Hi,
In the following document:
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html
The following is noted:
"The risk is that other hosts can probe for VIP using unicast packets
for which the hidden flag always replies. I'll continue to support the
hidden flag
for 2.4 and 2.6 to help existing setups but switching to the new device
flags (or other solutions) is recommended".
If there is currently no way to provide this functionality using
arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
patch
And is not integrated into the mainline kernel?
Regards,
Menny
> If there is currently no way to provide this functionality using
> arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
> patch
> And is not integrated into the mainline kernel?
eh? if you keep reading the doc it'll explain that there is arptables in
the current kernels, which is like iptables for arp, and you can do very
finegrained control with that, including the ignore stuff...
On Feb 13 2007 09:52, Arjan van de Ven wrote:
>
>> If there is currently no way to provide this functionality using
>> arp_ignore/arp_annonce/arp_filter or their friends, why is this still a
>> patch
>> And is not integrated into the mainline kernel?
>
>eh? if you keep reading the doc it'll explain that there is arptables in
>the current kernels, which is like iptables for arp, and you can do very
>finegrained control with that, including the ignore stuff...
>
One thing remains, arptables can't do ebtables's -j arpreply. (That would have
been too great - I could get rid of the extra br0 interface!)
Jan
--