From: David Miller <davem@davemloft.net>
To: opurdila@ixiacom.com
Cc: netdev@vger.kernel.org
Subject: Re: [RFC] ipv4: support for request type gratuitous ARP
Date: Sun, 10 Jan 2010 13:21:05 -0800 (PST) [thread overview]
Message-ID: <20100110.132105.179935794.davem@davemloft.net> (raw)
In-Reply-To: <201001050004.45004.opurdila@ixiacom.com>
From: Octavian Purdila <opurdila@ixiacom.com>
Date: Tue, 5 Jan 2010 00:04:44 +0200
>
> Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
> ---
>
> I've noticed that even though we currently support response type gratuitous ARP
> [response type, source mac, dest mac, source IP, source IP] *with a clean ARP table*
> we do not support the request type [request type, source mac, ff:ff:ff:ff:ff:ff, source IP, source IP].
Please don't submit your patches in this manner.
All of these relevant, interesting, details belong in the commit
message. But any text you place aftr the "---" line will be omitted
from the commit message when your patch is applied by automated GIT
tools.
I've done some research and I'm happy to apply your patch to
net-next-2.6 once it is submitted properly.
In fact we need to do some more research in this area because
generally we should more mimick the processing order of ARP prescribed
in the RFC. In particular we should test the operation code lastly,
which would avoid these kinds of inconsistencies.
I'm worried though about security issues as well, as we make more the
acceptance more and more liberal, it becomes that much easier for
machines on the local network to poison ARP entries and use that to
either accept all traffic destined for a particular node or simply
deny that node access to the network.
In particular the kernel currently explicitly does not accept
unsolicited ARP, and this is controlled by the ARP_ACCEPT per-device
option.
if (IPV4_DEVCONF_ALL(dev_net(dev), ARP_ACCEPT)) {
/* Unsolicited ARP is not accepted by default.
It is possible, that this option should be enabled for some
devices (strip is candidate)
*/
...
next prev parent reply other threads:[~2010-01-10 21:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-04 22:04 [RFC] ipv4: support for request type gratuitous ARP Octavian Purdila
2010-01-06 20:24 ` Laurent Chavey
2010-01-10 21:21 ` David Miller [this message]
2010-01-11 21:31 ` Octavian Purdila
2010-01-16 22:18 ` [PATCH v2] " Octavian Purdila
2010-01-17 13:45 ` Julian Anastasov
2010-01-17 18:55 ` Octavian Purdila
2010-01-17 20:43 ` Julian Anastasov
2010-01-18 3:05 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100110.132105.179935794.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=opurdila@ixiacom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).