Documentation: ip-sysctl.txt: clarify secure_redirects

Clarify how secure_redirects works. Mention that RFC1122 always applies. Signed-off-by: Eric Garver <e@erig.me> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Garver <e@erig.me> 2016-05-26 12:28:05 -0400
committer: David S. Miller <davem@davemloft.net> 2016-05-29 22:40:53 -0700
commit: 176b346b37f0b9c03e91eb6f1460e00f3c0c3edf (patch)
tree: 39a55fd3ad282c635a9d19eb558e73b361f90894 /Documentation/networking
parent: 68bb399e656f244d3d173a20a8280c167632fca8 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 6c7f365b1515..9ae929395b24 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1036,15 +1036,17 @@ proxy_arp_pvlan - BOOLEAN
 
 shared_media - BOOLEAN
 	Send(router) or accept(host) RFC1620 shared media redirects.
-	Overrides ip_secure_redirects.
+	Overrides secure_redirects.
 	shared_media for the interface will be enabled if at least one of
 	conf/{all,interface}/shared_media is set to TRUE,
 	it will be disabled otherwise
 	default TRUE
 
 secure_redirects - BOOLEAN
-	Accept ICMP redirect messages only for gateways,
-	listed in default gateway list.
+	Accept ICMP redirect messages only to gateways listed in the
+	interface's current gateway list. Even if disabled, RFC1122 redirect
+	rules still apply.
+	Overridden by shared_media.
 	secure_redirects for the interface will be enabled if at least one of
 	conf/{all,interface}/secure_redirects is set to TRUE,
 	it will be disabled otherwise
author	Eric Garver <e@erig.me>	2016-05-26 12:28:05 -0400
committer	David S. Miller <davem@davemloft.net>	2016-05-29 22:40:53 -0700
commit	176b346b37f0b9c03e91eb6f1460e00f3c0c3edf (patch)
tree	39a55fd3ad282c635a9d19eb558e73b361f90894 /Documentation/networking
parent	68bb399e656f244d3d173a20a8280c167632fca8 (diff)