<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><br><div>Dear Sir,<br><div dir="ltr"><br>> Step 1: When making security decisions, you probably don't need a list<br>> of *all* neighbors - you only need an answer to "is *this* neighbor known or<br>> not". And that would be a different API.<br><br>If I am to get the information of known neighbors, which API should use in my kernel module. I searched this on Google for hours and that did not do any good. I am a novice at this, a reference/ example would be really great to point me in the right direction.<br><br>Thank you very much sir,<br><br>Best Regards,<br>H. Hasitha Shan<br><br>P.S. Thank you Mr. Valdis for pointing me that I should always reply beck to the kernennewbies mailing list. <br><br><div>> To: hh_shan@live.com<br>> CC: kernelnewbies@kernelnewbies.org<br>> Subject: Re: Identifying neighbors within the LAN<br>> From: Valdis.Kletnieks@vt.edu<br>> Date: Sat, 3 May 2014 19:10:18 -0400<br>> <br>> On Sat, 03 May 2014 11:01:19 -0700, Hettiarachchige Hasitha Shan said:<br>> <br>> > In the concept, it is required to obtain the list of neighbors within the<br>> > LAN. I did some research online and I found out that I can obtain IPv4/ IPv6<br>> > neighbors by typing<br>> > in "ip -4 neigh show" or "ip -6 neigh show" in the terminal where this<br>> > feature is implemented by the module neighbour.<br>> ><br>> > My query is , If I am to obtain these information programatically through<br>> > my kernel module, which methods should I call.<br>> <br>> Step 0: Figure out why a packet security module even *cares* what neighbors<br>> are known. Why do you care if a neighbor is known or not? First, figure out<br>> under what conditions a neighbor becomes known. What security decisions are you<br>> planning to make based on "IPv4 address is in ARP table"? Whether an address<br>> is in the ARP table is orthogonal to whether you should trust the host or not.<br>> A trusted host can fail to be in the neighbor table simply because the ARP<br>> entry has aged out. Or an untrusted host can be *in* your ARP table....)<br>> <br>> Step 1: When making security decisions, you probably don't need a list<br>> of *all* neighbors - you only need an answer to "is *this* neighbor known or<br>> not". And that would be a different API.<br>> <br>> (For bonus points, consider the case of a trusted host that has a longer<br>> ARP table timeout than yours - then you can receive a packet from the host<br>> without them ARP'ing for you first, but you still don't have a ARP entry<br>> for them.<br></div> </div></div> </div></body>
</html>