08-15-2009
Quote:
Originally Posted by
semash!
What i need is simply avoid the kernel's action in the cache when receiving an arp frame, i don't think i must disable the entire TCP/IP stack for that.
ARP sits very near the base of that stack. Without it, not much else will work.
Quote:
The question always is how...
To reiterate,
what is your goal? The answer is not "intercepting arp". The answer is whatever the ultimate purpose of this venture is. I suspect there might be a much, much better way to accomplish what you're thinking of since intercepting ARP is such an odd problem but without knowing your goal its hard to help.
Certainly you'll be causing a lot more problems for yourself than you'd ever solve by trying to hack your own backdoors into the kernel networking code. Bugs in kernel code have far more dire consequences than bugs in user code, for one thing. There's few to none of the niceties programmers have grown to expect over the last few decades either. For another you'll have to reinvent your code every time a kernel upgrade breaks compatibility -- that could be up to several times a year -- and installing your software on any other computer would be tantamount to reinstalling the OS with your own custom one. You'd be compatible with nothing else in the world but your own custom computing environment, not even other computers of the same distribution. And not all distributions take kindly to having their kernels arbitrarily replaced.
Last edited by Corona688; 08-15-2009 at 01:52 PM..
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi,
What is the difference between UBC cache and Metadata cache ? where can i find UBC cache Hits and Metadata cache Hits in hp-ux?
Advanced thanx for the help. (2 Replies)
Discussion started by: sushaga
2 Replies
2. Solaris
Dear all,
We are testing two of our servers for mq series connectivity. The scenario is, when one machine is shutting down it's services there are some scripts that do a dns update, which removes the ip address and relates it to the ip address of the other node on our dns server, and the update... (7 Replies)
Discussion started by: earlysame55
7 Replies
3. IP Networking
how can we spoof ethernet by ARP cache poisoning on unix through a program...
can anyone post the source code to achieve this... (1 Reply)
Discussion started by: ud4u
1 Replies
4. Linux
Hi all
I am trying to understand the kernel memory management and require assistance in this regard. Kernel first creates the cache memory to perform any subsequent allocation to processes. I could not figure out how it is accomplished. Do kernel directly allocates any hardware cache or allocates... (0 Replies)
Discussion started by: joshighanshyam
0 Replies
5. Linux
Hi all
I saw in Microsoft web site www.SysInternals.com a tool called CoreInfo from able to print out on screen the size of the Data and Instruction caches of your processor, the Locigal to Physical Processor mapping, the number of the CPU sockets. etc..
Do you know if in Linux is available a... (2 Replies)
Discussion started by: manustone
2 Replies
6. UNIX for Advanced & Expert Users
18:45:47 # free -m
total used free shared buffers cached
Mem: 96679 95909 770 0 1530 19550
-/+ buffers/cache: 74828 21851
Swap: 12287 652 11635
Hi all. The below output is from a RHEL 4.5... (0 Replies)
Discussion started by: drummerrob
0 Replies
7. Linux
Hi All,
could any one point out any open source test-suites for "File cache" testing and as well as performance test suites for the same. Currently my system is up with Linux/ext4.
Regards
Manish (0 Replies)
Discussion started by: hmanish
0 Replies
8. Linux
Hi,
We are working on OEL5.7 (Oracle Linux) OS. We have a server with 64GB RAM. When we issue free -m command which shows the used, available and cached space. Most of the space is shown in cached section, where as we are not really doing much activity on the server.
It's like cached is... (5 Replies)
Discussion started by: shrshah64
5 Replies
9. Linux
Hi,
Can any one please help me increase the arp stale time of an ipv6 interface on linux platform ?
I have tried increasing the variable gc_stale_time but that doesnt work.
Thanks (2 Replies)
Discussion started by: dkothapa
2 Replies
10. UNIX for Dummies Questions & Answers
i wish to clear memory cache on a production box and i was wondering what is the worst that can happen if i do?
i already tested this on a backup server and everything seemed fine.
but i need to know from you experts what are the worst things that can happen when i run it on a real server:
... (5 Replies)
Discussion started by: SkySmart
5 Replies
ARP(8) Linux Programmer's Manual ARP(8)
NAME
arp - manipulate the system ARP cache
SYNOPSIS
arp [-evn] [-H type] [-i if] -a [hostname]
arp [-v] [-i if] -d hostname [pub]
arp [-v] [-H type] [-i if] -s hostname hw_addr [temp]
arp [-v] [-H type] [-i if] -s hostname hw_addr [netmask nm] pub
arp [-v] [-H type] [-i if] -Ds hostname ifa [netmask nm] pub
arp [-vnD] [-H type] [-i if] -f [filename]
DESCRIPTION
Arp manipulates the kernel's ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up
one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.
OPTIONS
-v, --verbose
Tell the user what is going on by being verbose.
-n, --numeric
shows numerical addresses instead of trying to determine symbolic host, port or user names.
-H type, --hw-type type, -t type
When setting or reading the ARP cache, this optional parameter tells arp which class of entries it should check for. The default
value of this parameter is ether (i.e. hardware code 0x01 for IEEE 802.3 10Mbps Ethernet). Other values might include network tech-
nologies such as ARCnet (arcnet) , PROnet (pronet) , AX.25 (ax25) and NET/ROM (netrom).
-a [hostname], --display [hostname]
Shows the entries of the specified hosts. If the hostname parameter is not used, all entries will be displayed. The entries will
be displayed in alternate (BSD) style.
-d hostname, --delete hostname
Remove any entry for the specified host. This can be used if the indicated host is brought down, for example.
-D, --use-device
Use the interface ifa's hardware address.
-e Shows the entries in default (Linux) style.
-i If, --device If
Select an interface. When dumping the ARP cache only entries matching the specified interface will be printed. When setting a perma-
nent or temp ARP entry this interface will be associated with the entry; if this option is not used, the kernel will guess based on
the routing table. For pub entries the specified interface is the interface on which ARP requests will be answered.
NOTE: This has to be different from the interface to which the IP datagrams will be routed.
-s hostname hw_addr, --set hostname
Manually create an ARP address mapping entry for host hostname with hardware address set to hw_addr class, but for most classes one
can assume that the usual presentation can be used. For the Ethernet class, this is 6 bytes in hexadecimal, separated by colons.
When adding proxy arp entries (that is those with the publish flag set a netmask may be specified to proxy arp for entire subnets.
This is not good practice, but is supported by older kernels because it can be useful. If the temp flag is not supplied entries will
be permanent stored into the ARP cache.
NOTE: As of kernel 2.2.0 it is no longer possible to set an ARP entry for an entire subnet. Linux instead does automagic proxy arp
when a route exists and it is forwarding. See arp(7) for details.
-f filename, --file filename
Similar to the -s option, only this time the address info is taken from file filename set up. The name of the data file is very
often /etc/ethers, but this is not official. If no filename is specified /etc/ethers is used as default.
The format of the file is simple; it only contains ASCII text lines with a hostname, and a hardware address separated by whitespace.
Additionally the pub, temp and netmask flags can be used.
In all places where a hostname is expected, one can also enter an IP address in dotted-decimal notation.
As a special case for compatibility the order of the hostname and the hardware address can be exchanged.
Each complete entry in the ARP cache will be marked with the C flag. Permanent entries are marked with M and published entries have the P
flag.
FILES
/proc/net/arp,
/etc/networks
/etc/hosts
/etc/ethers
SEE ALSO
rarp(8), route(8), ifconfig(8), netstat(8)
AUTHORS
Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> with a lot of improvements from net-tools Maintainer Bernd Eckenfels <net-
tools@lina.inka.de>.
net-tools 5 Jan 1999 ARP(8)