wrong arp query with policy routing

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* wrong arp query with policy routing
@ 2007-09-18 14:04 Marco Berizzi
  2007-09-19 13:04 ` Marco Berizzi
  0 siblings, 1 reply; 7+ messages in thread
From: Marco Berizzi @ 2007-09-18 14:04 UTC (permalink / raw)
  To: netdev

1234567890123456789012345678901234567890123456789012345678901234567890
         1         2         3         4         5         6         7

Hello everybody.
I have a pretty strange problem with linux 2.6.22.6
This is my 'ip ru sh', 'ip a s', 'ip r s' and
'iptables -t mangle -nvxL' output:

0: from all lookup local
32766: from all lookup main
32767: from all lookup default

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:30:05:cb:27:c1 brd ff:ff:ff:ff:ff:ff
    inet HDSL.254/27 brd HDSL.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:30:05:c2:56:0e brd ff:ff:ff:ff:ff:ff
    inet HDSL.254/27 brd HDSL.255 scope global eth1
    inet ADSL.134/29 brd ADSL.135 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 100
    link/ether 00:04:23:d0:0f:02 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.1/23 brd 172.16.1.255 scope global eth2

HDSL.225 dev eth0  scope link
ADSL.129 dev eth0  scope link  src ADSL.134
ADSL.128/29 dev eth1  proto kernel  scope link  src ADSL.134
HDSL.224/27 dev eth1  proto kernel  scope link  src HDSL.254
172.16.0.0/23 dev eth2  proto kernel  scope link  src 172.16.1.1
127.0.0.0/8 dev lo  scope link
default via HDSL.225 dev eth0  metric 1

Chain OUTPUT (policy ACCEPT 2476380 packets, 1183993024 bytes)
    pkts      bytes target     prot opt in     out     source
destination
     312    20583 ACCEPT     all  --  *      *       0.0.0.0/0
HDSL.224/27
   61064  8582064 MARK       tcp  --  *      *       0.0.0.0/0
!172.16.0.0/12       multiport dports
20,21,80,123,443,2080,8080,8201,10000,8102,1443,81 MARK set 0x1
       0        0 MARK       udp  --  *      *       0.0.0.0/0
!172.16.0.0/12       multiport dports 123 MARK set 0x1
     105     5544 MARK       all  --  *      *       0.0.0.0/0
!172.16.0.0/12       helper match "ftp" MARK set 0x1

When I try to ping ADSL.129 I get this arp request
reply:

13:00:45.156697 00:30:05:cb:27:c1 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: arp who-has ADSL.129 tell ADSL.134
13:00:45.157459 00:1b:90:c8:47:76 > 00:30:05:cb:27:c1, ethertype ARP
(0x0806), length 60: arp reply ADSL.129 is-at 00:1b:90:c8:47:76

But I get this wrong arp request:

15:12:38.246096 00:30:05:cb:27:c1 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: arp who-has ADSL.129 tell HDSL.254
15:12:38.248568 00:07:50:7e:65:e0 > 00:30:05:cb:27:c1, ethertype ARP
(0x0806), length 60: arp reply ADSL.129 is-at 00:07:50:7e:65:e0

when I issue this:

ip rule add fwmark 1 table adsl priority 400

I really don't understand why linux is doing the
arp request for ADSL.129 from HDSL.254 when
I insert the above rule.
This is the output from ip r s table adsl:

default via ADSL.129 dev eth0



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-18 14:04 wrong arp query with policy routing Marco Berizzi
@ 2007-09-19 13:04 ` Marco Berizzi
  2007-09-20 15:52   ` Chuck Ebbert
  0 siblings, 1 reply; 7+ messages in thread
From: Marco Berizzi @ 2007-09-19 13:04 UTC (permalink / raw)
  To: netdev

Marco Berizzi wrote:

> HDSL.225 dev eth0  scope link
> ADSL.129 dev eth0  scope link  src ADSL.134
> ADSL.128/29 dev eth1  proto kernel  scope link  src ADSL.134
> HDSL.224/27 dev eth1  proto kernel  scope link  src HDSL.254
> 127.0.0.0/8 dev lo  scope link
> default via HDSL.225 dev eth0  metric 1

> Chain OUTPUT (policy ACCEPT 2476380 packets, 1183993024 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
>    61064  8582064 MARK       tcp  --  *      *       0.0.0.0/0
> !172.16.0.0/12       multiport dports
> 20,21,80,123,443,2080,8080,8201,10000,8102,1443,81 MARK set 0x1

Me again.
When this box try to open a connection to
www.google.com:80 (for example), it send an
arp request like this:

15:12:38.246096 00:30:05:cb:27:c1 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: arp who-has ADSL.129 tell HDSL.254
                                          ^^^^^^^^^^^^^
and the ISP managed cisco 877 router ignore
it, because the ip source address is from a
different network (should be ADSL.134 instead
of HDSL.254). Is this an expected behaviour
from linux?
Is there a way to force linux to make an arp
probe with the source ip belonging to the
same subnet requesting ip?

This is the 'ip ru sh' output:

0: from all lookup local
400: from all fwmark 0x1 lookup adsl
32766: from all lookup main
32767: from all lookup default

TIA



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-19 13:04 ` Marco Berizzi
@ 2007-09-20 15:52   ` Chuck Ebbert
  2007-09-21  9:08     ` Marco Berizzi
  0 siblings, 1 reply; 7+ messages in thread
From: Chuck Ebbert @ 2007-09-20 15:52 UTC (permalink / raw)
  To: Marco Berizzi; +Cc: netdev

> Is there a way to force linux to make an arp
> probe with the source ip belonging to the
> same subnet requesting ip?

Umm, arp_filter?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-20 15:52   ` Chuck Ebbert
@ 2007-09-21  9:08     ` Marco Berizzi
  2007-09-21 12:25       ` jamal
  0 siblings, 1 reply; 7+ messages in thread
From: Marco Berizzi @ 2007-09-21  9:08 UTC (permalink / raw)
  To: Chuck Ebbert; +Cc: netdev

Chuck Ebbert wrote:

> > Is there a way to force linux to make an arp
> > probe with the source ip belonging to the
> > same subnet requesting ip?
>
> Umm, arp_filter?

Hello Chuck,

thanks for the reply.
I have tried to 'echo 1 > /proc/sys/net/ipv4/conf/eth0',
but the 'arp whos-has' behaviour doesn't change.
Other hints?



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-21  9:08     ` Marco Berizzi
@ 2007-09-21 12:25       ` jamal
  2007-09-21 12:56         ` Marco Berizzi
  0 siblings, 1 reply; 7+ messages in thread
From: jamal @ 2007-09-21 12:25 UTC (permalink / raw)
  To: Marco Berizzi; +Cc: Chuck Ebbert, netdev


On Fri, 2007-21-09 at 11:08 +0200, Marco Berizzi wrote:

> thanks for the reply.
> I have tried to 'echo 1 > /proc/sys/net/ipv4/conf/eth0',
> but the 'arp whos-has' behaviour doesn't change.
> Other hints?

Give a man a fish and he'll eat for a day....

Documentation/networking/ip-sysctl.txt

cheers,
jamal




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-21 12:25       ` jamal
@ 2007-09-21 12:56         ` Marco Berizzi
  2007-09-21 13:30           ` Marco Berizzi
  0 siblings, 1 reply; 7+ messages in thread
From: Marco Berizzi @ 2007-09-21 12:56 UTC (permalink / raw)
  To: hadi; +Cc: Chuck Ebbert, netdev

jamal wrote:

> On Fri, 2007-21-09 at 11:08 +0200, Marco Berizzi wrote:
>
> > thanks for the reply.
> > I have tried to 'echo 1 > /proc/sys/net/ipv4/conf/eth0',
> > but the 'arp whos-has' behaviour doesn't change.
> > Other hints?
>
> Give a man a fish and he'll eat for a day....
>
> Documentation/networking/ip-sysctl.txt

Thanks for the tip Jamal.
I have done a 'grep -i arp' on that file and
arp_announce should do the trick. But I always
get the same behaviour, after:

echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

Here is:
14:43:26.096574 00:01:02:ad:db:82 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806),
length 42: arp who-has 1.1.1.254 tell 172.16.1.247

Here is my 'ip a s' output:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
    link/ether 00:01:02:ad:db:82 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.247/23 brd 172.16.1.255 scope global eth0
    inet 1.1.1.1/32 scope global eth0




^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: wrong arp query with policy routing
  2007-09-21 12:56         ` Marco Berizzi
@ 2007-09-21 13:30           ` Marco Berizzi
  0 siblings, 0 replies; 7+ messages in thread
From: Marco Berizzi @ 2007-09-21 13:30 UTC (permalink / raw)
  To: hadi; +Cc: Chuck Ebbert, netdev

Marco Berizzi wrote:

>     inet 1.1.1.1/32 scope global eth0
                   ^^
Sorry, my fault.
Apologies for all the noise.



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2007-09-21 13:30 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-18 14:04 wrong arp query with policy routing Marco Berizzi
2007-09-19 13:04 ` Marco Berizzi
2007-09-20 15:52   ` Chuck Ebbert
2007-09-21  9:08     ` Marco Berizzi
2007-09-21 12:25       ` jamal
2007-09-21 12:56         ` Marco Berizzi
2007-09-21 13:30           ` Marco Berizzi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).