Hello,

On Fri, 5 Mar 2004 kuznet@ms2.inr.ac.ru wrote:

quoted

routes via gateway when shared_media is ON:

http://marc.theaimsgroup.com/?l=linux-netdev&m=107109827516060&w=2

"message but we are sure we hit the target IP directly"

You cannot be sure, actually. This happens and resolves the situation
when the things sort ip route add default dev eth0 are used i.e. host
does not know real prefixes.

If this is a security issue (I do not see actually, the things on link
can be screwed via proxy arp et all in any case), make it a separate option
or even better use IN_DEV_SEC_REDIRECTS(in_dev) like similar paranoid case
for !shared_media case.

	I now see, may be better to stay as before, IN_DEV_SEC_REDIRECTS
if used, can break the shared_media feature.

	Anyways, I prepared a final version:

http://www.ssi.bg/~ja/tmp/tos-8.diff

	It passes simple tests. I hope it is ready for inclusion
after eventual tuning. Compared to previous versions I removed the
'rth->rt_dst == rth->rt_gateway' check for redirects and renamed the
flags.

Regards

--
Julian Anastasov [off-list ref]