netlink: Be more conservative about ICMP errors

Default to not sending ICMP error messages for unknown incoming ICMP
type codes.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/debian/changelog b/debian/changelog
index 33b7c0b..fe6caae 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ secnet (0.3.1~~unstable) unstable; urgency=low
   * Additions to the test-example suite.
   * SECURITY: Fixes to MTU and fragmentation handling.
   * SECURITY: Correctly set "unused" ICMP header field.
+  * Do not send ICMP errors in response to unknown incoming ICMP.
 
  --
 

diff --git a/netlink.c b/netlink.c
index 87b6671..d420f7b 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -304,9 +304,17 @@ static bool_t netlink_icmp_may_reply(struct buffer_if *buf)
     icmph=(struct icmphdr *)buf->start;
     if (iph->protocol==1) {
        switch(icmph->type) {
-       case 3: /* Destination unreachable */
-       case 11: /* Time Exceeded */
-       case 12: /* Parameter Problem */
+           /* Based on http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-types
+            * as retrieved Thu, 20 Mar 2014 00:16:44 +0000.
+            * Deprecated, reserved, unassigned and experimental
+            * options are treated as not safe to reply to.
+            */
+       case 0: /* Echo Reply */
+       case 8: /* Echo */
+       case 13: /* Timestamp */
+       case 14: /* Timestamp Reply */
+           return True;
+       default:
            return False;
        }
     }