From: Per Jessen <per@computer.org>
To: Dmitry Popov <ixaphire@qrator.net>
Cc: Lukas Tribus <luky-37@hotmail.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: missing icmp redirects
Date: Wed, 11 Jun 2014 09:19:22 +0200 [thread overview]
Message-ID: <539802FA.3040207@computer.org> (raw)
In-Reply-To: <20140611000613.3fb3c563523b73244d90dc44@qrator.net>
Dmitry Popov wrote:
> On Tue, 10 Jun 2014 20:10:23 +0200
> Per Jessen <per@computer.org> wrote:
>
>> Lukas Tribus wrote:
>>>> See complete description here:
>>>>
>>>> https://bugzilla.kernel.org/show_bug.cgi?id=72561
>>>>
>>>> Summary - some ICMP redirects seem to be missing.
>>>>
>> Okay, I have devised a way to reproduce the problem:
>>
>> ...
>
> It's probably not a bug, but intended behavior. See ip_rt_send_redirect in
> net/ipv4/route.c. The kernel has a built-in per-source-address limiter for icmp
> redirects.
Hi Dmitry
Any possibility that this limiter may have been inactive/faulty in e.g. 2.6.34?
We only hit this issue when we upgraded the firewall to a newer openSUSE (for
ebtables) which came with kernel 3.11.6, but prior to that we had no issue with
missing redirects.
> You can disable it for example with
> echo -1 > /proc/sys/net/ipv4/route/redirect_silence
> Though I am not sure if it is ok in wild networks.
Okay, that worked on the first attempt.
Should I also be looking at the other redirect settings?
/proc/sys/net/ipv4/route/redirect_load
/proc/sys/net/ipv4/route/redirect_number
thanks
Per
next prev parent reply other threads:[~2014-06-11 7:19 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-08 13:49 missing icmp redirects Per Jessen
2014-04-08 15:34 ` Lukas Tribus
2014-06-10 18:10 ` Per Jessen
2014-06-10 20:06 ` Dmitry Popov
2014-06-11 7:19 ` Per Jessen [this message]
2014-06-11 15:04 ` Dmitry Popov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=539802FA.3040207@computer.org \
--to=per@computer.org \
--cc=ixaphire@qrator.net \
--cc=luky-37@hotmail.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).