Date: Tue, 20 Mar 2007 23:31:04 +0100 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: freebsd-net@freebsd.org Subject: ICMP-floods Message-ID: <460060A8.1080109@ide.resurscentrum.se>
next in thread | raw e-mail | index | archive | help
Hi. I have some strange netproblems where my FreeBSD-routers sends icmp-redirects/time-exceeds to my surveillance machine. Basically I have a admin-net where all routers and switches are connected. On this net I have a nagios-machine for surveillance (running FreeBSD). Sometimes when my Nagios sends icmp-echo-replies to equipment on my admin-net my FreeBSD-routers replies with a icmp-redirect (even though the echo-reply is not destined for the routers). This wouldn't be a problem if the routers would just send a single icmp-redirect, the problem is that they (sometimes more than one) send out about 15000 of them in reply to a single echo. All FreeBSD-machines are 6.2-RELEASE When setting net.inet.ip.redirect=0 on my routers, the icmp-redirects disappear, but instead I get a large amount of ICMP-time-exceed from my routers. The following is a output from tcpdump on my surveillance-machine: 23:03:54.024417 IP 192.168.1.54 > 192.168.1.59: ICMP echo request, id 122, seq 0, length 64 23:03:54.024716 IP 192.168.1.54 > 192.168.1.59: ICMP echo request, id 122, seq 0, length 64 23:03:54.024768 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.024925 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.025433 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.025653 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.025818 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.025967 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.026118 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.026372 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.026708 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.027085 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.027362 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.027746 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.028105 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.028467 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.028832 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.029202 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.029567 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 23:03:54.029929 IP 192.168.1.59 > 192.168.1.54: ICMP echo reply, id 122, seq 0, length 64 and here 192.168.1.59 replies with the same id for about 3300 lines, after that comes: 23:03:54.251379 IP 192.168.1.68 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251394 IP 192.168.1.56 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251398 IP 192.168.1.67 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251401 IP 192.168.1.56 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251417 IP 192.168.1.68 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251421 IP 192.168.1.68 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251426 IP 192.168.1.56 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251441 IP 192.168.1.56 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251445 IP 192.168.1.67 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251460 IP 192.168.1.68 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251465 IP 192.168.1.56 > 192.168.1.54: ICMP time exceeded in-transit, length 36 23:03:54.251468 IP 192.168.1.68 > 192.168.1.54: ICMP time exceeded in-transit, length 36 for about 3300 lines. This is my routers answering. 192.168.41.54 is a HP420 WLAN-AP. I get the same behavior from other equipment on my admin-lan including FreeBSD-machines. If someone could give me a hint to where to start debugging I would be grateful. //Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?460060A8.1080109>