lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 04 Jul 2009 08:00:58 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Denys Fedoryschenko <denys@...p.net.lb>
Cc:	David Miller <davem@...emloft.net>, netdev@...r.kernel.org
Subject: Re: [RFC] arp announce, arp_proxy and windows ip conflict verification

Denys Fedoryschenko <denys@...p.net.lb> writes:

> On Saturday 04 July 2009 03:46:15 Eric W. Biederman wrote:
>> Denys Fedoryschenko <denys@...p.net.lb> writes:
>> > On Friday 03 July 2009 23:20:05 David Miller wrote:
>> >> I really never should have applied your initial patch, I severely
>> >> regret it.  Thanksfully it's reverted now and we can look into
>> >> this issue more properly.
>> >
>> > If it was said before...
>> >
>> > Then maybe i will try to do some new sysctl value?
>> >
>> > By default it will be old behavior, but it can be changed to new on user
>> > choice.
>> >
>> > Let's say
>> >
>> > net.ipv4.arp_proxy_gateway
>> > net.ipv4.arp_proxy_gratuitous
>>
>> How do machines with addresses without routes to them
>> get packets from machines in other subnets?
>>
>> Eric
> ARP proxy generally was supposed to not export default route(by RFC and by 
> logic) it should be maybe other name, arp_proxy_no_default_gateway_export - 
> but i guess it is too long. With exporting default gateway i have two 
> choices - eat it and have answer to almost any ARP request, or loose for 
> proxy_arp completely this interface (by setting same medium id).
>
> Btw usually proxy_arp "answers" only for directly attached networks, e.g. link 
> layer routes (no gateway), but sure this is not a rule, and sometimes it is 
> even useful to "proxy" gatewayed routes. I am concerned only about 0.0.0.0/0 
> route, which is equal to wildcard.
>
> If i understand question correctly.

Problems occur when you have machines with ip addresses that you don't
have routes to.  How do machines with addresses without routes to them
get packets from machines in other subnets.

Eric


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ