linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* ARP hidden patch vs. arp ignore/announce
@ 2007-02-13  8:34 Menny Hamburger
  2007-02-13  8:52 ` Arjan van de Ven
  0 siblings, 1 reply; 3+ messages in thread
From: Menny Hamburger @ 2007-02-13  8:34 UTC (permalink / raw)
  To: linux-kernel

Hi,

In the following document:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html
The following is noted:
"The risk is that other hosts can probe for VIP using unicast packets
for which the hidden flag always replies. I'll continue to support the
hidden flag 
for 2.4 and 2.6 to help existing setups but switching to the new device
flags (or other solutions) is recommended".

If there is currently no way to provide this functionality using
arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
patch
And is not integrated into the mainline kernel?

Regards,
Menny


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: ARP hidden patch vs. arp ignore/announce
  2007-02-13  8:34 ARP hidden patch vs. arp ignore/announce Menny Hamburger
@ 2007-02-13  8:52 ` Arjan van de Ven
  2007-02-13 10:16   ` Jan Engelhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Arjan van de Ven @ 2007-02-13  8:52 UTC (permalink / raw)
  To: Menny Hamburger; +Cc: linux-kernel


> If there is currently no way to provide this functionality using
> arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
> patch
> And is not integrated into the mainline kernel?

eh? if you keep reading the doc it'll explain that there is arptables in
the current kernels, which is like iptables for arp, and you can do very
finegrained control with that, including the ignore stuff...



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: ARP hidden patch vs. arp ignore/announce
  2007-02-13  8:52 ` Arjan van de Ven
@ 2007-02-13 10:16   ` Jan Engelhardt
  0 siblings, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2007-02-13 10:16 UTC (permalink / raw)
  To: Arjan van de Ven; +Cc: Menny Hamburger, linux-kernel


On Feb 13 2007 09:52, Arjan van de Ven wrote:
>
>> If there is currently no way to provide this functionality using
>> arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
>> patch
>> And is not integrated into the mainline kernel?
>
>eh? if you keep reading the doc it'll explain that there is arptables in
>the current kernels, which is like iptables for arp, and you can do very
>finegrained control with that, including the ignore stuff...
>

One thing remains, arptables can't do ebtables's -j arpreply. (That would have
been too great - I could get rid of the extra br0 interface!)


Jan
-- 

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-13 10:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-13  8:34 ARP hidden patch vs. arp ignore/announce Menny Hamburger
2007-02-13  8:52 ` Arjan van de Ven
2007-02-13 10:16   ` Jan Engelhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).