[OLSR-users] ICMP Redirects

Sven-Ola Tuecke (spam-protected)
Mon Aug 22 16:40:25 CEST 2005


Hey,

whats missing is here:

echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects

LG, Sven-Ola

""Andreas Tønnesen"" <(spam-protected)> schrieb im Newsbeitrag 
news:(spam-protected)
> Maik,
>
> I still don't see why olsrd should not disable redirects on your Linux
> box... olsrd will write messages in the daemon log. The exact file
> system dependent I AFAIK. On debian it is /var/log/daemon.log. Mine
> looks like this after starting and stopping olsrd:
>
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "1" to 
> /proc/sys/net/ipv4/ip_forward
> Aug 21 22:39:00 gandalf olsrd[2513]: Could not read APM info - setting 
> default willingness(3)
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to 
> /proc/sys/net/ipv4/conf/eth0/rp_filter
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to 
> /proc/sys/net/ipv4/conf/eth0/send_redirects
> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth0
> Aug 21 22:39:00 gandalf olsrd[2513]: New main address: 192.168.0.10
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to 
> /proc/sys/net/ipv4/conf/eth1/rp_filter
> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to 
> /proc/sys/net/ipv4/conf/eth1/send_redirects
> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth1
> Aug 21 22:39:00 gandalf olsrd[2513]: olsr.org - 0.4.10-pre successfully 
> started
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting 
> /proc/sys/net/ipv4/ip_forward to 0
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting 
> /proc/sys/net/ipv4/conf/eth1/send_redirects to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting 
> /proc/sys/net/ipv4/conf/eth1/rp_filter to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting 
> /proc/sys/net/ipv4/conf/eth0/send_redirects to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting 
> /proc/sys/net/ipv4/conf/eth0/rp_filter to 1
> Aug 21 22:39:01 gandalf olsrd[2513]: olsr.org - 0.4.10-pre stopped
> g
>
>
> Does your log indicate that there was an error disableng redirects?
>
> - Andreas
>
>
> Andreas Tønnesen wrote:
>> ICMP redirects should under Linux be disabled by the call to
>> disable_redirects from the interface init function in src/unix/ifnet.c
>> I will investigate and fix this when I get back home(I only have access 
>> to
>> an old win98 box where I am now ;) )
>>
>> - Andreas
>>
>>
>>>I just observed the same issue under Linux. A quick review of the code
>>>indicates that the redirects are not being disabled under Linux, even
>>>though the code to do so exists... it just isn't ever called (unless I
>>>missed something!) Under Win32, there is a call made to disable
>>>redirects. Apparently, linux will issue a redirect if it forwards a
>>>packet out the same interface on which it was received (which is always
>>>the case with a transit node in a MANET.)
>>>
>>>I turn off the redirects manually under Linux; they add a lot of extra
>>>traffic that otherwise hurts the network. In a MANET, you usually can't
>>>make any assumptions about the reachability of a node from another
>>>node's perspective, and so the redirect is hardly ever (never?) a good
>>>idea. I have a simple script that kills the redirects and starts olsrd
>>>in one shot.
>>>
>>>echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
>>>
>>>Best,
>>>Mike
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: (spam-protected)
>>>>[mailto:(spam-protected)] On Behalf Of Holger Mauermann
>>>>Sent: Sunday, July 03, 2005 9:37 AM
>>>>To: (spam-protected)
>>>>Subject: [OLSR-users] ICMP Redirects
>>>>
>>>>
>>>>Hi,
>>>>
>>>>I just noticed that my nodes still send out ICMP redirects,
>>>>even if it is disabled by olsrd on startup.
>>>>
>>>>cat /proc/sys/net/ipv4/conf/eth1/send_redirects shows 0 on
>>>>all nodes, but tcpdump captures lots of redirects:
>>>>
>>>>15:15:00.068250 IP ...6 > ...1: icmp 177: redirect ...4 to
>>>>host ...4 15:15:00.107527 IP ...6 > ...4: icmp 129: redirect
>>>>...1 to host ...1 15:15:00.934280 IP ...2 > ...7: icmp 89:
>>>>redirect ...1 to host ...1 15:15:04.742682 IP ...2 > ...4:
>>>>icmp 113: redirect ...1 to host ...1
>>>>
>>>>4 can't see 1, so 4 has a route to 1 via 6 and 1 has a route
>>>>to 4 via 6. However, 6 sends back to 1 that it should try 4
>>>>directly and to 4 that it should try 1 directly... Can this
>>>>lead to problems? Should I ignore this or is it better to
>>>>block this ICMP type with the firewall?
>>>>
>>>>
>>>>--
>>>>\-- Holger Mauermann
>>>> \-- (spam-protected)
>>>>  \-- PGP Key Id: 0x8EA8C301
>>>>_______________________________________________
>>>>olsr-users mailing list
>>>>(spam-protected) https://www.olsr.org/mailman/listinfo/olsr-users
>>>>
>>>
>>>_______________________________________________
>>>olsr-users mailing list
>>>(spam-protected)
>>>https://www.olsr.org/mailman/listinfo/olsr-users
>>>
>>
>>
>>
>> ---------
>> Andreas Tønnesen
>> http://www.olsr.org
>> _______________________________________________
>> olsr-users mailing list
>> (spam-protected)
>> https://www.olsr.org/mailman/listinfo/olsr-users
>
> -- 
> Andreas Tønnesen
> http://www.olsr.org
> _______________________________________________
> olsr-users mailing list
> (spam-protected)
> https://www.olsr.org/mailman/listinfo/olsr-users 




More information about the Olsr-users mailing list