2008年11月12日 星期三

ICMP Redirect real experience

Sometimes the source host send a packet to a router(usually default gateway) that is originally can route by the source host itself. And doesn't need the help of the router, then the router will probably send the "icmp redirect" packet to inform the source host (if the router support and enable the feature).

The following is my experience

Network topology
Source host(A/Ma)---------
|
|------Default Gateway (G/Mg)
|
Destination host(B/Mb)----

The source host (A), MAC address is Ma, and destination host (B), MAC address is Mb, is in the same subnet which all connect to the default gateway (G), MAC address is Mg.

If the A want to send a packet to the B, the packet in theory must be A/Ma-->B/Mb,
but cause of some reason, the packet become A/Ma-->B/Mg (the routing table of A is wrong, the A fill the wrong MAC address ....).

So the packet was sent to the default gateway G because of the destination MAC is Mg. And G will according the destination address of packet to lookup the routing table of the G and determine that this packet should not send to the G. Because of the source host A can send the packet directly and no need to send the packet to the G for the routing help. So the G will generate a icmp redirect packet to inform the source host this situation.

The icmp redirect packet is like following

Type: 5 (Redirect)
Code: 1 (Redirect for host)
Gateway address: B (B)
The remaining is the original packet data include ip, transport udp/tcp, app

And then the source host A will resend the packet with A/Mg-->B/Mb. And the packet will correctly send to the destination host B for processing.

In the further packets, the source host A still send the packet to the default gateway (with destination MAC address Mg). And this packet will drop by the M. But the source host will "automatically" send the correct packet to the destination B with MAC address Mb without the default gateway G sending the icmp redirect packet to inform source host A.

Every period time, the default gateway will send the icmp redirect packet to inform the source host A the wrong destination MAC addreess if the default gateway still receive the MAC-confused packet. I think that Default gateway doesn't send the icmp redirect packet each time most because of that this may be a DoS attack. So the Gateway must sensitive to response the icmp redirect packet to avoid system too busy to operate the normal tasks.

沒有留言: