Revert "ipv4/icmp: redirect messages can use the ingress daddr as sou…

…rce" Revert the commit e2ca690 ("ipv4/icmp: redirect messages can use the ingress daddr as source"), which tried to introduce a more suitable behaviour for ICMP redirect messages generated by VRRP routers. However RFC 5798 section 8.1.1 states: The IPv4 source address of an ICMP redirect should be the address that the end-host used when making its next-hop routing decision. while said commit used the generating packet destination address, which do not match the above and in most cases leads to no redirect packets to be generated. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Oct 14, 2015 · 02a6d61 · 02a6d61
1 parent 7d1f641
commit 02a6d61
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 33 deletions.
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
@@ -884,8 +884,8 @@ icmp_ignore_bogus_error_responses - BOOLEAN
 
 icmp_errors_use_inbound_ifaddr - BOOLEAN
 
-	If zero, icmp error messages except redirects are sent with the primary
-	address of the exiting interface.
+	If zero, icmp error messages are sent with the primary address of
+	the exiting interface.
 
 	If non-zero, the message will be sent with the primary address of
 	the interface that received the packet that caused the icmp error.
@@ -897,23 +897,8 @@ icmp_errors_use_inbound_ifaddr - BOOLEAN
 	then the primary address of the first non-loopback interface that
 	has one will be used regardless of this setting.
 
-	The source address selection of icmp redirect messages is controlled by
-	icmp_errors_use_inbound_ifaddr.
 	Default: 0
 
-icmp_redirects_use_orig_daddr - BOOLEAN
-
-	If zero, icmp redirect messages are sent using the address specified for
-	other icmp errors by icmp_errors_use_inbound_ifaddr.
-
-	If non-zero, the message will be sent with the destination address of
-	the packet that caused the icmp redirect.
-	This behaviour is the preferred one on VRRP routers (see RFC 5798
-	section 8.1.1).
-
-	Default: 0
-
-
 igmp_max_memberships - INTEGER
 	Change the maximum number of multicast groups we can subscribe to.
 	Default: 20

diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
@@ -74,7 +74,6 @@ struct netns_ipv4 {
 	int sysctl_icmp_ratelimit;
 	int sysctl_icmp_ratemask;
 	int sysctl_icmp_errors_use_inbound_ifaddr;
-	int sysctl_icmp_redirects_use_orig_daddr;
 
 	struct local_ports ip_local_ports;
 

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
@@ -659,9 +659,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
 	 */
 
 	saddr = iph->daddr;
-	if (!((type == ICMP_REDIRECT) &&
-	      net->ipv4.sysctl_icmp_redirects_use_orig_daddr) &&
-	    !(rt->rt_flags & RTCF_LOCAL)) {
+	if (!(rt->rt_flags & RTCF_LOCAL)) {
 		struct net_device *dev = NULL;
 
 		rcu_read_lock();
@@ -1224,11 +1222,6 @@ static int __net_init icmp_sk_init(struct net *net)
 	net->ipv4.sysctl_icmp_ratemask = 0x1818;
 	net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0;
 
-	/* Control paramerer - use the daddr of originating packets as saddr
-	 * in redirect messages?
-	 */
-	net->ipv4.sysctl_icmp_redirects_use_orig_daddr = 0;
-
 	return 0;
 
 fail:

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
@@ -817,13 +817,6 @@ static struct ctl_table ipv4_net_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec
 	},
-	{
-		.procname	= "icmp_redirects_use_orig_daddr",
-		.data		= &init_net.ipv4.sysctl_icmp_redirects_use_orig_daddr,
-		.maxlen		= sizeof(int),
-		.mode		= 0644,
-		.proc_handler	= proc_dointvec
-	},
 	{
 		.procname	= "icmp_ratelimit",
 		.data		= &init_net.ipv4.sysctl_icmp_ratelimit,