|
|
The redirect code is passed ICMP redirects learned by monitoring ICMP messages or via the routing stream. It processes the redirect request and decides whether to accept the redirect. If the redirect is accepted, then a route is installed in the gated routing table with the protocol redirect. Redirects are deleted from the routing table after 3 minutes.
If gated determines that a redirect is not acceptable, it tries to figure out if the kernel forwarding table has been modified. On systems where ICMP messages are monitored, this is accomplished by trying to second guess what the kernel would have done with the redirect. On systems with the routing stream, the kernel provides an indication of whether the redirect was accepted; gated ignores redirects that were not processed.
If gated has determined that the state of the kernel forwarding table has been changed, the necessary requests to the kernel are made to restore the correct state.
Note that on currently available systems it is not possible to disable the processing of ICMP redirects, even when the system is functioning as a router. To ignore the effects of redirects, gated must process each one and actively restore any changes it made to the kernel's state. Because of the mechanism's involved, there will be windows where the effects of redirects are present in the kernel.
By default, gated ignores redirects when actively participating in an interior gateway protocol (RIP or OSPF). It is not possible to enable redirects once they have been automatically disabled. Listening to RIP in nobroadcast mode does not cause redirects to be ignored nor does the use of EGP and BGP. Redirects must be manually configured off in these cases.
Note that in accordance with the latest IETF Router Requirements document, gated ensures that all ICMP net redirects are processed as host redirects. When an ICMP net redirect is accepted, gated issues the requests to the kernel to make sure that the kernel forwarding table is updated to reflect a host redirect instead of a net redirect.
The redirect statement does not prevent the system from sending redirects, only from listening to them.
redirect yes | no | on | off [ { preference preference ; interface interface_list ; trustedgateways gateway_list ; traceoptions traceoptions ; } ] ;