e2ca690b65
This patch allows configuring how the source address of ICMP redirect messages is selected; by default the old behaviour is retained, while setting icmp_redirects_use_orig_daddr force the usage of the destination address of the packet that caused the redirect. The new behaviour fits closely the RFC 5798 section 8.1.1, and fix the following scenario: Two machines are set up with VRRP to act as routers out of a subnet, they have IPs x.x.x.1/24 and x.x.x.2/24, with VRRP holding on to x.x.x.254/24. If a host in said subnet needs to get an ICMP redirect from the VRRP router, i.e. to reach a destination behind a different gateway, the source IP in the ICMP redirect is chosen as the primary IP on the interface that the packet arrived at, i.e. x.x.x.1 or x.x.x.2. The host will then ignore said redirect, due to RFC 1122 section 3.2.2.2, and will continue to use the wrong next-op. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| conntrack.h | ||
| core.h | ||
| dccp.h | ||
| generic.h | ||
| hash.h | ||
| ieee802154_6lowpan.h | ||
| ipv4.h | ||
| ipv6.h | ||
| mib.h | ||
| mpls.h | ||
| netfilter.h | ||
| nftables.h | ||
| packet.h | ||
| sctp.h | ||
| unix.h | ||
| x_tables.h | ||
| xfrm.h | ||