From: Mark Huang <mlhuang@cs.princeton.edu>
Date: Tue, 8 Feb 2005 20:11:39 +0000 (+0000)
Subject: - PL4184 fix: Suppress kernel ICMP echo replies if the echo ID is bound
X-Git-Tag: before-fedora-2_6_18-1_2239_FC5-vs2_0_2_2-rc6-merge~259
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=a900c3777e78d81814af010b1cb19f814863dc0d;p=linux-2.6.git

- PL4184 fix: Suppress kernel ICMP echo replies if the echo ID is bound
  to a (presumably raw) socket
---

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index c179358a4..fa5b05c7e 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1033,6 +1033,23 @@ int icmp_rcv(struct sk_buff *skb)
   		}
 	}
 
+#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE)
+	/* VNET: Bypass stack if the echo ID was bound to a (presumably raw) socket */
+	if (skb->sk) {
+		switch (icmph->type) {
+		case ICMP_ECHOREPLY:
+		case ICMP_ECHO:
+		case ICMP_TIMESTAMP:
+		case ICMP_TIMESTAMPREPLY:
+		case ICMP_INFO_REQUEST:
+		case ICMP_INFO_REPLY:
+		case ICMP_ADDRESS:
+		case ICMP_ADDRESSREPLY:
+			goto drop;
+		}
+	}
+#endif
+
 	ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry);
 	icmp_pointers[icmph->type].handler(skb);