Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 May 1997 10:22:05 -0700 (PDT)
From:      Archie Cobbs <archie@whistle.com>
To:        karpen@ocean.campus.luth.se (Mikael Karpberg)
Cc:        danny@panda.hilink.com.au, current@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject:   Re: divert still broken?
Message-ID:  <199705061722.KAA16510@bubba.whistle.com>
In-Reply-To: <199705061037.MAA26007@ocean.campus.luth.se> from Mikael Karpberg at "May 6, 97 12:37:40 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 

OK, let's get ALL the possibilities together and make a big list :-)

Currently:

	deny		: drop silently
	reject		: send ICMP unreachable

Quoting from netinet/ip_icmp.h (these are the "unreachable" codes):

	#define ICMP_UNREACH_NET        0               /* bad net */
	#define ICMP_UNREACH_HOST       1               /* bad host */
	#define ICMP_UNREACH_PROTOCOL   2               /* bad protocol */
	#define ICMP_UNREACH_PORT       3               /* bad port */
	#define ICMP_UNREACH_NEEDFRAG   4               /* IP_DF caused drop */
	#define ICMP_UNREACH_SRCFAIL    5               /* src route failed */
	#define ICMP_UNREACH_NET_UNKNOWN 6              /* unknown net */
	#define ICMP_UNREACH_HOST_UNKNOWN 7             /* unknown host */
	#define ICMP_UNREACH_ISOLATED   8               /* src host isolated */
	#define ICMP_UNREACH_NET_PROHIB 9               /* prohibited access */
	#define ICMP_UNREACH_HOST_PROHIB 10             /* ditto */
	#define ICMP_UNREACH_TOSNET     11              /* bad tos for net */
	#define ICMP_UNREACH_TOSHOST    12              /* bad tos for host */
	#define ICMP_UNREACH_FILTER_PROHIB 13           /* admin prohib */
	#define ICMP_UNREACH_HOST_PRECEDENCE 14         /* host prec vio. */
	#define ICMP_UNREACH_PRECEDENCE_CUTOFF 15       /* prec cutoff */

Proposal:

	deny			: drop silently (same as before)
	reject			: send ICMP unreachable (same as before)

	drop			: alias for "deny"
	reset			: send RST (TCP only)
	unreach X		: (0 <= X <= 15) send ICMP unreach, code = X
	unreach net		: alias for "reject 0"
	unreach host		: alias for "reject 1"
	unreach protocol	: alias for "reject 2"
	unreach port		: alias for "reject 3"
	unreach needfrag	: alias for "reject 4"

	    ...

	unreach filter-prohib	: alias for "reject 13"
	unreach host-precedence	: alias for "reject 14"
	unreach precedence-cutoff:alias for "reject 15"


Anything else? :-)

-Archie


___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705061722.KAA16510>