netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[PATCH] Suppressing ICMP redirects for mangled packets?

from [Paul Rusty Russell] [Permanent Link][Original]
To: kuznet@xxxxxxxxxxxxx
Subject: [PATCH] Suppressing ICMP redirects for mangled packets?
From: Paul Rusty Russell <Paul.Russell@xxxxxxxxxxxxxxx>
Date: Wed, 10 Nov 1999 08:44:57 +1100
Cc: netdev@xxxxxxxxxxx
Sender: owner-netdev@xxxxxxxxxxx 
Alexey,

        Is it reasonable to suppress ICMP redirects in this case?
There are cases where we want to route through a box for special
effects: most common is the where we're NATing 1.2.3.1 onto
192.168.1.1, and a box on 192.168.1.* connects to 1.2.3.1.

Rusty.
PS.  Thanks for bouncing me the crash report from l-k; I'm looking
     into it.

--- linux-2.3/net/ipv4/ip_forward.c.~1~ Fri Nov  5 12:33:21 1999
+++ linux-2.3/net/ipv4/ip_forward.c     Wed Nov 10 07:43:57 1999
@@ -113,8 +113,15 @@
        /*
         *      We now generate an ICMP HOST REDIRECT giving the route
         *      we calculated.
+        *
+        *      Don't do this if we mangled the packet: bouncing
+        *      through us probably intentional. 10-Nov-1999 --RR
         */
-       if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr)
+       if (rt->rt_flags&RTCF_DOREDIRECT
+#ifdef CONFIG_NETFILTER
+           && !(skb->nfcache & NFC_ALTERED)
+#endif
+           && !opt->srr)
                ip_rt_send_redirect(skb);
 
        /* We are about to mangle packet. Copy it! */
--
Hacking time.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ANSI C++ problem in include/linux/socket.h, OKUJI Yoshinori
Next by Date:  Re: ANSI C++ problem in include/linux/socket.h, Benjamin C.R. LaHaise
Previous by Thread:  ANSI C++ problem in include/linux/socket.h, OKUJI Yoshinori
Next by Thread:  Re: [PATCH] Suppressing ICMP redirects for mangled packets?, kuznet
Indexes:  [Date] [Thread] [Top] [All Lists]