From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sat, 3 May 2014 11:04:32 +0000 (+0100)
Subject: netlink: Generate ICMP correctly if point-to-point
X-Git-Tag: debian/0.3.1_beta2~1
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=826b47e921488742fd77f31352fa04df3a5d0e11;hp=826b47e921488742fd77f31352fa04df3a5d0e11;p=secnet.git

netlink: Generate ICMP correctly if point-to-point

In point-to-point configurations, we need to make sure that ICMP we
generate (a) has the right source address (we have to borrow the
address of the peer or the local host, depending) and (b) is delivered
in the right direction (back to wherever the bad packet came from).

To this end netlink_icmp_tmpl now takes an explicit ICMP source
address parameter, for netlink_icmp_simple to provide the correct
address.

We replicate a small amount of logic from netlink_incoming (the choice
between netlink_client_deliver, netlink_host_deliver, and
netlink_packet_forward/netlink_packet_deliver).  But netlink_incoming
is not suitable because it is intended only for packets from outside
secnet.  For example, in a non-ptp configuration it will reject
packets whose source address is secnet's address.  And writing it out
again is arguably clearer anyway.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---