Documentation: ip-sysctl.txt: clarify secure_redirects

Clarify how secure_redirects works. Mention that RFC1122 always applies. Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Garver <e@erig.me> 2016-05-26 12:28:05 -0400
committer: David S. Miller <davem@davemloft.net> 2016-05-30 01:40:53 -0400
commit: 176b346b37f0b9c03e91eb6f1460e00f3c0c3edf (patch)
tree: 39a55fd3ad282c635a9d19eb558e73b361f90894 /Documentation
parent: 68bb399e656f244d3d173a20a8280c167632fca8 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 6c7f365b1515..9ae929395b24 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1036,15 +1036,17 @@ proxy_arp_pvlan - BOOLEAN
 shared_media - BOOLEAN
        Send(router) or accept(host) RFC1620 shared media redirects.
-        Overrides ip_secure_redirects.
+        Overrides secure_redirects.
        shared_media for the interface will be enabled if at least one of
        conf/{all,interface}/shared_media is set to TRUE,
        it will be disabled otherwise
        default TRUE
 secure_redirects - BOOLEAN
-        Accept ICMP redirect messages only for gateways,
+        Accept ICMP redirect messages only to gateways listed in the
-        listed in default gateway list.
+        interface's current gateway list. Even if disabled, RFC1122 redirect
+        rules still apply.
+        Overridden by shared_media.
        secure_redirects for the interface will be enabled if at least one of
        conf/{all,interface}/secure_redirects is set to TRUE,
        it will be disabled otherwise
author	Eric Garver <e@erig.me>	2016-05-26 12:28:05 -0400
committer	David S. Miller <davem@davemloft.net>	2016-05-30 01:40:53 -0400
commit	176b346b37f0b9c03e91eb6f1460e00f3c0c3edf (patch)
tree	39a55fd3ad282c635a9d19eb558e73b361f90894 /Documentation
parent	68bb399e656f244d3d173a20a8280c167632fca8 (diff)