Hello,

On Sat, 23 Jul 2016 22:09:43 +0300 (EEST), Julian Anastasov <j...@ssi.bg> wrote:
> 
>       May be that is the problem: we receive such packet,
> ip_route_input_noref detects that we allow such packet
> from NEIGH_IP on this interface, tip is not RTN_LOCAL (no
> ARP reply from us), tip is RTN_UNICAST but proxy_arp is not
> allowed, so we continue and reach __neigh_lookup which finds
> the existing cache entry because we talked to GW before that.
> As this is an ARP request, neigh_update is called with NUD_STALE.
> No reply is sent because request was not for us but we
> just learned that NEIGH_IP is alive because it lookups
> for someone else. This is common to observe with broadcasts,
> GW lookups for other hosts and has to expose its IP+hwaddr.
> More difficult to happen with unicast packets, you need hub,
> not switch, to detect such packets.
> 
>       It is possible that you miss the packet that tries
> to set NUD_STALE. May be you can add some printk's to catch
> what kind of packet causes this. This can help too:
> 
> tcpdump -lnnn -s0 arp and host GW_IP
> 
>       If you see such packet, that is it. Our cache is
> updated with NUD_STALE.
> 
>> So I'm not sure if it can learn from ARP reply.
> 
>       See above, received broadcast GARP reply can set
> NUD_STALE. But the most trivial case of GW exposing its
> IP while looking for other hosts should be the culprit.
> It probably happens often, that is why we have no chance
> to send ARP requests, GW is more ARP-active than us and
> updates our cache and we are happy.
>

Thank you for your analysis.
I think the same, except that I don't think GW can update
our cache via broadcast ARP.

Please the comment in arp_process():
>                int state = NUD_REACHABLE;
...
>                /* Broadcast replies and request packets
>                   do not assert neighbour reachability.
>                 */
>                if (arp->ar_op != htons(ARPOP_REPLY) ||
>                    skb->pkt_type != PACKET_HOST)
>                        state = NUD_STALE;
>                neigh_update(n, sha, state,
...

Broadcast packets do not assert reachability, so they
should not interference our state machine. They are
just a hint.

Regards,
Chunhui


Reply via email to