s_addr))) {
> +    /* when uamanyip is on we should ignore arp requests that ARE  
> within our subnet except of course the ones for ourselves*/
> +    if (options.debug)
> +      log_dbg("ARP: request for ip other than us within our  
> subnet(uamanyip on), ignoring");
> +    return 0;
> +  }
>  conn->lasttime = mainclock;
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: chilli-unsubscribe at
> For additional commands, e-mail: chilli-help at
> Wiki:
> Forum:

More information about the Chilli mailing list