| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20100427.171610.66739040.davem@davemloft.net> Date: Tue, 27 Apr 2010 17:16:10 -0700 (PDT) From: David Miller <davem@...emloft.net> To: sasha@...sleep.com Cc: netdev@...r.kernel.org Subject: Re: [PATCH] ipv4: handle GARPs specially when updating neighbors From: Sasha Levin <sasha@...sleep.com> Date: Wed, 21 Apr 2010 01:02:02 -0700 > According to the code, this scenario happens because the kernel > ignores any ARP updates which happened in a short period after the > previous ARP update. The reason which was stated in the comments is > “If several different ARP replies follows back-to-back, use the > FIRST one. It is possible, if several proxy agents are > active. Taking the first reply prevents arp trashing and chooses the > fastest router.”. > > This, however, doesn’t take into account GARPs which are not being > sent by ARP proxies anyway and just ignores them too – causing a > loss of communication for over a minute until the ARP cache > refreshes. It's not just about proxies, it's also about malicious entities on the link that want to absorb all of our traffic to a given destination. With your change, their job is much easier. Although not impossible, it's very difficult currenrtly. Overall, allowing flapping of ARP information is suboptimal at best and dangerous at worst. So sorry, I won't be applying your patch.
Powered by blists - more mailing lists