Hello
man netdevice says:
"IFF_NOARP No arp protocol, L2 deswtination address not set".
Is it possible to run ptp Ethernet link between two Linux routers this
way? I would like to run the link with two constraints:
1) no ARP protocol used
2) The link should continue to work even if root access to one computer is
inaccessible and the NIC in the other one is replaced without changing it's MAC
(for example because it doesn't support MAC change)
Cl<
--
Thanks to all free technology developers for the things they are making
available to general public. Free technology includes free software.
On Tue, 23 Nov 2004, Karel Kulhavy wrote:
> Hello
>
> man netdevice says:
> "IFF_NOARP No arp protocol, L2 deswtination address not set".
> Is it possible to run ptp Ethernet link between two Linux routers this
> way? I would like to run the link with two constraints:
> 1) no ARP protocol used
> 2) The link should continue to work even if root access to one computer is
> inaccessible and the NIC in the other one is replaced without changing
> it's MAC (for example because it doesn't support MAC change)
>
> Cl<
ARP means address resolution protocol. That's how one machine
learns about the MAC (Hardware) address of another so it can
communicate with it. Without ARP, you need to send / receive
broadcast packets (Like M$ Netboius). This means that everything
is received by everyone on the LAN and needs to be dumped on
the floor by everybody except the intended target.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by John Ashcroft.
98.36% of all statistics are fiction.
linux-os wrote:
> On Tue, 23 Nov 2004, Karel Kulhavy wrote:
>
>> Hello
>>
>> man netdevice says:
>> "IFF_NOARP No arp protocol, L2 deswtination address not set".
>> Is it possible to run ptp Ethernet link between two Linux routers this
>> way? I would like to run the link with two constraints:
>> 1) no ARP protocol used
>> 2) The link should continue to work even if root access to one
>> computer is
>> inaccessible and the NIC in the other one is replaced without changing
>> it's MAC (for example because it doesn't support MAC change)
>>
>> Cl<
>
>
> ARP means address resolution protocol. That's how one machine
> learns about the MAC (Hardware) address of another so it can
> communicate with it. Without ARP, you need to send / receive
> broadcast packets (Like M$ Netboius). This means that everything
> is received by everyone on the LAN and needs to be dumped on
> the floor by everybody except the intended target.
or somehow a static table can be built.
not sure what the point would be, but I cannot see anything that would make it impossible.
regards,
pedro venda.
--
Pedro Jo?o Lopes Venda
email: [email protected]
http://maxwell.rnl.ist.utl.pt
Equipa de Administra??o de Sistemas
Rede das Novas Licenciaturas (RNL)
Instituto Superior T?cnico
http://www.rnl.ist.utl.pt
http://mega.ist.utl.pt
On Tue, 23 Nov 2004, Pedro Venda (SYSADM) wrote:
> linux-os wrote:
>> On Tue, 23 Nov 2004, Karel Kulhavy wrote:
>>
>>> Hello
>>>
>>> man netdevice says:
>>> "IFF_NOARP No arp protocol, L2 deswtination address not set".
>>> Is it possible to run ptp Ethernet link between two Linux routers this
>>> way? I would like to run the link with two constraints:
>>> 1) no ARP protocol used
>>> 2) The link should continue to work even if root access to one computer is
>>> inaccessible and the NIC in the other one is replaced without changing
>>> it's MAC (for example because it doesn't support MAC change)
>>>
>>> Cl<
>>
>>
>> ARP means address resolution protocol. That's how one machine
>> learns about the MAC (Hardware) address of another so it can
>> communicate with it. Without ARP, you need to send / receive
>> broadcast packets (Like M$ Netboius). This means that everything
>> is received by everyone on the LAN and needs to be dumped on
>> the floor by everybody except the intended target.
>
> or somehow a static table can be built.
> not sure what the point would be, but I cannot see anything that would make
> it impossible.
>
> regards,
> pedro venda.
>
Of course you could do the monkeys on the keyboard thing and
eventually have something that shows it's not impossible. The
problem is that an IP address needs to be associated with that
hardware address. ARP is fundamental for any peer-to-peer
communication on Ethernet. Its even used in DECNET and NETBIOS,
although called RIP.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by John Ashcroft.
98.36% of all statistics are fiction.
In article <[email protected]> you wrote:
> or somehow a static table can be built.
> not sure what the point would be, but I cannot see anything that would make it impossible.
If it is a point to point link, you can also use the ethernet broadcast
target, or some multicast groups.
Greetings
Bernd
Howdy,
Skipping the question of _why_ you would want to do this for a moment.
_IF_ you connect two and only two devices, then each machine can use the "anything I
didn't send is for me" metric and you can send hand-crafted packets to the hardware
(MAC) broadcast address. This is the overly-short version of how things like the arp
request works in the first place. "All the other adapters" will get the packet and
process it. [In the case of ARP, only the machine owning the IP address responds, so
we all learn the IP/MAC address binding.]
If you intend this link to carry IP packets then you'll have to see to making sure
that all the IP stuff still works out right. If not, the "optimization" of removing
ARP will just lead to more CPU load (or something) while the nonsensical IP headers
are processed for the bad packets. Again you could use the IP broadcast address and
the "I didn't send it, so it's for me" logic.
To some extent, doing the IP broadcasting makes the ARP stuff factor out "for free"
in that you don't ever have to ARP request/respond when using the (sub)net broadcast
address for the "locally attached" network segment.
So that gets you back to what you require/mean by the link "working". If you have
intimate control over the exact nature of the data being transmitted (e.g. this isn't
a general IP service/router experience) then you can do all sorts of stuff to meet
highly specialized designs. [e.g. I have worked "component based" measuring
equipment that linked the components via Ethernet chipsets/hardware but didn't do
anything remotely like IP.] In the routing case you cannot (usefully) rewrite the IP
header without building a point-to-point tunnel between the two machines, which would
cost you more than ARPing anyway.
So that also begs the question of why ARP is so undesirable? It isn't that expensive
and without hand-coded MAC address limiting peer tables, it is no more/less secure
than the wire anyway.
The short version is that there is no "free or nearly free" way to do this for a
_generalized_ application. You would be looking at a lot of work. For very specific
applications (from-scratch work) you may be able to coerce your design into a simple
pattern like IP or MAC broadcasting.
The link-without-ARP requirement (with no access to one machine and blind
interoperability) sounds an awful lot like some of the odd requirements for
not-secure-to-secure network bridging from some of the government contracts I've run
across. If you are trying to do the whole no-round-trip bridge [e.g. "provable"
one-way, fiber link with only one connector, blind transfer, public-to-secure bridge]
stuff for a particular set of data or protocols (SNMP Trap promotion being a big
perennial culprit for government monitoring at security boundaries 8-) put the/a
receiver endpoint/processor on the public machine, wrap the *entire* packet into
MAC-level broadcast packet (e.g. your own one-sided broadcast protocol) and assert it
on the one-way adapter using the raw packet interface. At the secure end, crack
"your" protocol packets, do the security cooking as necessary (rewrite the trap
source etc), and then forward the resulting packet like it were normal. (been there,
done that, /sigh)
That was a lot of guessing, but hope that helps.
Rob White,
Casabyte, Inc.
-----Original Message-----
From: [email protected] [mailto:[email protected]]
On Behalf Of Karel Kulhavy
man netdevice says:
"IFF_NOARP No arp protocol, L2 deswtination address not set".
Is it possible to run ptp Ethernet link between two Linux routers this
way? I would like to run the link with two constraints:
1) no ARP protocol used
2) The link should continue to work even if root access to one computer is
inaccessible and the NIC in the other one is replaced without changing it's MAC
(for example because it doesn't support MAC change)