diff options
author | ume <ume@FreeBSD.org> | 2004-06-07 09:56:59 +0000 |
---|---|---|
committer | ume <ume@FreeBSD.org> | 2004-06-07 09:56:59 +0000 |
commit | 4ef088056e761c4db372fe0ae25a21f4c0d9d04b (patch) | |
tree | 2579bd1eceeba43346eeb79b828a974bd21dec27 | |
parent | 24fcba21fb1b24b2fca81a5f0c3d537edb00b4b9 (diff) | |
download | FreeBSD-src-4ef088056e761c4db372fe0ae25a21f4c0d9d04b.zip FreeBSD-src-4ef088056e761c4db372fe0ae25a21f4c0d9d04b.tar.gz |
do not send icmp response if the original packet is encrypted.
Obtained from: KAME
MFC after: 1 week
-rw-r--r-- | sys/netinet/ip_icmp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 5517abe..ee24e51 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -154,10 +154,13 @@ icmp_error(n, type, code, dest, destifp) if (type != ICMP_REDIRECT) icmpstat.icps_error++; /* + * Don't send error if the original packet was encrypted. * Don't send error if not the first fragment of message. * Don't error if the old packet protocol was ICMP * error message, only known informational types. */ + if (n->m_flags & M_DECRYPTED) + goto freeit; if (oip->ip_off &~ (IP_MF|IP_DF)) goto freeit; if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && |