| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Jun 2010 22:46:13 +0200 From: Joakim Tjernlund <joakim.tjernlund@...nsmode.se> To: Mitchell Erblich <erblichs@...thlink.net> Cc: netdev@...r.kernel.org, Rick Jones <rick.jones2@...com> Subject: Re: Weak host model vs .interface down Mitchell Erblich <erblichs@...thlink.net> wrote on 2010/06/11 21:50:14: > > > On Jun 11, 2010, at 10:06 AM, Joakim Tjernlund wrote: > > > Rick Jones <rick.jones2@...com> wrote on 2010/06/11 18:32:20: > >> Joakim Tjernlund wrote: > >>> Linux uses the weak host model which makes the IP addresses part of the system > >>> rather than the interface. However consider this: > >>> > >>> System A, eth0 connected to the network > >>> # > ifconfig eth0 192.168.1.16 > >>> # > ifconfig eth1 192.168.1.17 down > >>> > >>> System B > >>> # > ping 192.168.1.17 > >>> PING 192.168.1.17 (192.168.1.17) 56(84) bytes of data. > >>> 64 bytes from 192.168.1.17: icmp_seq=1 ttl=64 time=0.618 ms > >>> > >>> Isn't it a bit much to respond on 192.168.1.17 when its interface is down? > >> > >> As you said at the beginning, the weak end system model presumes the IP address > >> is part of the system. Seems to me that means unless one removes the IP address > >> from the system it is reasonable for the system to continue to respond to that > >> IP address. Regardless of what happens to any individual interface. > > > > The weak model doesn't go into such detail, it is assumption/impl. detail > > to assume that the ip address still is part of the system even when the interface > > is down. One could just as well define interface down as temporarly removing > > the IP address from the system too. This makes make much more sense to me and > > if you always want the system to answer on a IP adress you make it an IP alias. > > > > Since the current behaviour is a problem to me and routers in general, can > > we change this? What is the current usage model which needs it to stay as is? > > > >> > >> Now, I wouldn't expect it to continue to respond to 192.168.1.17 through eth1, > >> but if eth0 is indeed connected to the same broadcast domain, given the > >> following of the weak end-system model, continuing to respond seems consistent > >> with enthusiasticaly following the weak end-system model. > > > > Dosnt matter if it is in the same broadcast domain, you can use a bridge > > interface or dummy interface too. It will still respond to 192.168.1.17 > > I can't find a way disable this behaviour, can you? > > > > -- > > Guys > > Isn't this the diff between models of a host/end system and a > router/intermediate system? Not sure what you mean here, but there is no such assumtion in the models. > > Can you verify that xmit capability on the intf is disabled with the > down arg? umm, isn't that true by definition? if an I/F is put into down state, it cannot xmit nor receive. > > IMO, One possible behaviour is to allow the receipt of a magic > packet to bring up a down system for the "energy star protocol". isn't that something totally different? I cannot se how that relates to the matter at hand. Jocke -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists