On 27/10/17 15:48, David Miller wrote:
From: Eelco Chaudron <echau...@redhat.com>
Date: Thu, 26 Oct 2017 10:37:01 +0200
Some applications/devices seem to forget their MAC address when
performing some kind of a failover which triggers (something that
looks like) a gratuities arp.
The ARP packet looks something like this:
Address Resolution Protocol (reply)
Hardware type: Ethernet (1)
Protocol type: IPv4 (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: reply (2)
Sender MAC address: 00:00:00:00:00:00
Sender IP address: 10.0.0.1
Target MAC address: 00:00:00:00:00:00
Target IP address: 255.255.255.255
This will result in existing arp entries being overwritten with an all
zero mac address. Until the arp entry times out this host can no
longer initiate a connection to this device.
Checking for and ignoring invalid mac addresses will solve this
problem.
Signed-off-by: Eelco Chaudron <echau...@redhat.com>
I really have trouble justifying this fully.
I looked at a bunch of ARP implementations, and I see no special
checks about the link level address other than to make sure it isn't
"our" address.
Whatever is generating these weird ARP packets should be fixed
instead.
Looking for any mentioning of an all-zero MAC address being invalid, the
only reference I could find was in the original first Xerox Wire
Specification. The IEEE specifications do not mention this at all, and
according to it, the all-zero address is a valid MA-L address assigned
to Xerox.
Looking at the packet more, it might be an attempt to do an unARP (RFC
1868) but forgot to implement to set the Hardware Address Length to zero.
I'm sure adding an arptables entry can be used to solve this instead, in
case the offending device cannot be fixed.
Please ignore this patch...
Cheers,
Eelco
