ARP queries generating entries in routing cache

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello!

I've noticed a strange thing: when a client system generates an arp query for an unexistent host, the routing cache entry is being made.

My system is Fedora 2 with vanilla 2.6.11.
the client is 10.1.1.2 with mask 255.255.0.0
the router/firewall is 10.1.1.1 with mask 255.255.255.0
Yes, the masks are different and this cannot be fixed easily.

So, when the client generates ARP query for an unexistent host in 10.1.1.0/24 network everything is fine - query is dropped.
But when it asks for something like 10.1.44.4, then the router drops the query, but an entry in routing cache is being made.


This is a serious problem, because when someone has a virus which tries to spread itself, it generates thousands ARP queries per second and my routing cache overflows and the traffic crawls.

did anybody meet such a problem?

Szymon Miotk

PS. The routing is configured ok. No <incompletes> are in arp cache, only routing cache is being affected.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux