Message Of The Day

Wed, 28 Jan 2004

06:18 [zork(~/sam/admin-spotting)] cat hooray-for-hidden-docs.txt

More Teh Lunix

While attempting to hack up a proxy arp daemon thing that would cook my emergency bacon I got frustrated. I was attempting to transcend the ethernet header and examine the arp packet. For some strange reason the only illumination to be gathered from the arp packet was that it was full of NULL bytes. Extreme frustration set in, at which time I thought to myself, "Screw this pony! This thing has to work without stupid userspace tools!"

A more subtle crafting of google search terms lead me to the astonishing revelation: Linux won't answer ARP for an IP on an interface if the routing table says that the packet should be routed back out of that interface! Well of course not! If it did that you could blackhole all sorts of network traffic without even really trying. The solution of course is to make it think that it is routing it elsewhere (in my case the loopback device), and then the iptables can step in and do the right thing.

So the lesson learned here is: if you do strange voodoo with your packets you need to think about non-voodoo things that the OS may be trying to save you from.

[zork(~)] cal
[zork(~)] tree
[zork(~)] cat README