[OLSR-users] ICMP Redirects
Andreas Tønnesen
(spam-protected)
Sun Aug 21 22:43:19 CEST 2005
Maik,
I still don't see why olsrd should not disable redirects on your Linux
box... olsrd will write messages in the daemon log. The exact file
system dependent I AFAIK. On debian it is /var/log/daemon.log. Mine
looks like this after starting and stopping olsrd:
Aug 21 22:39:00 gandalf olsrd[2513]: Writing "1" to
/proc/sys/net/ipv4/ip_forward
Aug 21 22:39:00 gandalf olsrd[2513]: Could not read APM info - setting
default willingness(3)
Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
/proc/sys/net/ipv4/conf/eth0/rp_filter
Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
/proc/sys/net/ipv4/conf/eth0/send_redirects
Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth0
Aug 21 22:39:00 gandalf olsrd[2513]: New main address: 192.168.0.10
Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
/proc/sys/net/ipv4/conf/eth1/rp_filter
Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
/proc/sys/net/ipv4/conf/eth1/send_redirects
Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth1
Aug 21 22:39:00 gandalf olsrd[2513]: olsr.org - 0.4.10-pre successfully
started
Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
/proc/sys/net/ipv4/ip_forward to 0
Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
/proc/sys/net/ipv4/conf/eth1/send_redirects to 1
Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
/proc/sys/net/ipv4/conf/eth1/rp_filter to 1
Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
/proc/sys/net/ipv4/conf/eth0/send_redirects to 1
Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
/proc/sys/net/ipv4/conf/eth0/rp_filter to 1
Aug 21 22:39:01 gandalf olsrd[2513]: olsr.org - 0.4.10-pre stopped
g
Does your log indicate that there was an error disableng redirects?
- Andreas
Andreas Tønnesen wrote:
> ICMP redirects should under Linux be disabled by the call to
> disable_redirects from the interface init function in src/unix/ifnet.c
> I will investigate and fix this when I get back home(I only have access to
> an old win98 box where I am now ;) )
>
> - Andreas
>
>
>>I just observed the same issue under Linux. A quick review of the code
>>indicates that the redirects are not being disabled under Linux, even
>>though the code to do so exists... it just isn't ever called (unless I
>>missed something!) Under Win32, there is a call made to disable
>>redirects. Apparently, linux will issue a redirect if it forwards a
>>packet out the same interface on which it was received (which is always
>>the case with a transit node in a MANET.)
>>
>>I turn off the redirects manually under Linux; they add a lot of extra
>>traffic that otherwise hurts the network. In a MANET, you usually can't
>>make any assumptions about the reachability of a node from another
>>node's perspective, and so the redirect is hardly ever (never?) a good
>>idea. I have a simple script that kills the redirects and starts olsrd
>>in one shot.
>>
>>echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
>>
>>Best,
>>Mike
>>
>>
>>
>>>-----Original Message-----
>>>From: (spam-protected)
>>>[mailto:(spam-protected)] On Behalf Of Holger Mauermann
>>>Sent: Sunday, July 03, 2005 9:37 AM
>>>To: (spam-protected)
>>>Subject: [OLSR-users] ICMP Redirects
>>>
>>>
>>>Hi,
>>>
>>>I just noticed that my nodes still send out ICMP redirects,
>>>even if it is disabled by olsrd on startup.
>>>
>>>cat /proc/sys/net/ipv4/conf/eth1/send_redirects shows 0 on
>>>all nodes, but tcpdump captures lots of redirects:
>>>
>>>15:15:00.068250 IP ...6 > ...1: icmp 177: redirect ...4 to
>>>host ...4 15:15:00.107527 IP ...6 > ...4: icmp 129: redirect
>>>...1 to host ...1 15:15:00.934280 IP ...2 > ...7: icmp 89:
>>>redirect ...1 to host ...1 15:15:04.742682 IP ...2 > ...4:
>>>icmp 113: redirect ...1 to host ...1
>>>
>>>4 can't see 1, so 4 has a route to 1 via 6 and 1 has a route
>>>to 4 via 6. However, 6 sends back to 1 that it should try 4
>>>directly and to 4 that it should try 1 directly... Can this
>>>lead to problems? Should I ignore this or is it better to
>>>block this ICMP type with the firewall?
>>>
>>>
>>>--
>>>\-- Holger Mauermann
>>> \-- (spam-protected)
>>> \-- PGP Key Id: 0x8EA8C301
>>>_______________________________________________
>>>olsr-users mailing list
>>>(spam-protected) https://www.olsr.org/mailman/listinfo/olsr-users
>>>
>>
>>_______________________________________________
>>olsr-users mailing list
>>(spam-protected)
>>https://www.olsr.org/mailman/listinfo/olsr-users
>>
>
>
>
> ---------
> Andreas Tønnesen
> http://www.olsr.org
> _______________________________________________
> olsr-users mailing list
> (spam-protected)
> https://www.olsr.org/mailman/listinfo/olsr-users
--
Andreas Tønnesen
http://www.olsr.org
More information about the Olsr-users
mailing list