From a900c3777e78d81814af010b1cb19f814863dc0d Mon Sep 17 00:00:00 2001 From: Mark Huang Date: Tue, 8 Feb 2005 20:11:39 +0000 Subject: [PATCH] - PL4184 fix: Suppress kernel ICMP echo replies if the echo ID is bound to a (presumably raw) socket --- net/ipv4/icmp.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index c179358a4..fa5b05c7e 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -1033,6 +1033,23 @@ int icmp_rcv(struct sk_buff *skb) } } +#if defined(CONFIG_VNET) || defined(CONFIG_VNET_MODULE) + /* VNET: Bypass stack if the echo ID was bound to a (presumably raw) socket */ + if (skb->sk) { + switch (icmph->type) { + case ICMP_ECHOREPLY: + case ICMP_ECHO: + case ICMP_TIMESTAMP: + case ICMP_TIMESTAMPREPLY: + case ICMP_INFO_REQUEST: + case ICMP_INFO_REPLY: + case ICMP_ADDRESS: + case ICMP_ADDRESSREPLY: + goto drop; + } + } +#endif + ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry); icmp_pointers[icmph->type].handler(skb); -- 2.47.0