[lug] Arp bug in 2.4.20-30 kernels?

[Scott Herod]

On Tue, 15 Feb 2005, Scott Herod wrote:

> On Tue, 15 Feb 2005, Warren Sanders wrote:
> 
> > Scott Herod wrote:
> > > Hello all,
> > > 
> > > I've got two machines running kernel 2.4.20-30.8.legacy.  These share an
> > > IP address, taking turns as to which is currently using it.  (The system 
> > > uses the Linux-HA project code to do this.)
> > > 
> > > ...
> > > 
> > > A couple of questions:
> > > 
> > > Has anyone ever heard of a bug reported against the 2.4 kernels in which
> > > they respond positively to an arp but don't show the IP address
> > > configured?
> > > 
> > > If the router forwards to an interface via its MAC address, will the 
> > > kernel refuse to accept the packets if the MAC address is right but it 
> > > doesn't believe that it owns the associated IP address?
> > > 
> > 
> > I have experience similar.  I first noticed probably with the 
> > kernel-smp-2.4.20-31.9 but continues with kernel-smp-2.4.20-37.9.legacy. 
> > My example is when I have a machine such as a SmoothWall router with two 
> > physical nic's on two totally separate networks.
> > 
> > Arpwatch will see a flip-flop a couple times a day.  However when checking 
> > the router (ifconfig) it does not reflect the reported changes.  Although 
> > not completely sure, but I do see some inaccessibility going through the 
> > local side.  But after pinging out of the router to the local network, I 
> > then can regain access again.  Doing this does not generate another arp 
> > report either.
> > 
> > I have not taken a look to find bug reports on this issue either.  So far 
> > you are the only one I have related to.  At the moment it isn't mission 
> > critical for me, so it can wait for me to upgrade this spring.
> 
> Thanks for the reply Warren.  In my case it really looks like the 
> machines have Proxy ARP enabled and are responding or that they believe 
> that they are forwarding and automagically doing the Proxy ARP as 
> specified in the "arp" man-page.  However, querying the approprate files 
> under /proc/net/ does not show that forwarding or proxy arp are enabled.
> 
> I'm stumped and beginning to wonder if the switch (which may have just 
> been replaced) is doing the proxy arp for me despite the fact that the 
> IP address was switched by the Linux HA code.


Found it.  Something was going behind the back of the LinuxHA code and 
setting the same IP address on two aliases.  So there were three 
addresses on one interface; two of them were the same address.  Then, only 
one of those addresses was removed from the interface and started on the 
other machine.  For some reason, the instance of the address that was not 
removed was not shown with ifconfig or ip, but it did still cause the 
machine to report that it owned it when the router asked with "arp 
who-has".

Scott