From: Julian Anastasov <ja@ssi.bg>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Incorrect source address in ARP request. Anyone seen
Date: Mon, 17 Mar 2003 22:27:11 +0000 [thread overview]
Message-ID: <marc-lartc-104793981001478@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104790862226037@msgid-missing>
Hello,
On Mon, 17 Mar 2003, Arno Griffioen wrote:
> There seems to be one snag: Incorrect ARP source address.
>
> If there is no ARP entry for the gateway yet (no traffic has gone out, routes
> learned from another BGP peer) and I try to reach a remote address immediately
> then the ARP request that goes out on the 10.0.0.0 network for the
> correct gateway does *not* contain the 10.0.0.2 source address, but
> instead 17.70.0.1.
>
> Well.. That obviously does not work as this IP address does not occur on
> this LAN and as a reasult most other routers will (correctly) ignore this.
No, the router should answer this request because it knows
where 17.70.0.1 is: it is on the LAN or at least reachable via
gateway on this LAN. So, what is the good reason to ignore ARP
requests with src 17.70.0.1? Linux ARP follows the routing and will
reply in this case (when used in place of the router).
> If I try to connect to the correct gateway on a 10.0.0.x adress directly
> then it does work as it will use the correct 10.0.0.2 source for it's
> ARP request.
Correct
> It seems that the ARP code also chooses the 'global' scope address for the
> ARP request, while it should really always choose the 'link' address
> of this interface as the source of the broadcast.
No, the check is: is the source address in the IP packet local?
If yes, use it as src for ARP - classic case where ARP must be accepted
in router if the IP packets are accepted: if you have the right to send
IP packets with src\x17.70.0.1 is there a reason to ignore ARP with same
src? In your case there is no reason, of course, there are other cases
where tuning the ARP protocol is needed.
> I have now temporarily fixed this by either adding some static ARP entries
> or ARP-table filtering using iptables, but I feel that's only a temporary
> measure.
You are in the right direction, there are no many solutions
to handle such case. The problem comes only if "router decides not
to accept ARP from valid source IP from valid input device".
> Have I overlooked something in my setup or should I start poking in the
> kernel ARP code?
Take a look at arp_solicit()
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-03-17 22:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-17 13:42 [LARTC] Incorrect source address in ARP request. Anyone seen this? Arno Griffioen
2003-03-17 22:27 ` Julian Anastasov [this message]
2003-03-18 7:02 ` [LARTC] Incorrect source address in ARP request. Anyone seen Arno Griffioen
2003-03-18 11:45 ` Julian Anastasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104793981001478@msgid-missing \
--to=ja@ssi.bg \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.