Date: Tue, 28 Sep 1999 17:52:31 -0700 (PDT) From: Tom <tom@uniserve.com> To: Gregory Bond <gnb@itga.com.au> Cc: stable@freebsd.org Subject: Re: ICMP REDIRECTs Message-ID: <Pine.BSF.4.02A.9909281745420.14543-100000@shell.uniserve.ca> In-Reply-To: <199909290034.KAA19147@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Sep 1999, Gregory Bond wrote: > Hi. We have two routers on our local net. Only one is our default, of course. > When I ping a host that is via the other route, I get 2 ICMP REDIRECTs (one for > the specific host, one for the net) for every outgoing ping packet. > > I.e. i'm getting redirects for the second ... nth packets. I kind-of assumed > the first redirect would update the local routing tables so that subsequent > pings would go direct to the correct gateway. And "netstat -r" does show a > _host_ entry, but not a _net_ entry. And another ping to the same host will go > to the correct gateway, but a ping to another host on the same remote net will > also elicit 2 REDIRECTS per packet, and install a host route. > > I am surprised by 2 elements of this behaviour: > - the REDIRECT doesn't affect the route chosen by the current ping process > - only the HOST_REDIRECT gets installed in the routing table > > Is this the expected behaviour? Well, remember that ICMP redirects are just bandages to cover routing problems. No one really should be routing that way. ICMP redirects are easily spoofed, so many systems ignore them. Otherwise they risk having their connectivity being disconnected on whim. Also, many systems no longer send ICMP redirects because some people actually want to pass traffic through an intervening system! I don't know how FreeBSD ships these days, but I suggest that it should ship with ignore ICMP redirects as the default. I find it very odd that your router is sending two redirects per packet. A host and network redirect sounds very scary. Good thing your box is ignoring the ICMP network redirect, otherwise I could hose your network so quickly. How quickly do routes added by ICMP redirect expire? :) Why not just add a route on your workstation/server, or enable a routing protocol? RIPv2 is simple, and offer authentication too. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9909281745420.14543-100000>