Re: Late to the party - multiple search domains on the network.

On Mon, 2005-04-11 at 12:07 -0400, Dan Williams wrote:

> NM enforces security on devices that are not the "active" device my
> ensuring that those "inactive" devices have no IP address and do not
> show up in the routing table.

Just as a side note, this is (slightly) broken by design.  The Linux
kernel sees a IP address as an attribute of a host, not one of an
ethernet card.  (this is actually what the standard says, though there
are quite a few different interpretations of it)

So you can still have scenarios where it'll send responses on devices
for which there are no IP routes.  In particular, ARP requests will be
responded to on interfaces other than those where "ifconfig" shows the
IP the query was about.

I'm not entirely sure what the right answer here is -- you can change
the behavior with some sysctl's (on either a global or per-interface
basis), but there might be ramifications with other software in use. 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]