| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E84E666.5080003@gmail.com> Date: Thu, 29 Sep 2011 23:43:02 +0200 From: Nicolas de Pesloüan <nicolas.2p.debian@...il.com> To: skandranon <skandranon@....at>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: Problem with ARP-replies on Kernels 2.6 (possibly 3.0, but not 2.4!) Le 28/09/2011 23:25, skandranon a écrit : >>> So: Is this a bug or a feature? >> >> It is a feature. >> >> You should have a look at the file Documentation/networking/ip-sysctl in the kernel source tree, >> in particular the entry about arp_ignore. >> >> Nicolas. > Many thanks for your quick reply and the pointer to that document. Please, keep netdev in copy. > Seems this feature has been there a long time already, but this has been the first time in all of > the 15 years or so I'm working with Linux that It's bitten my ass. > > May I ask you for an additional pointer explaining in layman's terms what the use cases for values 2 > and 3 would be? - I plain don't understand. 2 seems obvious and is one more level of strictness. If the ARP seems to come from a different subnet, ignore it, even if it enters the host on the "right" interface. I don't know for 3. > And maybe even an explanation what the initial reasoning might have been to select the approach of > assigning IP addresses to the host instead of an interface? I think it is expected to enhance connectivity, by being liberal at what the host accept, which is the base principle of interoperability : Be liberal in what you accept, and conservative in what you send [Jon Postel]. Others may explain this with more history in mind. > The mailing list archive mentioned in e.g. "Understanding Linux Network Internals" I found after > having your hint as a starting point doesn't seem to contain this discussion, which has obviously > been old even back in 2003. > And how come that the 2.4.21 kernel did behave differently? The basics seem to be the same? Unfortunately, I'm not an archaeologist, so I'm totally unable to answer about 2.4.21. Maybe someone else in the list will be. Nicolas. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists