From: Jarek Poplawski <jarkao2@gmail.com>
To: Alex Samad <alex@samad.com.au>
Cc: netdev@vger.kernel.org
Subject: Re: icmp redirects problem
Date: Tue, 24 Nov 2009 07:58:52 +0000 [thread overview]
Message-ID: <20091124075852.GA6170@ff.dom.local> (raw)
In-Reply-To: <20091124001230.GC14245@samad.com.au>
On Tue, Nov 24, 2009 at 11:12:30AM +1100, Alex Samad wrote:
> On Mon, Nov 23, 2009 at 10:58:38PM +0100, Jarek Poplawski wrote:
> > Alex Samad wrote, On 11/23/2009 05:31 AM:
> >
>
> [snip]
>
> > >
> > > laptop gets its ip from dchp server that make 192.168.11.1 the default
> > > gateway and its 192.168.11.1 that sends out the icmp redirect.
> >
> > Btw, it seems you should fix your routing (by adding sydrt01's eth0
> > the second ip or advertising 192.168.11.10 more) to avoid those
> > redirects.
>
> sorry I am lost on this statement, I can't add 192.168.11.10 to sydrt01
> as it is not physically connected to the 192.168.10.0/24 any more, which
> is why I had added the route on sydrt01 and which is why it send
> icmp_rediercts.
>
> I have updated the route table on each static machine, but the problem
> is on the machines that get their ip via dhcp - I haven't looked at
> pushing out route information via dhcp - I am not sure that it would
> work in a mixed windows / linux environment.
>
> what do you mean by advertising 192.168.11.10 more ?
I meant just what you've described, but wasn't sure of your config.
>
> >
> > >
> > > I had a quick look at the kernel tree for 2.6.31 (which is what I am
> > > using).
> >
> > ...
> >
> > > Line 680
> > > secure_redirects - BOOLEAN
> > > 681 Accept ICMP redirect messages only for gateways,
> > > 682 listed in default gateway list.
> > > 683 secure_redirects for the interface will be enabled if at
> > > least one of
> > > 684 conf/{all,interface}/secure_redirects is set to TRUE,
> > > 685 it will be disabled otherwise
> > > 686 default TRUE
> >
> > Very helpful links. So, as you wrote "the documentation seems to suggest"
> > something, and IMHO even if it doesn't, it's needlessly too concise
> > considering your "lost time", and I'd suggest you sending a patch to fix
> > this. (It seems it could "touch" shared_media, as well.)
>
> Which is wrong the code or the documentation and which part the test or
> the reliance on the shared_media or on the redirects flags
The code looks consistent to me. The documentation isn't wrong either,
until it only "seems to suggest", but it might be better, if it
metioned just what you tested: both things depend on accept_redirects.
Jarek P.
prev parent reply other threads:[~2009-11-24 7:58 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-23 4:31 icmp redirects problem Alex Samad
2009-11-23 21:58 ` Jarek Poplawski
2009-11-24 0:12 ` Alex Samad
2009-11-24 7:58 ` Jarek Poplawski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091124075852.GA6170@ff.dom.local \
--to=jarkao2@gmail.com \
--cc=alex@samad.com.au \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).