Problem with ARP-replies on Kernels 2.6 (possibly 3.0, but not 2.4!)

Problem with ARP-replies on Kernels 2.6 (possibly 3.0, but not 2.4!)

[skandranon]

Hi,

I sure hope that this is the right forum to find help with my problem.
If not, please someone provide me with a pointer!

Following up to a complaint, I found some strange behavior with ARP 
replies being sent out for IP addresses via interfaces that have no 
relation to the IP addresses being queried.

The setup is about as follows:
I have a machine connected to multiple physically disconnected networks, 
neither doing any routing, bridging or anything similar.
MyMachine:eth0: 10.1.1.1/24
MyMachine:eth1: 192.168.1.2/24
MyMachine:eth2: 172.20.7.7/24

Network 10.1.1.0/24 is not controlled by me, and someone decided to 
setup a Windows machine doing multinetworking:similar to
HisMachine:eth0: 10.1.1.15/24
HisMachine:eth0:0: 192.168.1.2/24

Now, HisMachine is detecting another server using IP address 
192.168.1.2, and it is giving the MAC address of MyMachine:eth0 as the 
offender.

Some investigation showed that MyMachine is responding to ARP-broadcasts 
coming in on interface eth0 if those ARP packets have a source address 
of either 0.0.0.0 or some IP address from 10.1.1.0/24 irrespective of 
the IP address that is being queried:
example queries:
"ARP: who has 192.168.1.2 tell 0.0.0.0", received on MyMachine:eth0 => 
MyMachine sends a reply with the MAC-address of its eth0
"ARP: who has 192.168.1.2 tell 10.1.1.15", received on MyMachine:eth0 => 
MyMachine send a reply with the MAC-address of its eth0
"ARP: who has 192.168.1.2 tell 192.168.1.x" (x=1..254), received on 
MyMachine:eth0 => no reply is being sent

Similar behaviour can be seen for other combination of IP addresses and 
interfaces (e.g. "ARP: who has 10.1.1.1 tell 0.0.0.0" received on 
interface eth1 would also be answered - via eth1, of course)

I've tested this using
arping -I <interface> -s <source> <IP address>
arping -I <interface> -D <IP address>
for several different systems (SuSE SLES 8- 2.421, SuSE SLES 9 - 2.6.5, 
SuSE SLES 10 - 2.6.16, SuSE SLES 11 - 2.6.32, Open Suse 11.3 - 2.6.34, 
OpenSuSE 11.4 - 2.6.37, several different Ubuntu versions...),
and found that any 2.6-based system displayed similar behaviour, but not 
the old 2.4-based ones.

Basically, I would have expected MyMachine to answer ARP queries 
received via eth0 only if an address was queried that was assigned to 
eth0 (also secondary IP addresses assigned by "ip" or virtual interfaces 
generated by ifconfig).

So: Is this a bug or a feature?

In any case: many thanks to each of you developers (but for you, I 
wouldn't have my current job), and also many thanks to each of you 
taking the time to answer questions on this list!

Best Regards,
   Frank Mayer

Re: Problem with ARP-replies on Kernels 2.6 (possibly 3.0, but not 2.4!)

[Nicolas de Pesloüan]

Le 28/09/2011 19:49, skandranon a écrit :

> Basically, I would have expected MyMachine to answer ARP queries received via eth0 only if an
> address was queried that was assigned to eth0 (also secondary IP addresses assigned by "ip" or
> virtual interfaces generated by ifconfig).
>
> So: Is this a bug or a feature?

It is a feature.

You should have a look at the file Documentation/networking/ip-sysctl in the kernel source tree, in 
particular the entry about arp_ignore.

	Nicolas.

Re: Problem with ARP-replies on Kernels 2.6 (possibly 3.0, but not 2.4!)

[Nicolas de Pesloüan]

Le 28/09/2011 23:25, skandranon a écrit :

>>> So: Is this a bug or a feature?
>>
>> It is a feature.
>>
>> You should have a look at the file Documentation/networking/ip-sysctl in the kernel source tree,
>> in particular the entry about arp_ignore.
>>
>> Nicolas.

> Many thanks for your quick reply and the pointer to that document.

Please, keep netdev in copy.

> Seems this feature has been there a long time already, but this has been the first time in all of
> the 15 years or so I'm working with Linux that It's bitten my ass.
>
> May I ask you for an additional pointer explaining in layman's terms what the use cases for values 2
> and 3 would be? - I plain don't understand.

2 seems obvious and is one more level of strictness. If the ARP seems to come from a different 
subnet, ignore it, even if it enters the host on the "right" interface.

I don't know for 3.

> And maybe even an explanation what the initial reasoning might have been to select the approach of
> assigning IP addresses to the host instead of an interface?

I think it is expected to enhance connectivity, by being liberal at what the host accept, which is 
the base principle of interoperability : Be liberal in what you accept, and conservative in what you 
send [Jon Postel]. Others may explain this with more history in mind.

> The mailing list archive mentioned in e.g. "Understanding Linux Network Internals" I found after
> having your hint as a starting point doesn't seem to contain this discussion, which has obviously
> been old even back in 2003.
> And how come that the 2.4.21 kernel did behave differently? The basics seem to be the same?

Unfortunately, I'm not an archaeologist, so I'm totally unable to answer about 2.4.21. Maybe someone 
else in the list will be.

	Nicolas.