Ok, so as requested I'll post more info...
Oh and I've checked the IPv4 subnet masks on everything, its as expected, its
also confirmed with a different host that this only happens once a machine has
been on and is then switched off, I'm guessing this is something inside the
router and has nothing to do with the solaris box.
My interface configuration:
>ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.169 netmask ffffff00 broadcast 192.168.1.255
ether 0:1c:c0:c4:6e:44
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252
index 1
inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
inet6 fe80::21c:c0ff:fec4:6e44/10
ether 0:1c:c0:c4:6e:44
Before the ping:
> netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.1.254 UG 3 2926
127.0.0.1 127.0.0.1 UH 3 948 lo0
192.168.1.0 192.168.1.169 U 8 174106 e1000g0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 0 lo0
fe80::/10 fe80::21c:c0ff:fec4:6e44 U 3 5
e1000g0
And the ping ends up the same, heres the snoop capture again during the ping
(using -d and -r rather than -l):
> snoop -d e1000g0 -r -x0 activity or router
192.168.1.169 -> 192.168.1.70 ICMP Echo request (ID: 1400 Sequence number:
0)
0: 0019 d1e7 995d 001c c0c4 6e44 0800 4500 ...?.]....nD..E.
16: 0054 07c8 4000 ff01 efa0 c0a8 01a9 c0a8 ....@...........
32: 0146 0800 2522 0578 0000 bdee 284b f428 .F..%".x....(K.(
48: 0800 0809 0a0b 0c0d 0e0f 1011 1213 1415 ................
64: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 .......... !"#$%
80: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 &'()*+,-./012345
96: 3637 67
192.168.1.254 -> 192.168.1.169 ICMP Redirect (for host activity to
activity)
0: 001c c0c4 6e44 0012 bf12 a032 0800 4500 ....nD.....2..E.
16: 0038 1cb4 0000 4001 d919 c0a8 01fe c0a8 .8....@.........
32: 01a9 0501 0676 c0a8 0146 4500 0054 07c8 .....v...FE..T..
48: 4000 fe01 f0a0 c0a8 01a9 c0a8 0146 0800 @............F..
64: 2522 0578 0000
And after:
>netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 192.168.1.254 UG 3 2966
127.0.0.1 127.0.0.1 UH 3 1092 lo0
192.168.1.0 192.168.1.169 U 8 183455 e1000g0
192.168.1.70 192.168.1.70 UHD 1 0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
--------------------------- --------------------------- ----- --- ------- -----
::1 ::1 UH 2 0 lo0
fe80::/10 fe80::21c:c0ff:fec4:6e44 U 3 5
e1000g0
As for the service discovery stuff, yes I'm running a whole bunch of stuff
using that, this box serves my afp shares for my mac, windows shares for
windows pcs, and also runs coherence for serving video to my ps3, so theres a
lot of service broadcasting going on.
I know I can use ndd to turn this off and I will, which probably fixes it for
me (although im not sure if it sticks over a reboot, I'll test that). Also the
majority of people wont have dumb devices sending these sorts of things (its an
old belkin ADSL router).
I think the bigger issue is that these types of bogus things really shouldnt be
trusted by the OS, there needs to be some kind of validation. Ideally it would
be great for the OS to do some basic validation, before trusting the redirect.
In the future, maybe a new feature to allow rules for trusting this stuff,
maybe something like iptables? like dont accept ICMP redirects (or other
routing updates) from X host, or only accept from X host, or maybe dont accept
updates for IPs on X network etc etc.
I'll leave it up to the devs to decide what they wanna do with this one, I'm
turning off the redirect, but if someone wants more info or something tested
then I'm more than happy to switch it back on to gather more information, or
test a new build or whatever.
--
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
networking-discuss@opensolaris.org
