because arpfilter is a more generic way of doing things like this, and that IS in the main linux kernel Attachment: signature.asc Description: This is a digitally signed message part
Which is not legal IP, and is why you are having problems. So stick the address on eth0 not on lo since its not a loopback but an eth0 address, then use arpfilter so you don't arp for the invalid mag
I am interested in that but last time I googled for it, neither userspace utils nor any documentation turned up. I only see some kernel parts of it. -- vda
Hi Alan ! I have a case where this doesn't work, and which required me to apply Julian's arp_prefsrc patch, because I couldn't resolve it with iproute alone. This is a fairly simple and certainly com
And that's exactly what arpfilter is for. There are zero performance implications from using arpfilter too, if that is something people are worried about. Only ARP packets will go into the netfilter
Nobody hacking on Linux feels threatened by this. And if anything, it's the last thing that would make us change Linux to behave one way or another. That would be a stupid reason to make a change to
Replying again... Alan does mention in the paragraph you've quoted to use arpfilter, which works for every case imaginable. The facilities to solve these problems are there, people simply don't want
Hello David, That's indeed what I was supposing so. I'm not worried about performance, which I can easily imagine is not affected for such rare events as ARP requests. I'm more worried about how to s
Thanks, I've downloaded them and will take a look at them. By the time, I did some random tests with 'ip arp', and found a simple way to solve the problem I reported initially. This can be of interes
Hmmm replying to myself ! In fact, not standard. 'ip arp' was brought by Julian Anastasov's iproute2-iparp-3 patch on top of iproute2. But it seems to do wonderful things. Cheers, Willy
Author: Stephan von Krawczynski <skraw@xxxxxxxxxx>
Date: Mon, 18 Aug 2003 13:39:57 +0200
It would be probably a good thing if anybody ever found a _positive_ scenario where your view of the arp-world has _advantages_ compared to what the vast majority of people I ever talked to sees as _
[ I've been waiting what seems like centuries for someone to even consider talking about source address selection, alas I have to bring it up myself :( ] I'll responsd by asking questions of you. Do
No it doesn't. When I have two nics on DHCP on the same ethernet segment, it cannot be made to work. I don't know the ip addresses beforehand. And if if I would get them with scripting and crafted s
You don't understand how 'arpfilter' works. It's a netfilter module that allows you to block ARP packets going in and out of the system using any criteria you want. It can block on device, on src MAC
Author: Stephan von Krawczynski <skraw@xxxxxxxxxx>
Date: Mon, 18 Aug 2003 14:34:01 +0200
David, this is the wrong way round. Others'/my question was not about the implementation and technical considerations leading to it (bottom up), but pure and simple (and top down): what is the _posit
If you're not willing to think I can't help you resolve the questions you have. If you don't understand source address selection, than it's not possible for me to have an intellegent conversation abo
You're not fair, David, that was *exactly* my concern when I jumped into the thread : the SELECTED SOURCE address for ARP requests is wrong by default as soon as you manually set the IP source addres
Author: Stephan von Krawczynski <skraw@xxxxxxxxxx>
Date: Mon, 18 Aug 2003 14:53:16 +0200
Sorry, David. Your argument would only be valid, if there weren't other implementations that behave differently. But in fact there are, and there are patches for linux that do just the same. _And_ yo