Ubuntu
linux package

ICMP redirect routes cached forever

Bug #914585 reported by Shevek
32
This bug affects 5 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Bug discussion and fix upstream from http://www.spinics.net/lists/netdev/msg180170.html inter alia.

This is a total pain in the arse, as:

* Use laptop on a network which has an ICMP route redirect.
* Suspend laptop
* Restore laptop elsewhere
* Can no longer access internet for 15 minutes, as per discussion on netdev

Not being able to access the internet is a killer, since the network is the computer.[0]

Please drag this in from upstream as soon as possible, this is a killer.

[0] No, the network is the network, the computer is the computer, sorry for any confusion.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: linux-image-3.0.0-14-generic 3.0.0-14.23
ProcVersionSignature: Ubuntu 3.0.0-14.23-generic 3.0.9
Uname: Linux 3.0.0-14-generic x86_64
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
ArecordDevices:
 **** List of CAPTURE Hardware Devices ****
 card 0: Intel [HDA Intel], device 0: CONEXANT Analog [CONEXANT Analog]
   Subdevices: 1/1
   Subdevice #0: subdevice #0
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: shevek 1754 F.... xfce4-volumed
                      shevek 1780 F.... pulseaudio
 /dev/snd/controlC29: shevek 1754 F.... xfce4-volumed
Card0.Amixer.info:
 Card hw:0 'Intel'/'HDA Intel at 0xfc220000 irq 49'
   Mixer name : 'Conexant CX20561 (Hermosa)'
   Components : 'HDA:14f15051,17aa2100,00100000 HDA:14f12c06,17aa2122,00100000'
   Controls : 16
   Simple ctrls : 8
Card29.Amixer.info:
 Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw 7VHT12WW-1.01'
   Mixer name : 'ThinkPad EC 7VHT12WW-1.01'
   Components : ''
   Controls : 1
   Simple ctrls : 1
Card29.Amixer.values:
 Simple mixer control 'Console',0
   Capabilities: pswitch pswitch-joined penum
   Playback channels: Mono
   Mono: Playback [on]
Date: Tue Jan 10 20:36:06 2012
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=27fbfc91-1d9c-4612-b34d-82c5296019de
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
MachineType: LENOVO 4063A46
PccardctlIdent:
 Socket 0:
   no product info available
PccardctlStatus:
 Socket 0:
   no card
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.0.0-14-generic root=UUID=f1ce389f-9370-4548-91dc-c5f9c3a3c953 ro quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.0.0-14-generic N/A
 linux-backports-modules-3.0.0-14-generic N/A
 linux-firmware 1.60
SourcePackage: linux
StagingDrivers: mei
UpgradeStatus: Upgraded to oneiric on 2011-11-30 (41 days ago)
dmi.bios.date: 01/09/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 6FET56WW (2.02 )
dmi.board.name: 4063A46
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: 1780238
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6FET56WW(2.02):bd01/09/2009:svnLENOVO:pn4063A46:pvrThinkPadW500:rvnLENOVO:rn4063A46:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 4063A46
dmi.product.version: ThinkPad W500
dmi.sys.vendor: LENOVO

Revision history for this message
Shevek (r-launchpad-anarres-org) wrote :
Revision history for this message
Shevek (r-launchpad-anarres-org) wrote :

Possible workaround: Ignore all ICMP redirects: http://lists.debian.org/debian-security/2006/11/msg00004.html

Joseph Salisbury (jsalisbury)
affects: linux-meta (Ubuntu) → linux (Ubuntu)
Brad Figg (brad-figg)
Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Shevek (r-launchpad-anarres-org) wrote :

Workaround apparently not working: Although accept_redirects is 0 in /proc, ip -s route show cache still lists redirected routes. That may be a separate bug.

Revision history for this message
Shevek (r-launchpad-anarres-org) wrote :

New attempted workaround in rc.local:

iptables -A INPUT -p icmp --icmp-type redirect -j LOG
iptables -A INPUT -p icmp --icmp-type redirect -j DROP

Revision history for this message
Shevek (r-launchpad-anarres-org) wrote :

See also:

http://lists.debian.org/debian-security/2006/11/msg00004.html
http://www.spinics.net/lists/netdev/msg180007.html
http://comments.gmane.org/gmane.linux.network/211542
https://lkml.org/lkml/2011/11/18/46
http://comments.gmane.org/gmane.linux.kernel/1210834

Revision history for this message
pvh (pvh-webbedfeet) wrote :

Has anyone tested to see if the kernel included in Ubuntu 12.04 fixes this? If not, I'll test that today or tomorrow.

Revision history for this message
pvh (pvh-webbedfeet) wrote :

Ok, I can confirm that this bug does not occur with Ubuntu 12.04, kernel 3.2.0-24-generic.

Revision history for this message
penalvch (penalvch) wrote :

Shevek, this bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? If so, could you please test for this with the latest development release of Ubuntu? ISO images are available from http://cdimage.ubuntu.com/daily-live/current/ .

If it remains an issue, could you please run the following command in the development release from a Terminal (Applications->Accessories->Terminal), as it will automatically gather and attach updated debug information to this report:

apport-collect -p linux <replace-with-bug-number>

Also, could you please test the latest upstream kernel available following https://wiki.ubuntu.com/KernelMainlineBuilds ? It will allow additional upstream developers to examine the issue. Please do not test the daily folder, but the one all the way at the bottom. Once you've tested the upstream kernel, please comment on which kernel version specifically you tested. If this bug is fixed in the mainline kernel, please add the following tags:
kernel-fixed-upstream
kernel-fixed-upstream-VERSION-NUMBER

where VERSION-NUMBER is the version number of the kernel you tested. For example:
kernel-fixed-upstream-v3.11-rc5

This can be done by clicking on the yellow circle with a black pencil icon next to the word Tags located at the bottom of the bug description. As well, please remove the tag:
needs-upstream-testing

If the mainline kernel does not fix this bug, please add the following tags:
kernel-bug-exists-upstream
kernel-bug-exists-upstream-VERSION-NUMBER

As well, please remove the tag:
needs-upstream-testing

Once testing of the upstream kernel is complete, please mark this bug's Status as Confirmed. Please let us know your results. Thank you for your understanding.

tags: added: bios-outdated-3.23-3.25 needs-suspend-log needs-upstream-testing regression-potential
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
Revision history for this message
dmitry (seruff) wrote :

Ubuntu 14.04.1 LTS
Linux company 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

cached route never expires

172.20.80.10 via 172.20.0.11 dev eth0 src 172.20.2.148
    cache <redirected> users 1 age 69691sec

Changed in linux (Ubuntu):
status: Expired → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.