| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Jun 2010 12:50:14 -0700 From: Mitchell Erblich <erblichs@...thlink.net> To: Joakim Tjernlund <Joakim.Tjernlund@...nsmode.se> Cc: Rick Jones <rick.jones2@...com>, netdev@...r.kernel.org Subject: Re: Weak host model vs .interface down On Jun 11, 2010, at 10:06 AM, Joakim Tjernlund wrote: > Rick Jones <rick.jones2@...com> wrote on 2010/06/11 18:32:20: >> Joakim Tjernlund wrote: >>> Linux uses the weak host model which makes the IP addresses part of the system >>> rather than the interface. However consider this: >>> >>> System A, eth0 connected to the network >>> # > ifconfig eth0 192.168.1.16 >>> # > ifconfig eth1 192.168.1.17 down >>> >>> System B >>> # > ping 192.168.1.17 >>> PING 192.168.1.17 (192.168.1.17) 56(84) bytes of data. >>> 64 bytes from 192.168.1.17: icmp_seq=1 ttl=64 time=0.618 ms >>> >>> Isn't it a bit much to respond on 192.168.1.17 when its interface is down? >> >> As you said at the beginning, the weak end system model presumes the IP address >> is part of the system. Seems to me that means unless one removes the IP address >> from the system it is reasonable for the system to continue to respond to that >> IP address. Regardless of what happens to any individual interface. > > The weak model doesn't go into such detail, it is assumption/impl. detail > to assume that the ip address still is part of the system even when the interface > is down. One could just as well define interface down as temporarly removing > the IP address from the system too. This makes make much more sense to me and > if you always want the system to answer on a IP adress you make it an IP alias. > > Since the current behaviour is a problem to me and routers in general, can > we change this? What is the current usage model which needs it to stay as is? > >> >> Now, I wouldn't expect it to continue to respond to 192.168.1.17 through eth1, >> but if eth0 is indeed connected to the same broadcast domain, given the >> following of the weak end-system model, continuing to respond seems consistent >> with enthusiasticaly following the weak end-system model. > > Dosnt matter if it is in the same broadcast domain, you can use a bridge > interface or dummy interface too. It will still respond to 192.168.1.17 > I can't find a way disable this behaviour, can you? > > -- Guys Isn't this the diff between models of a host/end system and a router/intermediate system? Can you verify that xmit capability on the intf is disabled with the down arg? IMO, One possible behaviour is to allow the receipt of a magic packet to bring up a down system for the "energy star protocol". Mitchell Erblich > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists