[OLSR-users] ICMP Redirects

Andreas Tønnesen (spam-protected)
Mon Aug 22 17:19:22 CEST 2005



The reason we do not use "all" is that one might
be using devices where olsrd was only supposed
to run on a subset of the interfaces. In such cases
I think it is a bad thing for olsrd to set common
configuration for all interfaces... but perhaps
pr. interface settings are not working in all scenarioes?

Could somebody who is seeing this problem check the
content of the proc file after starting olsrd and
after the ICMP redirects start showing up? Perhaps some
other entity is manipulating the procfiles...

- Andreas


> Hey,
>
> whats missing is here:
>
> echo "0" > /proc/sys/net/ipv4/conf/all/send_redirects
>
> LG, Sven-Ola
>
> ""Andreas Tønnesen"" <(spam-protected)> schrieb im Newsbeitrag
> news:(spam-protected)
>> Maik,
>>
>> I still don't see why olsrd should not disable redirects on your Linux
>> box... olsrd will write messages in the daemon log. The exact file
>> system dependent I AFAIK. On debian it is /var/log/daemon.log. Mine
>> looks like this after starting and stopping olsrd:
>>
>> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "1" to
>> /proc/sys/net/ipv4/ip_forward
>> Aug 21 22:39:00 gandalf olsrd[2513]: Could not read APM info - setting
>> default willingness(3)
>> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
>> /proc/sys/net/ipv4/conf/eth0/rp_filter
>> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
>> /proc/sys/net/ipv4/conf/eth0/send_redirects
>> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth0
>> Aug 21 22:39:00 gandalf olsrd[2513]: New main address: 192.168.0.10
>> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
>> /proc/sys/net/ipv4/conf/eth1/rp_filter
>> Aug 21 22:39:00 gandalf olsrd[2513]: Writing "0" to
>> /proc/sys/net/ipv4/conf/eth1/send_redirects
>> Aug 21 22:39:00 gandalf olsrd[2513]: Adding interface eth1
>> Aug 21 22:39:00 gandalf olsrd[2513]: olsr.org - 0.4.10-pre successfully
>> started
>> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
>> /proc/sys/net/ipv4/ip_forward to 0
>> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
>> /proc/sys/net/ipv4/conf/eth1/send_redirects to 1
>> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
>> /proc/sys/net/ipv4/conf/eth1/rp_filter to 1
>> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
>> /proc/sys/net/ipv4/conf/eth0/send_redirects to 1
>> Aug 21 22:39:01 gandalf olsrd[2513]: Resetting
>> /proc/sys/net/ipv4/conf/eth0/rp_filter to 1
>> Aug 21 22:39:01 gandalf olsrd[2513]: olsr.org - 0.4.10-pre stopped
>> g
>>
>>
>> Does your log indicate that there was an error disableng redirects?
>>
>> - Andreas
>>
>>
>> Andreas Tønnesen wrote:
>>> ICMP redirects should under Linux be disabled by the call to
>>> disable_redirects from the interface init function in src/unix/ifnet.c
>>> I will investigate and fix this when I get back home(I only have access
>>> to
>>> an old win98 box where I am now ;) )
>>>
>>> - Andreas
>>>
>>>
>>>>I just observed the same issue under Linux. A quick review of the code
>>>>indicates that the redirects are not being disabled under Linux, even
>>>>though the code to do so exists... it just isn't ever called (unless I
>>>>missed something!) Under Win32, there is a call made to disable
>>>>redirects. Apparently, linux will issue a redirect if it forwards a
>>>>packet out the same interface on which it was received (which is always
>>>>the case with a transit node in a MANET.)
>>>>
>>>>I turn off the redirects manually under Linux; they add a lot of extra
>>>>traffic that otherwise hurts the network. In a MANET, you usually can't
>>>>make any assumptions about the reachability of a node from another
>>>>node's perspective, and so the redirect is hardly ever (never?) a good
>>>>idea. I have a simple script that kills the redirects and starts olsrd
>>>>in one shot.
>>>>
>>>>echo 0 > /proc/sys/net/ipv4/conf/eth1/send_redirects
>>>>
>>>>Best,
>>>>Mike
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: (spam-protected)
>>>>>[mailto:(spam-protected)] On Behalf Of Holger Mauermann
>>>>>Sent: Sunday, July 03, 2005 9:37 AM
>>>>>To: (spam-protected)
>>>>>Subject: [OLSR-users] ICMP Redirects
>>>>>
>>>>>
>>>>>Hi,
>>>>>
>>>>>I just noticed that my nodes still send out ICMP redirects,
>>>>>even if it is disabled by olsrd on startup.
>>>>>
>>>>>cat /proc/sys/net/ipv4/conf/eth1/send_redirects shows 0 on
>>>>>all nodes, but tcpdump captures lots of redirects:
>>>>>
>>>>>15:15:00.068250 IP ...6 > ...1: icmp 177: redirect ...4 to
>>>>>host ...4 15:15:00.107527 IP ...6 > ...4: icmp 129: redirect
>>>>>...1 to host ...1 15:15:00.934280 IP ...2 > ...7: icmp 89:
>>>>>redirect ...1 to host ...1 15:15:04.742682 IP ...2 > ...4:
>>>>>icmp 113: redirect ...1 to host ...1
>>>>>
>>>>>4 can't see 1, so 4 has a route to 1 via 6 and 1 has a route
>>>>>to 4 via 6. However, 6 sends back to 1 that it should try 4
>>>>>directly and to 4 that it should try 1 directly... Can this
>>>>>lead to problems? Should I ignore this or is it better to
>>>>>block this ICMP type with the firewall?
>>>>>
>>>>>
>>>>>--
>>>>>\-- Holger Mauermann
>>>>> \-- (spam-protected)
>>>>>  \-- PGP Key Id: 0x8EA8C301
>>>>>_______________________________________________
>>>>>olsr-users mailing list
>>>>>(spam-protected) https://www.olsr.org/mailman/listinfo/olsr-users
>>>>>
>>>>
>>>>_______________________________________________
>>>>olsr-users mailing list
>>>>(spam-protected)
>>>>https://www.olsr.org/mailman/listinfo/olsr-users
>>>>
>>>
>>>
>>>
>>> ---------
>>> Andreas Tønnesen
>>> http://www.olsr.org
>>> _______________________________________________
>>> olsr-users mailing list
>>> (spam-protected)
>>> https://www.olsr.org/mailman/listinfo/olsr-users
>>
>> --
>> Andreas Tønnesen
>> http://www.olsr.org
>> _______________________________________________
>> olsr-users mailing list
>> (spam-protected)
>> https://www.olsr.org/mailman/listinfo/olsr-users
>
> _______________________________________________
> olsr-users mailing list
> (spam-protected)
> https://www.olsr.org/mailman/listinfo/olsr-users
>


---------
Andreas Tønnesen
http://www.olsr.org



More information about the Olsr-users mailing list