Re: [PATCH] arp_filter patch for 2.4.4 kernel.

Andi Kleen (ak@suse.de)
Sun, 6 May 2001 10:34:50 +0200


On Sat, May 05, 2001 at 03:57:38PM -0700, dean gaudet wrote:
> also -- isn't it kind of wrong for arp to respond with addresses from
> other interfaces?

Usually it makes sense, because it increases your chances of successfull
communication. IP addresses are owned by the complete host on Linux, not by
different interfaces.

For some weirder setups (most of them just caused by incorrect routing
tables, but also a few legimitate ones; including incoming load balancing
via multipath routes) it causes problems, so arpfilter was invented to
sync ARP replies with the routing tables as needed.

>
> what if ip_forward is 0? or if there's some other sort of routing policy
> in effect?

ARP filter has nothing to do with forwarding.

There is magic ARP proxying if linux knows the answer to an ARP request
on a different interface, but it's a completely independent thing.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/