From owner-freebsd-net@FreeBSD.ORG Tue Mar 20 22:48:00 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E392216A402 for ; Tue, 20 Mar 2007 22:48:00 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id CD3F713C483 for ; Tue, 20 Mar 2007 22:48:00 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay8.apple.com (a17-128-113-38.apple.com [17.128.113.38]) by mail-out4.apple.com (8.13.8/8.13.8) with ESMTP id l2KMm09A004931; Tue, 20 Mar 2007 15:48:00 -0700 (PDT) Received: from relay8.apple.com (unknown [127.0.0.1]) by relay8.apple.com (Symantec Mail Security) with ESMTP id 77232404FD; Tue, 20 Mar 2007 15:48:00 -0700 (PDT) X-AuditID: 11807126-b0f3abb000004946-de-460064a07d0a Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay8.apple.com (Apple SCV relay) with ESMTP id 68407404F2; Tue, 20 Mar 2007 15:48:00 -0700 (PDT) In-Reply-To: <460060A8.1080109@ide.resurscentrum.se> References: <460060A8.1080109@ide.resurscentrum.se> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <65531A6A-7178-48A1-97D0-9DCB4F72E315@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Tue, 20 Mar 2007 15:47:59 -0700 To: Jon Otterholm X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-net@freebsd.org Subject: Re: ICMP-floods X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Mar 2007 22:48:01 -0000 On Mar 20, 2007, at 3:31 PM, Jon Otterholm wrote: > Basically I have a admin-net where all routers and switches are > connected. On this net I have a nagios-machine for surveillance > (running > FreeBSD). Sometimes when my Nagios sends icmp-echo-replies to > equipment > on my admin-net my FreeBSD-routers replies with a icmp-redirect (even > though the echo-reply is not destined for the routers). This > wouldn't be > a problem if the routers would just send a single icmp-redirect, the > problem is that they (sometimes more than one) send out about > 15000 of > them in reply to a single echo. > > All FreeBSD-machines are 6.2-RELEASE > > When setting net.inet.ip.redirect=0 on my routers, the icmp-redirects > disappear, but instead I get a large amount of ICMP-time-exceed > from my > routers. The information you've provided strongly suggests either problems with the netmasks being used, or a routing loop, or some combination of both. ICMP time-exceeded messages happen when the packets have been shuffled around, decrementing the TTL at each hop, until it reaches zero. ICMP redirects happen when a machine sends traffic to a router where the router knows that the sending machine can reach the intended destination more directly via some other path. -- -Chuck