Re: ICMP REDIRECTs

David Schwartz aka Joel Katz (stimpson@stimpson.igc.net)
Mon, 22 Apr 1996 12:30:36 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: really kuznet@ms2.inr.ac.ru: "Re: Problems in 1.3.93"
Previous message: Dragan Cvetkovic: "Re: signal(SIGFPE,SIG_IGN) causes endless loop (fwd)"

On 16 Apr 1996 inr-linux-kernel@ms2.inr.ac.ru wrote:

> Madhusudana Rao (madhur@sasi.ernet.IN) wrote:

> : wants to forward a frame on the same interface and disable the ICMP
> : REDIRECTs ?
>
> It is not OK. You should not disable redirects in this situation.
> But if you really desire to spend your network bandwidth and
> routers CPU cycles, you may tell
> #define CONFIG_IP_NO_ICMP_REDIRECT
> in ip_forward.c

For some of us, it's worth the extra router CPU cycles for the
increased security. Especially in our situation where whatever issued the
ICMP redirect (most likely a terminal server) is less likely to have
current information than our router, which does the real routing via real
routing protocols. This situation is always temporary -- sooner or later
the Linux box will get the correct route via our normal routing protocols.

Next message: really kuznet@ms2.inr.ac.ru: "Re: Problems in 1.3.93"
Previous message: Dragan Cvetkovic: "Re: signal(SIGFPE,SIG_IGN) causes endless loop (fwd)"