[OLSR-users] ICMP Redirects

Bruno Randolf (spam-protected)
Mon Aug 22 16:26:27 CEST 2005 

hi!

i've also seen ICMP redirects, occasionally, even though olsrd said it turned 
them off.

bruno

On Sunday 21 August 2005 22:43, Andreas Tønnesen wrote:
> Maik,
>
> I still don't see why olsrd should not disable redirects on your Linux
> box... olsrd will write messages in the daemon log. The exact file
> system dependent I AFAIK. On debian it is /var/log/daemon.log. Mine
> looks like this after starting and stopping olsrd:
>
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "1" to
> /proc/sys/net/ipv4/ip_forward
> Aug 21 22:39:00 gandalf olsrd[2513]: Could not read APM info - setting
> default willingness(3)
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
> /proc/sys/net/ipv4/conf/eth0/rp_filter
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
> /proc/sys/net/ipv4/conf/eth0/send_redirects
> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth0
> Aug 21 22:39:00 gandalf olsrd[2513]: New main address: 192.168.0.10
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
> /proc/sys/net/ipv4/conf/eth1/rp_filter
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
> /proc/sys/net/ipv4/conf/eth1/send_redirects
> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth1
> Aug 21 22:39:00 gandalf olsrd[2513]: olsr.org - 0.4.10-pre successfully
> started
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
> /proc/sys/net/ipv4/ip_forward to 0
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
> /proc/sys/net/ipv4/conf/eth1/send_redirects to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
> /proc/sys/net/ipv4/conf/eth1/rp_filter to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
> /proc/sys/net/ipv4/conf/eth0/send_redirects to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
> /proc/sys/net/ipv4/conf/eth0/rp_filter to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: olsr.org - 0.4.10-pre stopped
> g
>
>
> Does your log indicate that there was an error disableng redirects?
>
> - Andreas
>
> Andreas Tønnesen wrote:
> > ICMP redirects should under Linux be disabled by the call to
> > disable_redirects from the interface init function in src/unix/ifnet.c
> > I will investigate and fix this when I get back home(I only have access
> > to an old win98 box where I am now ;) )
> >
> > - Andreas
> >
> >>I just observed the same issue under Linux. A quick review of the code
> >>indicates that the redirects are not being disabled under Linux, even
> >>though the code to do so exists... it just isn't ever called (unless I
> >>missed something!) Under Win32, there is a call made to disable
> >>redirects. Apparently, linux will issue a redirect if it forwards a
> >>packet out the same interface on which it was received (which is always
> >>the case with a transit node in a MANET.)
> >>
> >>I turn off the redirects manually under Linux; they add a lot of extra
> >>traffic that otherwise hurts the network. In a MANET, you usually can't
> >>make any assumptions about the reachability of a node from another
> >>node's perspective, and so the redirect is hardly ever (never?) a good
> >>idea. I have a simple script that kills the redirects and starts olsrd
> >>in one shot.
> >>
> >>echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
> >>
> >>Best,
> >>Mike
> >>
> >>>-----Original Message-----
> >>>From: (spam-protected)
> >>>[mailto:(spam-protected)] On Behalf Of Holger Mauermann
> >>>Sent: Sunday, July 03, 2005 9:37 AM
> >>>To: (spam-protected)
> >>>Subject: [OLSR-users] ICMP Redirects
> >>>
> >>>
> >>>Hi,
> >>>
> >>>I just noticed that my nodes still send out ICMP redirects,
> >>>even if it is disabled by olsrd on startup.
> >>>
> >>>cat /proc/sys/net/ipv4/conf/eth1/send_redirects shows 0 on
> >>>all nodes, but tcpdump captures lots of redirects:
> >>>
> >>>15:15:00.068250 IP ...6 > ...1: icmp 177: redirect ...4 to
> >>>host ...4 15:15:00.107527 IP ...6 > ...4: icmp 129: redirect
> >>>...1 to host ...1 15:15:00.934280 IP ...2 > ...7: icmp 89:
> >>>redirect ...1 to host ...1 15:15:04.742682 IP ...2 > ...4:
> >>>icmp 113: redirect ...1 to host ...1
> >>>
> >>>4 can't see 1, so 4 has a route to 1 via 6 and 1 has a route
> >>>to 4 via 6. However, 6 sends back to 1 that it should try 4
> >>>directly and to 4 that it should try 1 directly... Can this
> >>>lead to problems? Should I ignore this or is it better to
> >>>block this ICMP type with the firewall?
> >>>
> >>>
> >>>--
> >>>\-- Holger Mauermann
> >>> \-- (spam-protected)
> >>>  \-- PGP Key Id: 0x8EA8C301
> >>>_______________________________________________
> >>>olsr-users mailing list
> >>>(spam-protected) https://www.olsr.org/mailman/listinfo/olsr-users
> >>
> >>_______________________________________________
> >>olsr-users mailing list
> >>(spam-protected)
> >>https://www.olsr.org/mailman/listinfo/olsr-users
> >
> > ---------
> > Andreas Tønnesen
> > http://www.olsr.org
> > _______________________________________________
> > olsr-users mailing list
> > (spam-protected)
> > https://www.olsr.org/mailman/listinfo/olsr-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20050822/641bc4da/attachment.sig>

More information about the Olsr-users mailing list