Proxy arp should only replay on specified interface.
Iasen Kostov
tbyte at otel.net
Fri Oct 7 07:58:59 PDT 2005
IMHO proxy arp should only replay on specified interface not on every
arp capable interface which recieved request for the proxied address.
If lets say host A have arp capable if0 and if1 interfaces and U set:
route add -host 1.0.0.2 -iface if1 -proxy
and then a request is recieved on if0 for 1.0.0.2, host A will replay
that it has it (which IMHO is wrong as the proxy route is set for if1).
This sometimes is a big problem for our PPPoE/VPN server when the
client uses linux or some small routers (e.g Linksys or something)
probably linux based. It happen that sometimes (when the link is down or
god knows why) it broadcasts arp "who-has" and the gateway replays. Then
this host try to use ethernet path and not the (right) tunnel path until
arp cache expires (which is not real fun as there is firewall rules
blocking ethernet path :)).
And even worse :) - I can think of ways to bypass routing protocols
using proxy-arp routes like the one mentioned above. But it will not
work if proxy-arp behaves the way it does now.
And 1 thing more - there could be a switch which restores (or turns on)
old behavior.
(patch agains 5.4-STABLE is attached)
regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_ether.c.diff
Type: text/x-patch
Size: 484 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20051007/910e160b/if_ether.c.bin
More information about the freebsd-net
mailing list