The logic for determining whether to send ICMP redirect messages is broken and can cause redirects to be sent in situations where they should not be sent.
An example:
OFP based router has interface A in subnet 10.0.0.0/8 and interface B in subnet 20.0.0.0/16. A packet with source address 20.1.1.1 received in interface A and forwarded to interface B may generate an ICMP redirect message.
The part of the code that checks if nh->port equals dev->port does not help much since multiple interfaces (e.g. VLANS, VxLANs, tunnels) can share the same port.
The logic for determining whether to send ICMP redirect messages is broken and can cause redirects to be sent in situations where they should not be sent.
An example:
OFP based router has interface A in subnet 10.0.0.0/8 and interface B in subnet 20.0.0.0/16. A packet with source address 20.1.1.1 received in interface A and forwarded to interface B may generate an ICMP redirect message.
The part of the code that checks if nh->port equals dev->port does not help much since multiple interfaces (e.g. VLANS, VxLANs, tunnels) can share the same port.