Re: ARP routing issue

• Previous message: Andi Kleen: "Re: page migration patchset"
• Maybe in reply to: Jan De Luyck: "ARP routing issue"
• Next in thread: Julian Anastasov: "Re: ARP routing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: rol@as2917.net
Date:	Fri, 07 Jan 2005 09:29:46 +0800

I met a question about ARP. If i send packet to another host using Raw socket at
one host and i set protocol type into TCP, then at another host i receive the
packet, but when i read the field skb->protocol, it is ARP. But when i changed a
host to send the packet, it does well.

There are something wrong on my network card or the Kernel?

>Hello,
>
> Have a look at /proc/sys/net/conf/XXX/arp_filter :
>
>
> arp_filter - BOOLEAN
> 1 - Allows you to have multiple network interfaces on the same
> subnet, and have the ARPs for each interface be answered
> based on whether or not the kernel would route a packet from
> the ARP'd IP out that interface (therefore you must use source
> based routing for this to work). In other words it allows control
> of which cards (usually 1) will respond to an arp request.
>
> 0 - (default) The kernel can respond to arp requests with addresses
> from other interfaces. This may seem wrong but it usually makes
> sense, because it increases the chance of successful communication.
> IP addresses are owned by the complete host on Linux, not by
> particular interfaces. Only for more complex setups like load-
> balancing, does this behaviour cause problems.
>
> Regards,
> Paul
>
> Paul Rolland, rol(at)as2917.net
> ex-AS2917 Network administrator and Peering Coordinator
>
> --
>
> Please no HTML, I'm not a browser - Pas d'HTML, je ne suis pas un navigateur
>
> "Some people dream of success... while others wake up and work hard at it"
>
>
>
> > -----Message d'origine-----
> > De : linux-kernel-owner@vger.kernel.org
> > [mailto:linux-kernel-owner@vger.kernel.org] De la part de Jan De Luyck
> > Envoy?: jeudi 6 janvier 2005 17:12
> > ?: Steve Iribarne
> > Cc : linux-kernel@vger.kernel.org; linux-net@vger.kernel.org
> > Objet : Re: ARP routing issue
> >
> > On Thursday 06 January 2005 17:06, Steve Iribarne wrote:
> > > Hi Jan,
> > >
> > >
> > > -> default gateway is set to 10.0.22.1, on eth0.
> > > ->
> > > -> Problem is, if I try to ping from another network
> > > -> (10.216.0.xx) to 10.0.24.xx, i see the following ARP request:
> > > ->
> > > -> arp who-has 10.0.22.1 tell 10.0.24.xx
> > > ->
> > >
> > > You see that coming out the eth0 interface??
> > >
> > > If that is the case it is most definately wrong. Assuming that your
> > > masks are setup properly. But I haven't worked on the 2.4
> > kernel for a
> > > long time so I'm not so sure if what you are seeing is a
> > bug that has
> > > been fixed.
> >
> > The network information is:
> > eth0 10.0.22.xxx mask 255.255.255.0
> > eth1 10.0.24.xxx mask 255.255.255.0
> >
> > routing:
> > 10.0.22.0 0.0.0.0 255.255.255.0 eth0
> > 10.0.24.0 0.0.0.0 255.255.255.0 eth1
> > 0.0.0.0 10.0.22.1 0.0.0.0 eth0
> >
> > Jan
> >
> > --
> > If a man slept by day, he had little time to work. That was a
> > satisfying notion to Escargot.
> > -- "The Stone Giant", James P. Blaylock
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> > linux-kernel" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.tux.org/lkml/
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Andi Kleen: "Re: page migration patchset"
• Maybe in reply to: Jan De Luyck: "ARP routing issue"
• Next in thread: Julian Anastasov: "Re: ARP routing issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: arplookup x.x.x.x failed: host is not on local network ... confusing FreeBSD - definitely the first packet above should not be ... If the switch sent arp response to the wrong ... getting significant numbers at present and the NAT host is routing ... icmp 8: echo request seq 35079 ... (freebsd-net) Re: What is ARP ... >>> I should have put the subject to What is ARP doing, ... >> send an IP packet to another it must first determine the MAC address of ... >> To determine the MAC address, a broadcast ARP packet is sent (since at ... > addressing them to the MAC addy of the remote host, you send them to the IP ... (alt.computer.security) Re: Strange pings from 127.0.0.1 ... I know you said the MAC address is also spoofed but this might help anyway: ... that are reporting port scans to their network all of which have a source ... Infected host picks address as source address and sends Syn packet to ... TCP/IP stack receives packet, responds with reset (if there is nothing ... (Security-Basics) Re: What is ARP ... >> I should have put the subject to What is ARP doing, ... > send an IP packet to another it must first determine the MAC address of ... > To determine the MAC address, a broadcast ARP packet is sent (since at ... addressing them to the MAC addy of the remote host, you send them to the IP ... (alt.computer.security) [Full-disclosure] Making unidirectional VLAN and PVLAN jumping bidirectional ... Wepwedgie, a tool by Anton Rager for traffic injection on 802.11 networks protected by WEP, solves the problem of unidirectional communication by bouncing packets from the target host to a third external host under the attackers control. ... We employ exactly the same principle to bypass both VLAN and PVLAN network segmentation. ... The attacker tags his malicious data with two 802.1q tags and sends the packet with a spoofed source IP of a host under his or her control. ... (Full-Disclosure)