From 11d49b4315ca27aa39ebe014be08bd674ebde779 Mon Sep 17 00:00:00 2001 From: Mark Huang Date: Tue, 8 Feb 2005 20:12:00 +0000 Subject: [PATCH] - merge revision 1.9 date: 2005/02/08 20:11:39; author: mlhuang; state: Exp; lines: +17 -0 - PL4184 fix: Suppress kernel ICMP echo replies if the echo ID is bound to a (presumably raw) socket --- net/ipv4/icmp.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index e4a4a0994..e75fde69a 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -1035,6 +1035,21 @@ int icmp_rcv(struct sk_buff *skb) } } + /* VNET: Bypass stack if the echo ID was bound to a (presumably raw) socket */ + if (skb->sk) { + switch (icmph->type) { + case ICMP_ECHOREPLY: + case ICMP_ECHO: + case ICMP_TIMESTAMP: + case ICMP_TIMESTAMPREPLY: + case ICMP_INFO_REQUEST: + case ICMP_INFO_REPLY: + case ICMP_ADDRESS: + case ICMP_ADDRESSREPLY: + goto drop; + } + } + ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry); icmp_pointers[icmph->type].handler(skb); -- 2.43.0