Adam wrote: > And the ping ends up the same, heres the snoop capture again during the ping > (using -d and -r rather than -l): >> snoop -d e1000g0 -r -x0 activity or router > 192.168.1.169 -> 192.168.1.70 ICMP Echo request (ID: 1400 Sequence > number: 0) > > 0: 0019 d1e7 995d 001c c0c4 6e44 0800 4500 ...?.]....nD..E.
Is 00:19:d1:e7:99:5d your Windows machine? If it is, then it does sound like it could be a problem with the router. One other possible cause: ARP poisoning. If there's a machine on this network (say, a Windows box with Broadcom's "teaming" feature) that is sending out bogus ARP messages, it could potentially result in us sending packets out to the wrong Ethernet destination. You might want to watch your ARP cache with "arp -an". > As for the service discovery stuff, yes I'm running a whole bunch of stuff > using that, this box serves my afp shares for my mac, windows shares for > windows pcs, and also runs coherence for serving video to my ps3, so theres a > lot of service broadcasting going on. OK. > I know I can use ndd to turn this off and I will, which probably fixes it for > me (although im not sure if it sticks over a reboot, I'll test that). Also > the majority of people wont have dumb devices sending these sorts of things > (its an old belkin ADSL router). It does not stick over reboot. You'll need to set up an /etc/rc*d/S* script or a custom SMF service to do this. > I think the bigger issue is that these types of bogus things really shouldnt > be trusted by the OS, there needs to be some kind of validation. Ideally it > would be great for the OS to do some basic validation, before trusting the > redirect. In the future, maybe a new feature to allow rules for trusting this > stuff, maybe something like iptables? like dont accept ICMP redirects (or > other routing updates) from X host, or only accept from X host, or maybe dont > accept updates for IPs on X network etc etc. Oh, I completely agree that the system should be ignoring bogus ICMP redirects. Given the nasty nature of redirects, it should be very careful about what it accepts and why. That aside, I think it's a good idea to get to the bottom of what's going on here, because it's possible that you may have other problems, and that merely turning off redirects won't fix everything. -- James Carlson 42.703N 71.076W <carls...@workingcode.com> _______________________________________________ networking-discuss mailing list networking-discuss@opensolaris.org
