In order to support CARP interfaces kernel was taught to handle more

than one interface in one subnet. However, some userland apps rely on
the believe that this configuration is impossible.

Add a sysctl switch net.inet.ip.same_prefix_carp_only. If the switch
is on, then kernel will refuse to add an additional interface to
already connected subnet unless the interface is CARP. Default
value is off.

PR:			bin/82306
In collaboration with:	mlaier

1 files changed, 12 insertions, 2 deletions

diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 3f9d369161a1..c5d148a1fe07 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -67,6 +67,10 @@ static int	in_ifinit(struct ifnet *,
 static int subnetsarelocal = 0;
 SYSCTL_INT(_net_inet_ip, OID_AUTO, subnets_are_local, CTLFLAG_RW,
 	&subnetsarelocal, 0, "Treat all subnets as directly connected");
+static int sameprefixcarponly = 0;
+SYSCTL_INT(_net_inet_ip, OID_AUTO, same_prefix_carp_only, CTLFLAG_RW,
+	&sameprefixcarponly, 0,
+	"Refuse to create same prefixes on different interfaces");
 
 /*
  * The IPv4 multicast list (in_multihead and associated structures) are
@@ -824,8 +828,14 @@ in_addprefix(target, flags)
 		 * If we got a matching prefix route inserted by other
 		 * interface address, we are done here.
 		 */
-		if (ia->ia_flags & IFA_ROUTE)
-			return 0;
+		if (ia->ia_flags & IFA_ROUTE) {
+			if (sameprefixcarponly &&
+			    target->ia_ifp->if_type != IFT_CARP &&
+			    ia->ia_ifp->if_type != IFT_CARP)
+				return (EEXIST);
+			else
+				return (0);
+		}
 	}
 
 	/*