From: "David S. Miller" <davem@redhat.com>
To: "Carlos Velasco" <carlosev@newipnet.com>
Cc: bloemsaa@xs4all.nl, marcelo@conectiva.com.br, netdev@oss.sgi.com,
linux-net@vger.kernel.org, layes@loran.com, torvalds@osdl.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.4 PATCH] bugfix: ARP respond on all devices
Date: Sun, 27 Jul 2003 18:35:47 -0700 [thread overview]
Message-ID: <20030727183547.784b6ab5.davem@redhat.com> (raw)
In-Reply-To: <200307280323020667.10D68954@192.168.128.16>
On Mon, 28 Jul 2003 03:23:02 +0200
"Carlos Velasco" <carlosev@newipnet.com> wrote:
> On 27/07/2003 at 17:55 David S. Miller wrote:
> >With or without your suggestion, people have to do something
> >different.
>
> Just enabling the hidden switch solved my setting and I think it solves
> most of "problem" settings.
So do my suggestions.
I don't deny that it fixes your problem, that is not what
we're talking about. We're talking about how one should
fix the problem, and I'm trying to show you why "hidden"
patch is not the answer to that.
> >This doesn't even address all the problems there are with
> >the hidden patch. It does things that belong on the netfilter
> >level and not on the ARP/routing level.
>
> Well... it's just your opinion... other OS and systems don't use
> netfilter of firewalling at all (ex. Win) and behave like with "hidden"
> applied.
Ummm, with "hidden" you still have to make a configuration change.
Second of all, "hidden" makes the kernel behave in a non-RFC compliant
way. This is the categorization that I use to determine if something
belongs on the netfilter level or not.
If something changes the way in which the Linux networking
behaves wrt. RFCs, this "operation" belongs at the netfilter level.
This is true for the "hidden" patch. It causes the system to
ignore ARP requests it should respond to.
On the other hand, the "arpfilter" sysctl setting makes the kernel
still behave in an RFC compliant manner, it only responds to ARPs
on interfaces it would use to speak to the requestor.
> Really, the only one I have tested that not do it is Linux 2.2+
Yes, we removed "hidden" from 2.2.x in lieu of "arpfilter" sysctl
and the netfilter ARP filtering module.
> For me (not a kernel developer), my world are the OSI layers,
OSI layers have nothing to do with the problem we are discussing.
BTW, OSI layers are how networking stacks are described in textbooks
and standards and far away from how one should implement said stack.
Van Jacobson even said this once :-)
> I will look... but doing arp filter is not a real simple solution in
> any way.
It would be really nice if people might consider that it could even be
possible to make things like the IPVS layer install the appropriate
NETFILTER_ARP chain rules when the IPVS configuration installed dictates
that one is needed.
People using IPVS wouldn't even need to do _ANYTHING_ if IPVS were
to do that.
And all of that would be _FINE_ because like ARP netfilter, IPVS lies
inside of netfilter where such things which change networking behavior
semantics radically belong.
next prev parent reply other threads:[~2003-07-28 1:24 UTC|newest]
Thread overview: 168+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-27 20:52 [2.4 PATCH] bugfix: ARP respond on all devices Bas Bloemsaat
2003-07-27 22:12 ` David S. Miller
2003-07-28 2:31 ` Ben Greear
2003-07-28 7:33 ` Bas Bloemsaat
2003-07-27 23:40 ` Carlos Velasco
2003-07-27 23:46 ` David S. Miller
2003-07-27 23:58 ` Carlos Velasco
2003-07-27 23:58 ` David S. Miller
2003-07-28 0:11 ` Carlos Velasco
2003-07-28 0:14 ` David S. Miller
2003-07-28 0:35 ` Carlos Velasco
2003-07-28 0:36 ` David S. Miller
2003-07-28 0:53 ` Carlos Velasco
2003-07-28 0:55 ` David S. Miller
2003-07-28 1:23 ` Carlos Velasco
2003-07-28 1:35 ` David S. Miller [this message]
2003-07-28 10:43 ` Carlos Velasco
2003-07-28 17:09 ` Phil Oester
2003-07-28 18:56 ` Bas Bloemsaat
2003-07-28 4:37 ` David Lang
2003-07-28 4:39 ` David S. Miller
2003-07-28 10:49 ` Carlos Velasco
2003-07-28 0:57 ` Assorted 2.6.0-test2 build warnings J.C. Wren
2003-07-28 22:11 ` Randy.Dunlap
2003-07-29 10:42 ` Adrian Bunk
2003-07-29 2:51 ` [2.4 PATCH] bugfix: ARP respond on all devices Bill Davidsen
2003-07-29 4:48 ` Lamont Granquist
2003-08-04 6:10 ` Pekka Savola
2003-08-17 13:09 ` Carlos Velasco
2003-08-17 13:16 ` Carlos Velasco
2003-08-17 13:41 ` Alan Cox
2003-08-17 13:55 ` Carlos Velasco
2003-08-17 15:12 ` Bernd Eckenfels
2003-08-17 15:28 ` Alan Cox
2003-08-17 15:57 ` Bas Bloemsaat
2003-08-17 15:59 ` Carlos Velasco
2003-08-17 16:26 ` Alan Cox
2003-08-17 16:27 ` Carlos Velasco
2003-08-17 17:24 ` Alan Cox
2003-08-17 22:48 ` Willy Tarreau
2003-08-18 5:22 ` David S. Miller
2003-08-18 6:56 ` Willy Tarreau
2003-08-18 7:01 ` David S. Miller
2003-08-18 7:29 ` Willy Tarreau
2003-08-18 7:43 ` Willy Tarreau
2003-08-18 5:31 ` David S. Miller
2003-08-18 11:39 ` Stephan von Krawczynski
2003-08-18 11:44 ` David S. Miller
2003-08-18 12:34 ` Stephan von Krawczynski
2003-08-18 12:30 ` David S. Miller
2003-08-18 12:51 ` Mr. James W. Laferriere
2003-08-18 12:53 ` Stephan von Krawczynski
2003-08-18 12:55 ` David S. Miller
2003-08-18 13:17 ` Stephan von Krawczynski
2003-08-18 13:14 ` David S. Miller
2003-08-18 14:23 ` Stephan von Krawczynski
2003-08-18 14:19 ` David S. Miller
2003-08-18 15:46 ` Stephan von Krawczynski
2003-08-18 13:23 ` jamal
2003-08-18 13:21 ` David S. Miller
2003-08-18 13:40 ` Stephan von Krawczynski
2003-08-20 6:55 ` Bas Bloemsaat
2003-08-18 21:54 ` Bill Davidsen
2003-08-18 13:40 ` Dominik Kubla
2003-08-18 12:51 ` Willy Tarreau
2003-08-18 12:53 ` David S. Miller
2003-08-18 14:28 ` Willy Tarreau
2003-08-18 14:28 ` David S. Miller
2003-08-18 12:08 ` Bas Bloemsaat
2003-08-18 12:03 ` David S. Miller
2003-08-18 21:32 ` Bill Davidsen
2003-08-19 3:21 ` Ben Greear
2003-08-19 15:22 ` David S. Miller
2003-08-19 7:58 ` Bas Bloemsaat
2003-08-18 15:49 ` SRC IP selection in ARP request (Was: bugfix: ARP respond on all devices) Vladimir B. Savkin
2003-08-17 16:51 ` [2.4 PATCH] bugfix: ARP respond on all devices David T Hollis
2003-08-17 16:45 ` Carlos Velasco
2003-08-17 17:13 ` Arjan van de Ven
2003-08-17 19:46 ` insecure
2003-08-18 5:11 ` David S. Miller
2003-08-18 5:29 ` David S. Miller
2003-08-17 13:59 ` Bas Bloemsaat
2003-08-18 10:48 ` Robert Collier
2003-08-17 13:38 ` Alan Cox
[not found] <e2Yb.5CB.17@gated-at.bofh.it>
[not found] ` <e43Y.6x0.17@gated-at.bofh.it>
[not found] ` <e43Y.6x0.19@gated-at.bofh.it>
[not found] ` <e43Y.6x0.21@gated-at.bofh.it>
[not found] ` <e43Y.6x0.23@gated-at.bofh.it>
[not found] ` <e43Y.6x0.25@gated-at.bofh.it>
[not found] ` <e43Y.6x0.15@gated-at.bofh.it>
[not found] ` <e4nd.6K9.5@gated-at.bofh.it>
[not found] ` <e4ne.6K9.11@gated-at.bofh.it>
[not found] ` <e4x3.6RV.23@gated-at.bofh.it>
[not found] ` <e4Qe.7cR.3@gated-at.bofh.it>
[not found] ` <e503.7kj.23@gated-at.bofh.it>
[not found] ` <e5jh.7yW.5@gated-at.bofh.it>
[not found] ` <edJU.6nT.25@gated-at.bofh.it>
2003-07-28 20:45 ` Julien Oster
2003-08-19 12:02 Richard Underwood
2003-08-19 12:35 ` Alan Cox
2003-08-19 18:30 ` Daniel Gryniewicz
2003-08-19 18:29 ` David S. Miller
2003-08-19 19:12 ` Daniel Gryniewicz
2003-08-19 19:10 ` David S. Miller
2003-08-20 16:49 ` Bill Davidsen
2003-08-20 17:00 ` David S. Miller
2003-08-20 17:44 ` Ben Greear
2003-08-20 17:48 ` David S. Miller
2003-08-20 23:18 ` Julian Anastasov
2003-08-23 20:50 ` Bill Davidsen
2003-08-20 19:08 ` Bill Davidsen
2003-08-20 20:07 ` Bas Bloemsaat
2003-08-19 19:42 ` bill davidsen
2003-08-19 13:11 ` Bas Bloemsaat
2003-08-19 15:34 ` David S. Miller
2003-08-19 17:39 ` Lars Marowsky-Bree
2003-08-19 17:36 ` David S. Miller
2003-08-19 21:01 ` Harley Stenzel
2003-08-19 16:19 ` Stephan von Krawczynski
2003-08-19 16:54 ` David S. Miller
2003-08-19 17:15 ` Stephan von Krawczynski
2003-08-19 16:56 ` David S. Miller
2003-08-19 14:34 Richard Underwood
2003-08-19 14:54 ` Willy Tarreau
2003-08-19 15:07 ` Stephan von Krawczynski
2003-08-19 15:57 ` David S. Miller
2003-08-19 16:52 ` Stephan von Krawczynski
2003-08-19 16:53 ` David S. Miller
2003-08-19 17:12 ` Stephan von Krawczynski
2003-08-19 17:09 ` David S. Miller
2003-08-19 19:04 ` Alan Cox
2003-08-19 19:01 ` David S. Miller
2003-08-19 19:19 ` Bas Bloemsaat
2003-08-19 19:16 ` David S. Miller
2003-08-20 8:49 ` Roman Pletka
2003-08-20 14:15 ` Stephan von Krawczynski
2003-08-20 14:43 ` Roman Pletka
2003-08-20 15:55 ` Stephan von Krawczynski
2003-08-20 16:47 ` Roman Pletka
2003-08-19 15:53 ` Bill Davidsen
2003-08-19 16:14 ` David S. Miller
2003-08-19 17:17 ` Bill Davidsen
2003-08-19 19:08 ` Alan Cox
2003-08-19 21:53 ` Stephan von Krawczynski
2003-08-19 16:54 Richard Underwood
2003-08-19 16:51 ` David S. Miller
2003-08-19 17:10 ` Stephan von Krawczynski
2003-08-19 17:07 ` David S. Miller
2003-08-19 19:57 ` bill davidsen
2003-08-19 17:56 Richard Underwood
2003-08-19 17:53 ` David S. Miller
2003-08-19 18:05 Richard Underwood
2003-08-19 18:21 ` David S. Miller
2003-08-20 12:52 ` Harley Stenzel
2003-08-19 18:16 Richard Underwood
2003-08-19 18:13 ` David S. Miller
2003-08-19 18:30 ` Bas Bloemsaat
[not found] <mdtk.Zy.1@gated-at.bofh.it>
[not found] ` <mgUv.3Wb.39@gated-at.bofh.it>
[not found] ` <mgUv.3Wb.37@gated-at.bofh.it>
[not found] ` <miMw.5yo.31@gated-at.bofh.it>
2003-08-19 18:48 ` Andi Kleen
2003-08-19 19:17 ` Daniel Gryniewicz
2003-08-19 19:21 ` Andi Kleen
2003-08-19 19:27 ` Daniel Gryniewicz
2003-08-19 19:24 ` David S. Miller
2003-08-19 19:32 ` Andi Kleen
2003-08-19 19:28 ` David S. Miller
2003-08-20 9:53 ` Alan Cox
2003-08-20 15:41 ` Stephan von Krawczynski
2003-08-20 15:38 ` David S. Miller
2003-08-19 19:38 ` Valdis.Kletnieks
2003-08-19 19:37 ` David S. Miller
2003-08-19 20:44 ` Valdis.Kletnieks
2003-08-19 19:00 Richard Underwood
2003-08-19 18:58 ` David S. Miller
[not found] <mfYi.374.31@gated-at.bofh.it>
[not found] ` <mkbE.6Rk.35@gated-at.bofh.it>
2003-08-19 20:00 ` Andi Kleen
2003-08-19 19:56 ` David S. Miller
2003-08-19 22:12 Richard Underwood
2003-08-19 22:11 ` David S. Miller
2003-08-19 23:15 ` Stephan von Krawczynski
2003-08-20 8:58 Richard Underwood
2003-08-20 15:23 ` jamal
2003-08-20 15:28 ` jamal
2003-08-20 20:10 Richard Underwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030727183547.784b6ab5.davem@redhat.com \
--to=davem@redhat.com \
--cc=bloemsaa@xs4all.nl \
--cc=carlosev@newipnet.com \
--cc=layes@loran.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=marcelo@conectiva.com.br \
--cc=netdev@oss.sgi.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).