Hello!
> The Ville's patch looks neat, and I like it.
It is not OK, Andrey. See below.
> I really think that all the "ARP hide" stuff is a crap. It doesn't have any
> clear meaning, only a pure shamanism.
Exactly.
> Checks for ARP sending via routing table is a good idea, provided that we get
> rid of the "hidden" flags. We may do it as Andi has done. Or we may do it
> in the following way: add "noarp" flag to routes, and if route lookup gives
> an entry with the flag being set, we do not send reply.
It is even worse than shamanism, it is sort of satanism. 8)8)
Please, hold one statement involatile: you must answer to unicast
ARP requests, not depending on anything. Host cannot know, how
requestor got initial information about your MAC.
Second: any scheme must be correlated with source address
selection. If you advertised wrong address and do some ARP blocking,
you introduce fatal bug.
> Anyway, "ARP hide" stuff is broken because it establishes additional
It was simple and easy to manage, at least. I delayed merging
it to 2.3 exactly because I still hope to converge to some
solution looking less ugly.
Does Andi patch help to solve the same problem, which "hidden"
solved? If it is, I definitely prefer arpfilter. [I am sorry,
my brain cache is busy now, I cannot answer myself fastly 8)]
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:15 EST