Message ID | 1320680505-26367-1-git-send-email-fbl@redhat.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
From: Flavio Leitner <fbl@redhat.com> Date: Mon, 7 Nov 2011 13:41:45 -0200 > It should accept ICMP redirects from any host and not > just from gateways when secure_redirects is disabled. > > Signed-off-by: Flavio Leitner <fbl@redhat.com> This is changing the default behavior, and could break things for people. We have sort-of discussed this already, and agreed that the tests made in this code before my inetpeer reworking had to be reinstated exactly as it was. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, 07 Nov 2011 13:35:41 -0500 (EST) David Miller <davem@davemloft.net> wrote: > From: Flavio Leitner <fbl@redhat.com> > Date: Mon, 7 Nov 2011 13:41:45 -0200 > > > It should accept ICMP redirects from any host and not > > just from gateways when secure_redirects is disabled. > > > > Signed-off-by: Flavio Leitner <fbl@redhat.com> > > This is changing the default behavior, and could break things for > people. > > We have sort-of discussed this already, and agreed that the tests > made in this code before my inetpeer reworking had to be reinstated > exactly as it was. Right, so I cannot change either values 0 or 1 then. For some reason I thought I couldn't change only the default behavior. I will think on something else then. thanks, fbl -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 155138d..dd6937ec 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1347,7 +1347,8 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, continue; if (rt->dst.error || rt->dst.dev != dev || - rt->rt_gateway != old_gw) { + (IN_DEV_SEC_REDIRECTS(in_dev) && + rt->rt_gateway != old_gw)) { ip_rt_put(rt); continue; }
It should accept ICMP redirects from any host and not just from gateways when secure_redirects is disabled. Signed-off-by: Flavio Leitner <fbl@redhat.com> --- net/ipv4/route.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)