tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: sending ICMP redirects for multiple on-interface nets

> I have multiple subnets on the same interface, and redirects are not
> generated for traffic to another same-interface subnet.

> Is this check even needed?  Or do we need to iterate through all the
> IPv4 networks on the interface checking for a match?

Even that might not be right.

In the presence of multiple subnets on a non-p2p interface, I don't
think the kernel has enough information to tell whether a redirect is
the right thing or not.  (Even with only one subnet on the interface,
there are cases where a redirect might not work, but they're rather

Consider if0 with addresses and  A packet
arrives on if0 addressed to  If the sending host exists in
1.0.0/24, a dredirect is in order; if not (eg, if it's in
only), not.  But we don't have that information.  All we have is the
ip_src and ip_dst on the packet, neither of which needs to bear any
relation to any IP addresses the previous-hop host has on if0's
network.  (Depending on the network technology, we may have more
information - for example, for Ethernet we might be able to tell
something by looking at the ARP table - but that's a really ugly
larying violation, won't work for all network technologies, and won't
work reliably even for Ethernet.)

Based on a quick read-over, the code appears to send redirects only
when ip_src is on-subnet, which seems to me like an appropriately
conservative approach, and one that will catch most cases where
redirects matter the most.  It appears to be using the ifa for the
route, not a randomly picked address belonging to the interface, which
strikes me as right; I'd have to treat it as a debugging problem to
figure out why you're not seeing the redirects it seems to me you
should be.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index