[Bug 221137] FreeBSD 11+ does not send ICMP redirects

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Aug 1 08:04:09 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221137

            Bug ID: 221137
           Summary: FreeBSD 11+ does not send ICMP redirects
           Product: Base System
           Version: 11.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: igorr at speechpro.com

Created attachment 184886
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=184886&action=edit
Very naive patch to support ICMP redirects.

On default gateway "internal" interface has IP 192.168.2.4/21
Also there is dedicated router for 192.168.8.0/23 network. 
So part of routing table on default gateway looks like:
192.168.0.0/21     link#5             U           em0
192.168.8.0/23     192.168.5.116      UGS         em0

Router 192.168.5.116 is accessible from our internal network (of course).

When we had FreeBSD 9.2 on 192.168.2.4 and tried to access some host in
192.168.8.0/23 network it would send ICMP redirect message with new route:

PING 192.168.8.118 (192.168.8.118): 56 data bytes
36 bytes from gw.stc (192.168.2.4): Redirect Host(New addr: 192.168.5.116)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 4442   0 0000  3f  01 ab86 192.168.2.26  192.168.8.118 


I have upgraded FreeBSD version on our default gateway from 9.2 to 11.0. And
now it does not send ICMP redirects.

I assume that this is caused by removing net.inet.ip.fastforwarding sysctl:
https://svnweb.freebsd.org/base?view=revision&revision=r290383

Unfortunattely we need ICMP redirects, because not all equipment support
getting routes via DHCP options, also some of our workstations and servers have
static IP addresses and don't use DHCP.

I have created very naive patch against FreeBSD 11-STABLE (revision 321782).
And now ICMP redirects work. Patch is attached. It just checks if packet should
be routed to same interface it was received from and in this case just pass
control from ip_tryforward() to ip_input() by returning not NULL.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list