From: ebiederm@xmission.com (Eric W. Biederman)
To: Denys Fedoryschenko <denys@visp.net.lb>
Cc: netdev@vger.kernel.org, David Miller <davem@davemloft.net>
Subject: Re: [RFC] arp announce, arp_proxy and windows ip conflict verification
Date: Wed, 01 Jul 2009 10:40:08 -0700 [thread overview]
Message-ID: <m1ws6sqp3b.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <200907011242.12812.denys@visp.net.lb> (Denys Fedoryschenko's message of "Wed\, 1 Jul 2009 12\:42\:12 +0300")
Denys Fedoryschenko <denys@visp.net.lb> writes:
> On Wednesday 01 July 2009 09:58:36 Eric W. Biederman wrote:
>>
>> What problem were you originally trying to solve?
>>
>> Having a proxy arp gateway reply to addresses it routes is proper
>> behaviour.
> It is not correct behavior to reply to gratuitous ARP, if you dont have this
> IP locally!
>
> IP conflict detection will fail then completely, if proxy arp machine have
> default route (means answer to ALL ARP requests).
With proxy arp you pretend to have all of the IPs you are proxing for
locally. You must do everything that the machine you are proxying for
would do on that network.
Having a default route and proxying everything is a misconfiguration.
> Sadly RFC 1027 (Proxy ARP) dated in 1987 and not explaining this case well.
> I found other source of information, it is not reliable (wikipedia), but it is
> also mentioned in one of HP patents
> (http://www.freepatentsonline.com/y2009/0073990.html). My point of view
> marked as (!!!!!!!).
>
> ARP announcements
>
> An ARP announcement (also known as Gratuitous ARP) is a packet containing
> valid sender hardware and protocol addresses (SHA and SPA) for the host that
> sent it, with identical destination and source addresses (TPA = SPA). Such a
> request (!!!!!!!) is not intended to solicit a reply, but merely updates the
> ARP caches of other hosts that receive the packet. Gratuitous ARP is usually
> an ARP request [3], but it may also be an ARP reply [4].
Of course a Gratuitous ARP is not intended to solicit a reply. Because
two machines should not be configured to have the same IP address.
In the case of two machines being configured with the same IP address
replying to gratuitous ARP is correct behaviour. As it allows discovery
of the network misconfiguration.
The problem is that you have a proxy machine configured to proxy for
the ip that is also assigned to another machine in the same broadcast
domain. That is a bug.
The only case where I can imagine proxying the default route would even
approach being correct is on a point to point link. But that seems
pointless as you could simply have a default route to the other side.
Eric
next prev parent reply other threads:[~2009-07-01 17:40 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-01 11:44 [RFC] arp announce, arp_proxy and windows ip conflict verification Denys Fedoryschenko
2009-03-13 23:02 ` David Miller
2009-06-30 22:55 ` Eric W. Biederman
2009-06-30 22:54 ` Denys Fedoryschenko
[not found] ` <m1iqicyjmr.fsf@fess.ebiederm.org>
2009-07-01 9:00 ` Denys Fedoryschenko
2009-07-01 9:42 ` Denys Fedoryschenko
2009-07-01 17:40 ` Eric W. Biederman [this message]
2009-07-01 18:12 ` Denys Fedoryschenko
2009-07-01 19:01 ` Denys Fedoryschenko
2009-07-02 20:36 ` Eric W. Biederman
2009-07-02 20:51 ` Eric W. Biederman
2009-07-02 21:22 ` Denys Fedoryschenko
2009-07-02 22:18 ` Eric W. Biederman
2009-07-02 23:03 ` Denys Fedoryschenko
2009-07-02 23:23 ` Eric W. Biederman
2009-07-02 23:46 ` Denys Fedoryschenko
2009-07-03 1:38 ` David Miller
2009-07-03 3:14 ` Eric W. Biederman
2009-07-03 11:02 ` Denys Fedoryschenko
2009-07-03 20:20 ` David Miller
2009-07-03 20:37 ` Denys Fedoryschenko
2009-07-04 0:46 ` Eric W. Biederman
2009-07-04 7:55 ` Denys Fedoryschenko
2009-07-04 15:00 ` Eric W. Biederman
2009-07-04 15:03 ` Denys Fedoryschenko
2009-07-04 21:57 ` Eric W. Biederman
2009-07-04 22:00 ` Denys Fedoryschenko
2009-07-04 23:22 ` Mark Smith
2009-07-05 0:07 ` Eric W. Biederman
2009-07-05 0:28 ` Denys Fedoryschenko
2009-07-05 6:16 ` Mark Smith
2009-07-04 23:47 ` Eric W. Biederman
2009-07-03 1:34 ` David Miller
2009-07-02 23:13 ` Denys Fedoryschenko
2009-07-01 2:27 ` [PATCH] Revert "ipv4: arp announce, arp_proxy and windows ip conflict verification" Eric W. Biederman
2009-07-01 3:10 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1ws6sqp3b.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=denys@visp.net.lb \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).