route: fix ICMP redirect validation
authorFlavio Leitner <fbl@redhat.com>
Mon, 24 Oct 2011 06:56:38 +0000 (02:56 -0400)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 9 Dec 2011 16:56:00 +0000 (08:56 -0800)
commit5c9c7437749337f1af355eb9e447e75a58822da4
tree6eda64efad3dcc097e12419f0e747a9774b0b63c
parentfe421e849a3c36373dd59eb5f302705c91a14719
route: fix ICMP redirect validation

[ Upstream commit 7cc9150ebe8ec06cafea9f1c10d92ddacf88d8ae ]

The commit f39925dbde7788cfb96419c0f092b086aa325c0f
(ipv4: Cache learned redirect information in inetpeer.)
removed some ICMP packet validations which are required by
RFC 1122, section 3.2.2.2:
...
  A Redirect message SHOULD be silently discarded if the new
  gateway address it specifies is not on the same connected
  (sub-) net through which the Redirect arrived [INTRO:2,
  Appendix A], or if the source of the Redirect is not the
  current first-hop gateway for the specified destination (see
  Section 3.3.1).

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
net/ipv4/route.c