According to RFC1812 we have to ignore ICMP redirects when we

are acting as router (ipforwarding enabled). This doesn't fix the problem that host routes from ICMP redirects are never removed from the kernel routing table but removes the problem for machines doing packet forwarding. Reviewed by: sam (mentor)
2004-01-06 23:20:07 +00:00 · 2004-01-06 23:20:07 +00:00 · 87c3bd2755
commit 87c3bd2755
parent 06d557cc46
1 changed files with 5 additions and 1 deletions
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@ -543,7 +543,11 @@ reflect:
 			       (int)(gw >> 24), (int)((gw >> 16) & 0xff),
 			       (int)((gw >> 8) & 0xff), (int)(gw & 0xff));
 		}
-		if (drop_redirect)
+		/*
+		 * RFC1812 says we must ignore ICMP redirects if we
+		 * are acting as router.
+		 */
+		if (drop_redirect || ipforwarding)
 			break;
 		if (code > 3)
 			goto badcode;