HEDRICK@RED.RUTGERS.EDU (Charles Hedrick) (05/19/86)
I have discovered, much to my surprise, that on 4.2 (at least on the Pyramid and Sun) the system will accept an ICMP redirect from anybody and act on it. We have used this feature to good effect a few times, when the core gateways lose track of us. We have a program redirect that will send an arbitrary ICMP redirect to an arbitrary host. We can often use this to put an entry for our gateway into a foreign host's routing table, and then establish connections with them. More usefully, I intend to use this in our local Ethernet gateways to set up default routing entries pointing to that gateway. We are getting so many Unix systems, managed by so many turk... er... inexperienced system managers, that we want it to be possible for us to get routing going without any action on the part of the system manager. We believe that we can broadcast an ICMP redirect establishing a routing for host 0 (default) to our gateway. I have verified that this works when it is not a broadcast, but have not yet had a chance to try the broadcast form. I think that if we do this often enough to prevent the entry from being purged by routed, we will get the effect we want. (Actually, routed should not be running on any of our hosts, but there are enough ... er ... inexperienced system managers around that I am sure it is being run on many of our hosts.) If someone sets up a different default gateway for themselves, our broadcast will cause no trouble, since a second default entry has no effect. (Actually, it is probably a bug that 4.2 creates a second entry rather than changing the information in the first one.) This is all very convenient for us, but it does seem to be a bug. I hope that by the time the bug is fixed, the gateway committee will have come up with a better way to accomplish this, and it will have been implemented by all of our Unix vendors. (say about 1996.) -------
MILLS@USC-ISID.ARPA.UUCP (05/20/86)
In response to the message sent 19 May 86 00:50:03 EDT from HEDRICK@RED.RUTGERS.EDU Charles, While I have ample sympathy with your routing problems in the local environment, I sure would like to discourage use of ICMP redirects in lieu of something more robust. The danger of accidental and/or malicious abuse, not to mention what happens when the bug is "fixed," would seem to argue against the scheme in the first place. Several of us have been scratching on some sort of gateway requirements model which, if it were adopted, might preclude your scheme in the interests of robustness. Your comments on Appendix A of RFC-981 would be much appreciated. Dave -------