Hi,
The kernels 2.4.28+ and 2.6.9+ with IPv4 and ATM-CLIP enabled have bugs in
the neighbour cache code. neigh_delete() and neigh_add() only work properly
if one cache table per address family exist. After ATM-CLIP installed a
second cache table for AF_INET, neigh_delete() and neigh_add() only examine
the first table (the ATM-CLIP table if IPv4 and ATM-CLIP are compiled into
the kernel). neigh_dump_info() is also affected if the neigh_dump_table()
call fails.
This bug causes "ip neigh flush dev <some ethernet device>" to run into an
infinite loop when the arp cache is already populated (debian bug #282492).
"ip neigh delete ..." commands for non ATM-CLIP entries fail with an EINVAL.
This is because of the IPv4 neighbour table that is installed in arp.c is
never examined when sending delete commands.
I have attached a minimally tested patch for 2.4.28 that fixes this problem.
Greetings,
Wilfried
--
10 GB Mailbox, 100 FreeSMS http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse f?r Mail, Message, More +++
Wilfried Weissmann <[email protected]> wrote:
>
> The kernels 2.4.28+ and 2.6.9+ with IPv4 and ATM-CLIP enabled have bugs in
> the neighbour cache code. neigh_delete() and neigh_add() only work properly
> if one cache table per address family exist. After ATM-CLIP installed a
> second cache table for AF_INET, neigh_delete() and neigh_add() only examine
> the first table (the ATM-CLIP table if IPv4 and ATM-CLIP are compiled into
> the kernel). neigh_dump_info() is also affected if the neigh_dump_table()
> call fails.
Indeed, this has been the case for a very long time.
IMHO you need to give the user a way to specify which table they want
to operate on. If they don't specify one, then the current behaviour
of choosing the first table found is reasonble.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
In article <[email protected]> (at Sat, 29 Jan 2005 09:19:49 +1100), Herbert Xu <[email protected]> says:
> IMHO you need to give the user a way to specify which table they want
> to operate on. If they don't specify one, then the current behaviour
> of choosing the first table found is reasonble.
We have dev. Isn't is sufficient?
--yoshfuji
On Sat, Jan 29, 2005 at 07:46:05AM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@ wrote:
> In article <[email protected]> (at Sat, 29 Jan 2005 09:19:49 +1100), Herbert Xu <[email protected]> says:
>
> > IMHO you need to give the user a way to specify which table they want
> > to operate on. If they don't specify one, then the current behaviour
> > of choosing the first table found is reasonble.
>
> We have dev. Isn't is sufficient?
It could be used for neigh_add/neigh_delete. We'll need to add a way
to query whether a given table is the right one for a device.
For dump it isn't the same. However, perhaps it's not too important
to query a specific table.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt