From owner-freebsd-security  Thu Dec  6 12:59:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com [135.207.30.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0BA6937B405; Thu,  6 Dec 2001 12:59:41 -0800 (PST)
Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26])
	by mail-green.research.att.com (Postfix) with ESMTP
	id 7E1EF1E07C; Thu,  6 Dec 2001 15:59:40 -0500 (EST)
Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46])
	by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id PAA27865;
	Thu, 6 Dec 2001 15:59:39 -0500 (EST)
From: Bill Fenner <fenner@research.att.com>
Received: (from fenner@localhost)
	by windsor.research.att.com (8.8.8+Sun/8.8.5) id MAA02282;
	Thu, 6 Dec 2001 12:59:39 -0800 (PST)
Message-Id: <200112062059.MAA02282@windsor.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: cjclark@alum.mit.edu
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Cc: net@freebsd.org, security@freebsd.org
References:  <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org>
Date: Thu, 6 Dec 2001 12:59:39 -0800
Versions: dmail (solaris) 2.2j/makemail 2.9b
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Garrett and I discussed what IFF_NOARP should mean about 4-5 years
ago; we decided that it probably menat "no ARP".  We discussed
the idea of seperating it out into two flags; "Don't reply to ARP"
and "don't pay attention to ARP" but decided to wait and see what
people thought.  4-5 years is probably enough time to wait =)

My proposal: keep IFF_NOARP, but add IFF_NOSENDARP and IFF_NOREPLYARP
(or something, I'm no good at making up names).  I agree with Louie
that it makes sense for these to be per-interface as opposed to
Ruslan's sysctl.

  Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message