Re: [patch] 2.4 version of my duplicate IP and MAC detection patch

From: Julian Anastasov (ja@ssi.bg)
Date: Thu Sep 28 2000 - 03:47:57 EST

Next message: Jack M.: "linux recovery"
Previous message: Peter Samuelson: "Re: Linux kernel modules development in C++"
In reply to: Marc MERLIN: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On Wed, 27 Sep 2000, Marc MERLIN wrote:

> > print messages for all these hidden addresses. They are not advertised
> > and there is no problem caused from duplication.
>
> I thought about that, but isn't the shared IP just an IP alias and not the
> primary IP? As far as I know, the machines which share the IP have a primary
> IP and put that one in their ARP packets, so my patch should not complain.

Your code receives such requests from remote host:

"who-has ANY_IP tell SHARED_IP"

This broadcast request comes from host that advertises this
SHARED_IP but the duplicate detection code in the local host warns
about this IP because the same SHARED_IP is configured on the
receiver (on hidden device, it is not advertised).

> That said, adding a flag that lets you disable the duplicate IP detection on
> an interface basis wouldn't be a bad idea, I'll look into this.

If everything is handled correctly may be this flag is not
needed. But in this case you have to check the hidden flag.

> > - sip=127.0.0.0/8, this address is shared but we "assume" it is not
> > advertised from the neighbours
>
> Are you saying that some machines would ARP with a source IP of localhost?
> That'd be pretty broken, wouldn't it? Or you talking about a kind of DOS
> that would trigger warnings on all the machines?
> (the dupe check could ignore that)

Yes, I see the messages are rate limited but sip=127/8 is
possible to be generated from attacker (who knows):

"who-has ANY_IP tell 127.0.0.1"

May be you can look at the ip_route_input_slow(). Search for
martian_source and how fib_validate_source is used. I'm not sure
but it looks like the checks will be very complex.

> > - you work with ifa_address and not with ifa_local and ifa_mask.
>
> I'll look into this too.
>
> Thanks for your feedback.
> Marc

Regards

-- Julian Anastasov <ja@ssi.bg>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/

Next message: Jack M.: "linux recovery"
Previous message: Peter Samuelson: "Re: Linux kernel modules development in C++"
In reply to: Marc MERLIN: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 30 2000 - 21:00:21 EST