Configure ICMP error source address

Message ID	5692AD09.80406@heinlein-support.de
State	RFC, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> sender: r.sander@heinlein-support.de) by plasma.jpberlin.de (Postfix) with ESMTPSA id 80565AFFCE; Sun, 10 Jan 2016 20:12:10 +0100 (CET) Subject: Re: Configure ICMP error source address To: netfilter@vger.kernel.org, netdev@vger.kernel.org References: <568F8207.9040305@heinlein-support.de> <20160108152448.5251154.50977.21786@gmail.com> <568FDFBF.3010300@stressinduktion.org> <20160109035708.5251154.82433.21820@gmail.com> <5690D98B.7070003@stressinduktion.org> <56913852.4030608@heinlein-support.de> <56919144.4060508@stressinduktion.org> From: Robert Sander <r.sander@heinlein-support.de> Openpgp: id=8555E668FCEF97B9757AB544F0BB915823DE5B28 Organization: Heinlein Support GmbH Jabber-Id: r.sander@jabber.heinlein-support.de Message-ID: <5692AD09.80406@heinlein-support.de> Date: Sun, 10 Jan 2016 20:12:09 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: <56919144.4060508@stressinduktion.org> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="F3r6jqpXWpqNUb94qMLjTc8cW0eVkK1GC" Sender: netdev-owner@vger.kernel.org Precedence: bulk

Message ID

5692AD09.80406@heinlein-support.de

State

RFC, archived

Delegated to:

David Miller

Headers

Subject: Re: Configure ICMP error source address
To: netfilter@vger.kernel.org, netdev@vger.kernel.org
References: <568F8207.9040305@heinlein-support.de>
	<20160108152448.5251154.50977.21786@gmail.com>
	<568FDFBF.3010300@stressinduktion.org>
	<20160109035708.5251154.82433.21820@gmail.com>
	<5690D98B.7070003@stressinduktion.org>
	<56913852.4030608@heinlein-support.de>
	<56919144.4060508@stressinduktion.org>
From: Robert Sander <r.sander@heinlein-support.de>
Openpgp: id=8555E668FCEF97B9757AB544F0BB915823DE5B28
Organization: Heinlein Support GmbH
Jabber-Id: r.sander@jabber.heinlein-support.de
Message-ID: <5692AD09.80406@heinlein-support.de>
Date: Sun, 10 Jan 2016 20:12:09 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
	Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <56919144.4060508@stressinduktion.org>
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="F3r6jqpXWpqNUb94qMLjTc8cW0eVkK1GC"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Commit Message

Robert Sander Jan. 10, 2016, 7:12 p.m. UTC

Am 10.01.2016 um 00:01 schrieb Hannes Frederic Sowa:

> I am not a fan of such implicit assumptions. I would prefer the direct
> specification of the source ip address over writing interface
> information to a procfs file.

I tried that but as I am not a seasoned kernel hacker introducing a new
sysctl including the validation of an IPv4 address was a bit too much.

Instead I created this patch (applicable against kernel version 3.2):



It currently works in my testbed (Debian wheezy based, therefor kernel 3.2).

Maybe there is someone more experienced with introducing new sysctl
files and handling strings in kernel space than me that is able to
pick up this idea and implement it properly.

Regards

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index ab188ae..eba2071 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -567,7 +567,7 @@  void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
 
                rcu_read_lock();
                if (rt_is_input_route(rt) &&
-                   net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)
+                   net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr == 1)
                        dev = dev_get_by_index_rcu(net, rt->rt_iif);
 
                if (dev)
@@ -577,6 +577,23 @@  void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
                rcu_read_unlock();
        }
 
+       /*
+        *      Set source in case of error reply
+        */
+
+       if (icmp_pointers[type].error && net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr == 2) {
+               struct net_device *dev = NULL;
+               __be32 tmpaddr = 0;
+
+               rcu_read_lock();
+               dev = dev_get_by_name_rcu(net, "lo");
+               if (dev)
+                       tmpaddr = inet_select_addr(dev, 0, RT_SCOPE_UNIVERSE);
+                       if (tmpaddr)
+                               saddr = tmpaddr;
+               rcu_read_unlock();
+       }
+
        tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) |
                                           IPTOS_PREC_INTERNETCONTROL) :
                                          iph->tos;

Configure ICMP error source address

Commit Message

Patch