Bug#397550: marked as done (routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 28 Jul 2009 19:19:47 +0200
with message-id <20090728171947.GA31214@galadriel.inutil.org>
and subject line Re: routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects
has caused the Debian Bug report #397550,
regarding routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
397550: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=397550
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects
• From: K Chase <m-bugs.debian.org@sizone.org>
• Date: Wed, 8 Nov 2006 01:05:28 -0500
• Message-id: <20061108060528.GJ7877@sizone.org>

Package: linux-image
Version: 2.6.18

This really isnt debian's fault. I just want to see if I can get a bug
that was talked about and a patch offered for linux 2.2 in 2000 (!!)
and discussed several times since actually FIXED sometime somehow.
At least debian can patch it in its kernels even if the rest of the
world carries this around forever.

All the details of how this bug works are described here (though Ive
included all salient details in this report):

http://oss.sgi.com/archives/netdev/2004-07/msg00512.html

The offending line in linux-tree-2.6.18 is now at
line 1750 of net/ipv4/route.c and can use the same patch as per
the above url.

As the url above indicates, reproduce this bug with:

To trigger this, you need two linux boxes.  On the box acting as
router (it only needs one ethernet interface), do:

    ifconfig eth0 down
    ifconfig eth0 192.168.10.1 netmask 255.255.255.0
    ifconfig eth0:1 192.168.99.1 netmask 255.255.255.0
    echo 1 > /proc/sys/net/ipv4/ip_forward
    for f in /proc/sys/net/ipv4/conf/*/shared_media
    do
        echo 0 > $f
    done

On the other box, start a sniffer such as ethereal, and do:

    ifconfig eth0 down
    ifconfig eth0 192.168.10.2 netmask 255.255.255.0
    route add -net 192.168.99.0/24 gw 192.168.10.1
    ping 192.168.99.2

You will see ICMP redirect packets sent from 10.1 to 10.2 telling it
to route to 99.2 directly itself. Obviously impossible for 10.2 since
it's not on the 99.0/24 network.

This is tested with 2.6.17-2-vserver-k7 and 2.4.22-ac2 (which I spose
is not strictly debian), but the bug has been in the source since
linux 2.2 as mentioned.

/kc
-- 
Ken Chase - math@sizone.org Toronto CANADA.

--- End Message ---

--- Begin Message ---

• To: 397550-done@bugs.debian.org
• Cc: K Chase <m-bugs.debian.org@sizone.org>
• Subject: Re: routing between alias subnets on same interface produces RFC-1812 contravening ICMP redirects
• From: Moritz Muehlenhoff <jmm@inutil.org>
• Date: Tue, 28 Jul 2009 19:19:47 +0200
• Message-id: <20090728171947.GA31214@galadriel.inutil.org>
• In-reply-to: <20081217185656.GA4408@galadriel.inutil.org>
• References: <20061108060528.GJ7877@sizone.org> <20081217185656.GA4408@galadriel.inutil.org>

On Wed, Dec 17, 2008 at 07:56:56PM +0100, Moritz Muehlenhoff wrote:
> On Wed, Nov 08, 2006 at 01:05:28AM -0500, K Chase wrote:
> > Package: linux-image
> > Version: 2.6.18
> > 
> > This really isnt debian's fault. I just want to see if I can get a bug
> > that was talked about and a patch offered for linux 2.2 in 2000 (!!)
> > and discussed several times since actually FIXED sometime somehow.
> > At least debian can patch it in its kernels even if the rest of the
> > world carries this around forever.
> > 
> > All the details of how this bug works are described here (though Ive
> > included all salient details in this report):
> > 
> > http://oss.sgi.com/archives/netdev/2004-07/msg00512.html
> > 
> > The offending line in linux-tree-2.6.18 is now at
> > line 1750 of net/ipv4/route.c and can use the same patch as per
> > the above url.
> > 
> > As the url above indicates, reproduce this bug with:
> > 
> > To trigger this, you need two linux boxes.  On the box acting as
> > router (it only needs one ethernet interface), do:
> > 
> >     ifconfig eth0 down
> >     ifconfig eth0 192.168.10.1 netmask 255.255.255.0
> >     ifconfig eth0:1 192.168.99.1 netmask 255.255.255.0
> >     echo 1 > /proc/sys/net/ipv4/ip_forward
> >     for f in /proc/sys/net/ipv4/conf/*/shared_media
> >     do
> >         echo 0 > $f
> >     done
> > 
> > On the other box, start a sniffer such as ethereal, and do:
> > 
> >     ifconfig eth0 down
> >     ifconfig eth0 192.168.10.2 netmask 255.255.255.0
> >     route add -net 192.168.99.0/24 gw 192.168.10.1
> >     ping 192.168.99.2
> > 
> > You will see ICMP redirect packets sent from 10.1 to 10.2 telling it
> > to route to 99.2 directly itself. Obviously impossible for 10.2 since
> > it's not on the 99.0/24 network.
> > 
> > This is tested with 2.6.17-2-vserver-k7 and 2.4.22-ac2 (which I spose
> > is not strictly debian), but the bug has been in the source since
> > linux 2.2 as mentioned.
> 
> Does this error still occur with more recent kernel versions?

No further feedback, closing the bug.

If anyone reencounters the problem, please reopen this bug.

Cheers,
        Moritz

--- End Message ---