[IPV4]: Sysctl configurable icmp error source address.
This patch alows you to change the source address of icmp error messages. It applies cleanly to 2.6.11.11 and retains the default behaviour. In the old (default) behaviour icmp error messages are sent with the ip of the exiting interface. The new behaviour (when the sysctl variable is toggled on), it will send the message with the ip of the interface that received the packet that caused the icmp error. This is the behaviour network administrators will expect from a router. It makes debugging complicated network layouts much easier. Also, all 'vendor routers' I know of have the later behaviour. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
6a6ddb2a9c
commit
1c2fb7f93c
@ -346,6 +346,7 @@ enum
|
||||
NET_TCP_MODERATE_RCVBUF=106,
|
||||
NET_TCP_TSO_WIN_DIVISOR=107,
|
||||
NET_TCP_BIC_BETA=108,
|
||||
NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR=109,
|
||||
};
|
||||
|
||||
enum {
|
||||
|
@ -207,6 +207,7 @@ int sysctl_icmp_ignore_bogus_error_responses;
|
||||
|
||||
int sysctl_icmp_ratelimit = 1 * HZ;
|
||||
int sysctl_icmp_ratemask = 0x1818;
|
||||
int sysctl_icmp_errors_use_inbound_ifaddr;
|
||||
|
||||
/*
|
||||
* ICMP control array. This specifies what to do with each ICMP.
|
||||
@ -511,8 +512,12 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info)
|
||||
*/
|
||||
|
||||
saddr = iph->daddr;
|
||||
if (!(rt->rt_flags & RTCF_LOCAL))
|
||||
saddr = 0;
|
||||
if (!(rt->rt_flags & RTCF_LOCAL)) {
|
||||
if (sysctl_icmp_errors_use_inbound_ifaddr)
|
||||
saddr = inet_select_addr(skb_in->dev, 0, RT_SCOPE_LINK);
|
||||
else
|
||||
saddr = 0;
|
||||
}
|
||||
|
||||
tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) |
|
||||
IPTOS_PREC_INTERNETCONTROL) :
|
||||
|
@ -23,6 +23,7 @@ extern int sysctl_ip_nonlocal_bind;
|
||||
extern int sysctl_icmp_echo_ignore_all;
|
||||
extern int sysctl_icmp_echo_ignore_broadcasts;
|
||||
extern int sysctl_icmp_ignore_bogus_error_responses;
|
||||
extern int sysctl_icmp_errors_use_inbound_ifaddr;
|
||||
|
||||
/* From ip_fragment.c */
|
||||
extern int sysctl_ipfrag_low_thresh;
|
||||
@ -395,6 +396,14 @@ ctl_table ipv4_table[] = {
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
},
|
||||
{
|
||||
.ctl_name = NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR,
|
||||
.procname = "icmp_errors_use_inbound_ifaddr",
|
||||
.data = &sysctl_icmp_errors_use_inbound_ifaddr,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
},
|
||||
{
|
||||
.ctl_name = NET_IPV4_ROUTE,
|
||||
.procname = "route",
|
||||
|
Loading…
Reference in New Issue
Block a user