diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-04-04 16:33:53 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2011-04-04 16:33:53 +0000 |
| commit | 9d592ce754acc004e419049d47e80509af043396 (patch) | |
| tree | 0c1264e573c51689fba38b1ee40ef56854bd8b5b | |
| parent | efc4d3c8268b50a970e849df97462669889dc308 (diff) | |
Do not accept ICMP redirects when acting as router (ipforwarding = 1).
Same logic is already implemented in netinet6
OK henning@ deraadt@
| -rw-r--r-- | sys/netinet/ip_icmp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 4a5fd38017e..b69264495f9 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.92 2010/09/13 09:59:32 claudio Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.93 2011/04/04 16:33:52 claudio Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -313,6 +313,7 @@ icmp_input(struct mbuf *m, ...) void *(*ctlfunc)(int, struct sockaddr *, u_int, void *); int code; extern u_char ip_protox[]; + extern int ipforwarding; int hlen; va_list ap; struct rtentry *rt; @@ -558,7 +559,7 @@ reflect: /* Free packet atttributes */ if (m->m_flags & M_PKTHDR) m_tag_delete_chain(m); - if (icmp_rediraccept == 0) + if (icmp_rediraccept == 0 || ipforwarding == 1) goto freeit; if (code > 3) goto badcode; |