From owner-freebsd-current Tue May 6 10:22:58 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA22556 for current-outgoing; Tue, 6 May 1997 10:22:58 -0700 (PDT) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA22550; Tue, 6 May 1997 10:22:54 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id KAA23748; Tue, 6 May 1997 10:22:14 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma023746; Tue May 6 10:22:05 1997 Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id KAA16510; Tue, 6 May 1997 10:22:05 -0700 (PDT) From: Archie Cobbs Message-Id: <199705061722.KAA16510@bubba.whistle.com> Subject: Re: divert still broken? In-Reply-To: <199705061037.MAA26007@ocean.campus.luth.se> from Mikael Karpberg at "May 6, 97 12:37:40 pm" To: karpen@ocean.campus.luth.se (Mikael Karpberg) Date: Tue, 6 May 1997 10:22:05 -0700 (PDT) Cc: danny@panda.hilink.com.au, current@FreeBSD.ORG, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk OK, let's get ALL the possibilities together and make a big list :-) Currently: deny : drop silently reject : send ICMP unreachable Quoting from netinet/ip_icmp.h (these are the "unreachable" codes): #define ICMP_UNREACH_NET 0 /* bad net */ #define ICMP_UNREACH_HOST 1 /* bad host */ #define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */ #define ICMP_UNREACH_PORT 3 /* bad port */ #define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */ #define ICMP_UNREACH_SRCFAIL 5 /* src route failed */ #define ICMP_UNREACH_NET_UNKNOWN 6 /* unknown net */ #define ICMP_UNREACH_HOST_UNKNOWN 7 /* unknown host */ #define ICMP_UNREACH_ISOLATED 8 /* src host isolated */ #define ICMP_UNREACH_NET_PROHIB 9 /* prohibited access */ #define ICMP_UNREACH_HOST_PROHIB 10 /* ditto */ #define ICMP_UNREACH_TOSNET 11 /* bad tos for net */ #define ICMP_UNREACH_TOSHOST 12 /* bad tos for host */ #define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohib */ #define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host prec vio. */ #define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* prec cutoff */ Proposal: deny : drop silently (same as before) reject : send ICMP unreachable (same as before) drop : alias for "deny" reset : send RST (TCP only) unreach X : (0 <= X <= 15) send ICMP unreach, code = X unreach net : alias for "reject 0" unreach host : alias for "reject 1" unreach protocol : alias for "reject 2" unreach port : alias for "reject 3" unreach needfrag : alias for "reject 4" ... unreach filter-prohib : alias for "reject 13" unreach host-precedence : alias for "reject 14" unreach precedence-cutoff:alias for "reject 15" Anything else? :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com