Наши партнеры








Книги по Linux (с отзывами читателей)

Библиотека сайта rus-linux.net

contents
Next: The Domain Name System Up: Issues of TCP/IP Networking Previous: Metric Values

The Internet Control Message Protocol

IP has a companion protocol that we haven't talked about yet. This is the Internet Control Message Protocol (ICMP) and is used by the kernel networking code to communicate error messages and the like to other hosts. For instance, assume that you are on erdos again and want to telnet to port 12345 on quark, but there's no process listening on that port. When the first TCP packet for this port arrives on quark, the networking layer will recognize this and immediately return an ICMP message to erdos stating ``Port Unreachable''.

There are quite a number of messages ICMP understands, many of which deal with error conditions. However, there is one very interesting message called the Redirect message. It is generated by the routing module when it detects that another host is using it as a gateway, although there is a much shorter route. For example, after booting the routing table of sophus may be incomplete, containing the routes to the Mathematics network, to the FDDI backbone, and the default route pointing at the Groucho Computing Center's gateway (gcc1). Therefore, any packets for quark would be sent to gcc1 rather than to niels, the gateway to the Physics Department. When receiving such a datagram, gcc1 will notice that this is a poor choice of route, and will forward the packet to niels, at the same time returning an ICMP Redirect message to sophus telling it of the superior route.

Now, this seems a very clever way to avoid having to set up any but the most basic routes manually. However be warned that relying on dynamic routing schemes, be it RIP or ICMP Redirect messages, is not always a good idea. ICMP Redirect and RIP offer you little or no choice in verifying that some routing information is indeed authentic. This allows malicious good-for-nothings to disrupt your entire network traffic, or do even worse things. For this reason, there are some versions of the networking code that treat Redirect messages that affect network routes, as if they were only Redirects for host routes.


contents
Next: The Domain Name System Up: Issues of TCP/IP Networking Previous: Metric Values

Andrew Anderson
Thu Mar 7 23:22:06 EST 1996