Re: [patch] 2.4 version of my duplicate IP and MAC detection patch

From: Marc MERLIN (marc@merlins.org)
Date: Fri Sep 22 2000 - 12:57:53 EST

Next message: Alan Cox: "Re: IOREMAP"
Previous message: Andrea Arcangeli: "Re: GCC proposal for "@" asm constraint"
In reply to: David S. Miller: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Next in thread: Julian Anastasov: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 22, 2000 at 01:25:54AM -0700, David S. Miller wrote:
> You've made the foo-address to ascii string routines non-reentrant.
> The hbuffer[] was on the local stack for a very good reason.

You are right, fixed.
http://marc.merlins.org/linux/arppatch/arp-patch-2.4_v1.3
(that part of the patch is a year old, and I honestly don't remember why
hbuffer became a static, as it is obviously wrong)

> Why can't you write a userspace daemon that listens on one of the
> lower level raw'ish sockets for arp packets and do the same checks
> there.

You can.

> I don't like this change at all, I think it can be done completely
> in user space. The existence of a working tcpdump is proof of this
> fact. :-) Whether it can be done efficiently is another issue.

That was my original point.
http://marc.merlins.org/linux/arppatch/
----------------------------------------------------------------------------
But then why not write the whole thing in user space?
Well, the line has to be drawn somewhere... The whole IP stack could be in
user space if we wanted... In this case, the actual added code (I'm not
talking about the existing code which I turned into a function) is about 20
lines, it's trivial and it uses much less resources on a slow machine (386)
than a user space solution which forces a context switches, system calls,
and memory for that user process.
Also, not that others are always right, but do you know any OS that does
duplicate IP checking by inspecting ARP requests in user space?
----------------------------------------------------------------------------

> Making it possible to do this efficiently would be the kernel change
> which might result from your work on a userspace variant, so have at
> it.

You're saying that you'd rather have a hook to do this from user space?
I guess I didn't see the point since the kernel change is so small.

> Even failing that, I would prefer something like a special "arp
> netlink socket" which would allow a privileged userspace program
> to hear all arp traffic the machine can hear.

I guess I can see why you'd want that, but it will be more code and overhead
than the current solution (by quite a bit actually, and Andi seemed
concerned about not impacting the fast path, which this will, and in an
significant way).

Again, everyone else isn't always right, but all the other systems I know
check for dupe IP by looking at ARP packets, and do it in the kernel, since
it's a simple check.

On Fri, Sep 22, 2000 at 01:19:30PM +0200, Andi Kleen wrote:
> On Fri, Sep 22, 2000 at 01:25:54AM -0700, David S. Miller wrote:
> > I don't like this change at all, I think it can be done completely
> > in user space. The existence of a working tcpdump is proof of this
> > fact. :-) Whether it can be done efficiently is another issue.
>
> I agree. I think DAD once during IP configuration should be enough.

Come on, Andi, it's not. You do DAD, you get your IP, I plug my laptop, use
your IP, you don't even know it. My patch lets you know.
The reason I wrote it is that I've seen this happen too many times already.

On Fri, Sep 22, 2000 at 04:10:53AM -0700, David S. Miller wrote:
> That already exists in form of a packet socket bound to the ARP
> IEEE protocol. Marc is probably right though that running an arp
> daemon all the time just for that would be a bit of overkill
> though.
>
> Then it stands to reason that it's _really_ overkill to have this kind
> of stuff in the kernel too :-)

It's not the same. It's overkill do to this in userspace because you need to
be looking at the packets a second time, with context switches and all,
while in the kernel, you already have the ARP packet in hand, you just take
a quick extra peek at it.

But going back to the original point, passively checking the from addresses
of ARP packets you are already receiving is useful and induces just about no
extra load.

I can fix the patch, but if you're really against the concept, you can let
me know and I'll leave you alone :-)
Regardless though, linux is one of the few well known TCP/IP capable OSes
that doesn't say a word when its IP is being used by someone else, and this
has to be fixed some way or another. I simply believe my way is the simplest
and the lightest, but you're more than welcome to write you own and prove me
wrong :-)

Marc

-- 
Microsoft is to software what McDonalds is to gourmet cooking
 
Home page: http://marc.merlins.org/ (friendly to non IE browsers)
Finger marc_f@merlins.org for PGP key and other contact information
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: IOREMAP"
Previous message: Andrea Arcangeli: "Re: GCC proposal for "@" asm constraint"
In reply to: David S. Miller: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Next in thread: Julian Anastasov: "Re: [patch] 2.4 version of my duplicate IP and MAC detection patch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:27 EST