> What do you think will happen when a broadcast ARP request for 1.2.3.4
> arrives to both eth0 and eth2?
Nothing. Linuxes attached to the segment even will not notice this.
Just check and guess why. :-)
Windows will dump a funny popup saying that someone uses
their address, but however will continue to work. Probably
with short periods of service deaths if the router is not a router
really, but drops everything instead.
> How can it be done better?
I permanently remind that the situation when a part of protocol
is firewalled, and part of it has _no_ firewall hooks does not smell well.
Proxy arp rules are essentially some underdeveloped private ARP-only
firewall rules.
So, if you rely on core facilities, believe to them and do not break
them with some additional filters.
If you broke them f.e. announcing a pseudo-router with forwarding
enabled but dropping everything with a firewall rule, ARP must not
take care of this. That part of code which drops IP is responsible
for ARPing being in sync to its rules.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/