From owner-freebsd-bugs  Sun Jan 21 12:30:20 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id DEB3D37B402
	for <freebsd-bugs@hub.freebsd.org>; Sun, 21 Jan 2001 12:30:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f0LKU1i02813;
	Sun, 21 Jan 2001 12:30:01 -0800 (PST)
	(envelope-from gnats)
Received: from tam.skriver.dk (tam.skriver.dk [193.162.74.6])
	by hub.freebsd.org (Postfix) with ESMTP id 5445637B400
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 21 Jan 2001 12:25:28 -0800 (PST)
Received: (from root@localhost)
	by tam.skriver.dk (8.11.1/8.11.1) id f0LKPPB00717;
	Sun, 21 Jan 2001 21:25:25 +0100 (CET)
	(envelope-from jesper)
Message-Id: <200101212025.f0LKPPB00717@tam.skriver.dk>
Date: Sun, 21 Jan 2001 21:25:25 +0100 (CET)
From: Jesper Skriver <jesper@skriver.dk>
Reply-To: Jesper Skriver <jesper@skriver.dk>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: kern/24512: Sent ICMP unreach when packet not for us is received, and forwarding is disabled
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         24512
>Category:       kern
>Synopsis:       Sent ICMP unreach when packet not for us is received, and forwarding is disabled
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 21 12:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Jesper Skriver <jesper@skriver.dk>
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD tam 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Jan 21 20:46:42 CET 2001 root@tam:/usr/obj/usr/src/sys/TAM2 i386


	
>Description:

	Sent a ICMP unreachable instead of dropping it silent, if we receive a 
packet not for us, and forwarding disabled.

>How-To-Repeat:
	
>Fix:

	Apply this diff

--- sys/netinet/ip_input.c.old	Sun Jan 21 19:09:58 2001
+++ sys/netinet/ip_input.c	Sun Jan 21 20:39:39 2001
@@ -124,6 +124,10 @@
 	&ip_keepfaith,	0,
 	"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
 
+int	ip_sent_unreach = 1;
+SYSCTL_INT(_net_inet_ip, OID_AUTO, sent_unreach, CTLFLAG_RW, &ip_sent_unreach, 
+	0, "Sent ICMP unreach when packet not for us rx, and forwarding disabled");
+
 #ifdef DIAGNOSTIC
 static int	ipprintfs = 0;
 #endif
@@ -575,7 +579,14 @@
 	 */
 	if (ipforwarding == 0) {
 		ipstat.ips_cantforward++;
-		m_freem(m);
+		/*
+		 * If we receive a packet not for us, and forwarding disabled
+		 * sent a ICMP host unreachable back to the source.
+		 */
+		if (ip_sent_unreach != 0)
+			icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0);
+		else
+			m_freem(m);
 	} else
 		ip_forward(m, 0);
 #ifdef IPFIREWALL_FORWARD

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message