diff options
author | J. Simonetti <jeroen@simonetti.nl> | 2005-06-13 18:19:03 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-06-13 18:19:03 -0400 |
commit | 1c2fb7f93cb20621772bf304f3dba0849942e5db (patch) | |
tree | 0cb992ad463ee13af28d80d6730dcf1c4532b707 /net | |
parent | 6a6ddb2a9c11fcc3e8d7517841d28c9ea206ddef (diff) |
[IPV4]: Sysctl configurable icmp error source address.
This patch alows you to change the source address of icmp error
messages. It applies cleanly to 2.6.11.11 and retains the default
behaviour.
In the old (default) behaviour icmp error messages are sent with the ip
of the exiting interface.
The new behaviour (when the sysctl variable is toggled on), it will send
the message with the ip of the interface that received the packet that
caused the icmp error. This is the behaviour network administrators will
expect from a router. It makes debugging complicated network layouts
much easier. Also, all 'vendor routers' I know of have the later
behaviour.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/icmp.c | 9 | ||||
-rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 9 |
2 files changed, 16 insertions, 2 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 85bf0d3e294b..cb759484979d 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -207,6 +207,7 @@ int sysctl_icmp_ignore_bogus_error_responses; | |||
207 | 207 | ||
208 | int sysctl_icmp_ratelimit = 1 * HZ; | 208 | int sysctl_icmp_ratelimit = 1 * HZ; |
209 | int sysctl_icmp_ratemask = 0x1818; | 209 | int sysctl_icmp_ratemask = 0x1818; |
210 | int sysctl_icmp_errors_use_inbound_ifaddr; | ||
210 | 211 | ||
211 | /* | 212 | /* |
212 | * ICMP control array. This specifies what to do with each ICMP. | 213 | * ICMP control array. This specifies what to do with each ICMP. |
@@ -511,8 +512,12 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, u32 info) | |||
511 | */ | 512 | */ |
512 | 513 | ||
513 | saddr = iph->daddr; | 514 | saddr = iph->daddr; |
514 | if (!(rt->rt_flags & RTCF_LOCAL)) | 515 | if (!(rt->rt_flags & RTCF_LOCAL)) { |
515 | saddr = 0; | 516 | if (sysctl_icmp_errors_use_inbound_ifaddr) |
517 | saddr = inet_select_addr(skb_in->dev, 0, RT_SCOPE_LINK); | ||
518 | else | ||
519 | saddr = 0; | ||
520 | } | ||
516 | 521 | ||
517 | tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) | | 522 | tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) | |
518 | IPTOS_PREC_INTERNETCONTROL) : | 523 | IPTOS_PREC_INTERNETCONTROL) : |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 3aafb298c1c1..23068bddbf0b 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
@@ -23,6 +23,7 @@ extern int sysctl_ip_nonlocal_bind; | |||
23 | extern int sysctl_icmp_echo_ignore_all; | 23 | extern int sysctl_icmp_echo_ignore_all; |
24 | extern int sysctl_icmp_echo_ignore_broadcasts; | 24 | extern int sysctl_icmp_echo_ignore_broadcasts; |
25 | extern int sysctl_icmp_ignore_bogus_error_responses; | 25 | extern int sysctl_icmp_ignore_bogus_error_responses; |
26 | extern int sysctl_icmp_errors_use_inbound_ifaddr; | ||
26 | 27 | ||
27 | /* From ip_fragment.c */ | 28 | /* From ip_fragment.c */ |
28 | extern int sysctl_ipfrag_low_thresh; | 29 | extern int sysctl_ipfrag_low_thresh; |
@@ -396,6 +397,14 @@ ctl_table ipv4_table[] = { | |||
396 | .proc_handler = &proc_dointvec | 397 | .proc_handler = &proc_dointvec |
397 | }, | 398 | }, |
398 | { | 399 | { |
400 | .ctl_name = NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR, | ||
401 | .procname = "icmp_errors_use_inbound_ifaddr", | ||
402 | .data = &sysctl_icmp_errors_use_inbound_ifaddr, | ||
403 | .maxlen = sizeof(int), | ||
404 | .mode = 0644, | ||
405 | .proc_handler = &proc_dointvec | ||
406 | }, | ||
407 | { | ||
399 | .ctl_name = NET_IPV4_ROUTE, | 408 | .ctl_name = NET_IPV4_ROUTE, |
400 | .procname = "route", | 409 | .procname = "route", |
401 | .maxlen = 0, | 410 | .maxlen = 0, |