From: Willy Tarreau <willy@w.ods.org>
To: "David S. Miller" <davem@redhat.com>
Cc: Stephan von Krawczynski <skraw@ithnet.com>,
willy@w.ods.org, alan@lxorguk.ukuu.org.uk, carlosev@newipnet.com,
lamont@scriptkiddie.org, davidsen@tmr.com, bloemsaa@xs4all.nl,
marcelo@conectiva.com.br, netdev@oss.sgi.com,
linux-net@vger.kernel.org, layes@loran.com, torvalds@osdl.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.4 PATCH] bugfix: ARP respond on all devices
Date: Mon, 18 Aug 2003 14:51:58 +0200 [thread overview]
Message-ID: <20030818125158.GA18699@alpha.home.local> (raw)
In-Reply-To: <20030818044419.0bc24d14.davem@redhat.com>
On Mon, Aug 18, 2003 at 04:44:19AM -0700, David S. Miller wrote:
> On Mon, 18 Aug 2003 13:39:57 +0200
> Stephan von Krawczynski <skraw@ithnet.com> wrote:
>
> > Can you please give us a striking example of a widespread application where
> > current behaviour is a requirement or at least a very positive thing?
>
> [ I've been waiting what seems like centuries for someone
> to even consider talking about source address selection,
> alas I have to bring it up myself :( ]
You're not fair, David, that was *exactly* my concern when I jumped into the
thread : the SELECTED SOURCE address for ARP requests is wrong by default as
soon as you manually set the IP source address. (but perhaps you didn't have
time to read my long mail).
> Do you know how source address selection works when the user tries to
> connect to a remote location yet doesn't specify a specific source
> address to use?
In my case, although I don't know the internals, I think I have a clear enough
idea of it (but I may be wrong) : the IP source address used when connecting to
a remote host should be either the one manually specified on the most
appropriate route, or one local address which can reach the remote host or a
gateway indicated by the most appropriate route. The ARP source is the IP
source address if this address is a local one, or one of those assigned to the
NIC from which either the host or the gateway should be reached.
> 1) consider how you might want to make that configurable
> by the user
ip route ... src ... is really fine to me for the IP part, and I would have
expected it to act on ARP too ;-)
> 2) what the default behavior should be
I think we should apply the exact same source selection as IP to ARP. That is,
if we need to reach host X or gateway X on the LAN, we should do a route lookup
and use a valid source (or the manually set one) associated to the most
appropriate route. That is what Julian Anastasov's patch does, and it does it
fairly well IMHO.
> 3) what kind of ARP behavior is necessary in order for
> these various configurations to work
The one detailed above by default, then use arptables (or ip arp) for all
tricky configurations.
BTW, I've tried arptables-0.0.1. Except that I had to patch it to make it
usable on 2.4.22-rc2 (because the FORWARD chain doesn't exist on 2.4), it
allows me to do the same as what 'ip arp' did for me on a patched kernel
(although I prefer the iproute interface, just a matter of taste). Using my
previous example, I now do the following which works :
ip address add 10.0.0.1/24 dev eth0
ip address add 11.0.0.1/24 dev eth0
ip route add default via 11.0.0.2 src 10.0.0.1
arptables -A OUTPUT -d 11.0.0.0/24 -o eth0 -j mangle --mangle-ip-s 11.0.0.1
I'll send a fix to the arptable's maintainer so that it works again on 2.4.
Cheers,
Willy
next prev parent reply other threads:[~2003-08-18 12:51 UTC|newest]
Thread overview: 149+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-27 20:52 [2.4 PATCH] bugfix: ARP respond on all devices Bas Bloemsaat
2003-07-27 22:12 ` David S. Miller
2003-07-28 0:09 ` Michael Richardson
2003-07-28 2:31 ` Ben Greear
2003-07-28 7:33 ` Bas Bloemsaat
2003-07-27 23:40 ` Carlos Velasco
2003-07-27 23:46 ` David S. Miller
2003-07-27 23:58 ` Carlos Velasco
2003-07-27 23:58 ` David S. Miller
2003-07-28 0:11 ` Carlos Velasco
2003-07-28 0:14 ` David S. Miller
2003-07-28 0:35 ` Carlos Velasco
2003-07-28 0:36 ` David S. Miller
2003-07-28 0:53 ` Carlos Velasco
2003-07-28 0:55 ` David S. Miller
2003-07-28 1:23 ` Carlos Velasco
2003-07-28 1:35 ` David S. Miller
2003-07-28 10:43 ` Carlos Velasco
2003-07-28 17:09 ` Phil Oester
2003-07-28 18:56 ` Bas Bloemsaat
2003-07-28 22:36 ` Julian Anastasov
2003-07-28 4:37 ` David Lang
2003-07-28 4:39 ` David S. Miller
2003-07-28 10:49 ` Carlos Velasco
2003-07-29 2:51 ` Bill Davidsen
2003-07-29 4:48 ` Lamont Granquist
2003-08-04 6:10 ` Pekka Savola
2003-08-17 13:09 ` Carlos Velasco
2003-08-17 13:16 ` Carlos Velasco
2003-08-17 13:41 ` Alan Cox
2003-08-17 13:55 ` Carlos Velasco
2003-08-17 15:28 ` Alan Cox
2003-08-17 15:57 ` Bas Bloemsaat
2003-08-17 15:59 ` Carlos Velasco
2003-08-17 16:26 ` Alan Cox
2003-08-17 16:27 ` Carlos Velasco
2003-08-17 17:24 ` Alan Cox
2003-08-17 22:48 ` Willy Tarreau
2003-08-18 5:22 ` David S. Miller
2003-08-18 6:56 ` Willy Tarreau
2003-08-18 7:01 ` David S. Miller
2003-08-18 7:29 ` Willy Tarreau
2003-08-18 7:43 ` Willy Tarreau
2003-08-18 5:31 ` David S. Miller
2003-08-18 11:39 ` Stephan von Krawczynski
2003-08-18 11:44 ` David S. Miller
2003-08-18 12:34 ` Stephan von Krawczynski
2003-08-18 12:30 ` David S. Miller
2003-08-18 12:53 ` Stephan von Krawczynski
2003-08-18 12:55 ` David S. Miller
2003-08-18 13:17 ` Stephan von Krawczynski
2003-08-18 13:14 ` David S. Miller
2003-08-18 14:23 ` Stephan von Krawczynski
2003-08-18 14:19 ` David S. Miller
2003-08-18 15:46 ` Stephan von Krawczynski
2003-08-18 13:23 ` jamal
2003-08-18 13:21 ` David S. Miller
2003-08-18 13:40 ` Stephan von Krawczynski
2003-08-20 6:55 ` Bas Bloemsaat
2003-08-18 21:54 ` Bill Davidsen
2003-08-18 13:40 ` Dominik Kubla
2003-08-18 12:51 ` Willy Tarreau [this message]
2003-08-18 12:53 ` David S. Miller
2003-08-18 14:28 ` Willy Tarreau
2003-08-18 14:28 ` David S. Miller
2003-08-18 12:08 ` Bas Bloemsaat
2003-08-18 12:03 ` David S. Miller
2003-08-18 21:32 ` Bill Davidsen
2003-08-19 3:21 ` Ben Greear
2003-08-19 15:22 ` David S. Miller
2003-08-19 7:58 ` Bas Bloemsaat
2003-08-18 15:49 ` SRC IP selection in ARP request (Was: bugfix: ARP respond on all devices) Vladimir B. Savkin
2003-08-17 16:51 ` [2.4 PATCH] bugfix: ARP respond on all devices David T Hollis
2003-08-17 16:45 ` Carlos Velasco
2003-08-17 17:13 ` Arjan van de Ven
2003-08-17 19:46 ` insecure
2003-08-18 5:11 ` David S. Miller
2003-08-18 5:29 ` David S. Miller
2003-08-17 13:59 ` Bas Bloemsaat
2003-08-17 13:38 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2003-08-19 12:02 Richard Underwood
2003-08-19 12:35 ` Alan Cox
2003-08-19 18:30 ` Daniel Gryniewicz
2003-08-19 18:29 ` David S. Miller
2003-08-19 19:12 ` Daniel Gryniewicz
2003-08-19 19:10 ` David S. Miller
2003-08-20 16:49 ` Bill Davidsen
2003-08-20 17:00 ` David S. Miller
2003-08-20 17:44 ` Ben Greear
2003-08-20 17:48 ` David S. Miller
2003-08-20 23:18 ` Julian Anastasov
2003-08-23 20:50 ` Bill Davidsen
2003-08-20 19:08 ` Bill Davidsen
2003-08-20 20:07 ` Bas Bloemsaat
2003-08-19 13:11 ` Bas Bloemsaat
2003-08-19 15:34 ` David S. Miller
2003-08-19 17:39 ` Lars Marowsky-Bree
2003-08-19 17:36 ` David S. Miller
2003-08-19 21:01 ` Harley Stenzel
2003-08-19 16:19 ` Stephan von Krawczynski
2003-08-19 16:54 ` David S. Miller
2003-08-19 17:15 ` Stephan von Krawczynski
2003-08-19 16:56 ` David S. Miller
2003-08-19 20:09 ` Michael Richardson
2003-08-19 14:34 Richard Underwood
2003-08-19 14:54 ` Willy Tarreau
2003-08-19 15:07 ` Stephan von Krawczynski
2003-08-19 15:57 ` David S. Miller
2003-08-19 16:52 ` Stephan von Krawczynski
2003-08-19 16:53 ` David S. Miller
2003-08-19 17:12 ` Stephan von Krawczynski
2003-08-19 17:09 ` David S. Miller
2003-08-19 19:04 ` Alan Cox
2003-08-19 19:01 ` David S. Miller
2003-08-19 19:19 ` Bas Bloemsaat
2003-08-19 19:16 ` David S. Miller
2003-08-20 8:49 ` Roman Pletka
2003-08-20 14:15 ` Stephan von Krawczynski
2003-08-20 14:43 ` Roman Pletka
2003-08-20 15:55 ` Stephan von Krawczynski
2003-08-20 16:47 ` Roman Pletka
2003-08-19 15:53 ` Bill Davidsen
2003-08-19 16:14 ` David S. Miller
2003-08-19 17:17 ` Bill Davidsen
2003-08-19 19:08 ` Alan Cox
2003-08-19 21:53 ` Stephan von Krawczynski
2003-08-19 16:54 Richard Underwood
2003-08-19 16:51 ` David S. Miller
2003-08-19 17:10 ` Stephan von Krawczynski
2003-08-19 17:07 ` David S. Miller
2003-08-19 17:56 Richard Underwood
2003-08-19 17:53 ` David S. Miller
2003-08-20 4:58 ` Steven Blake
2003-08-19 18:05 Richard Underwood
2003-08-19 18:21 ` David S. Miller
2003-08-20 12:52 ` Harley Stenzel
2003-08-19 18:16 Richard Underwood
2003-08-19 18:13 ` David S. Miller
2003-08-19 18:30 ` Bas Bloemsaat
2003-08-19 19:00 Richard Underwood
2003-08-19 18:58 ` David S. Miller
2003-08-19 22:12 Richard Underwood
2003-08-19 22:11 ` David S. Miller
2003-08-19 23:15 ` Stephan von Krawczynski
2003-08-19 23:51 ` Michael Richardson
2003-08-20 8:58 Richard Underwood
2003-08-20 15:23 ` jamal
2003-08-20 15:28 ` jamal
2003-08-20 20:10 Richard Underwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030818125158.GA18699@alpha.home.local \
--to=willy@w.ods.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bloemsaa@xs4all.nl \
--cc=carlosev@newipnet.com \
--cc=davem@redhat.com \
--cc=davidsen@tmr.com \
--cc=lamont@scriptkiddie.org \
--cc=layes@loran.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-net@vger.kernel.org \
--cc=marcelo@conectiva.com.br \
--cc=netdev@oss.sgi.com \
--cc=skraw@ithnet.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).