Date: Fri, 14 Jun 2024 10:26:37 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Ed Maste <emaste@freebsd.org> Cc: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>, freebsd-net@freebsd.org Subject: Re: Discarding inbound ICMP REDIRECT by default Message-ID: <202406141726.45EHQbY7050038@gndrsh.dnsmgr.net> In-Reply-To: <CAPyFy2AYBm3fehF1KRKMB5Rv_VvNc2WWGVQR8E_9UASuxBNy_Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, 14 Jun 2024 at 11:13, Rodney W. Grimes > <freebsd-rwg@gndrsh.dnsmgr.net> wrote: > > > > That section is about how the router responds to an ICMP redirect > > set to IT, not one that is going THROUGH it. > > Sorry I wasn't explicit, in all cases I'm talking about ICMP REDIRECTs > destined for the machine (as a host or as a router). This is > icmp_input dropping when either drop_redirect or ipforwarding is true. Ok, so long as we are not dropping ICMP REDIRECTS that are NOT destined for the router we are fine, which is the behavior I expected and observed on my network, though it is a bit older code. -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202406141726.45EHQbY7050038>