- PL4184 fix: Suppress kernel ICMP echo replies if the echo ID is bound

author Mark Huang <mlhuang@cs.princeton.edu>

Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)

committer Mark Huang <mlhuang@cs.princeton.edu>

Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)
author Mark Huang <mlhuang@cs.princeton.edu>
Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)
committer Mark Huang <mlhuang@cs.princeton.edu>
Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c

index c179358..fa5b05c 100644 (file)
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1033,6 +1033,23 @@ int icmp_rcv(struct sk_buff *skb)
                 }
         }
  
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
+       /* VNET: Bypass stack if the echo ID was bound to a (presumably raw) socket */
+       if (skb->sk) {
+               switch (icmph->type) {
+               case ICMP_ECHOREPLY:
+               case ICMP_ECHO:
+               case ICMP_TIMESTAMP:
+               case ICMP_TIMESTAMPREPLY:
+               case ICMP_INFO_REQUEST:
+               case ICMP_INFO_REPLY:
+               case ICMP_ADDRESS:
+               case ICMP_ADDRESSREPLY:
+                       goto drop;
+               }
+       }
+#endif
+
         ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry);
         icmp_pointers[icmph->type].handler(skb);
author	Mark Huang <mlhuang@cs.princeton.edu>
	Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)
committer	Mark Huang <mlhuang@cs.princeton.edu>
	Tue, 8 Feb 2005 20:11:39 +0000 (20:11 +0000)