Re: Broken neighbour solicitation.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 24 Mar 2002, Kurt Roeckx wrote:
> I get alot of neighbour solicitation packets with a non-255 hop
> limit.  Those hosts are not close or related to me at all.  The
> packets look like this:
> 
> 16:51:36.630204 3ffe:b80:2:5cf3::2 > 2001:670:8e:f000::2: icmp6:
> neighbor sol: who has 2001:670:8e:f000::2 (len 24, hlim 249)
> 16:51:37.633349 3ffe:b80:2:5cf3::2 > 2001:670:8e:f000::2: icmp6:
> neighbor sol: who has 2001:670:8e:f000::2 (len 24, hlim 249)
> 16:51:38.619376 3ffe:b80:2:5cf3::2 > 2001:670:8e:f000::2: icmp6:
> neighbor sol: who has 2001:670:8e:f000::2 (len 24, hlim 249)
> 
> If I understand this right, because it's send to an unicast
> address, it's trying to do a neighbour reachability test.
> 
> Is sending that to me a correct solicitation?  Isn't it supposed
> to be send to the neighbour's address?  From what I understand it
> should be have been dropped because of 2 reasons: It's has a
> non-255 hop limit, and the target address is not assigned to the
> receiving interface.

By neighbour, you mean the direct neighbour on the link (usually the 
router) --  Yes, those boxes shouldn't send you anything.
 
> Anyway, this seems to be caused by FreeBSD (or *BSD) hosts, and I
> should probably take this up with them to find out what's causing
> it.  We're currently assuming they set up a wrong prefix length.

That might explain some things, yes.  (e.g. all nodes are assumed to be 
on-link by prefix /0, but somehow packets ending up in the Internet 
anyway).

> Anyway, because the hop limit is 255, this is a invalid
> solicitation.  The problem I have is that 2001:670:8e:f000::2
> gets this packet in the first place.  It complains about this by
> sending this to my logs:
> 
> ICMP NDISC: fake message with non-255 Hop Limit received: 249
> 
> The Linux box in front of it passes those packets and does not
> complain about it.  Why not?  It's running 2.4.17.

Messages of this type should naturally not be checked in the forward path.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords


-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux