lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 4 Jul 2009 10:55:24 +0300
From:	Denys Fedoryschenko <denys@...p.net.lb>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC] arp announce, arp_proxy and windows ip conflict verification

On Saturday 04 July 2009 03:46:15 Eric W. Biederman wrote:
> Denys Fedoryschenko <denys@...p.net.lb> writes:
> > On Friday 03 July 2009 23:20:05 David Miller wrote:
> >> I really never should have applied your initial patch, I severely
> >> regret it.  Thanksfully it's reverted now and we can look into
> >> this issue more properly.
> >
> > If it was said before...
> >
> > Then maybe i will try to do some new sysctl value?
> >
> > By default it will be old behavior, but it can be changed to new on user
> > choice.
> >
> > Let's say
> >
> > net.ipv4.arp_proxy_gateway
> > net.ipv4.arp_proxy_gratuitous
>
> How do machines with addresses without routes to them
> get packets from machines in other subnets?
>
> Eric
ARP proxy generally was supposed to not export default route(by RFC and by 
logic) it should be maybe other name, arp_proxy_no_default_gateway_export - 
but i guess it is too long. With exporting default gateway i have two 
choices - eat it and have answer to almost any ARP request, or loose for 
proxy_arp completely this interface (by setting same medium id).

Btw usually proxy_arp "answers" only for directly attached networks, e.g. link 
layer routes (no gateway), but sure this is not a rule, and sometimes it is 
even useful to "proxy" gatewayed routes. I am concerned only about 0.0.0.0/0 
route, which is equal to wildcard.

If i understand question correctly.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ