Sometime ICMP redirects are sent by a gateway when the gateway knows
there is
a better route that can be used. There is 2 conditions for this
system to work:
- the ICMP redirect must redirect to a gateway on the same subnet
- When Masquerading or NAT is used, ICMP redirect should not be sent
because of the different ip subnet.
If we look at net/ipv4/route.c around line 1015 we see:
route.c:1015:
if (out_dev == in_dev && err && !(flags&RTCF_NAT) &&
(IN_DEV_SHARED_MEDIA(out_dev)
|| inet_addr_onlink(out_dev, saddr, FIB_RES_GW(res))))
flags |= RTCF_DOREDIRECT;
notice the !(flags&RTCF_NAT) .. this avoid ICMP redirects being sent
for forwarded packets using NAT. But Masqueraded packets use the
RTCF_MASQ flag... So ICMP redirects are sent.. If the sender accepts
and follows the ICMP redirect, the connectivity to out-of-subnets
hosts will cease.
FIX:
1015: if (out_dev == in_dev && err && !(flags&RTCF_NAT) &&
!(flags&RTCF_MASQ) &&
regards,
Francois
Francois Baligant * * EuroNet Internet NV/SA
Developer * * a subsidiary of France Telecom
* Lozenberg 22 - B-1932 Zaventem
francois@be.euro.net * tel: +32 2 717 17 17
fax: +32 2 717 17 77
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/