How to ignore the Record Route IP option?

Hi,
how may I configure my system in order to ignore the RECORD ROUTE IP
option?
Note that I don't want to drop packets, I just want not to honor such a
request. E.g. how to be transparent to 'ping -R' while routing packets.

Many thanks.

Christophe Lohr wrote:
> Hi,
> how may I configure my system in order to ignore the RECORD ROUTE IP
> option?
> Note that I don't want to drop packets, I just want not to honor such a
> request. E.g. how to be transparent to 'ping -R' while routing packets.
>
> Many thanks.

Are you wanting to know what options for your routing daemon (if you are
acting as a router)? Or are you somehow wanting to prevent a client
machine from doing a ping -R??

Chris Cox a écrit :

> Are you wanting to know what options for your routing daemon (if you are
> acting as a router)?

I'm acting as a simple IP forwarder (no routing daemon, no BGP & co.
This is what you call a "routing daemon"?)

I want to know what options to activate to forward IP packets with
Record Route without recording my IP on it.


> Or are you somehow wanting to prevent a client
> machine from doing a ping -R??

I have no problem if a client machine do a ping -R to discover other
routers except me.

Regards.

On Sun, 2010-01-03 at 17:40 +0100, Christophe Lohr wrote:
> Chris Cox a écrit :
>
> > Are you wanting to know what options for your routing daemon (if you are
> > acting as a router)?
>
> I'm acting as a simple IP forwarder (no routing daemon, no BGP & co.
> This is what you call a "routing daemon"?)
>
> I want to know what options to activate to forward IP packets with
> Record Route without recording my IP on it.

Record route is a piggy back option to echo afaik. I don't think
there's a kernel way to turn this off (???)... unless you want
to turn off echo altogether.

Chris Cox a écrit :
>> I want to know what options to activate to forward IP packets with
>> Record Route without recording my IP on it.
>
> Record route is a piggy back option to echo afaik.

Record route is an IP option, not an ICMP option, so you can use record
route option even in TCP and UDP mode.

> I don't think
> there's a kernel way to turn this off (???)... unless you want
> to turn off echo altogether.


rfc791 says "The options may appear or not in datagrams. They must be
implemented by all IP modules (host and gateways). What is optional is
their transmission in any particular datagram, not their implementation."

Does that mean that I am only authorized to: (i) honor this option, (ii)
either destroy the packets?

(sorry for being late)

On Tue-2010/01/05-09:59 Christophe Lohr wrote:

> rfc791 says "The options may appear or not in datagrams. They must be
> implemented by all IP modules (host and gateways). What is optional
> is their transmission in any particular datagram, not their
> implementation."
>
> Does that mean that I am only authorized to: (i) honor this option,
> (ii) either destroy the packets?

As I understand it, you are free to ignore the option, but your IP
stack, which is what rfc791 talks about, _must_ implement it.

There should be a way to simply not honor record-route, eg. by not using
the pointer in that datagram and forwarding it unchanged. There's
a netfilter patch providing a "ipv4options --rr" matcher. I tried to
cobble up an equivalent u32 match, but as the number of IP options is
variable, and some of them, including record-route itself, are as well,
the syntax of u32 is insufficient for that purpose.


clemens