ICMP REDIRECT).
or expects. I use "set block-policy drop" in pf(4). But as already noted,
this is for "filtering" purposes. Your suggestion also has the negative
affect
of hanging remote ports. Which can result in other negative results by
peers.
I don't follow -- how d
> On Fri, 14 Jun 2024 at 11:13, Rodney W. Grimes
> wrote:
> >
> > That section is about how the router responds to an ICMP redirect
> > set to IT, not one that is going THROUGH it.
>
> Sorry I wasn't explicit, in all cases I'm talking about ICMP REDIRECTs
On Fri, 14 Jun 2024 at 11:13, Rodney W. Grimes
wrote:
>
> That section is about how the router responds to an ICMP redirect
> set to IT, not one that is going THROUGH it.
Sorry I wasn't explicit, in all cases I'm talking about ICMP REDIRECTs
destined for the machine (as a
W dniu 8.05.2024 o 21:14, Ed Maste pisze:
It may make sense to apply the same default change for IPv6, but I
don't think we need to tie the two discussions / investigations
together.
IMHO it is important to link ICMP6 with ICMP in terms of ICMP
redirection. I have the impression that we are ne
> On Fri, 14 Jun 2024 at 09:52, Rodney W. Grimes
> wrote:
> > >
> > > I would argue that having IP forwarding enabled (i.e.
> > > net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
> > > router, and ICMP REDIRECT messages are al
hat router. I suppose it could hang you if infact the router
> sent the redirect but did not forward the packet for you expecting
> that a retransmission with your updated routing table due to the
> redirect would get the flow going.
The router is required to forward the packet (RFC1812); if a
On Fri, 14 Jun 2024 at 09:52, Rodney W. Grimes
wrote:
> >
> > I would argue that having IP forwarding enabled (i.e.
> > net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
> > router, and ICMP REDIRECT messages are already dropped in kernel in
> > that
gt; routing daemon.
> >
> > NO, because then your not subject to rfc-1122 as your now a router,
> > not a host.
>
> I would argue that having IP forwarding enabled (i.e.
> net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
> router, and ICMP REDIRECT mes
> On Wed, 12 Jun 2024 at 18:05, Chris wrote:
> >
> > As Rodeney already effectively explains; dropping packets makes routing,
> > and discovery exceedingly difficult. Which is NOT what the average user
> > wants,
>
> This is on end hosts only, not routers
On Wed, 12 Jun 2024 at 18:05, Chris wrote:
>
> As Rodeney already effectively explains; dropping packets makes routing,
> and discovery exceedingly difficult. Which is NOT what the average user
> wants,
This is on end hosts only, not routers (which already drop ICMP REDIRECT).
>
gt; NO, because then your not subject to rfc-1122 as your now a router,
> not a host.
I would argue that having IP forwarding enabled (i.e.
net.inet.ip.forwarding for IPv4) is what establishes FreeBSD as a
router, and ICMP REDIRECT messages are already dropped in kernel in
that case.
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
>> still possible to enable them if desired for a given installation.
>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>
>> One question raised in the review is about switching the default to
>> YES but keeping the special handling for "au
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
[ Charset UTF-8 unsupported, converting... ]
> On Thu, 13 Jun 2024 at 09:39, Rodney W. Grimes
> wrote:
> >
> > Discarding ICMP redirects on a internet host is non-conformant with
> > STD-3 via rfc-1122. Processing of ICMP rediects is a MUST for hosts.
>
> In that case our default of "auto" is no
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
esired for a given installation.
>>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
>>>
>>> One question raised in the review is about switching the default to
>>> YES but keeping the special handling for "auto" (dropping ICMP
&
On Thu, 13 Jun 2024 at 09:39, Rodney W. Grimes
wrote:
>
> Discarding ICMP redirects on a internet host is non-conformant with
> STD-3 via rfc-1122. Processing of ICMP rediects is a MUST for hosts.
In that case our default of "auto" is non-conformant if you have a
routing daemon.
ld appear in FreeBSD 15.0 and would not be MFC'd.
>
> One question raised in the review is about switching the default to
> YES but keeping the special handling for "auto" (dropping ICMP
> REDIRECT if a routing daemon is in use, honouring them if not). I
> don't t
ith the change in review it is of course
> >>> still possible to enable them if desired for a given installation.
> >>> This change would appear in FreeBSD 15.0 and would not be MFC'd.
> >>>
> >>> One question raised in the review is about sw
sired for a given installation.
This change would appear in FreeBSD 15.0 and would not be MFC'd.
One question raised in the review is about switching the default to
YES but keeping the special handling for "auto" (dropping ICMP
REDIRECT if a routing daemon is in use, honouring t
This change would appear in FreeBSD 15.0 and would not be MFC'd.
One question raised in the review is about switching the default to
YES but keeping the special handling for "auto" (dropping ICMP
REDIRECT if a routing daemon is in use, honouring them if not). I
don't think this
This change would appear in FreeBSD 15.0 and would not be MFC'd.
>
> One question raised in the review is about switching the default to
> YES but keeping the special handling for "auto" (dropping ICMP
> REDIRECT if a routing daemon is in use, honouring them if not). I
&
On Tue, 7 May 2024 at 14:35, Marek Zarychta
wrote:
>
> But what about IPv6 ? We have "net.inet6.icmp6.rediraccept" knob which
> defaults to 1. Can ICMPv6 redirects be fixed along with the change
> proposed for the legacy IP protocol?
It may make sense to apply the same default change for IPv6, bu
ar in FreeBSD 15.0 and would not be MFC'd.
One question raised in the review is about switching the default to
YES but keeping the special handling for "auto" (dropping ICMP
REDIRECT if a routing daemon is in use, honouring them if not). I
don't think this is particularly val
27;d.
One question raised in the review is about switching the default to
YES but keeping the special handling for "auto" (dropping ICMP
REDIRECT if a routing daemon is in use, honouring them if not). I
don't think this is particularly valuable given that auto was
introduced to ove
This seems like a bug:
https://svnweb.freebsd.org/base/head/sys/netinet/tcp_subr.c?r1=303457&r2=303456&pathrev=303457
I believe the ordering of if/else checks for cmd value is important as the
last one checks for mapping of PRC* to an error.
Given that the mapping is defined to be 0 for redirect
Synopsis: [icmp] [panic] ICMP redirect on causes "panic: rtqkill route really
not free"
State-Changed-From-To: open->patched
State-Changed-By: delphij
State-Changed-When: Wed Sep 29 05:55:38 UTC 2010
State-Changed-Why:
A bandaid have been committed against -HEAD.
Responsible-Ch
The following reply was made to PR kern/149804; it has been noted by GNATS.
From: Pete French
To: bug-follo...@freebsd.org,
petefre...@ticketswitch.com
Cc:
Subject: Re: kern/149804: [icmp] [panic] ICMP redirect on causes "panic:
rtqkill route really not free"
Date: Fri, 17 Sep 201
Old Synopsis: ICMP redirect on causes "panic: rtqkill route really not free"
New Synopsis: [icmp] [panic] ICMP redirect on causes "panic: rtqkill route
really not free"
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Chan
Uwe Doering wrote:
This has been fixed in CVS in MAIN (rev. 1.52) and MFC'ed to RELENG_4
(rev. 1.37.2.5) and RELENG_5 (rev. 1.51.4.2) a couple of weeks ago:
Oh, thank you!
And thanks to [EMAIL PROTECTED]
--
Sem.
___
freebsd-net@freebsd.org mailing list
h
Sergey Matveychuk wrote:
I've got some problem with route entries that was created after ICMP
redirect messages. They are never expired.
Our default gateway (it's a HP switch) send ICMP redirect messages if it
see a short path to destination. It's makes it not so overload
[EMAIL PROTECTED] wrote:
If you want to handle this in a more clever way than a cron job you
could write a small daemon which reads routing messages and does "the
right thing" for whatever your situation is.
I've explore a code and found I can do quite easy addition for dynamic
routes - fill an ex
At Sun, 10 Apr 2005 15:14:59 +0400,
Sergey Matveychuk wrote:
>
> I've got some problem with route entries that was created after ICMP
> redirect messages. They are never expired.
>
> Our default gateway (it's a HP switch) send ICMP redirect messages if it
> see
I've got some problem with route entries that was created after ICMP
redirect messages. They are never expired.
Our default gateway (it's a HP switch) send ICMP redirect messages if it
see a short path to destination. It's makes it not so overloaded. But
pathes sometime chang
Hi Crist and net-list
> I am not sure of the reason redirects are not sent for the default
> route. In your Stevens reference, he doesn't explain any reasoning for
> it? As you say, the comment I quoted goes wa-ay back to before the
> initial FreeBSD CVS import back to 4.4BSD or earlier. You migh
ee the one the router forwards (a switched LAN?), and then
gets the ping back. The routing is probably asymmetric so the pongs
don't go by the above router.
But again, I don't see any problems here. Or at least this all seems
consistent.
> Problem 2
> -
>
> If the rout
"mistakes":
1. Router don't send ICMP Redirect messages, if the target rediredt Router
is the default router.
2. The Clients don't accept the ICMP Redirect packets from the BSD-Router.
Problem 1
-
If i'm doing a ping to an external address, on the router machine i
>
> 12:00:43.658869 172.16.1.254 > 172.16.224.24: icmp: redirect 172.24.0.2 to
> host
> 172.16.1.252 for 172.16.224.24 > 172.24.0.2: icmp: echo request (ttl 64, id
> 2963
> 2, len 84) (ttl 64, id 12073, len 56)
Ouch. Severe line-wrap damage.
> 0x 4500 0038 2f29 000
Hi Crist
Here the Logs and outputs for you
Regards
Reto
# tcpdump -vvXs 1500 'icmp'
172.16.224.24 -> BSD Host
172.16.1.254 -> BSD Router
12:00:43.658869 172.16.1.254 > 172.16.224.24: icmp: redirect 172.24.0.2 to
host
172.16.1.252 for 172.16.224.24 > 172.24.0
t" A Client machine with Windows 2000
> "BSDHost" A FreeBSD-Current machine
>
> Sysctl settings on Router and BSDHost:
>
> net.inet.ip.redirect: 1 -> Sending ICMP Redirect
> net.inet.icmp.drop_redirect: 0 -> Does not drop
>
sctl settings on Router and BSDHost:
net.inet.ip.redirect: 1 -> Sending ICMP Redirect
net.inet.icmp.drop_redirect: 0 -> Does not drop
net.inet.icmp.log_redirect: 1 -> Logging ICMP Redirect
Problem Cases:
BSDHost/WinHost and Router
The Router send a ICMP Redirect, but not on
On Wed, Jan 16, 2002 at 01:15:54PM +0100, Reto Trachsel (NetModule) wrote:
> Hi All
>
> I have some problems with ICMP Redirect. I'm using a FreeBSD-4.5-RC machine
> as default Rrouter for our network. If i'm doing a ping to an external host,
> a ICMP Redirect messag
Hi All
I have some problems with ICMP Redirect. I'm using a FreeBSD-4.5-RC machine
as default Rrouter for our network. If i'm doing a ping to an external host,
a ICMP Redirect message is sended by the router-machine, but not only
once... it is sended every time a ICMP echo-request i
Hi,
I m currently working on ICMP redirect and i read in "TCP/IP
Illustrated Vol 1 - The protocols", by W Richard Stevens, that 4.4BSD
acting as a router checks if "the route being used for outgoing
datagram must have been ..., and must not be the router's default
ro
47 matches
Mail list logo
