lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 18 Dec 2007 01:35:39 +0100
From:	Patrick McHardy <>
To:	Thomas Graf <>
CC:	Chris Friesen <>,,,,
Subject: Re: "ip neigh show" not showing arp cache entries?

Thomas Graf wrote:
> * Patrick McHardy <> 2007-12-18 00:51
>> Chris Friesen wrote:
>>> Patrick McHardy wrote:
>>>> From a kernel perspective there are only complete dumps, the
>>>> filtering is done by iproute. So the fact that it shows them
>>>> when querying specifically implies there is a bug in the
>>>> iproute neighbour filter. Does it work if you omit "all"
>>> >from the ip neigh show command?
>>> Omitting "all" gives identical results.  It is still missing entries 
>>> when compared with the output of "arp".
>> In that case the easiest way to debug this is probably if you
>> add some debugging to ip/ipneigh.c:print_neigh() since I'm
>> unable to reproduce this problem. A printf for all the filter
>> conditions (=> return 0) at the top should do.
> Alternatively, you can download libnl and run
> 	NLCB=debug src/nl-neigh-dump brief
> and check if the netlink message is sent by the kenrel for the
> neighbour in question. 

It should be, according to Chris, "ip neigh show <ip>" does
show the missing entries, and in case of neighbour entries
all filtering is done in userspace.

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists