tech-net: Re: peculiar ICMP redirects?

Subject: Re: peculiar ICMP redirects?
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: None <ww@styx.org>
List: tech-net
Date: 03/22/2005 23:36:00
On Tue, Mar 22, 2005 at 11:21:02PM -0500, der Mouse wrote:
> > Anyways it looks like what is happening is the router trying to do
> > proxy arp is (correctly) considering a /32 (the arp entry) be a more
> > specific route than the /29, and the /32 refers to itself, so it
> > balks.
> 
> Except the arp entry is a proxy arp entry, so it shouldn't be used for
> packet delivery.  Or perhaps it's not, and that's the problem - but
> then how do I fix it, how do I create an arp entry that *is* a proxy
> arp entry?  Surely there must be *some* way; pppd presumably manages.

I believe the way pppd manages is by putting a host route in
the routing table which overrides the arp'd /32. But I'd be 
very surprised if you could get pppd to install something bigger
than a /32.

But I get your point, arp's behaviour should be "answer arp requests
for this IP address with this MAC address" and not "use this
MAC address for next-hop resolution"

> > That said sending out an icmp redirect to itself is almost certainly
> > the wrong thing to do in this situation (icmp ttl-exceeded might be
> > more correct).
> 
> It's not a redirect to itself as far as the IP/ICMP layer goes; A does
> not have the address 10.10.10.74, only .73.  The MAC address for .74 is
> the same as for .73, yes, but that's what proxy arp entries are all
> about, no?

20:09:28.708304 0:48:54:88:16:73 8:0:20:78:9e:de 0800 70: 10.10.10.73 > 10.10.10.20:
	icmp: redirect 10.10.10.74 to host 10.10.10.74
                                ^^                  ^^

This looks very wrong. An arp request resolves .74, then the packet 
gets sent. Then .73 says "to reach .74 use .74".

In fact I think there should be no icmp redirect in this circumstance.
The arp resolution says .74 is at 0:48:54:88:16:73. So the packets
should go to 0:48:54:88:16:73 as they are doing. A redirect should
only get sent if they should go to a different host on the same subnet.

This redirect is saying "oops, you must've sent this packet to me
by mistake. instead you should send the packet to me."

Weird.

-w