lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <2297DADB-883E-4156-998A-854BE6CAC079@earthlink.net>
Date:	Fri, 11 Jun 2010 12:50:14 -0700
From:	Mitchell Erblich <erblichs@...thlink.net>
To:	Joakim Tjernlund <Joakim.Tjernlund@...nsmode.se>
Cc:	Rick Jones <rick.jones2@...com>, netdev@...r.kernel.org
Subject: Re: Weak host model vs .interface down


On Jun 11, 2010, at 10:06 AM, Joakim Tjernlund wrote:

> Rick Jones <rick.jones2@...com> wrote on 2010/06/11 18:32:20:
>> Joakim Tjernlund wrote:
>>> Linux uses the weak host model which makes the IP addresses part of the system
>>> rather than the interface. However consider this:
>>> 
>>> System A, eth0 connected to the network
>>> # > ifconfig eth0 192.168.1.16
>>> # > ifconfig eth1 192.168.1.17 down
>>> 
>>> System B
>>> # > ping 192.168.1.17
>>> PING 192.168.1.17 (192.168.1.17) 56(84) bytes of data.
>>> 64 bytes from 192.168.1.17: icmp_seq=1 ttl=64 time=0.618 ms
>>> 
>>> Isn't it a bit much to respond on 192.168.1.17 when its interface is down?
>> 
>> As you said at the beginning, the weak end system model presumes the IP address
>> is part of the system.  Seems to me that means unless one removes the IP address
>> from the system it is reasonable for the system to continue to respond to that
>> IP address.  Regardless of what happens to any individual interface.
> 
> The weak model doesn't go into such detail, it is assumption/impl. detail
> to assume that the ip address still is part of the system even when the interface
> is down. One could just as well define interface down as temporarly removing
> the IP address from the system too. This makes make much more sense to me and
> if you always want the system to answer on a IP adress you make it an IP alias.
> 
> Since the current behaviour is a problem to me and routers in general, can
> we change this? What is the current usage model which needs it to stay as is?
> 
>> 
>> Now, I wouldn't expect it to continue to respond to 192.168.1.17 through eth1,
>> but if eth0 is indeed connected to the same broadcast domain, given the
>> following of the weak end-system model, continuing to respond seems consistent
>> with enthusiasticaly following the weak end-system model.
> 
> Dosnt matter if it is in the same broadcast domain, you can use a bridge
> interface or dummy interface too. It will still respond to 192.168.1.17
> I can't find a way disable this behaviour, can you?
> 
> --

Guys

Isn't this the diff between models of a host/end system and a 
router/intermediate system?

Can you verify that xmit capability on the intf is disabled with the 
down arg?

IMO, One possible behaviour is to allow the receipt of a magic
packet to bring up a down system for the "energy star protocol".

Mitchell Erblich



		

		
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ