I am concerned that this discussion thread is obfuscating the issue by
improperly characterizing traceroute. Traceroute is not a "feature" if IP,
TCP/IP, ICMP, or UDP. Traceroute is a methodology that cleverly uses
existing features of IP, UDP, and ICMP to get the job done. It is a program
that was conceived in the late 1980's for the purpose of determining the
route that a datagram would take over the network. I should acknowledge
that RFC 1393 creates an ICMP (type 30) traceroute method that relies on
routers to implement but from my experience, the majority of traceroutes
today are done in the following manner.
Traceroute begins by sending a UDP datagram from the originating host to
the destination host. This datagram lists the originating host as the
source IP address and the destination host as the destination IP address.
What is unique about the datagram is that the port number is (typically)
set to an invalid port and the TTL is initially set to a value of 1.
When the datagram arrives at the first router, that router decrements the
TTL by one which results in a TTL of zero. The datagram is now expired so
the router sends an ICMP Time Exceeded (ICMP type 11, code 0) message to
the originating host. The source address of this ICMP message is the
address of the router and the destination address is the address of the
originating host. This response to the originating host now gives
traceroute the first piece of information that it needs - the IP address of
the first router.
The second UDP datagram sent by the originating host is exactly the same at
the first but with a TTL value of 2. This time the first router receives
the datagram and decrements the TTL by 1. Since the TTL is still greater
than 0, this first router now faithfully routes the otherwise unchanged
datagram to the next router. The second router in turn decrements the TTL
by 1 resulting in a TTL of 0. This triggers an ICMP Time Exceeded message
from the second router. The source address of the ICMP message is the
address of the second router and the destination address is the address of
the originating host. Now the originating host knows the address of the
second router.
This process continues until a maximum TTL is reached (typically around 30)
or the destination host is finally reached. When the datagram arrives at
the destination host, it is not concerned about the TTL but rather the
invalid port in the UDP datagram. Because the port is not valid, the
destination host will respond with an ICMP Port Unreachable (ICMP type 3,
code 3) message with its destination host address as the source IP address
and the originating host as the destination IP address. This finally
completes the traceroute process.
There are some variations on this technique such as using the ICMP Echo
Request instead of the UDP datagram. The technique is essentially the same
however the response from the destination host may be different or non
existent depending upon the configuration of the destination host.
Now, back to the original discussion of a router sharing the same IP
address as (in this example) the originating host. Without testing this in
the lab I believe that this should not be a problem for the router. The
router will, when decrementing to a TTL=0, respond with an ICMP message
with the source and destination IP addresses set the same (e.g. 10.1.1.1).
I suspect the router will faithfully pass this out the port that is bound
to the same IP address since it is not an internal route (e.g. 127.0.0.1 on
Linux). I also believe that neither the IP stack nor the network will
*reflect* the outbound datagram back to the router. The originating host
will properly receive the ICMP message since it is not compelled to deal
with identical source and destination addresses. All of this is said
setting aside issues related to the routing of "private" addresses, etc. As
I said, this paragraph is just my suspicion.
Sorry if all if this is a bit preachy. Let me know where I have erred (as
if I would have to ask...)
- Glenn
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
