Re: how to see manually specified proxy arp entries using "ip neigh"

kuznet@ms2.inr.ac.ru
Sun, 21 Oct 2001 21:21:32 +0400 (MSK DST)


Hello!

> What do you think will happen when a broadcast ARP request for 1.2.3.4
> arrives to both eth0 and eth2?

Nothing. Linuxes attached to the segment even will not notice this.
Just check and guess why. :-)

Windows will dump a funny popup saying that someone uses
their address, but however will continue to work. Probably
with short periods of service deaths if the router is not a router
really, but drops everything instead.

> How can it be done better?

I permanently remind that the situation when a part of protocol
is firewalled, and part of it has _no_ firewall hooks does not smell well.
Proxy arp rules are essentially some underdeveloped private ARP-only
firewall rules.

So, if you rely on core facilities, believe to them and do not break
them with some additional filters.

If you broke them f.e. announcing a pseudo-router with forwarding
enabled but dropping everything with a firewall rule, ARP must not
take care of this. That part of code which drops IP is responsible
for ARPing being in sync to its rules.

Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/