Yes, this modifications fixes it. With 'Static ARP' enabled, this is what I can see on the console of pfsense. # ifconfig de1 de1: flags=88843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,STATICARP> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::203:ffff:fe17:1ae1%de1 prefixlen 64 scopeid 0x2 ether 00:03:ff:17:1a:e1 media: Ethernet autoselect (100baseTX) status: active # arp -a ? (192.168.0.1) at 00:09:5b:2a:61:e4 on de0 [ethernet] ? (192.168.0.51) at 00:13:20:2f:93:36 on de0 [ethernet] ? (192.168.1.127) at (incomplete) on de1 [ethernet] ? (192.168.1.250) at ab:cd:ef:ab:cd:ef on de1 permanent [ethernet] #
192.168.1.127 being a LAN client that CANNOT ping because ARP has been turned off using the 'staticarp' parameter. 192.168.1.250 (ab:cd:ef:ab:cd:ef ) is a DHCP reservation. With 'Static ARP' disabled, this is what I can see on the console of pfsense. # ifconfig de1 de1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::203:ffff:fe17:1ae1%de1 prefixlen 64 scopeid 0x2 ether 00:03:ff:17:1a:e1 media: Ethernet autoselect (100baseTX) status: active # arp -a ? (192.168.0.1) at 00:09:5b:2a:61:e4 on de0 [ethernet] ? (192.168.0.51) at 00:13:20:2f:93:36 on de0 [ethernet] ? (192.168.1.127) at 00:03:ff:4b:e3:e8 on de1 [ethernet] # 192.168.1.127 being a LAN client that CAN ping because ARP has been turned on using the '-staticarp' parameter. 192.168.1.250 (ab:cd:ef:ab:cd:ef ) DHCP reservation has been wiped out with 'arp -da'. I would say this feature is stable now. My only concerns was if it messed with captive portal mac state information, but Sullrich mentioned that is maintained by 'ipfw'. Also, I would like to suggest changing the function in services.inc to look like below. The change is in the else statement, an if and for loop to delete the DHCP static mappings as opposed to a global 'arp -da'. I have tested this locally. I supposed an 'arp -da' works just as well, but is more destructive. I realize the arp table will rebuild itself as need be. function interfaces_staticarp_configure($if) { global $config, $g; if(isset($config['system']['developerspew'])) { $mt = microtime(); echo "interfaces_staticarp_configure($if) being called $mt\n"; } $ifcfg = $config['interfaces'][$if]; /* Enable staticarp, if enabled */ if(isset($config['dhcpd'][$if]['staticarp'])) { mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) .. " staticarp " ); mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 "); if (is_array($config['dhcpd'][$if]['staticmap'])) { foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) { mwexec("/usr/sbin/arp -s " . escapeshellarg($arpent['ipaddr']) . " " . escapeshellarg($arpent['mac'])); } } } else { mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) .. " -staticarp " ); if (is_array($config['dhcpd'][$if]['staticmap'])) { foreach ($config['dhcpd'][$if]['staticmap'] as $arpent) { mwexec("/usr/sbin/arp -d " . escapeshellarg($arpent['ipaddr'])); } } } return 0; } ________________________________ From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sat 2/25/2006 12:26 AM To: support@pfsense.com Subject: Re: [pfSense Support] BUG : DHCP - Static ARP ok, try this diff out then: Index: services_dhcp.php =================================================================== RCS file: /cvsroot/pfSense/usr/local/www/services_dhcp.php,v retrieving revision 1.38.2.9 diff -u -r1.38.2.9 services_dhcp.php --- services_dhcp.php 20 Feb 2006 21:02:12 -0000 1.38.2.9 +++ services_dhcp.php 25 Feb 2006 04:25:22 -0000 @@ -181,8 +181,7 @@ write_config(); /* static arp configuration */ - if (isset($config['dhcpd'][$if]['staticarp'])) - interfaces_staticarp_configure($if); + interfaces_staticarp_configure($if); $retval = 0; config_lock(); Let me know if it works properly and I'll commit it. --Bill On 2/24/06, Wesley K. Joyce <[EMAIL PROTECTED]> wrote: > > > Okay, I think I found it. The problem is with services_dhcp.php - > > if($_POST['staticarp'] == "yes") > $config['dhcpd'][$if]['staticarp'] = true; > else > unset($config['dhcpd'][$if]['staticarp']); > write_config(); > /* static arp configuration */ > if > (isset($config['dhcpd'][$if]['staticarp'])) > interfaces_staticarp_configure($if); > > The if statement in bold will always be false if staticarp is off (not > checked), in otherwords unset via > 'unset($config['dhcpd'][$if]['staticarp']);". So this > means that 'interfaces_staticarp_configure($if);' is never > executed when you turn off static arp, so the function > interfaces_staticarp_configure($if) is never called, so > it's else statement is never executed. > > So I would think the fix to be applied is either this > 1. > /* static arp configuration */ > /* if > (isset($config['dhcpd'][$if]['staticarp'])) */ > interfaces_staticarp_configure($if); > > or this > 2. > /* static arp configuration */ > if > (isset($config['dhcpd'][$if]['staticarp'])) > interfaces_staticarp_configure($if); > else > interfaces_staticarp_configure($if); > > I am hoping this will be corrected. Thanks. > > Let me know if I am posting this bug / resolution in the wrong place. > > ________________________________ > > From: Wesley K. Joyce [mailto:[EMAIL PROTECTED] > Sent: Fri 2/24/2006 11:53 PM > To: support@pfsense.com > Subject: [pfSense Support] BUG : DHCP - Static ARP > > > > When I turn on the static arp feature, it executes the code in red. When I > turn off the feature, it does not execute the code in blue. This appears to > be why turning this off is broken, so my question is why? I don't know how > to debug php, but the if statement looks logical. > > TESTING-SNAPSHOT-02-19-06 > > /etc/inc/services.inc > > function interfaces_staticarp_configure($if) { > global $config, $g; > if(isset($config['system']['developerspew'])) { > $mt = microtime(); > echo "interfaces_staticarp_configure($if) being called > $mt\n"; > } > > $ifcfg = $config['interfaces'][$if]; > /* Enable staticarp, if enabled */ > if(isset($config['dhcpd'][$if]['staticarp'])) { > mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " > staticarp " ); > mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 "); > if > (is_array($config['dhcpd'][$if]['staticmap'])) { > foreach > ($config['dhcpd'][$if]['staticmap'] as $arpent) { > mwexec("/usr/sbin/arp -s " . > escapeshellarg($arpent['ipaddr']) . " " . > escapeshellarg($arpent['mac'])); > } > > } > } else { > mwexec("/sbin/ifconfig " . escapeshellarg($ifcfg['if']) . " > -staticarp " ); > mwexec("/usr/sbin/arp -ad > /dev/null 2>&1 "); > } > return 0; > } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]