current-users: ICMP redirects question

Subject: ICMP redirects question
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Peter Galbavy <peter@wonderland.org>
List: current-users
Date: 04/13/1994 23:57:57
Hi all,

I just want to ask the list about some odd stuff with ICMP redirects...
Since it may be a real problem, as oposed to my misunderstanding, it may
be a NetBSD issue. I would appreciate some help in any case.

I have 3 hosts running NetBSD, and I am bridged on to the Internet, using
one of the hosts (dumpty) as a router:

	+-------+	+--------+	+--------+
	| alice	|	| humpty |	| dumpty |
	+-------+	+--------+	+--------+
	    |		     |		     |		  +-------+
	    +----------------+---------------+------------| bridge... the net
							  +-------+

Now, the addresses here are:

	alice	193.195.141.1
	humpty	193.195.141.2
	dumpty	193.195.141.3 *and* 158.152.1.249

	158.152.1.* is one of demon.co.uk's subnets (my service provider and
	employter :-)

Using the wonderful "ifconfig alias" feature, dumpty is multi-homed
with *one* ethernet interface.

Packets I send from either alice or humpty are quite happily routed,
and no problems. *BUT* if a host on 158.152.1.0 sent anything, it
gets sent a redirect from an over helpful dumpty send a redirect...

[tcpdump says]
23:36:27.451057 dumpty.wonderland.org > humpty.wonderland.org:
icmp: redirect dis.demon.co.uk to host dis.demon.co.uk [tos 0x10]

(dis.demon.co.uk is on 158.152.1)

This is all because dumpty sees the packet go out on the same
interface it came in on. This, in turn, seems to be caused by the
fact that the interface is mutli-homed. And this, of course, only
occurs for hosts in the particular demon.co.uk subnet.

According to Stevens' TCP/IP Illustrated V1, a 4.4BSD based host
(this only gives the rules for 4.4) will send a redirect in this
case, *but* then the receiving host checks if the new router is on
a directly connected network (which it is physically maybe, but
not logically) and does not modify its tables.

Should the ip_forward stuff be "enhanced" to apply the rule only
if the packet being forwarded is *not* completely in the group of
addresses for that interface ? This would make sense for a router.
Or have I read all the books wrong ? Esp Stevens'.

(cc'ed W. R. Stevens - maybe you can shed some light on my curling up brain :-)

Regards,
-- 
Peter Galbavy				e-mail: P.Galbavy@wonderland.org
Wonderland				  work: peter@demon.co.uk
					 <http://www.wonderland.org/>
	I like my food, I am what I eat, therefore I like myself

------------------------------------------------------------------------------