Prev: FIOS?
Next: remote access to desktops
From: habibielwa7id on 17 Jan 2010 06:36 On Jan 14, 7:07 pm, Nikola Novak <enlorkMA...(a)OVOgmail.com> wrote: > Hello, > > What happens if a router receives and ICMP Echo request, but the source > address in the IP packet it is contained in doesn't match any entries in > its routing table, and the default gateway isn't set? > > Thanks, > Nikola If the source address in the ip packets doesn't match any entry in the routing table so I think it's a spoofed ping packets from any nearby machine in the same subnet network. If rp_filter is enabled on the Linux machine so the packet will be discarded. As I think if the rp_filter is disabled, the Linux machine will not reply as it will not find in it's routing table any entry that it can use to direct the reply packets through.
From: Nikola Novak on 17 Jan 2010 18:17 On Fri, 15 Jan 2010 12:22:02 +0100, Pascal Hambourg wrote: > Nikola Novak a �crit : >> On Thu, 14 Jan 2010 21:17:59 +0100, Pascal Hambourg wrote: >> >>> Nikola Novak a �crit : >>>> What happens if a router receives and ICMP Echo request, but the source >>>> address in the IP packet it is contained in doesn't match any entries in >>>> its routing table, and the default gateway isn't set? >>> >>> As this is a Linux networking group, I'll assume that your question is >>> about a Linux-based router. >>> >>> If source address filtering by reverse path (rp_filter) is enabled on >>> the incoming interface, then the packet is discarded. The packet is also >>> discarded if the output interface for the source address in the routing >>> table does not match the incoming interface of the packet. Otherwise, >>> the packet is forwarded. >> >> Sorry, I thought I made it clear that the ICMP Echo request was sent to the >> address of the router in question (the one that received it), and wasn't >> meant to be forwarded. > > Then just replace "forwarded" by "locally delivered" in my previous > reply. Sorry but it was not clear to me. Why a router and not a host ? No reason, really. The reason I'm even asking is because I've arrived at the situation while solving a problem while practicing for an exam (although, in the problem hosts are used, not routers). And besides, it's an interesting situation in practice as one of the posters noted. >> Therefore, the router needs to send back the ICMP >> Echo Reply packet (assuming this is enabled), but the source address from >> the IP packet it received doesn't match any of the entries in its routing >> tables, and it doesn't use the default gateway. What happens? > > Nothing. As Moe wrote, there is no route so the ICMP echo reply cannot > be sent, end of the story. Maybe the kernel sends a "network > unreachable" error to itself, but this is rather pointless IMHO. I assumed the packet would be dropped, I was just confused whether any error messages would be sent back over the network (the problem is to display traffic on the network). The MAC address is stripped off the packet in the Data Link Layer, so the Network Layer which examines the IP packet doesn't have it, so it can't send anything anywhere meaningful, right? >> Assume that rp_filter is disabled and the packet arrived on the proper >> interface according to the routing table. > > If there is no route for the source address, then there is no proper > interface either. Anyway when rp_filter is disabled, it does not matter > whether there is a route or not. OK, just wanted to establish a set-up that wouldn't cause us to digress from the answer I needed. Anyway, thanks for all your answers. Nikola
From: Pascal Hambourg on 17 Jan 2010 18:47 Nikola Novak a �crit : > > I assumed the packet would be dropped, I was just confused whether any > error messages would be sent back over the network (the problem is to > display traffic on the network). The MAC address is stripped off the packet > in the Data Link Layer, so the Network Layer which examines the IP packet > doesn't have it, so it can't send anything anywhere meaningful, right? Even though, so what ? This remark makes no sense. The source MAC address of the echo request packet is the MAC address of the last router which forwarded it to its final destination. There is no point in sending an error message to that router saying "hey, I cannot send a reply to the source of that packet". If an error is to be sent, it is to the source of the echo reply that cannot be sent, aka the destination of the echo request aka the local host itself, and nowhere else. Keep in mind that the packet that creates the error is the echo reply, not the echo request.
From: Nikola Novak on 18 Jan 2010 03:51
On Mon, 18 Jan 2010 00:47:29 +0100, Pascal Hambourg wrote: > Nikola Novak a �crit : >> >> I assumed the packet would be dropped, I was just confused whether any >> error messages would be sent back over the network (the problem is to >> display traffic on the network). The MAC address is stripped off the packet >> in the Data Link Layer, so the Network Layer which examines the IP packet >> doesn't have it, so it can't send anything anywhere meaningful, right? > > Even though, so what ? Huh? > This remark makes no sense. > The source MAC address of the echo request packet is the MAC address of > the last router which forwarded it to its final destination. There is no > point in sending an error message to that router saying "hey, I cannot > send a reply to the source of that packet". If an error is to be sent, > it is to the source of the echo reply that cannot be sent, aka the > destination of the echo request aka the local host itself, and nowhere else. > > Keep in mind that the packet that creates the error is the echo reply, > not the echo request. Right, I understand that now. Thanks again, Nikola |