On Thu, May 04, 2000 at 04:52:42PM +0200, Andi Kleen wrote:
> Andrey Savochkin <saw@saw.sw.com.sg> writes:
> > ... Or we may do it
> > in the following way: add "noarp" flag to routes, and if route lookup gives
> > an entry with the flag being set, we do not send reply.
>
> That would not work for load balancing on multi path links
> (I wrote the arpfilter primarily for this purpose -- to get load balancing
> for incoming connections)
I don't see problems here.
The only thing that we're adding is blocking ARP responses for certain
triples (our-IP-address, requesting-IP-address, device). Matching such
triples is done by routing engine without any problems.
Certainly, my proposal is less convenient if the most important thing for
matching is the device. It will require to introduce policy routing by
interface. But it's possible.
Well, I'm not insisting on my scheme. It's just a quick thought.
I don't know the most popular usage pattern of ARP hiding stuff.
Any comments from people wanting to hide their ARP? :-)
The only negative thing in Andi's proposal is that it uses general, unflagged
routes. So, I will need to think much more about _each_ entry in my routing
table if I start to hide ARP.
Best regards
Andrey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun May 07 2000 - 21:00:16 EST