> --- linux-2.6.12.1/net/ipv4/icmp.c 2005-06-29 14:05:23.000000000 +0200
> +++ linux/net/ipv4/icmp.c 2005-06-29 21:16:08.000000000 +0200
> @@ -950,6 +950,16 @@
> icmph = skb->h.icmph;
> /*
> + * Discard physical multicast/broadcast except ICMP_ECHO
> + * if allowed
> + */
> + if ((skb->pkt_type != PACKET_HOST) && (icmph->type != ICMP_ECHO))
> + goto error;
> + if ((skb->pkt_type != PACKET_HOST) && (icmph->type == ICMP_ECHO) &&
> + (sysctl_icmp_echo_ignore_broadcasts))
> + goto error;
I think replying to any information request sent to a
broadcast is sometimes useful. Aren't you limiting only to ECHO?
I don't see it in Linux, but some systems have an ICMP_INFOTYPES(type)
macro to distinguish ICMP errors from information requests.
I'd prefer if that were "!ICMP_INFOTYPE(icmph->type)" (or equivalent)
instead of "... != ICMP_ECHO" explicitly and exclusively.
+-DLS
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
