git.baikalelectronics.ru Git - kernel.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Fri, 9 Oct 2015 12:34:31 +0000 (14:34 +0200)
committer	David S. Miller <davem@davemloft.net>
	Tue, 13 Oct 2015 02:38:02 +0000 (19:38 -0700)
commit	898aed19a3e03ac05cc59519608beff99cadaf12
tree	bad7ed1b3899da4affa41704c52c27e0a8a616c0	tree \| snapshot
parent	327c8face8136a94cf9d17a6a3b97e6996491489	commit \| diff

ipv4/icmp: redirect messages can use the ingress daddr as source

This patch allows configuring how the source address of ICMP
redirect messages is selected; by default the old behaviour is
retained, while setting icmp_redirects_use_orig_daddr force the
usage of the destination address of the packet that caused the
redirect.

The new behaviour fits closely the RFC 5798 section 8.1.1, and fix the
following scenario:

Two machines are set up with VRRP to act as routers out of a subnet,
they have IPs x.x.x.1/24 and x.x.x.2/24, with VRRP holding on to
x.x.x.254/24.

If a host in said subnet needs to get an ICMP redirect from the VRRP
router, i.e. to reach a destination behind a different gateway, the
source IP in the ICMP redirect is chosen as the primary IP on the
interface that the packet arrived at, i.e. x.x.x.1 or x.x.x.2.

The host will then ignore said redirect, due to RFC 1122 section 3.2.2.2,
and will continue to use the wrong next-op.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Documentation/networking/ip-sysctl.txt		diff \| blob \| history
include/net/netns/ipv4.h		diff \| blob \| history
net/ipv4/icmp.c		diff \| blob \| history
net/ipv4/sysctl_net_ipv4.c		diff \| blob \| history