Professional Web Applications Themes

route entries after ICMP redirect - FreeBSD

I've got some problem with route entries that was created after ICMP redirect messages. They are never expired. Our default gateway (it's a HP switch) send ICMP redirect messages if it see a short path to destination. It's makes it not so overloaded. But pathes sometime changed. There is no problem with Windows workstations, they are rebooted daily. But my FreeBSD boxes hold dinamic route entries forever. I've looked through RFCs and Stevens' books and found no answer on what TTL for this entries. Now I just add route flush as cron job. But may be there is another way? ...

  1. #1

    Default route entries after ICMP redirect

    I've got some problem with route entries that was created after ICMP
    redirect messages. They are never expired.

    Our default gateway (it's a HP switch) send ICMP redirect messages if it
    see a short path to destination. It's makes it not so overloaded. But
    pathes sometime changed. There is no problem with Windows workstations,
    they are rebooted daily. But my FreeBSD boxes hold dinamic route entries
    forever.

    I've looked through RFCs and Stevens' books and found no answer on what
    TTL for this entries.
    Now I just add route flush as cron job. But may be there is another way?

    --
    Sem.
    Sergey Guest

  2. #2

    Default Re: route entries after ICMP redirect

    Sergey Matveychuk wrote: 


    Quoting this http://www.bsdbooks.net/shells/sysctl.html,

    The third concept that we want to strengthen our box
    against is redirects. In a well-designed network,
    redirects to the end stations should not be required.
    Both the sending and accepting of redirects should be
    disabled. Again to achieve this first run the command
    and then add to /etc/rc.conf:

    #sysctl -w net.inet.icmp.drop_redirect=1
    #sysctl -w net.inet.icmp.log_redirect=1
    #sysctl -w net.inet.ip.redirect=0
    #sysctl -w net.inet6.ip6.redirect=0


    Best wishes,
    Andrew P.
    Andrew Guest

  3. #3

    Default Re: route entries after ICMP redirect

    At Sun, 10 Apr 2005 15:14:59 +0400,
    Sergey Matveychuk wrote: 

    Routes set through the redirect path do not have a timeout associated
    with them. The redirect message usually implies an error in the
    network setup of your machines which would have to be handled by a
    human being changing the configuration.

    If you want to handle this in a more clever way than a cron job you
    could write a small daemon which reads routing messages and does "the
    right thing" for whatever your situation is.

    Later,
    George

    gnn@freebsd.org Guest

  4. #4

    Default Re: route entries after ICMP redirect

    org wrote:
     

    I've explore a code and found I can do quite easy addition for dynamic
    routes - fill an expire field, check it periodicaly and remove expired
    entries (just like for arp entries).

    I think to do a sysctl variable for indication what time will set as
    expire values and set it to zero by default (no expires).

    --
    Sem.
    Sergey Guest

  5. #5

    Default Re: route entries after ICMP redirect

    Sergey Matveychuk wrote: 

    This has been fixed in CVS in MAIN (rev. 1.52) and MFC'ed to RELENG_4
    (rev. 1.37.2.5) and RELENG_5 (rev. 1.51.4.2) a couple of weeks ago:

    http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_rmx.c

    So either syncing to one of these branches or applying the relevant
    patch manually to your kernel sources ought to solve the problem.

    Uwe
    --
    Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
    org | http://www.escapebox.net
    Uwe Guest

  6. #6

    Default Re: route entries after ICMP redirect

    Uwe Doering wrote:
     

    Oh, thank you!
    And thanks to ru!

    --
    Sem.
    Sergey Guest

Similar Threads

  1. Traceroute UDP or ICMP?
    By morenuf in forum Mac Networking
    Replies: 1
    Last Post: September 10th, 01:35 AM
  2. ICMP messages
    By Josh in forum UNIX Programming
    Replies: 2
    Last Post: August 25th, 06:04 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139