netdev
[Top] [All Lists]

RE: [2.4 PATCH] bugfix: ARP respond on all devices

To: Richard Underwood <richard@xxxxxxxxxxxxxxxxx>
Subject: RE: [2.4 PATCH] bugfix: ARP respond on all devices
From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Date: 19 Aug 2003 13:35:45 +0100
Cc: "'David S. Miller'" <davem@xxxxxxxxxx>, Stephan von Krawczynski <skraw@xxxxxxxxxx>, willy@xxxxxxxxx, carlosev@xxxxxxxxxxxx, lamont@xxxxxxxxxxxxxxxx, davidsen@xxxxxxx, bloemsaa@xxxxxxxxx, Marcelo Tosatti <marcelo@xxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, linux-net@xxxxxxxxxxxxxxx, layes@xxxxxxxxx, torvalds@xxxxxxxx, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>
In-reply-to: <353568DCBAE06148B70767C1B1A93E625EAB57@post.pc.aspectgroup.co.uk>
References: <353568DCBAE06148B70767C1B1A93E625EAB57@post.pc.aspectgroup.co.uk>
Sender: netdev-bounce@xxxxxxxxxxx
On Maw, 2003-08-19 at 13:02, Richard Underwood wrote:
>       ARP is local to a broadcast net. The ARP standard explicitly
> prohibits responding to an ARP request on a different interface.

Correct, but we don't do that

>       If you broadcast a request asking for a reply on an entirely
> different subnet, you're asking for trouble. You REDUCE the likelyhood of a
> successful ARP reply, not increase it.

You increase it and you shortcut on shared lans. Thats really a seperate
issue to the question of which source is used. If you loopback someone
elses address on your own lo device I'm not suprised weird shit happens,
put the alias on eth0 where it belongs.

>       All you can possibly achieve by sending REQUESTS from the wrong IP
> number is assist screwed up networks where you've got multiple subnets on
> the same copper and cause a shed-load of security issues.

Not in general. If you are using ARP your lan is hardly "secure". For
most situations the trust across multiple aggregated lans is the same,
if it isnt people use vlan (which rarely helps 8))




<Prev in Thread] Current Thread [Next in Thread>