1

Is it possible to answer ARP requests in user mode instead of inside the kernel? I can create a ETH_P_ARP socket but not sure if I can completely replace the kernel strategy at this level.

kasperd
  • 30,455
  • 17
  • 76
  • 124
Kroma
  • 113
  • 2
  • 1
    If I am not mistaken, you would need to replace the driver for the network device. The existing kernel-space network driver will almost certainly take precedence over a user-space implementation. – zymhan Dec 14 '18 at 16:52

1 Answers1

3

You can definitely create a socket and use it to respond to ARP requests. That however won't stop the kernel from responding to them.

There are ways to stop the kernel from responding to ARP requests. The simplest and in many cases the best solution is for your program to simply use a different IP address. If the kernel doesn't recognize the IP address it won't respond to ARP requests for it. This method is one I have used myself for implementing a user mode NAT64.

Another way to stop the kernel from responding to ARP requests is through arptables rules.

kasperd
  • 30,455
  • 17
  • 76
  • 124
  • Nice, could you elaborate a bit on the ip change part? – Kroma Dec 14 '18 at 18:53
  • 1
    @Kroma If you want a program to not only respond to ARP packets but also handle the IP packets it can be appropriate to have that program and the kernel use two different IP addresses. When a packet is sent to the IP address of the kernel, then the kernel will respond to ARP as usual. When a packet is sent to the IP address of the program, that program will respond and the kernel will completely ignore those packets. – kasperd Dec 14 '18 at 18:59