ICMP ttl-exceeded packets not sourced correctly

ICMP ttl-exceeded packets not sourced correctly

[parker]

I think there's a problem with the ICMP code...

Say you have a router, and it's multihomed to two different isp's,
say cogentco.com and qwest.net as your upstreams.
On your cogent interface, you have the ip address on the /30 assigned by cogent,
with reverse dns being blahblah.demarc.cogentco.com on the qwest interface.
Same story with qwest, with reverse dns being whatever.qwest.net.
Now let's say someone out on the internet with ip address of 1.1.1.1 runs
a traceroute into your network and his incoming path to your network comes over qwest.
Your router's hop should source its ICMP ttl-exceeded code (the traceroute hop) on
its qwest /30 ip address, because thats where the traceroute got triggered.
ICMP ttl-exceeded code's response should not be originated from the interface
holding the route, but should be origianted from the interface that got hit
with the traceroute.

-- 
Bubba Parker
Systems Administrator
CityNet LLC
http://www.citynetinfo.com/

RE: ICMP ttl-exceeded packets not sourced correctly

[David Schwartz]

> Say you have a router, and it's multihomed to two different isp's,
> say cogentco.com and qwest.net as your upstreams.
> On your cogent interface, you have the ip address on the /30
> assigned by cogent,
> with reverse dns being blahblah.demarc.cogentco.com on the qwest
> interface.
> Same story with qwest, with reverse dns being whatever.qwest.net.
> Now let's say someone out on the internet with ip address of 1.1.1.1 runs
> a traceroute into your network and his incoming path to your
> network comes over qwest.
> Your router's hop should source its ICMP ttl-exceeded code (the
> traceroute hop) on
> its qwest /30 ip address, because thats where the traceroute got
> triggered.
> ICMP ttl-exceeded code's response should not be originated from
> the interface
> holding the route, but should be origianted from the interface
> that got hit
> with the traceroute.

	Why? If the same machine has two IP addresses, reaching one is the same as
reaching the other.

	DS

Re: ICMP ttl-exceeded packets not sourced correctly

[Herbert Xu]

parker@citynetwireless.net wrote:
>
> ICMP ttl-exceeded code's response should not be originated from the interface
> holding the route, but should be origianted from the interface that got hit
> with the traceroute.

What if the interface is a receive-only interface?
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: ICMP ttl-exceeded packets not sourced correctly

[parker]

Then check for that, and fall back to route lookup if it's receive-only. BSD
already does this, and so does all other router manufacturers, but it's broken
under Linux. I think David Schwartz is completely missing the point of having
multiple providers, hence the reason for the source address to be different.

parker@citynetwireless.net wrote:
>
> ICMP ttl-exceeded code's response should not be originated from the interface
> holding the route, but should be origianted from the interface that got hit
> with the traceroute.

What if the interface is a receive-only interface?
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/


-- 
Bubba Parker
sysadmin@citynetwireless.net
CityNet LLC
http://www.citynetinfo.com/