According to RFC1812 we have to ignore ICMP redirects when we

are acting as router (ipforwarding enabled). This doesn't fix the problem that host routes from ICMP redirects are never removed from the kernel routing table but removes the problem for machines doing packet forwarding. Reviewed by: sam (mentor)
author: andre <andre@FreeBSD.org> 2004-01-06 23:20:07 +0000
committer: andre <andre@FreeBSD.org> 2004-01-06 23:20:07 +0000
commit: f14c2fc588e4dcc51227a1abd222b96189aabcea (patch)
tree: b5c50f092af9c552504c3b7feeec05177c60b8ff /sys/netinet/ip_icmp.c
parent: fbfb1488fd64e44ed8f93cf88a2d5b8323f363d3 (diff)
download: FreeBSD-src-f14c2fc588e4dcc51227a1abd222b96189aabcea.zip
FreeBSD-src-f14c2fc588e4dcc51227a1abd222b96189aabcea.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index b84d689..a4e0a96 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -543,7 +543,11 @@ reflect:
 			       (int)(gw >> 24), (int)((gw >> 16) & 0xff),
 			       (int)((gw >> 8) & 0xff), (int)(gw & 0xff));
 		}
-		if (drop_redirect)
+		/*
+		 * RFC1812 says we must ignore ICMP redirects if we
+		 * are acting as router.
+		 */
+		if (drop_redirect || ipforwarding)
 			break;
 		if (code > 3)
 			goto badcode;
author	andre <andre@FreeBSD.org>	2004-01-06 23:20:07 +0000
committer	andre <andre@FreeBSD.org>	2004-01-06 23:20:07 +0000
commit	f14c2fc588e4dcc51227a1abd222b96189aabcea (patch)
tree	b5c50f092af9c552504c3b7feeec05177c60b8ff /sys/netinet/ip_icmp.c
parent	fbfb1488fd64e44ed8f93cf88a2d5b8323f363d3 (diff)
download	FreeBSD-src-f14c2fc588e4dcc51227a1abd222b96189aabcea.zip FreeBSD-src-f14c2fc588e4dcc51227a1abd222b96189aabcea.tar.gz