Re: route entries after ICMP redirect
Sergey Matveychuk wrote: I've got some problem with route entries that was created after ICMP redirect messages. They are never expired. Our default gateway (it's a HP switch) send ICMP redirect messages if it see a short path to destination. It's makes it not so overloaded. But pathes sometime changed. There is no problem with Windows workstations, they are rebooted daily. But my FreeBSD boxes hold dinamic route entries forever. I've looked through RFCs and Stevens' books and found no answer on what TTL for this entries. Now I just add route flush as cron job. But may be there is another way? This has been fixed in CVS in MAIN (rev. 1.52) and MFC'ed to RELENG_4 (rev. 1.37.2.5) and RELENG_5 (rev. 1.51.4.2) a couple of weeks ago: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_rmx.c So either syncing to one of these branches or applying the relevant patch manually to your kernel sources ought to solve the problem. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers [EMAIL PROTECTED] | http://www.escapebox.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route entries after ICMP redirect
Uwe Doering wrote: This has been fixed in CVS in MAIN (rev. 1.52) and MFC'ed to RELENG_4 (rev. 1.37.2.5) and RELENG_5 (rev. 1.51.4.2) a couple of weeks ago: Oh, thank you! And thanks to [EMAIL PROTECTED] -- Sem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
route entries after ICMP redirect
I've got some problem with route entries that was created after ICMP redirect messages. They are never expired. Our default gateway (it's a HP switch) send ICMP redirect messages if it see a short path to destination. It's makes it not so overloaded. But pathes sometime changed. There is no problem with Windows workstations, they are rebooted daily. But my FreeBSD boxes hold dinamic route entries forever. I've looked through RFCs and Stevens' books and found no answer on what TTL for this entries. Now I just add route flush as cron job. But may be there is another way? -- Sem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route entries after ICMP redirect
Sergey Matveychuk wrote: I've got some problem with route entries that was created after ICMP redirect messages. They are never expired. Our default gateway (it's a HP switch) send ICMP redirect messages if it see a short path to destination. It's makes it not so overloaded. But pathes sometime changed. There is no problem with Windows workstations, they are rebooted daily. But my FreeBSD boxes hold dinamic route entries forever. I've looked through RFCs and Stevens' books and found no answer on what TTL for this entries. Now I just add route flush as cron job. But may be there is another way? Quoting this http://www.bsdbooks.net/shells/sysctl.html, The third concept that we want to strengthen our box against is redirects. In a well-designed network, redirects to the end stations should not be required. Both the sending and accepting of redirects should be disabled. Again to achieve this first run the command and then add to /etc/rc.conf: #sysctl -w net.inet.icmp.drop_redirect=1 #sysctl -w net.inet.icmp.log_redirect=1 #sysctl -w net.inet.ip.redirect=0 #sysctl -w net.inet6.ip6.redirect=0 Best wishes, Andrew P. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route entries after ICMP redirect
At Sun, 10 Apr 2005 15:14:59 +0400, Sergey Matveychuk wrote: I've got some problem with route entries that was created after ICMP redirect messages. They are never expired. Our default gateway (it's a HP switch) send ICMP redirect messages if it see a short path to destination. It's makes it not so overloaded. But pathes sometime changed. There is no problem with Windows workstations, they are rebooted daily. But my FreeBSD boxes hold dinamic route entries forever. I've looked through RFCs and Stevens' books and found no answer on what TTL for this entries. Now I just add route flush as cron job. But may be there is another way? Routes set through the redirect path do not have a timeout associated with them. The redirect message usually implies an error in the network setup of your machines which would have to be handled by a human being changing the configuration. If you want to handle this in a more clever way than a cron job you could write a small daemon which reads routing messages and does the right thing for whatever your situation is. Later, George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: route entries after ICMP redirect
[EMAIL PROTECTED] wrote: If you want to handle this in a more clever way than a cron job you could write a small daemon which reads routing messages and does the right thing for whatever your situation is. I've explore a code and found I can do quite easy addition for dynamic routes - fill an expire field, check it periodicaly and remove expired entries (just like for arp entries). I think to do a sysctl variable for indication what time will set as expire values and set it to zero by default (no expires). -- Sem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
