On Thu, 7 Jul 2005, Michael Tokarev wrote:
Richard B. Johnson wrote:
On Wed, 6 Jul 2005, Michael Tokarev wrote:
kernel: 192.168.4.2 sent an invalid ICMP type 11, code 0 error to a
broadcast: 0.0.0.0 on lo
[]
All the IP addresses mentioned are local to this box.
[]
Are you sure `lo` is configured properly, i.e.
Yes. More, rp_filter is activated on all interfaces.
ifconfig lo 127.0.0.1 netmask 255.0.0.0
route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
There should be no LAN routes going through lo.
There's no.
It looks as though there are:
kernel: 192.168.4.2 sent an invalid ICMP type 11, code 0 error
to a broadcast: 0.0.0.0 on lo
|________ 192.168.4.2 pinged lo
Only the 127.0.0.0 network should be routed through the loop-back
device.
Again: All the IP addresses mentioned are local to this box.
If you ping an IP address on your eth0, the traffic will "go"
over loopback. You can verify it using tcpdump:
If you ping an IP address on your computer, the traffic will go
through lo. However, I think that the IP address shown is
the result of an instrumentation error because it is impossible
to put, for instance your 192.168.1.1, through a 127.0.0.0 network,
the ONLY route through lo. This shows that 'local' traffic bypasses
the lo route filtering altogether. You can verify this by
deleting the lo route altogether, you can still ping the local
addresses.
Somebody else mentioned that lo was 'perfectly happy' to
carry whatever. The fact that something bogus appears on
lo can be a sign of a misconfiguration error, just as
the reserved 127.0.0.0 network must never appear on ethernet.
In the case of 0.0.0.0 (a possible broadcast), there is
no "local" address that could cause a bypass via lo. Instead,
any such traffic should have been on the ethernet wire. This
shows the possible configuration error that I mentioned.
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
^^^^^^^^^^^^^^^^
inet 127.0.0.1/8 scope host lo
This looks as though there is no netmask set. My configuration
shows:
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
This is a possible configuration error.
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:a0:d2:1d:a7:63 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
# tcpdump -npi lo proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
15:55:13.679234 IP 192.168.1.1 > 192.168.1.1: icmp 64: echo request seq 1
15:55:13.679269 IP 192.168.1.1 > 192.168.1.1: icmp 64: echo reply seq 1
[SNIPPED rest]
/mjt
Cheers,
Dick Johnson
Penguin : Linux version 2.6.12 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |