diff options
author | David S. Miller <davem@davemloft.net> | 2012-07-23 16:20:26 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-07-23 16:20:26 -0400 |
commit | 838942a594017817d33b2d914152305054e255af (patch) | |
tree | dd2f656813e142e49f3365c13916be45eef5178e /net/ipv4 | |
parent | 8acfaa948440717a11d15a4ea579d68a5366fea4 (diff) |
ipv4: Really ignore ICMP address requests/replies.
Alexey removed kernel side support for requests, and the
only thing we do for replies is log a message if something
doesn't look right.
As Alexey's comment indicates, this belongs in userspace (if
anywhere), and thus we can safely just get rid of this code.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/icmp.c | 84 |
1 files changed, 2 insertions, 82 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index ea3a996de95b..f2a06beffbd3 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -837,86 +837,6 @@ out_err: | |||
837 | goto out; | 837 | goto out; |
838 | } | 838 | } |
839 | 839 | ||
840 | |||
841 | /* | ||
842 | * Handle ICMP_ADDRESS_MASK requests. (RFC950) | ||
843 | * | ||
844 | * RFC1122 (3.2.2.9). A host MUST only send replies to | ||
845 | * ADDRESS_MASK requests if it's been configured as an address mask | ||
846 | * agent. Receiving a request doesn't constitute implicit permission to | ||
847 | * act as one. Of course, implementing this correctly requires (SHOULD) | ||
848 | * a way to turn the functionality on and off. Another one for sysctl(), | ||
849 | * I guess. -- MS | ||
850 | * | ||
851 | * RFC1812 (4.3.3.9). A router MUST implement it. | ||
852 | * A router SHOULD have switch turning it on/off. | ||
853 | * This switch MUST be ON by default. | ||
854 | * | ||
855 | * Gratuitous replies, zero-source replies are not implemented, | ||
856 | * that complies with RFC. DO NOT implement them!!! All the idea | ||
857 | * of broadcast addrmask replies as specified in RFC950 is broken. | ||
858 | * The problem is that it is not uncommon to have several prefixes | ||
859 | * on one physical interface. Moreover, addrmask agent can even be | ||
860 | * not aware of existing another prefixes. | ||
861 | * If source is zero, addrmask agent cannot choose correct prefix. | ||
862 | * Gratuitous mask announcements suffer from the same problem. | ||
863 | * RFC1812 explains it, but still allows to use ADDRMASK, | ||
864 | * that is pretty silly. --ANK | ||
865 | * | ||
866 | * All these rules are so bizarre, that I removed kernel addrmask | ||
867 | * support at all. It is wrong, it is obsolete, nobody uses it in | ||
868 | * any case. --ANK | ||
869 | * | ||
870 | * Furthermore you can do it with a usermode address agent program | ||
871 | * anyway... | ||
872 | */ | ||
873 | |||
874 | static void icmp_address(struct sk_buff *skb) | ||
875 | { | ||
876 | #if 0 | ||
877 | net_dbg_ratelimited("a guy asks for address mask. Who is it?\n"); | ||
878 | #endif | ||
879 | } | ||
880 | |||
881 | /* | ||
882 | * RFC1812 (4.3.3.9). A router SHOULD listen all replies, and complain | ||
883 | * loudly if an inconsistency is found. | ||
884 | * called with rcu_read_lock() | ||
885 | */ | ||
886 | |||
887 | static void icmp_address_reply(struct sk_buff *skb) | ||
888 | { | ||
889 | struct rtable *rt = skb_rtable(skb); | ||
890 | struct net_device *dev = skb->dev; | ||
891 | struct in_device *in_dev; | ||
892 | struct in_ifaddr *ifa; | ||
893 | |||
894 | if (skb->len < 4 || !(rt->rt_flags&RTCF_DIRECTSRC)) | ||
895 | return; | ||
896 | |||
897 | in_dev = __in_dev_get_rcu(dev); | ||
898 | if (!in_dev) | ||
899 | return; | ||
900 | |||
901 | if (in_dev->ifa_list && | ||
902 | IN_DEV_LOG_MARTIANS(in_dev) && | ||
903 | IN_DEV_FORWARD(in_dev)) { | ||
904 | __be32 _mask, *mp; | ||
905 | |||
906 | mp = skb_header_pointer(skb, 0, sizeof(_mask), &_mask); | ||
907 | BUG_ON(mp == NULL); | ||
908 | for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { | ||
909 | if (*mp == ifa->ifa_mask && | ||
910 | inet_ifa_match(ip_hdr(skb)->saddr, ifa)) | ||
911 | break; | ||
912 | } | ||
913 | if (!ifa) | ||
914 | net_info_ratelimited("Wrong address mask %pI4 from %s/%pI4\n", | ||
915 | mp, | ||
916 | dev->name, &ip_hdr(skb)->saddr); | ||
917 | } | ||
918 | } | ||
919 | |||
920 | static void icmp_discard(struct sk_buff *skb) | 840 | static void icmp_discard(struct sk_buff *skb) |
921 | { | 841 | { |
922 | } | 842 | } |
@@ -1080,10 +1000,10 @@ static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = { | |||
1080 | .handler = icmp_discard, | 1000 | .handler = icmp_discard, |
1081 | }, | 1001 | }, |
1082 | [ICMP_ADDRESS] = { | 1002 | [ICMP_ADDRESS] = { |
1083 | .handler = icmp_address, | 1003 | .handler = icmp_discard, |
1084 | }, | 1004 | }, |
1085 | [ICMP_ADDRESSREPLY] = { | 1005 | [ICMP_ADDRESSREPLY] = { |
1086 | .handler = icmp_address_reply, | 1006 | .handler = icmp_discard, |
1087 | }, | 1007 | }, |
1088 | }; | 1008 | }; |
1089 | 1009 | ||