Re: [libvirt] [PATCH 2/9] add DHCP snooping support to nwfilter
Stefan Berger <stefanb(a)linux.vnet.ibm.com> wrote on 05/23/2011 01:09:51
PM:
For the other ARP requests I am not sure whether the VM needs to see
all
of them. If a VM sees an ARP request on an interface not directed for
any of its IP addresses, why deliver the request at all? The VM cannot
respond to it. Since we are filtering on ARP we may just as well drop it
which likely saves a few processing cycles in the whole system. So I
wouldn't remove the filtering.
No, the point is to update cached entries. If some some other
machine does an ARP request or reply (either) that updates an entry
in our ARP cache, we are supposed to do that. From RFC 826:
...
If the pair <protocol type, sender protocol address> is
already in my translation table, update the sender
hardware address filed of the entry with the new
information in the packet and set Merge_flag to true.
?Am I the target protocol address?
See, it updates the cache before even checking if we are the target.
+-DLS