diff options
| author | Jesper Skriver <jesper@FreeBSD.org> | 2001-02-20 21:31:47 +0000 |
|---|---|---|
| committer | Jesper Skriver <jesper@FreeBSD.org> | 2001-02-20 21:31:47 +0000 |
| commit | 2b18d82220d25c725e96aa7f9e06af8e8967c4bd (patch) | |
| tree | 22c6e27ce6267b7bce79b8d27ccdbf34c0ca605f /sys/netinet/ip_input.c | |
| parent | c2221099a964acd959fc98b3bba07a34dc5f6357 (diff) | |
| download | src-2b18d82220d25c725e96aa7f9e06af8e8967c4bd.tar.gz src-2b18d82220d25c725e96aa7f9e06af8e8967c4bd.zip | |
Send a ICMP unreachable instead of dropping the packet silent, if we
receive a packet not for us, and forwarding disabled.
PR: kern/24512
Reviewed by: jlemon
Approved by: jlemon
Notes
Notes:
svn path=/head/; revision=72775
Diffstat (limited to 'sys/netinet/ip_input.c')
| -rw-r--r-- | sys/netinet/ip_input.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index ca36031ff8da..4d134d35c8b1 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -124,6 +124,10 @@ SYSCTL_INT(_net_inet_ip, IPCTL_KEEPFAITH, keepfaith, CTLFLAG_RW, &ip_keepfaith, 0, "Enable packet capture for FAITH IPv4->IPv6 translater daemon"); +int ip_send_unreach = 1; +SYSCTL_INT(_net_inet_ip, OID_AUTO, send_unreach, CTLFLAG_RW, &ip_send_unreach, + 0, "Send ICMP unreach when packet not for us rx, and forwarding disabled"); + #ifdef DIAGNOSTIC static int ipprintfs = 0; #endif @@ -585,7 +589,14 @@ pass: */ if (ipforwarding == 0) { ipstat.ips_cantforward++; - m_freem(m); + /* + * If we receive a packet not for us, and forwarding disabled + * send a ICMP host unreachable back to the source. + */ + if (ip_send_unreach) + icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, 0, 0); + else + m_freem(m); } else ip_forward(m, 0); #ifdef IPFIREWALL_FORWARD |