tech-net: Re: peculiar ICMP redirects?

Subject: Re: peculiar ICMP redirects?
To: None <tech-net@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 03/22/2005 23:44:31
> But I get your point, arp's behaviour should be "answer arp requests
> for this IP address with this MAC address" and not "use this MAC
> address for next-hop resolution"

Well, when used to install proxy arp entries, at least, yes, exactly.

>> It's not a redirect to itself as far as the IP/ICMP layer goes;
> 20:09:28.708304 0:48:54:88:16:73 8:0:20:78:9e:de 0800 70: 10.10.10.73 > 10.10.10.20: icmp: redirect 10.10.10.74 to host 10.10.10.74

> This looks very wrong. An arp request resolves .74, then the packet gets sent. Then .73 says "to reach .74 use .74".

Yes.  This is what I would expect if I didn't have all the other stuff,
just the proxy arp entry.  Then A would receive the packet, send it
right back out the same interface, and send a redirect saying "go
direct next time".  This is all functioning normally *except* that it
shouldn't be routing the packet right back out the Ethernet it came in
on.

> In fact I think there should be no icmp redirect in this
> circumstance.  The arp resolution says .74 is at 0:48:54:88:16:73.
> So the packets should go to 0:48:54:88:16:73 as they are doing.  A
> redirect should only get sent if they should go to a different host
> on the same subnet.

But the machine isn't .74; it's .73.  So it (correctly) tries to
forward the packet.  The problem is, it ends up "forwarding" it out the
route corresponding to the ARP entry, which as you quite correctly
point out above should be used only for answering ARP requests, not for
routing packets.  Once it's made that mistake, the rest all follows
correctly.

> This redirect is saying "oops, you must've sent this packet to me by
> mistake. instead you should send the packet to me."

Except that the layer that generates the redirect doesn't realize that
the "instead" host is "me".  At the IP layer, .73 generates a redirect
saying "to reach .74, go direct, not through me"; it doesn't realize -
because the Ethernet layer and the IP layer are too decoupled - that it
*is* .74 as far as other hosts on the Ethernet are concerned, though
it's not .74 in its own mind.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B