Re: ARP responses broken!

From: Julian Anastasov (ja@ssi.bg)
Date: Tue Apr 17 2001 - 20:05:21 EST


        Hello,

Sampsa Ranta wrote:

> 23:38:25.278848 > arp who-has 194.29.192.38 tell 194.29.192.10 (0:50:da:82:ae:9f)
> 23:38:25.278988 < arp reply 194.29.192.38 is-at 0:1:2:dc:d2:64 (0:50:da:82:ae:9f)
> 23:38:25.279009 < arp reply 194.29.192.38 is-at 0:1:2:dc:d2:6c (0:50:da:82:ae:9f)
>
> The second one is the valid one, but both interfaces seem to answer to the
> broadcasted packet with their own ARP addresses.

        arp_filter is not broken, it is simply not for your setup.
It depends what you want to achieve by defining two IP addresses in
different interfaces. Considering the fact you have two addresses
in one subnet you need the incoming traffic to come from the two
interfaces. In this case you need "hidden". For the outgoing traffic:
it is controlled only from the routing.

        While in your setup arp_filter and rp_filter will ARP answer
from one card only, for the both addresses, hidden will answer from the
both cards, "correctly" in your eyes. Use arp_filter for different
nets only, i.e. when the ARP probes come from different nets in your
routing universe. hidden does not depend on nets/subnets. But may
be there are exceptions I'm missing and the other guys can correct me.

Regards

--
Julian Anastasov <ja@ssi.bg>

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Apr 23 2001 - 21:00:24 EST