SUMMARY: stopping source routing (on Solaris 2)

From: Robert Bannocks (R.Bannocks@kingston.ac.uk)
Date: Mon Apr 21 1997 - 12:03:43 CDT


This list is just great!

Here was my question:

 I am compiling the tcp wrappers and It says in the readme:
 
 
  When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
  programs refuse to service TCP connections with IP source routing
  options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
  that can stop source-routed traffic in the kernel. Examples are
  4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
  for details.

 However I cannot find any doccumentation on how to do this
 with solaris 2 (2.5) Can any body point me to a source or tell
 me where I can find this info. Thanks. A summary will follow.

Thanks to:
"Clarkson, Michael" <clarkson@amgen.com>
Peter Gersbach <Peter.Gersbach@p3sys.ch>
David Worthington <dave@chadwyck.co.uk>

The answer is ndd as Peter Gersbach <Peter.Gersbach@p3sys.ch> said it most consisely:
From: Peter Gersbach <Peter.Gersbach@p3sys.ch>

Hello Robert
Robert Bannocks wrote:
>
> I am compiling the tcp wrappers and It says in the readme:
>
>
> When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
> programs refuse to service TCP connections with IP source routing
> options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
> that can stop source-routed traffic in the kernel. Examples are
> 4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
> for details.
>
> However I cannot find any doccumentation on how to do this
> with solaris 2 (2.5) Can any body point me to a source or tell
> me where I can find this info. Thanks. A summary will follow.

Use the command `ndd'
% ndd -set /dev/ip ip_forward_src_routed 0

The value of an ip parameter:
% ndd /dev/ip ip_forward_src_routed

You can see all ip driver parameters with
% ndd /dev/ip \? # \ for cshells

See manual ndd

Peter

-- 
  Peter Gersbach
  P3 Systemhaus AG; Zuerichstr. 175; CH-8607 Aathal; Switzerland
  Phone: +41 1 972 12 65; Direct: +41 1 972 12 67; Fax: +41 1 972 12 62
  E-Mail: gersbach@p3sys.ch; URL: http://www.p3sys.ch

Michael and David also said much the same. Pitty sun don't doccument this, thanks to you all

From: "Clarkson, Michael" <clarkson@amgen.com> To: 'Robert Bannocks' <R.Bannocks@kingston.ac.uk> Subject: RE: stopping source routing

Hi

In Solaris used ndd to modify the kernel settings. Use ndd /dev/ip ip_forward_src_routed (0 or 1) to enable or disable dropping source routed frames.

Michael Clarkson Unix Systems Admin AMGEN Ltd Cambridge,UK

From: David Worthington <dave@chadwyck.co.uk> Subject: Re: stopping source routing

Robert,

In a recent posting to sun-managers, you asked:

> However I cannot find any doccumentation on how to do this [disable source > routing] with solaris 2 (2.5) Can any body point me to a source or tell > me where I can find this info. Thanks. A summary will follow.

You need to put the following in /etc/init.d/inetinit:

ndd -set /dev/ip ip_forward_src_routed 0

and reboot your machine. Source routing will then be disabled.

Regards

Dave Worthington

-----Multi-Part-Message-Level-1-1-6640--



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:51 CDT