Bug#397550: routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects
Package: linux-image
Version: 2.6.18
This really isnt debian's fault. I just want to see if I can get a bug
that was talked about and a patch offered for linux 2.2 in 2000 (!!)
and discussed several times since actually FIXED sometime somehow.
At least debian can patch it in its kernels even if the rest of the
world carries this around forever.
All the details of how this bug works are described here (though Ive
included all salient details in this report):
http://oss.sgi.com/archives/netdev/2004-07/msg00512.html
The offending line in linux-tree-2.6.18 is now at
line 1750 of net/ipv4/route.c and can use the same patch as per
the above url.
As the url above indicates, reproduce this bug with:
To trigger this, you need two linux boxes. On the box acting as
router (it only needs one ethernet interface), do:
ifconfig eth0 down
ifconfig eth0 192.168.10.1 netmask 255.255.255.0
ifconfig eth0:1 192.168.99.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
for f in /proc/sys/net/ipv4/conf/*/shared_media
do
echo 0 > $f
done
On the other box, start a sniffer such as ethereal, and do:
ifconfig eth0 down
ifconfig eth0 192.168.10.2 netmask 255.255.255.0
route add -net 192.168.99.0/24 gw 192.168.10.1
ping 192.168.99.2
You will see ICMP redirect packets sent from 10.1 to 10.2 telling it
to route to 99.2 directly itself. Obviously impossible for 10.2 since
it's not on the 99.0/24 network.
This is tested with 2.6.17-2-vserver-k7 and 2.4.22-ac2 (which I spose
is not strictly debian), but the bug has been in the source since
linux 2.2 as mentioned.
/kc
--
Ken Chase - math@sizone.org Toronto CANADA.
Reply to: