pkg/tcpip/network/arp/arp.go - third_party/gvisor.dev/gvisor/netstack - Git at Google

 // Copyright 2018 The gVisor Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // Package arp implements the ARP network protocol. It is used to resolve
 // IPv4 addresses into link-local MAC addresses, and advertises IPv4
 // addresses of its stack with the local network.
 package arp

 import (
 	"fmt"
 	"sync/atomic"

 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/buffer"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
 	"gvisor.dev/gvisor/pkg/tcpip/header/parse"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 )

 const (
 	// ProtocolNumber is the ARP protocol number.
 	ProtocolNumber = header.ARPProtocolNumber
 )

 // ARP endpoints need to implement stack.NetworkEndpoint because the stack
 // considers the layer above the link-layer a network layer; the only
 // facility provided by the stack to deliver packets to a layer above
 // the link-layer is via stack.NetworkEndpoint.HandlePacket.
 var _ stack.NetworkEndpoint = (*endpoint)(nil)

 type endpoint struct {
 	protocol *protocol

 	// enabled is set to 1 when the NIC is enabled and 0 when it is disabled.
 	//
 	// Must be accessed using atomic operations.
 	enabled uint32

 	nic           stack.NetworkInterface
 	linkAddrCache stack.LinkAddressCache
 	nud           stack.NUDHandler
 }

 func (e *endpoint) Enable() *tcpip.Error {
 	if !e.nic.Enabled() {
 		return tcpip.ErrNotPermitted
 	}

 	e.setEnabled(true)
 	return nil
 }

 func (e *endpoint) Enabled() bool {
 	return e.nic.Enabled() && e.isEnabled()
 }

 // isEnabled returns true if the endpoint is enabled, regardless of the
 // enabled status of the NIC.
 func (e *endpoint) isEnabled() bool {
 	return atomic.LoadUint32(&e.enabled) == 1
 }

 // setEnabled sets the enabled status for the endpoint.
 func (e *endpoint) setEnabled(v bool) {
 	if v {
 		atomic.StoreUint32(&e.enabled, 1)
 	} else {
 		atomic.StoreUint32(&e.enabled, 0)
 	}
 }

 func (e *endpoint) Disable() {
 	e.setEnabled(false)
 }

 // DefaultTTL is unused for ARP. It implements stack.NetworkEndpoint.
 func (*endpoint) DefaultTTL() uint8 {
 	return 0
 }

 func (e *endpoint) MTU() uint32 {
 	lmtu := e.nic.MTU()
 	return lmtu - uint32(e.MaxHeaderLength())
 }

 func (e *endpoint) MaxHeaderLength() uint16 {
 	return e.nic.MaxHeaderLength() + header.ARPSize
 }

 func (*endpoint) Close() {}

 func (*endpoint) WritePacket(*stack.Route, *stack.GSO, stack.NetworkHeaderParams, *stack.PacketBuffer) *tcpip.Error {
 	return tcpip.ErrNotSupported
 }

 // NetworkProtocolNumber implements stack.NetworkEndpoint.NetworkProtocolNumber.
 func (*endpoint) NetworkProtocolNumber() tcpip.NetworkProtocolNumber {
 	return ProtocolNumber
 }

 // WritePackets implements stack.NetworkEndpoint.WritePackets.
 func (*endpoint) WritePackets(*stack.Route, *stack.GSO, stack.PacketBufferList, stack.NetworkHeaderParams) (int, *tcpip.Error) {
 	return 0, tcpip.ErrNotSupported
 }

 func (*endpoint) WriteHeaderIncludedPacket(*stack.Route, *stack.PacketBuffer) *tcpip.Error {
 	return tcpip.ErrNotSupported
 }

 func (e *endpoint) HandlePacket(pkt *stack.PacketBuffer) {
 	stats := e.protocol.stack.Stats().ARP
 	stats.PacketsReceived.Increment()

 	if !e.isEnabled() {
 		stats.DisabledPacketsReceived.Increment()
 		return
 	}

 	h := header.ARP(pkt.NetworkHeader().View())
 	if !h.IsValid() {
 		stats.MalformedPacketsReceived.Increment()
 		return
 	}

 	switch h.Op() {
 	case header.ARPRequest:
 		stats.RequestsReceived.Increment()
 		localAddr := tcpip.Address(h.ProtocolAddressTarget())

 		if e.nud == nil {
 			if e.linkAddrCache.CheckLocalAddress(e.nic.ID(), header.IPv4ProtocolNumber, localAddr) == 0 {
 				stats.RequestsReceivedUnknownTargetAddress.Increment()
 				return // we have no useful answer, ignore the request
 			}

 			addr := tcpip.Address(h.ProtocolAddressSender())
 			linkAddr := tcpip.LinkAddress(h.HardwareAddressSender())
 			e.linkAddrCache.AddLinkAddress(e.nic.ID(), addr, linkAddr)
 		} else {
 			if e.protocol.stack.CheckLocalAddress(e.nic.ID(), header.IPv4ProtocolNumber, localAddr) == 0 {
 				stats.RequestsReceivedUnknownTargetAddress.Increment()
 				return // we have no useful answer, ignore the request
 			}

 			remoteAddr := tcpip.Address(h.ProtocolAddressSender())
 			remoteLinkAddr := tcpip.LinkAddress(h.HardwareAddressSender())
 			e.nud.HandleProbe(remoteAddr, ProtocolNumber, remoteLinkAddr, e.protocol)
 		}

 		respPkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
 			ReserveHeaderBytes: int(e.nic.MaxHeaderLength()) + header.ARPSize,
 		})
 		packet := header.ARP(respPkt.NetworkHeader().Push(header.ARPSize))
 		respPkt.NetworkProtocolNumber = ProtocolNumber
 		packet.SetIPv4OverEthernet()
 		packet.SetOp(header.ARPReply)
 		// TODO(gvisor.dev/issue/4582): check copied length once TAP devices have a
 		// link address.
 		_ = copy(packet.HardwareAddressSender(), e.nic.LinkAddress())
 		if n := copy(packet.ProtocolAddressSender(), h.ProtocolAddressTarget()); n != header.IPv4AddressSize {
 			panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
 		}
 		origSender := h.HardwareAddressSender()
 		if n := copy(packet.HardwareAddressTarget(), origSender); n != header.EthernetAddressSize {
 			panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.EthernetAddressSize))
 		}
 		if n := copy(packet.ProtocolAddressTarget(), h.ProtocolAddressSender()); n != header.IPv4AddressSize {
 			panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
 		}

 		// As per RFC 826, under Packet Reception:
 		//   Swap hardware and protocol fields, putting the local hardware and
 		//   protocol addresses in the sender fields.
 		//
 		//   Send the packet to the (new) target hardware address on the same
 		//   hardware on which the request was received.
 		if err := e.nic.WritePacketToRemote(tcpip.LinkAddress(origSender), nil /* gso */, ProtocolNumber, respPkt); err != nil {
 			stats.OutgoingRepliesDropped.Increment()
 		} else {
 			stats.OutgoingRepliesSent.Increment()
 		}

 	case header.ARPReply:
 		stats.RepliesReceived.Increment()
 		addr := tcpip.Address(h.ProtocolAddressSender())
 		linkAddr := tcpip.LinkAddress(h.HardwareAddressSender())

 		if e.nud == nil {
 			e.linkAddrCache.AddLinkAddress(e.nic.ID(), addr, linkAddr)
 			return
 		}

 		// The solicited, override, and isRouter flags are not available for ARP;
 		// they are only available for IPv6 Neighbor Advertisements.
 		e.nud.HandleConfirmation(addr, linkAddr, stack.ReachabilityConfirmationFlags{
 			// Solicited and unsolicited (also referred to as gratuitous) ARP Replies
 			// are handled equivalently to a solicited Neighbor Advertisement.
 			Solicited: true,
 			// If a different link address is received than the one cached, the entry
 			// should always go to Stale.
 			Override: false,
 			// ARP does not distinguish between router and non-router hosts.
 			IsRouter: false,
 		})
 	}
 }

 // protocol implements stack.NetworkProtocol and stack.LinkAddressResolver.
 type protocol struct {
 	stack *stack.Stack
 }

 func (p *protocol) Number() tcpip.NetworkProtocolNumber { return ProtocolNumber }
 func (p *protocol) MinimumPacketSize() int              { return header.ARPSize }
 func (p *protocol) DefaultPrefixLen() int               { return 0 }

 func (*protocol) ParseAddresses(buffer.View) (src, dst tcpip.Address) {
 	return "", ""
 }

 func (p *protocol) NewEndpoint(nic stack.NetworkInterface, linkAddrCache stack.LinkAddressCache, nud stack.NUDHandler, dispatcher stack.TransportDispatcher) stack.NetworkEndpoint {
 	e := &endpoint{
 		protocol:      p,
 		nic:           nic,
 		linkAddrCache: linkAddrCache,
 		nud:           nud,
 	}
 	return e
 }

 // LinkAddressProtocol implements stack.LinkAddressResolver.LinkAddressProtocol.
 func (*protocol) LinkAddressProtocol() tcpip.NetworkProtocolNumber {
 	return header.IPv4ProtocolNumber
 }

 // LinkAddressRequest implements stack.LinkAddressResolver.LinkAddressRequest.
 func (p *protocol) LinkAddressRequest(targetAddr, localAddr tcpip.Address, remoteLinkAddr tcpip.LinkAddress, nic stack.NetworkInterface) *tcpip.Error {
 	stats := p.stack.Stats().ARP

 	if len(remoteLinkAddr) == 0 {
 		remoteLinkAddr = header.EthernetBroadcastAddress
 	}

 	nicID := nic.ID()
 	if len(localAddr) == 0 {
 		addr, err := p.stack.GetMainNICAddress(nicID, header.IPv4ProtocolNumber)
 		if err != nil {
 			stats.OutgoingRequestInterfaceHasNoLocalAddressErrors.Increment()
 			return err
 		}

 		if len(addr.Address) == 0 {
 			stats.OutgoingRequestNetworkUnreachableErrors.Increment()
 			return tcpip.ErrNetworkUnreachable
 		}

 		localAddr = addr.Address
 	} else if p.stack.CheckLocalAddress(nicID, header.IPv4ProtocolNumber, localAddr) == 0 {
 		stats.OutgoingRequestBadLocalAddressErrors.Increment()
 		return tcpip.ErrBadLocalAddress
 	}

 	pkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
 		ReserveHeaderBytes: int(nic.MaxHeaderLength()) + header.ARPSize,
 	})
 	h := header.ARP(pkt.NetworkHeader().Push(header.ARPSize))
 	pkt.NetworkProtocolNumber = ProtocolNumber
 	h.SetIPv4OverEthernet()
 	h.SetOp(header.ARPRequest)
 	// TODO(gvisor.dev/issue/4582): check copied length once TAP devices have a
 	// link address.
 	_ = copy(h.HardwareAddressSender(), nic.LinkAddress())
 	if n := copy(h.ProtocolAddressSender(), localAddr); n != header.IPv4AddressSize {
 		panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
 	}
 	if n := copy(h.ProtocolAddressTarget(), targetAddr); n != header.IPv4AddressSize {
 		panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
 	}
 	if err := nic.WritePacketToRemote(remoteLinkAddr, nil /* gso */, ProtocolNumber, pkt); err != nil {
 		stats.OutgoingRequestsDropped.Increment()
 		return err
 	}
 	stats.OutgoingRequestsSent.Increment()
 	return nil
 }

 // ResolveStaticAddress implements stack.LinkAddressResolver.ResolveStaticAddress.
 func (*protocol) ResolveStaticAddress(addr tcpip.Address) (tcpip.LinkAddress, bool) {
 	if addr == header.IPv4Broadcast {
 		return header.EthernetBroadcastAddress, true
 	}
 	if header.IsV4MulticastAddress(addr) {
 		return header.EthernetAddressFromMulticastIPv4Address(addr), true
 	}
 	return tcpip.LinkAddress([]byte(nil)), false
 }

 // SetOption implements stack.NetworkProtocol.SetOption.
 func (*protocol) SetOption(tcpip.SettableNetworkProtocolOption) *tcpip.Error {
 	return tcpip.ErrUnknownProtocolOption
 }

 // Option implements stack.NetworkProtocol.Option.
 func (*protocol) Option(tcpip.GettableNetworkProtocolOption) *tcpip.Error {
 	return tcpip.ErrUnknownProtocolOption
 }

 // Close implements stack.TransportProtocol.Close.
 func (*protocol) Close() {}

 // Wait implements stack.TransportProtocol.Wait.
 func (*protocol) Wait() {}

 // Parse implements stack.NetworkProtocol.Parse.
 func (*protocol) Parse(pkt *stack.PacketBuffer) (proto tcpip.TransportProtocolNumber, hasTransportHdr bool, ok bool) {
 	return 0, false, parse.ARP(pkt)
 }

 // NewProtocol returns an ARP network protocol.
 func NewProtocol(s *stack.Stack) stack.NetworkProtocol {
 	return &protocol{stack: s}
 }
	// Copyright 2018 The gVisor Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// Package arp implements the ARP network protocol. It is used to resolve
	// IPv4 addresses into link-local MAC addresses, and advertises IPv4
	// addresses of its stack with the local network.
	package arp

	import (
	"fmt"
	"sync/atomic"

	"gvisor.dev/gvisor/pkg/tcpip"
	"gvisor.dev/gvisor/pkg/tcpip/buffer"
	"gvisor.dev/gvisor/pkg/tcpip/header"
	"gvisor.dev/gvisor/pkg/tcpip/header/parse"
	"gvisor.dev/gvisor/pkg/tcpip/stack"
	)

	const (
	// ProtocolNumber is the ARP protocol number.
	ProtocolNumber = header.ARPProtocolNumber
	)

	// ARP endpoints need to implement stack.NetworkEndpoint because the stack
	// considers the layer above the link-layer a network layer; the only
	// facility provided by the stack to deliver packets to a layer above
	// the link-layer is via stack.NetworkEndpoint.HandlePacket.
	var _ stack.NetworkEndpoint = (*endpoint)(nil)

	type endpoint struct {
	protocol *protocol

	// enabled is set to 1 when the NIC is enabled and 0 when it is disabled.
	//
	// Must be accessed using atomic operations.
	enabled uint32

	nic stack.NetworkInterface
	linkAddrCache stack.LinkAddressCache
	nud stack.NUDHandler
	}

	func (e endpoint) Enable() tcpip.Error {
	if !e.nic.Enabled() {
	return tcpip.ErrNotPermitted
	}

	e.setEnabled(true)
	return nil
	}

	func (e *endpoint) Enabled() bool {
	return e.nic.Enabled() && e.isEnabled()
	}

	// isEnabled returns true if the endpoint is enabled, regardless of the
	// enabled status of the NIC.
	func (e *endpoint) isEnabled() bool {
	return atomic.LoadUint32(&e.enabled) == 1
	}

	// setEnabled sets the enabled status for the endpoint.
	func (e *endpoint) setEnabled(v bool) {
	if v {
	atomic.StoreUint32(&e.enabled, 1)
	} else {
	atomic.StoreUint32(&e.enabled, 0)
	}
	}

	func (e *endpoint) Disable() {
	e.setEnabled(false)
	}

	// DefaultTTL is unused for ARP. It implements stack.NetworkEndpoint.
	func (*endpoint) DefaultTTL() uint8 {
	return 0
	}

	func (e *endpoint) MTU() uint32 {
	lmtu := e.nic.MTU()
	return lmtu - uint32(e.MaxHeaderLength())
	}

	func (e *endpoint) MaxHeaderLength() uint16 {
	return e.nic.MaxHeaderLength() + header.ARPSize
	}

	func (*endpoint) Close() {}

	func (endpoint) WritePacket(stack.Route, stack.GSO, stack.NetworkHeaderParams, stack.PacketBuffer) *tcpip.Error {
	return tcpip.ErrNotSupported
	}

	// NetworkProtocolNumber implements stack.NetworkEndpoint.NetworkProtocolNumber.
	func (*endpoint) NetworkProtocolNumber() tcpip.NetworkProtocolNumber {
	return ProtocolNumber
	}

	// WritePackets implements stack.NetworkEndpoint.WritePackets.
	func (endpoint) WritePackets(stack.Route, stack.GSO, stack.PacketBufferList, stack.NetworkHeaderParams) (int, tcpip.Error) {
	return 0, tcpip.ErrNotSupported
	}

	func (endpoint) WriteHeaderIncludedPacket(stack.Route, stack.PacketBuffer) tcpip.Error {
	return tcpip.ErrNotSupported
	}

	func (e endpoint) HandlePacket(pkt stack.PacketBuffer) {
	stats := e.protocol.stack.Stats().ARP
	stats.PacketsReceived.Increment()

	if !e.isEnabled() {
	stats.DisabledPacketsReceived.Increment()
	return
	}

	h := header.ARP(pkt.NetworkHeader().View())
	if !h.IsValid() {
	stats.MalformedPacketsReceived.Increment()
	return
	}

	switch h.Op() {
	case header.ARPRequest:
	stats.RequestsReceived.Increment()
	localAddr := tcpip.Address(h.ProtocolAddressTarget())

	if e.nud == nil {
	if e.linkAddrCache.CheckLocalAddress(e.nic.ID(), header.IPv4ProtocolNumber, localAddr) == 0 {
	stats.RequestsReceivedUnknownTargetAddress.Increment()
	return // we have no useful answer, ignore the request
	}

	addr := tcpip.Address(h.ProtocolAddressSender())
	linkAddr := tcpip.LinkAddress(h.HardwareAddressSender())
	e.linkAddrCache.AddLinkAddress(e.nic.ID(), addr, linkAddr)
	} else {
	if e.protocol.stack.CheckLocalAddress(e.nic.ID(), header.IPv4ProtocolNumber, localAddr) == 0 {
	stats.RequestsReceivedUnknownTargetAddress.Increment()
	return // we have no useful answer, ignore the request
	}

	remoteAddr := tcpip.Address(h.ProtocolAddressSender())
	remoteLinkAddr := tcpip.LinkAddress(h.HardwareAddressSender())
	e.nud.HandleProbe(remoteAddr, ProtocolNumber, remoteLinkAddr, e.protocol)
	}

	respPkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
	ReserveHeaderBytes: int(e.nic.MaxHeaderLength()) + header.ARPSize,
	})
	packet := header.ARP(respPkt.NetworkHeader().Push(header.ARPSize))
	respPkt.NetworkProtocolNumber = ProtocolNumber
	packet.SetIPv4OverEthernet()
	packet.SetOp(header.ARPReply)
	// TODO(gvisor.dev/issue/4582): check copied length once TAP devices have a
	// link address.
	_ = copy(packet.HardwareAddressSender(), e.nic.LinkAddress())
	if n := copy(packet.ProtocolAddressSender(), h.ProtocolAddressTarget()); n != header.IPv4AddressSize {
	panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
	}
	origSender := h.HardwareAddressSender()
	if n := copy(packet.HardwareAddressTarget(), origSender); n != header.EthernetAddressSize {
	panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.EthernetAddressSize))
	}
	if n := copy(packet.ProtocolAddressTarget(), h.ProtocolAddressSender()); n != header.IPv4AddressSize {
	panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
	}

	// As per RFC 826, under Packet Reception:
	// Swap hardware and protocol fields, putting the local hardware and
	// protocol addresses in the sender fields.
	//
	// Send the packet to the (new) target hardware address on the same
	// hardware on which the request was received.
	if err := e.nic.WritePacketToRemote(tcpip.LinkAddress(origSender), nil /* gso */, ProtocolNumber, respPkt); err != nil {
	stats.OutgoingRepliesDropped.Increment()
	} else {
	stats.OutgoingRepliesSent.Increment()
	}

	case header.ARPReply:
	stats.RepliesReceived.Increment()
	addr := tcpip.Address(h.ProtocolAddressSender())
	linkAddr := tcpip.LinkAddress(h.HardwareAddressSender())

	if e.nud == nil {
	e.linkAddrCache.AddLinkAddress(e.nic.ID(), addr, linkAddr)
	return
	}

	// The solicited, override, and isRouter flags are not available for ARP;
	// they are only available for IPv6 Neighbor Advertisements.
	e.nud.HandleConfirmation(addr, linkAddr, stack.ReachabilityConfirmationFlags{
	// Solicited and unsolicited (also referred to as gratuitous) ARP Replies
	// are handled equivalently to a solicited Neighbor Advertisement.
	Solicited: true,
	// If a different link address is received than the one cached, the entry
	// should always go to Stale.
	Override: false,
	// ARP does not distinguish between router and non-router hosts.
	IsRouter: false,
	})
	}
	}

	// protocol implements stack.NetworkProtocol and stack.LinkAddressResolver.
	type protocol struct {
	stack *stack.Stack
	}

	func (p *protocol) Number() tcpip.NetworkProtocolNumber { return ProtocolNumber }
	func (p *protocol) MinimumPacketSize() int { return header.ARPSize }
	func (p *protocol) DefaultPrefixLen() int { return 0 }

	func (*protocol) ParseAddresses(buffer.View) (src, dst tcpip.Address) {
	return "", ""
	}

	func (p *protocol) NewEndpoint(nic stack.NetworkInterface, linkAddrCache stack.LinkAddressCache, nud stack.NUDHandler, dispatcher stack.TransportDispatcher) stack.NetworkEndpoint {
	e := &endpoint{
	protocol: p,
	nic: nic,
	linkAddrCache: linkAddrCache,
	nud: nud,
	}
	return e
	}

	// LinkAddressProtocol implements stack.LinkAddressResolver.LinkAddressProtocol.
	func (*protocol) LinkAddressProtocol() tcpip.NetworkProtocolNumber {
	return header.IPv4ProtocolNumber
	}

	// LinkAddressRequest implements stack.LinkAddressResolver.LinkAddressRequest.
	func (p protocol) LinkAddressRequest(targetAddr, localAddr tcpip.Address, remoteLinkAddr tcpip.LinkAddress, nic stack.NetworkInterface) tcpip.Error {
	stats := p.stack.Stats().ARP

	if len(remoteLinkAddr) == 0 {
	remoteLinkAddr = header.EthernetBroadcastAddress
	}

	nicID := nic.ID()
	if len(localAddr) == 0 {
	addr, err := p.stack.GetMainNICAddress(nicID, header.IPv4ProtocolNumber)
	if err != nil {
	stats.OutgoingRequestInterfaceHasNoLocalAddressErrors.Increment()
	return err
	}

	if len(addr.Address) == 0 {
	stats.OutgoingRequestNetworkUnreachableErrors.Increment()
	return tcpip.ErrNetworkUnreachable
	}

	localAddr = addr.Address
	} else if p.stack.CheckLocalAddress(nicID, header.IPv4ProtocolNumber, localAddr) == 0 {
	stats.OutgoingRequestBadLocalAddressErrors.Increment()
	return tcpip.ErrBadLocalAddress
	}

	pkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
	ReserveHeaderBytes: int(nic.MaxHeaderLength()) + header.ARPSize,
	})
	h := header.ARP(pkt.NetworkHeader().Push(header.ARPSize))
	pkt.NetworkProtocolNumber = ProtocolNumber
	h.SetIPv4OverEthernet()
	h.SetOp(header.ARPRequest)
	// TODO(gvisor.dev/issue/4582): check copied length once TAP devices have a
	// link address.
	_ = copy(h.HardwareAddressSender(), nic.LinkAddress())
	if n := copy(h.ProtocolAddressSender(), localAddr); n != header.IPv4AddressSize {
	panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
	}
	if n := copy(h.ProtocolAddressTarget(), targetAddr); n != header.IPv4AddressSize {
	panic(fmt.Sprintf("copied %d bytes, expected %d bytes", n, header.IPv4AddressSize))
	}
	if err := nic.WritePacketToRemote(remoteLinkAddr, nil /* gso */, ProtocolNumber, pkt); err != nil {
	stats.OutgoingRequestsDropped.Increment()
	return err
	}
	stats.OutgoingRequestsSent.Increment()
	return nil
	}

	// ResolveStaticAddress implements stack.LinkAddressResolver.ResolveStaticAddress.
	func (*protocol) ResolveStaticAddress(addr tcpip.Address) (tcpip.LinkAddress, bool) {
	if addr == header.IPv4Broadcast {
	return header.EthernetBroadcastAddress, true
	}
	if header.IsV4MulticastAddress(addr) {
	return header.EthernetAddressFromMulticastIPv4Address(addr), true
	}
	return tcpip.LinkAddress([]byte(nil)), false
	}

	// SetOption implements stack.NetworkProtocol.SetOption.
	func (protocol) SetOption(tcpip.SettableNetworkProtocolOption) tcpip.Error {
	return tcpip.ErrUnknownProtocolOption
	}

	// Option implements stack.NetworkProtocol.Option.
	func (protocol) Option(tcpip.GettableNetworkProtocolOption) tcpip.Error {
	return tcpip.ErrUnknownProtocolOption
	}

	// Close implements stack.TransportProtocol.Close.
	func (*protocol) Close() {}

	// Wait implements stack.TransportProtocol.Wait.
	func (*protocol) Wait() {}

	// Parse implements stack.NetworkProtocol.Parse.
	func (protocol) Parse(pkt stack.PacketBuffer) (proto tcpip.TransportProtocolNumber, hasTransportHdr bool, ok bool) {
	return 0, false, parse.ARP(pkt)
	}

	// NewProtocol returns an ARP network protocol.
	func NewProtocol(s *stack.Stack) stack.NetworkProtocol {
	return &protocol{stack: s}
	}