Even that might not be right.

In the presence of multiple subnets on a non-p2p interface, I don't
think the kernel has enough information to tell whether a redirect is
the right thing or not. (Even with only one subnet on the interface,
there are cases where a redirect might not work, but they're rather
contrived.)

Consider if0 with addresses 1.0.0.1/24 and 2.0.0.2/24. A packet
arrives on if0 addressed to 1.0.0.3. If the sending host exists in
1.0.0/24, a dredirect is in order; if not (eg, if it's in 2.0.0.0/24
only), not. But we don't have that information. All we have is the
ip_src and ip_dst on the packet, neither of which needs to bear any
relation to any IP addresses the previous-hop host has on if0's
network. (Depending on the network technology, we may have more
information - for example, for Ethernet we might be able to tell
something by looking at the ARP table - but that's a really ugly
larying violation, won't work for all network technologies, and won't
work reliably even for Ethernet.)

Based on a quick read-over, the code appears to send redirects only
when ip_src is on-subnet, which seems to me like an appropriately
conservative approach, and one that will catch most cases where
redirects matter the most. It appears to be using the ifa for the
route, not a randomly picked address belonging to the interface, which
strikes me as right; I'd have to treat it as a debugging problem to
figure out why you're not seeing the redirects it seems to me you
should be.

/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML ***@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de