Re: Getting "ICMP Host redirect from gateway" response

On 29 May 2007, in the Usenet newsgroup comp.os.linux.networking, in article
<1180440763.168583.236560@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ianbrn@xxxxxxxxx wrote:

I am connected to a LAN which has addresses in the range
192.168.0.10-192.168.0.253.
The default gw is 192.168.0.254 and is conneted outside to the
internet:

OK

I want to be able to ping machines and get "ICMP Host redirect from
gateway"
(for learning more about ICMP redirects).

0792 Internet Control Message Protocol. J. Postel. September 1981.
(Format: TXT=30404 bytes) (Obsoletes RFC0777) (Updated by RFC0950)
(Also STD0005) (Status: STANDARD)

1812 Requirements for IP Version 4 Routers. F. Baker, Ed.. June 1995.
(Format: TXT=415740 bytes) (Obsoletes RFC1716, RFC1009) (Updated by
RFC2644) (Status: PROPOSED STANDARD)

and from RFC1812, we find

4.3.3.2 Redirect

The ICMP Redirect message is generated to inform a local host that it
should use a different next hop router for certain traffic.

Contrary to [INTRO:2], a router MAY ignore ICMP Redirects when
choosing a path for a packet originated by the router if the router
is running a routing protocol or if forwarding is enabled on the
router and on the interface over which the packet is being sent.

and

5.2.7.2 Redirect

The ICMP Redirect message is generated to inform a local host the it
should use a different next hop router for a certain class of
traffic.

Routers MUST NOT generate the Redirect for Network or Redirect for
Network and Type of Service messages (Codes 0 and 2) specified in
[INTERNET:8]. Routers MUST be able to generate the Redirect for Host
message (Code 1) and SHOULD be able to generate the Redirect for Type
of Service and Host message (Code 3) specified in [INTERNET:8].

followed by about a page of discussion/explanation.

I made some trials but could not achieve this.

A _host_ redirect (ICMP Type 5 Code 1) would occur when you send traffic
_for_ one of the local hosts (192.168.0.10-192.168.0.253 in your example),
but send it to the default gateway (192.168.0.254) and expect it to
deliver the packet. The gateway will get unhappy, and send the redirect
trying to tell you "don't send it to me - send it directly to the host
which is on this same wire". This occurs when the person who set up the
routing tables made an error. This error is generated when the router
notices that the packet it received on interface $FOO is going to be sent
back out using the same interface. "Why are you wasting _my_ time?".

Can anybody suggest a senario where as a result of a ping (it can be
of course to a machine on the internet or a machine in the LAN) I will
get "ICMP Host redirect from gateway" response ?

You would have to misconfigure the networking configuration. One way to
screw up this way is to provide _host_ routes using a gateway, such as

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 4198 eth0
192.168.0.10 192.168.0.254 255.255.255.255 UGH 0 0 56 eth0
192.168.0.11 192.168.0.254 255.255.255.255 UGH 0 0 56 eth0
192.168.0.12 192.168.0.254 255.255.255.255 UGH 0 0 56 eth0
default 192.168.0.254 0.0.0.0 UG 0 0 10 eth0

In routing tables, when there are multiple routes to the same place, the
route with more bits in the network mask wins. Metric may also be a factor
and here I've intentionally set the metrics to zero. Note that if there
are two or more routes to the same place, with the same network mask and
the same metric, then the _last_ route specified wins.

Regarding ICMP Redirects, you should be aware that many operating systems
_ignore_ redirects - because this has been used in Denial Of Service
attacks in the past. Really, you shouldn't see them that often anyway, as
this generally occurs because of intentional configuration errors. ICMP
_Network_ Redirections (type 5 code 0) is generally the result of setting
the wrong gateway value in a routing table. An example might be

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 89948 eth0
192.168.2.0 192.168.1.6 255.255.255.0 UG 0 0 32165 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 388 lo
0.0.0.0 192.168.1.248 0.0.0.0 UG 0 0 2673 eth0

If you sent packets destined for 192.168.2.x to 192.168.1.248 for
forwarding, that router would complain, and tell you to use 192.168.1.6
as the gateway for this route. For this to occur, the mis-configured
host would be lacking the second route, and assume that everything not
local goes to 192.168.1.248.

Old guy
.

Relevant Pages