• H
    [INET]: Move no-tunnel ICMP error to tunnel4/tunnel6 · 50fba2aa
    Herbert Xu 提交于
    This patch moves the sending of ICMP messages when there are no IPv4/IPv6
    tunnels present to tunnel4/tunnel6 respectively.  Please note that for now
    if xfrm4_tunnel/xfrm6_tunnel is loaded then no ICMP messages will ever be
    sent.  This is similar to how we handle AH/ESP/IPCOMP.
    
    This move fixes the bug where we always send an ICMP message when there is
    no ip6_tunnel device present for a given packet even if it is later handled
    by IPsec.  It also causes ICMP messages to be sent when no IPIP tunnel is
    present.
    
    I've decided to use the "port unreachable" ICMP message over the current
    value of "address unreachable" (and "protocol unreachable" by GRE) because
    it is not ambiguous unlike the other ones which can be triggered by other
    conditions.  There seems to be no standard specifying what value must be
    used so this change should be OK.  In fact we should change GRE to use
    this value as well.
    
    Incidentally, this patch also fixes a fairly serious bug in xfrm6_tunnel
    where we don't check whether the embedded IPv6 header is present before
    dereferencing it for the inside source address.
    
    This patch is inspired by a previous patch by Hugo Santos <hsantos@av.it.pt>.
    Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    50fba2aa
xfrm4_input.c 4.0 KB