Router starts duplicating UDP packets?

[snq]

I'm writing my own little DOS networking library in C++ (Watcom). So far it's going okay and I'm at the point where an application using the library can communicate with the rest of the network over UDP. I got some basic TCP stuff as well but I figured I'd finish UDP first as it's a lot easier than TCP.

Anyway, I was doing a bit of testing by sending off UDP packets from my regular PC to the test machine running my test app at a rate of around 25 packets/sec. All seemed to be going fine, until after about 5 mins all of a sudden my router starts duplicating every single packet my PC sent out.
What it does exactly is send a copy of the packet to the destination machine (it will keep the IP but the mac address changes) and at the same time sends off an ICMP redirect (type 5, code 1) packet to my PC with gateway address set to my DOS machine's IP. And once it starts doing this, it does this for every single packet, forever.
My app receives both the original and the copy sent by the router fine and they're both coming from the same IP but different mac addresses.

As far as I can tell nothing special happens before my router starts minding my business, so I have no idea what's triggering this? It's pretty annoying because I obviously don't want a 2nd copy of every packet.

I should probably mention that my app does not send responses to any of these packets, a scenario that probably wouldn't happen all too often in reality. So maybe my router thinks something must be fishy here and that's why it starts acting up?

 

[mbbrutman]

Interesting on many different levels ..

The ICMP redirect is a clue - the router thinks that there is a better way to send traffic. Is there something about your network topology that is complicated or unusual? Multiple subnets, wrong netmasks, etc?


Mike

 

[snq]

Nothing special that I know of, except for the fact that what I'm testing on is a VM running on my PC, using bridged networking so it gets to have its own IP on the physical network. On the PC that's running everything I disabled all adapters (both vmware and real ones) other than the one that keeps me connected so it shouldn't cause any trouble.

Other than that a regular home network with a single router and most devices configured using DHCP.


I should probably try running it on a real machine to see if that makes any difference. Or try sending a reply every now and then to see if that helps. Maybe it thinks there's a better way to send traffic because there's never a reply? Altho it does reply to ARP requests so it should be able to figure out there's actually something receiving the packets.

 

[mbbrutman]

Well, the VM is probably a contributing factor.

You need a packet sniffer on the network to be sure, but one possible problem is that host PC is doing proxy ARP, claiming both IP addresses. That might cause confusion. In a perfect world the host PC would be able to send and receive raw frames with different MAC addresses, but that's kind of a security nightmare.


Mike

 

[snq]

I just ran wireshark for a bit on another PC, while testing.
The ARP packets don't show up at first so I'm guessing they never make it out on the real network in the first place. Then after a while all of a sudden all UDP packets show up on the other machine so they are getting out there. I reduced speed to 1 per sec and every single one of them is there. 52 seconds after the first packet shows up on the other PC, the router decides its time for some action. It forwards one packet from the PC->VM, I changed my app to send replies, so it replies to both the router and the original sender, and the router in its turn forwards the reply to the PC a 2nd time. After that, packets don't make it out to the network any more and the router doesn't forward anything any more.

I'm guessing the VM is indeed not helping. Or at least I hope it's just that, because otherwise this would require a bit of special handling in the lib.. I'll test with a real machine later!

 

[mbbrutman]

Routers are very limited on storage - it's unlikely that it is storing and forwarding for more than a few milliseconds.

Are you seeing unique MAC addresses in the packets, or is the host machine doing proxy ARP and making it look as though both IP addresses go to the same MAC address?

 

[snq]

The MAC addresses were different.
I wonder why the packets would start going out on the network all of a sudden though?

Speaking of router hardware (bit offtopic now) I did a bit of router software development a couple of years ago, that was a lot of fun, a lot like oldschool programming. Iirc my development router had 32 MB of RAM and a 200-something MHz CPU, but most models had a lot less than that. Obviously a lot more than the stuff we're discussing here but then the stuff I did also had to keep up with at least 100 Mbit/s or nobody would be using our stuff. It called for a lot of optimization, which is really the kind of programming I like most of all.