Re: Idea - Detecting IP conflicts in NM




On 04/28/2011 09:44 PM, Ozan Çağlayan wrote:
> On 27.04.2011 22:29, Dan Williams wrote:
> 
>>> follow-up for gratuitous arp replies:
>>>  http://forum.nginx.org/read.php?31,75057
>>
>> This would be cool; we could do it after getting the IP address if we
>> wanted to in nm-device.c or elsewhere before we've even assigned the IP
>> address to the card.  Alternatively, if we wanted to keep lower latency
>> we could do it after we've assigned the address and said we're connected
>> like other OSs do and warn the user or something.  Is this a patch you'd
>> be willing to work on?  If so that would be great!
> 
> Not yet. I've played with the duplicate address detection (DAD) mode of
> the arping tool but it seems that on systems that I've tried, the
> endpoints don't reply to gratuitous ARPs. There's probably a /proc/*
> tunable that's disabled by default which ignores those requests.
> 
> Applets can even offer getting an IP from the DHCP server in case of
> conflicting IP situations or alternatively, NM can assign the IP but
> applets can warn the user about the situation (or even a limited or
> problematic connection icon can be overlayed on the applet's icon in the
> tray)
> 
> Seen that it's acceptable from upstream, I'll try to implement this
> step-by-step.
> 
> Thanks!
> 

1 same host IP:
- this is not possible when using DHCP (unless a bug) because the spec
says that a dhcp client is required to check the IP address it is
assigning from a still-valid lease before actually doing to assigning.
- if your dhcp server gives you a duplicate IP then your network setup is
wrong or the dhcp server has a bug or someone plugged into your network
and hyjacked an address
- with static addresses (and also against the hyjacking) you'd normally
ping the IP address before assigning it, just like the spec for the dhcp
client requires when using dhcp.

so in general I think you'd just ping the IP address.



2 same IP range:
- just check against the routing table. note that (at least) exact
overlaps are allowed (simultaneous eth and wlan for example). I think
partial overlaps are wrong and should be detected.


I think both 1 and 2 need to be checked.


grtz

-- 
Ferry Huberts


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]