| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.1004131118290.2767@u.domain.uli> Date: Tue, 13 Apr 2010 11:26:32 +0300 (EEST) From: Julian Anastasov <ja@....bg> To: Ming-Ching Tiew <mctiew@...oo.com> cc: Net Dev <netdev@...r.kernel.org> Subject: Re: Linux arp flux problem Hello, On Sun, 11 Apr 2010, Ming-Ching Tiew wrote: > The following link explains the Linux arp flux problem pretty well, and I myself have been burnt badly by a life site where the "arp_filter" does not help at all. > > http://linux-ip.net/html/ether-arp.html > > And I tested the kernel patch by Julian Anastasov, and it works 100% reliably :- > > http://www.ssi.bg/~ja/#hidden > > My question is the patches has been around for many years, why has it not been included into the kernel ? Is it that Linux is supposed to have this "side effects" of arp linux on purpose ? The "hidden" flag is obsolete, kernel already has arp_ignore and arp_announce vars, see Documentation/networking/ip-sysctl.txt for more information. May be what you need is arp_announce=1/2 and (arp_ignore=1/2 or arp_filter=1 or rp_filter=1). Regards -- Julian Anastasov <ja@....bg> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists