[OLSR-users] ICMP Redirects

Andreas Tønnesen (spam-protected)
Fri Aug 19 23:09:01 CEST 2005


ICMP redirects should under Linux be disabled by the call to
disable_redirects from the interface init function in src/unix/ifnet.c
I will investigate and fix this when I get back home(I only have access to
an old win98 box where I am now ;) )

- Andreas

> I just observed the same issue under Linux. A quick review of the code
> indicates that the redirects are not being disabled under Linux, even
> though the code to do so exists... it just isn't ever called (unless I
> missed something!) Under Win32, there is a call made to disable
> redirects. Apparently, linux will issue a redirect if it forwards a
> packet out the same interface on which it was received (which is always
> the case with a transit node in a MANET.)
>
> I turn off the redirects manually under Linux; they add a lot of extra
> traffic that otherwise hurts the network. In a MANET, you usually can't
> make any assumptions about the reachability of a node from another
> node's perspective, and so the redirect is hardly ever (never?) a good
> idea. I have a simple script that kills the redirects and starts olsrd
> in one shot.
>
> echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
>
> Best,
> Mike
>
>
>> -----Original Message-----
>> From: (spam-protected)
>> [mailto:(spam-protected)] On Behalf Of Holger Mauermann
>> Sent: Sunday, July 03, 2005 9:37 AM
>> To: (spam-protected)
>> Subject: [OLSR-users] ICMP Redirects
>>
>>
>> Hi,
>>
>> I just noticed that my nodes still send out ICMP redirects,
>> even if it is disabled by olsrd on startup.
>>
>> cat /proc/sys/net/ipv4/conf/eth1/send_redirects shows 0 on
>> all nodes, but tcpdump captures lots of redirects:
>>
>> 15:15:00.068250 IP ...6 > ...1: icmp 177: redirect ...4 to
>> host ...4 15:15:00.107527 IP ...6 > ...4: icmp 129: redirect
>> ...1 to host ...1 15:15:00.934280 IP ...2 > ...7: icmp 89:
>> redirect ...1 to host ...1 15:15:04.742682 IP ...2 > ...4:
>> icmp 113: redirect ...1 to host ...1
>>
>> 4 can't see 1, so 4 has a route to 1 via 6 and 1 has a route
>> to 4 via 6. However, 6 sends back to 1 that it should try 4
>> directly and to 4 that it should try 1 directly... Can this
>> lead to problems? Should I ignore this or is it better to
>> block this ICMP type with the firewall?
>>
>>
>> --
>> \-- Holger Mauermann
>>  \-- (spam-protected)
>>   \-- PGP Key Id: 0x8EA8C301
>> _______________________________________________
>> olsr-users mailing list
>> (spam-protected) https://www.olsr.org/mailman/listinfo/olsr-users
>>
> _______________________________________________
> olsr-users mailing list
> (spam-protected)
> https://www.olsr.org/mailman/listinfo/olsr-users
>


---------
Andreas Tønnesen
http://www.olsr.org



More information about the Olsr-users mailing list