diff options
| author | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-08-14 07:54:14 +0000 |
|---|---|---|
| committer | Andrey V. Elsukov <ae@FreeBSD.org> | 2018-08-14 07:54:14 +0000 |
| commit | 62484790e0ac8dadfaff3df3ee0d2efae62ae2b2 (patch) | |
| tree | 28c3e4536cc538d541bd8ad32e87e1649ecdc6d7 /sys/netinet/ip_input.c | |
| parent | 81eb4dcf9e0d00972eceeaf61215db5995287498 (diff) | |
| download | src-62484790e0ac8dadfaff3df3ee0d2efae62ae2b2.tar.gz src-62484790e0ac8dadfaff3df3ee0d2efae62ae2b2.zip | |
Restore ability to send ICMP and ICMPv6 redirects.
It was lost when tryforward appeared. Now ip[6]_tryforward will be enabled
only when sending redirects for corresponding IP version is disabled via
sysctl. Otherwise will be used default forwarding function.
PR: 221137
Submitted by: mckay@
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=337736
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 882b2aea119a..7edead14158b 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -557,13 +557,15 @@ tooshort: /* * Try to forward the packet, but if we fail continue. + * ip_tryforward() does not generate redirects, so fall + * through to normal processing if redirects are required. * ip_tryforward() does inbound and outbound packet firewall * processing. If firewall has decided that destination becomes * our local address, it sets M_FASTFWD_OURS flag. In this * case skip another inbound firewall processing and update * ip pointer. */ - if (V_ipforwarding != 0 + if (V_ipforwarding != 0 && V_ipsendredirects == 0 #if defined(IPSEC) || defined(IPSEC_SUPPORT) && (!IPSEC_ENABLED(ipv4) || IPSEC_CAPS(ipv4, m, IPSEC_CAP_OPERABLE) == 0) |