Hello,
On Thu, 4 Oct 2001, Pekka Savola wrote:
> With 2.2.18 I noticed something that looked interesting:
>
> # /sbin/ip a l dev eth4
> 7: eth4: <BROADCAST,MULTICAST,PROMISC> mtu 1500 qdisc pfifo_fast qlen 100
> link/ether 00:80:c8:c9:b8:14 brd ff:ff:ff:ff:ff:ff
> inet x.y.7.252/24 brd x.y.7.255 scope global eth4
>
> Note that the interface is not UP. Whether it's promisc or not does not
> affect this.
>
> However, the address is still pingable from outside, through eth0!
You can avoid this by using rp_filter protection. If not,
the kernel should not stop your traffic. Note that rp_filter is
used not only for security reasons. By changing the device
status you disable only the link communications, i.e. the link
routes disappear.
> Also noticed the same behaviour in 2.4.10.
>
> Is this the intended behaviour, probably?
>
> One could argue that if interface isn't UP, it shouldn't be able to send
> or receive packets at all. I wonder what changing this would break..
This is true - no traffic on down-ed interface. You can think
for it as the route is bound to device but the local IP addresses are
not. The sockets can be bound and not bound to devices. May be if one
device fails the connection can continue to use another device, there
are many variants :) At least, there is a way to control all of them
and to achieve the required behaviour.
Regards
--
Julian Anastasov <ja@xxxxxx>
|