What is Martian Source/martian packets

Martian Source/martian Packets

In Linux, by default, packets is considered individually for routing purposes. Thus, all the routing algorithm determines where to send a packet based on this packet itself, without taking into conside Ration that the packet is a response packet of sorts.

In a typical setup, this means-all outgoing traffic are going out over one interface, say, eth0 even if the I Ncoming packet was sent to interface eth1.

One typical side effect of this algorithm are creation of so called "Martian packets". A Martian packet is an IP packet which specifies a source or destination address that's either reserved for Special-use b Y Internet Assigned Numbers Authority (IANA) or does not belong to the subnet on which this interface exists, and that Mak Es no sense. [RFC 1812]. For example, if-interfaces is connected-to-subnets of Ten Network, and default router is configured for eth0, then without EXPISIT routing statement you can ' t respond to the packet send to eth1, which are not On the local segment for this network.

In the other words, a Martian packet header source IP address was usually a IP address that iether:

• should not being routable
• Came from a wrong subnet.

For example, a 127.0.0.0/8 IP address coming through a router, would be labeled as being Martian, as such packets should b e Local only and should is travel via the network.

RFC 1812 defines the term a Martian source the following by:

"An IP source address was invalid if it is a special IP address, as defined in 4.2.2.11 or 5.3.7, or was not a unicast addre Ss.

"An IP destination address is invalid if it's among those defined as illegal destinations in 4.2.3.1, or is a Class E add Ress (except 255.255.255.255).

"A router should not forward any packet that have an invalid IP source address or A source address on network 0. A router should not forward, except through a loop-back interface, any packet that have a source address on network 127. A router may has a switch that allows the network manager to disable these checks. If Such a switch is provided, it must default to performing the checks.

"A router should not forward any packet," a invalid IP destination address or A destination address on network 0. A router should not forward, except through a loop-back interface, any packet that have a destination address on network 127. A router may has a switch that allows the network manager to disable these checks. If Such a switch is provided, it must default to performing the checks.

"If a router discards a packet because of these rules, it should log at least the IP source address, the IP destination ad Dress, and, if the problem is with the source address, the physical interface on which the packet is received and the Li NK Layer Address of the Hostor router from which, the packet was received. "

Martian source is network traffic from the wrong subnet appearing on an interface. For example if:

Eth0 have IP 192.168.0.1 on subnet 255.255.255.0 eth1 have IP 192.168.1.1 on subnet 255.255.255.0

This means, eth0 should only see IP traffic from IP addresses from its subnet (192.168.0.x) and eth1 should o nly see traffic from its subnet (192.168.1.x)

If an IP on the network are still configured with a previous network address (202.167.2.34) and are seen on eth1 it Would be seen as Martian source.

If one of the machines on the network 192.168.0.x are plugged into the wrong switch and are effectively on the same network Segment (physical) as eth1, then you'll see Martian source from that IP address (or you had multiple networks that the Linux box is not aware of)

Martian source is not a major thing, but such messages help making your aware of the fact that something in your network SE Tup is either setup incorrectly, or not configured optimally.

This behavior was controlled by setting in /etc/sysctl.conf

# Controls Source Route Verificationnet.ipv4.conf.default.rp_filter = 1

There is a and situation you can see the Martian source.

Server 1	Server 2
eth0:10.249.111.10 netmask 255.255.255.0 eth2:192.168.111.10 netmask 255.255.255.0 Eth2:1: 10.249.111.161 netmask 255.255.255.0	eth0:10.249.111.11 netmask 255.255.255.0 eth2:192.168.111.11 netmask 255.255.255.0 Eth2:1: 10.249.111.162 netmask 255.255.255.0

Generally connect from server 1 eth0 to server 2 eth2:1 should is OK vice versa. But the kernel on server 2 would report:

Ipv4:martian source 10.249.111.162 from 10.249.111.10, on Dev eth2
LL HEADER:00000000:FF FF FF FF FF FF 7f 08 06 ....... (...

It looks like the kernel would compare with the source address with the eth2 address (192.168.111.xx) then it'll find thi S is a Martian source address.

Kernel just PRINTK the source address and the actually destion address "Martian source 10.249.111.162 from 10.249.111.10", Is this a bug? I think It should printk the eth2 's address, that's we know what happen.

What is Martian Source/martian packets