On 2/27/18 9:09 AM, Stephen Suryaputra wrote:
> Thanks David for confirming that this is unintended.
>
> Given that, I think the fix isn't complete because when forwarding
> isn't enabled on the original incoming netdev, the ICMP shouldn't be
> generated. This diff fixes that case:
>
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index a4f44d8..dc40a94 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -937,13 +937,20 @@ static int ip_error(struct sk_buff *skb)
> struct net *net;
> bool send;
> int code;
> + int in_dev_forward;
declarations are in reverse xmas tree order. ie., put this new one after
peer.
>
> /* IP on this device is disabled. */
> if (!in_dev)
> goto out;
>
> net = dev_net(rt->dst.dev);
> - if (!IN_DEV_FORWARD(in_dev)) {
> + if (netif_is_l3_master(skb->dev)) {
> + in_dev_forward = IN_DEV_FORWARD(
> + __in_dev_get_rcu(__dev_get_by_index(net,
> IPCB(skb)->iif)));
> + } else {
> + in_dev_forward = IN_DEV_FORWARD(in_dev);
> + }
That looks correct.
> + if (!in_dev_forward) {
> switch (rt->dst.error) {
> case EHOSTUNREACH:
> __IP_INC_STATS(net, IPSTATS_MIB_INADDRERRORS);
>
> I can put a formal patch if you like.
>
please do.
