SUMMARY: stopping source routing (on Solaris 2)

Robert Bannocks (R.Bannocks@kingston.ac.uk)
Mon, 21 Apr 1997 18:03:43 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stuart Kendrick: "SUMMARY: NIS+, passwd.org_dir, ls/chown"
Previous message: JIgnacio@grial.uc3m.es: "mil"

This list is just great!

Here was my question:

I am compiling the tcp wrappers and It says in the readme:

When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
programs refuse to service TCP connections with IP source routing
options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
that can stop source-routed traffic in the kernel. Examples are
4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
for details.

However I cannot find any doccumentation on how to do this
with solaris 2 (2.5) Can any body point me to a source or tell
me where I can find this info. Thanks. A summary will follow.

Thanks to:
"Clarkson, Michael" <clarkson@amgen.com>
Peter Gersbach <Peter.Gersbach@p3sys.ch>
David Worthington <dave@chadwyck.co.uk>

The answer is ndd as Peter Gersbach <Peter.Gersbach@p3sys.ch> said it most consisely:
From: Peter Gersbach <Peter.Gersbach@p3sys.ch>

Hello Robert
Robert Bannocks wrote:
>
> I am compiling the tcp wrappers and It says in the readme:
>
>
> When the wrapper programs are compiled with -DKILL_IP_OPTIONS, the
> programs refuse to service TCP connections with IP source routing
> options. -DKILL_IP_OPTIONS is not needed on modern UNIX systems
> that can stop source-routed traffic in the kernel. Examples are
> 4.4BSD derivatives, Solaris 2.x, and Linux. See your system manuals
> for details.
>
> However I cannot find any doccumentation on how to do this
> with solaris 2 (2.5) Can any body point me to a source or tell
> me where I can find this info. Thanks. A summary will follow.

Use the command `ndd'
% ndd -set /dev/ip ip_forward_src_routed 0

The value of an ip parameter:
% ndd /dev/ip ip_forward_src_routed

You can see all ip driver parameters with
% ndd /dev/ip \? # \ for cshells

See manual ndd

Peter

-- Peter Gersbach P3 Systemhaus AG; Zuerichstr. 175; CH-8607 Aathal; Switzerland Phone: +41 1 972 12 65; Direct: +41 1 972 12 67; Fax: +41 1 972 12 62 E-Mail: gersbach@p3sys.ch; URL: http://www.p3sys.ch

Michael and David also said much the same. Pitty sun don't doccument this, thanks to you all

From: "Clarkson, Michael" <clarkson@amgen.com> To: 'Robert Bannocks' <R.Bannocks@kingston.ac.uk> Subject: RE: stopping source routing

In Solaris used ndd to modify the kernel settings. Use ndd /dev/ip ip_forward_src_routed (0 or 1) to enable or disable dropping source routed frames.

Michael Clarkson Unix Systems Admin AMGEN Ltd Cambridge,UK

From: David Worthington <dave@chadwyck.co.uk> Subject: Re: stopping source routing

Robert,

In a recent posting to sun-managers, you asked:

> However I cannot find any doccumentation on how to do this [disable source > routing] with solaris 2 (2.5) Can any body point me to a source or tell > me where I can find this info. Thanks. A summary will follow.

You need to put the following in /etc/init.d/inetinit:

ndd -set /dev/ip ip_forward_src_routed 0

and reboot your machine. Source routing will then be disabled.

Regards

Dave Worthington

-----Multi-Part-Message-Level-1-1-6640--

Next message: Stuart Kendrick: "SUMMARY: NIS+, passwd.org_dir, ls/chown"
Previous message: JIgnacio@grial.uc3m.es: "mil"