From: habibielwa7id on
On Jan 14, 7:07 pm, Nikola Novak <enlorkMA...(a)OVOgmail.com> wrote:
> Hello,
>
> What happens if a router receives and ICMP Echo request, but the source
> address in the IP packet it is contained in doesn't match any entries in
> its routing table, and the default gateway isn't set?
>
> Thanks,
> Nikola
If the source address in the ip packets doesn't match any entry in the
routing table so I think it's a spoofed ping packets from any nearby
machine in the same subnet network.
If rp_filter is enabled on the Linux machine so the packet will be
discarded.
As I think if the rp_filter is disabled, the Linux machine will not
reply as it will not find in it's routing table any entry that it can
use to direct the reply packets through.
From: Nikola Novak on
On Fri, 15 Jan 2010 12:22:02 +0100, Pascal Hambourg wrote:

> Nikola Novak a �crit :
>> On Thu, 14 Jan 2010 21:17:59 +0100, Pascal Hambourg wrote:
>>
>>> Nikola Novak a �crit :
>>>> What happens if a router receives and ICMP Echo request, but the source
>>>> address in the IP packet it is contained in doesn't match any entries in
>>>> its routing table, and the default gateway isn't set?
>>>
>>> As this is a Linux networking group, I'll assume that your question is
>>> about a Linux-based router.
>>>
>>> If source address filtering by reverse path (rp_filter) is enabled on
>>> the incoming interface, then the packet is discarded. The packet is also
>>> discarded if the output interface for the source address in the routing
>>> table does not match the incoming interface of the packet. Otherwise,
>>> the packet is forwarded.
>>
>> Sorry, I thought I made it clear that the ICMP Echo request was sent to the
>> address of the router in question (the one that received it), and wasn't
>> meant to be forwarded.
>
> Then just replace "forwarded" by "locally delivered" in my previous
> reply. Sorry but it was not clear to me. Why a router and not a host ?

No reason, really. The reason I'm even asking is because I've arrived at
the situation while solving a problem while practicing for an exam
(although, in the problem hosts are used, not routers). And besides, it's
an interesting situation in practice as one of the posters noted.

>> Therefore, the router needs to send back the ICMP
>> Echo Reply packet (assuming this is enabled), but the source address from
>> the IP packet it received doesn't match any of the entries in its routing
>> tables, and it doesn't use the default gateway. What happens?
>
> Nothing. As Moe wrote, there is no route so the ICMP echo reply cannot
> be sent, end of the story. Maybe the kernel sends a "network
> unreachable" error to itself, but this is rather pointless IMHO.

I assumed the packet would be dropped, I was just confused whether any
error messages would be sent back over the network (the problem is to
display traffic on the network). The MAC address is stripped off the packet
in the Data Link Layer, so the Network Layer which examines the IP packet
doesn't have it, so it can't send anything anywhere meaningful, right?

>> Assume that rp_filter is disabled and the packet arrived on the proper
>> interface according to the routing table.
>
> If there is no route for the source address, then there is no proper
> interface either. Anyway when rp_filter is disabled, it does not matter
> whether there is a route or not.

OK, just wanted to establish a set-up that wouldn't cause us to digress
from the answer I needed.

Anyway, thanks for all your answers.

Nikola
From: Pascal Hambourg on
Nikola Novak a �crit :
>
> I assumed the packet would be dropped, I was just confused whether any
> error messages would be sent back over the network (the problem is to
> display traffic on the network). The MAC address is stripped off the packet
> in the Data Link Layer, so the Network Layer which examines the IP packet
> doesn't have it, so it can't send anything anywhere meaningful, right?

Even though, so what ? This remark makes no sense.
The source MAC address of the echo request packet is the MAC address of
the last router which forwarded it to its final destination. There is no
point in sending an error message to that router saying "hey, I cannot
send a reply to the source of that packet". If an error is to be sent,
it is to the source of the echo reply that cannot be sent, aka the
destination of the echo request aka the local host itself, and nowhere else.

Keep in mind that the packet that creates the error is the echo reply,
not the echo request.
From: Nikola Novak on
On Mon, 18 Jan 2010 00:47:29 +0100, Pascal Hambourg wrote:

> Nikola Novak a �crit :
>>
>> I assumed the packet would be dropped, I was just confused whether any
>> error messages would be sent back over the network (the problem is to
>> display traffic on the network). The MAC address is stripped off the packet
>> in the Data Link Layer, so the Network Layer which examines the IP packet
>> doesn't have it, so it can't send anything anywhere meaningful, right?
>
> Even though, so what ?

Huh?

> This remark makes no sense.
> The source MAC address of the echo request packet is the MAC address of
> the last router which forwarded it to its final destination. There is no
> point in sending an error message to that router saying "hey, I cannot
> send a reply to the source of that packet". If an error is to be sent,
> it is to the source of the echo reply that cannot be sent, aka the
> destination of the echo request aka the local host itself, and nowhere else.
>
> Keep in mind that the packet that creates the error is the echo reply,
> not the echo request.

Right, I understand that now.

Thanks again,
Nikola
First  |  Prev  | 
Pages: 1 2 3
Prev: FIOS?
Next: remote access to desktops