Re: Bridged ethernet with ipnat redirect to local port - getting ICMP redirects instead

[David Young <dyoung%pobox.com@localhost>]

On Sun, Jul 06, 2014 at 09:01:38PM +1000, Darren Reed wrote:
> With respect to the ICMP redirect issue, I suspect that this is down
> to poor feature interaction in NetBSD and bridging. Somewhere the code
> is treating re0 and re1 as separate interfaces (and thus sending an
> ICMP redirect) when in fact they should be treated as one.

I agree that IP should treat the two ethernets as one interface: re0 and
re1 ought to belong to the same ethernet forwarding domain, and that
forwarding domain should have an IPv4 interface stacked on it.

> This patch might help:
> 
> --- sys/netinet/ip_input.c.orig  2012-12-04 07:58:30.000000000 +1100
> +++ sys/netinet/ip_input.c     2014-07-06 20:59:33.000000000 +1000
> @@ -1452,7 +1452,9 @@
>          */
>         dest.s_addr = 0;
>         if (!srcrt && V_ipsendredirects &&
> -           ia != NULL && ia->ia_ifp == m->m_pkthdr.rcvif) {
> +           ia != NULL && ia->ia_ifp == m->m_pkthdr.rcvif &&
> +           (ia->ia_ifp->if_bridge == NULL ||
> +           ia->ia_ifp->if_bridge != m->m_pkthdr.rcvif)) {
>                 struct sockaddr_in *sin;
>                 struct rtentry *rt;

The IP stack is already cut through with special cases and layering
violations, but it still is possible to make it worse. :-) I'd hate to
see ip_input.c gain any bridge knowledge.

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981