
On Wed, 27 Sep 2000, Marc MERLIN wrote:

> > print messages for all these hidden addresses. They are not advertised
> > and there is no problem caused from duplication.
> I thought about that,  but isn't the shared IP just an IP  alias and not the
> primary IP? As far as I know, the machines which share the IP have a primary
> IP and put that one in their ARP packets, so my patch should not complain.

        Your code receives such requests from remote host:

"who-has ANY_IP tell SHARED_IP"

        This broadcast request comes from host that advertises this
SHARED_IP but the duplicate detection code in the local host warns
about this IP because the same SHARED_IP is configured on the
receiver (on hidden device, it is not advertised).

> That said, adding a flag that lets you disable the duplicate IP detection on
> an interface basis wouldn't be a bad idea, I'll look into this.

        If everything is handled correctly may be this flag is not
needed. But in this case you have to check the hidden flag.

> > - sip=, this address is shared but we "assume" it is not
> > advertised from the neighbours
> Are you saying that  some machines would ARP with a  source IP of localhost?
> That'd be  pretty broken, wouldn't  it? Or you talking  about a kind  of DOS
> that would trigger warnings on all the machines?
> (the dupe check could ignore that)

        Yes, I see the messages are rate limited but sip=127/8 is
possible to be generated from attacker (who knows):

"who-has ANY_IP tell"

        May be you can look at the ip_route_input_slow(). Search for
martian_source and how fib_validate_source is used. I'm not sure
but it looks like the checks will be very complex.

> > - you work with ifa_address and not with ifa_local and ifa_mask.
> I'll look into this too.
> Thanks for your feedback.
> Marc


Julian Anastasov <[EMAIL PROTECTED]>

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/

Reply via email to