> While this does provide some basic fail-over capabilities, I can't imagine
> that this is expected or desired behavior.
> If this is the intended
> behavior, I'd be interested in hearing why ARP was implemented this way. If
It is really expected behaviour.
Hosts answer to ARP requests directed to all its addresses,
because local addresses are owned not by any particular interface,
but by host as whole. IPv4 has no notion of "link local" addresses,
all the addresses have global meaning and host cannot even know,
what another hosts sharing the same link think about on-link
status of addresses. With dynamic routing and with redirects
any arbitrary restriction to ARP replies breaks routing.
Prohibiting ARP replies is pure policy question. We really have
no policy rules allowing to filter ARP. Apparently, it is task
of firewalling, which is the only entity knowing about policy
restrictions on address scopes.
Alexey Kuznetsov
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/