aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2012-07-23 16:20:26 -0400
committerDavid S. Miller <davem@davemloft.net>2012-07-23 16:20:26 -0400
commit838942a594017817d33b2d914152305054e255af (patch)
treedd2f656813e142e49f3365c13916be45eef5178e /net/ipv4
parent8acfaa948440717a11d15a4ea579d68a5366fea4 (diff)
ipv4: Really ignore ICMP address requests/replies.
Alexey removed kernel side support for requests, and the only thing we do for replies is log a message if something doesn't look right. As Alexey's comment indicates, this belongs in userspace (if anywhere), and thus we can safely just get rid of this code. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/icmp.c84
1 files changed, 2 insertions, 82 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index ea3a996de95b..f2a06beffbd3 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -837,86 +837,6 @@ out_err:
837 goto out; 837 goto out;
838} 838}
839 839
840
841/*
842 * Handle ICMP_ADDRESS_MASK requests. (RFC950)
843 *
844 * RFC1122 (3.2.2.9). A host MUST only send replies to
845 * ADDRESS_MASK requests if it's been configured as an address mask
846 * agent. Receiving a request doesn't constitute implicit permission to
847 * act as one. Of course, implementing this correctly requires (SHOULD)
848 * a way to turn the functionality on and off. Another one for sysctl(),
849 * I guess. -- MS
850 *
851 * RFC1812 (4.3.3.9). A router MUST implement it.
852 * A router SHOULD have switch turning it on/off.
853 * This switch MUST be ON by default.
854 *
855 * Gratuitous replies, zero-source replies are not implemented,
856 * that complies with RFC. DO NOT implement them!!! All the idea
857 * of broadcast addrmask replies as specified in RFC950 is broken.
858 * The problem is that it is not uncommon to have several prefixes
859 * on one physical interface. Moreover, addrmask agent can even be
860 * not aware of existing another prefixes.
861 * If source is zero, addrmask agent cannot choose correct prefix.
862 * Gratuitous mask announcements suffer from the same problem.
863 * RFC1812 explains it, but still allows to use ADDRMASK,
864 * that is pretty silly. --ANK
865 *
866 * All these rules are so bizarre, that I removed kernel addrmask
867 * support at all. It is wrong, it is obsolete, nobody uses it in
868 * any case. --ANK
869 *
870 * Furthermore you can do it with a usermode address agent program
871 * anyway...
872 */
873
874static void icmp_address(struct sk_buff *skb)
875{
876#if 0
877 net_dbg_ratelimited("a guy asks for address mask. Who is it?\n");
878#endif
879}
880
881/*
882 * RFC1812 (4.3.3.9). A router SHOULD listen all replies, and complain
883 * loudly if an inconsistency is found.
884 * called with rcu_read_lock()
885 */
886
887static void icmp_address_reply(struct sk_buff *skb)
888{
889 struct rtable *rt = skb_rtable(skb);
890 struct net_device *dev = skb->dev;
891 struct in_device *in_dev;
892 struct in_ifaddr *ifa;
893
894 if (skb->len < 4 || !(rt->rt_flags&RTCF_DIRECTSRC))
895 return;
896
897 in_dev = __in_dev_get_rcu(dev);
898 if (!in_dev)
899 return;
900
901 if (in_dev->ifa_list &&
902 IN_DEV_LOG_MARTIANS(in_dev) &&
903 IN_DEV_FORWARD(in_dev)) {
904 __be32 _mask, *mp;
905
906 mp = skb_header_pointer(skb, 0, sizeof(_mask), &_mask);
907 BUG_ON(mp == NULL);
908 for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
909 if (*mp == ifa->ifa_mask &&
910 inet_ifa_match(ip_hdr(skb)->saddr, ifa))
911 break;
912 }
913 if (!ifa)
914 net_info_ratelimited("Wrong address mask %pI4 from %s/%pI4\n",
915 mp,
916 dev->name, &ip_hdr(skb)->saddr);
917 }
918}
919
920static void icmp_discard(struct sk_buff *skb) 840static void icmp_discard(struct sk_buff *skb)
921{ 841{
922} 842}
@@ -1080,10 +1000,10 @@ static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
1080 .handler = icmp_discard, 1000 .handler = icmp_discard,
1081 }, 1001 },
1082 [ICMP_ADDRESS] = { 1002 [ICMP_ADDRESS] = {
1083 .handler = icmp_address, 1003 .handler = icmp_discard,
1084 }, 1004 },
1085 [ICMP_ADDRESSREPLY] = { 1005 [ICMP_ADDRESSREPLY] = {
1086 .handler = icmp_address_reply, 1006 .handler = icmp_discard,
1087 }, 1007 },
1088}; 1008};
1089 1009