Roy Marples <roy%marples.name@localhost> writes:
> On 25/02/2016 14:24, Joerg Sonnenberger wrote:
>> On Thu, Feb 25, 2016 at 12:57:59PM +0000, Christos Zoulas wrote:
>>> In article <CAKrYomjukGiXD+COWino3rTDd_u+0o+q04aWxv_qn0GCM-GOgQ%mail.gmail.com@localhost>,
>>> Ryota Ozaki <ozaki-r%netbsd.org@localhost> wrote:
>>>> Hi,
>>>>
>>>> I have questions about the Proxy ARP feature.
>>>>
>>>> arp(8) has two options: "pub" and "pub proxy".
>>>> What's the different between them and what
>>>> are expected behaviors of them?
>>>>
>>>
>>> Proxy arp (rfc1027) was used decades ago to make hosts whose
>>> networking stacks did not understand subnetworking and routing
>>> work (in my environment those were SVR2 machine AT&T 3b{2,5,10,20}s).
>>
>> I have used it much more recently for VMs and the like. If you
>> configure the host machine to provide proxy ARP and use point-to-point
>> links for the individual machines, you can avoid having to run a full
>> blown bridge and naturally get isolation of the individual VMs without
>> having further MAC filtering. The host has the correct routes to speak
>> with the VMs and proxy ARP allows other machine on the outside network
>> to be ignorant of the internal subnetting.
>>
>> I don't think this needs proxy flags on the kernel side though.
>>
>>> You can still get a copy of a proxyarpd implementation from:
>>>
>>> ftp://mirror.ucsd.edu/pub/proxyarpd-1.7.shar
>>
>> Roy has one as well, it can be found in pkgsrc under net/parpd.
>
> So there exists two implementations in userland, one of which at least
> is in pkgsrc.
> Could we remove this feature from arp itself and the kernel to trim it
> down some? Or is the need still there?
How much would we save in the kernel? This feels like only a few lines
of code, and it would remove a feature that some still use that dates
back to at least 4.2BSD.
I think it's still necessary (Joerg's VM example is the modern analog of
old dialup), and the basic few flags, slight behavior change seems
pretty straighforward.
Are the programs more about answering for arbitrary addresses, vs
publishing arp for specific hosts? Are they needed on NetBSD, for some
other use case, or are they portable for other systems too? Do they
use bpf?
Attachment:
signature.asc
Description: PGP signature