On Wed, Jun 29, 2005 at 02:20:44PM -0700, David Stevens wrote: > I think replying to any information request sent to a > broadcast is sometimes useful. Aren't you limiting only to ECHO? > I don't see it in Linux, but some systems have an ICMP_INFOTYPES(type) > macro to distinguish ICMP errors from information requests. > I'd prefer if that were "!ICMP_INFOTYPE(icmph->type)" (or equivalent) > instead of "... != ICMP_ECHO" explicitly and exclusively. In fact replying to broadcast/multicast request may be useful sometimes, but it also may cause security hazards. In my opinion, the best compromise is to let user decide how to react to ICMP broadcast packet, identically like in ICMP_ECHO case through a sysctl interface. Certainly I'm not a person who decide about such things, I just wanted to force kernel to stop responding to unwanted ICMP broadcast frames. -- Tomasz Chomiuk .:ch0mik[at]hotpop.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
