nfmark and arp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Proxy-arp decides if a response is going to be sent based on a route
lookup. This lookup takes rules added with ip rule for policy routing
into account. For example if a rule is present saying that all traffic
coming in on interface eth1 should be routed using table 10, proxy-arp
will look in this table.

However, basing the policy routing on input interface is a bit
cumbersome in this case. I would like to use nfmark instead (which we
use for the other traffic). Is it possible in some way to have an
nfmark apply for an arp packet?

My problem is that the proxy-arp causes the router to answer
gratuitous arp requests, causing the client to complain about
ip-conflict, because the host route for the client is in table X while
proxy-arp will currently look in the default route table. Adding an
individual ip rule for each client seems overkill and probably bad for
performance.


Currently we use arptables to block the problematic and unneeded arp
replies, but it seems a cleaner solution would be to have proxy-arp
actually look in the right table, if possible.


/Oskar
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux