[Bug 221137] FreeBSD 11+ does not send ICMP redirects

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221137

Stephen McKay <mckay at FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mckay at FreeBSD.org

--- Comment #8 from Stephen McKay <mckay at FreeBSD.org> ---
Created attachment 196187
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=196187&action=edit
Plausible icmp redirect fix for ipv4 and ipv6

I'm surprised that this bug is still unfixed after a year and quite surprised
that it is marked "Affects Only Me".  ICMP redirects are still in all the RFCs
and are not deprecated, so FreeBSD's recent inability to generate them affects
everyone who wishes to be RFC compliant.

I have attached a plausible minimalist fix.  When net.inet.ip.redirect is set
(net.inet6.ip6.redirect for ipv6) fast path forwarding (which lacks redirect
generation ability) is not attempted.  This means the standard code is used and
ICMP redirects are generated.

Anyone wishing to have fast path forwarding at the cost of never generating
ICMP redirects can disable redirects using sysctl.

This might be considered a strong position to take, but the alternative
(ignoring an obvious bug) seems to me to be a stronger position with no up
side.

I think this issue should be resolved before 12 ships.  Please let your
thoughts be known.

-- 
You are receiving this mail because:
You are the assignee for the bug.