RE: [EXTERNAL] Re: [PATCH] neighbour: guarantee the localhost connections be established successfully even the ARP table is full
From: Ratheesh Kannoth
Date: Mon Mar 18 2024 - 11:36:48 EST
> From: James Lee <lizheng043@xxxxxxxxx>
> Sent: Monday, March 18, 2024 2:09 PM
> To: Ratheesh Kannoth <rkannoth@xxxxxxxxxxx>
> Cc: linux-kernel@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx;
> nhorman@xxxxxxxxxxxxx; davem@xxxxxxxxxxxxx; jmorris@xxxxxxxxx;
> James.Z.Li@xxxxxxxx
> Subject: [EXTERNAL] Re: [PATCH] neighbour: guarantee the localhost
> connections be established successfully even the ARP table is full
>
> Prioritize security for external emails: Confirm sender and content safety
> before clicking links or opening attachments
>
> ----------------------------------------------------------------------
> loopback neigh is a special device in the neighbour system which is used by all
> local communications and state is NUD_NOARP.
> Any setting value of gc_thresh3 might encounter arp table be full, manually
> increasing gc_thresh3 can resolve this issue for every time, but we hope this
> issue automatically be resolved in Linux kernel for all local communications
> whenever ARP table is full, rather than manually operation as a workaround.
Issue is , these are dynamic entries which cannot be removed by gc. And there is no
Threshold applicable on it. I feel like, this may be exploited.