Import release 0.1.9

[secnet.git] / netlink.c

diff --git a/netlink.c b/netlink.c
index f77d6bd8ff4ddd9813723b4ac3de12ea4822bb6f..b7cdb4cdef4a4ca6496f18b2ffa0cd08f3900f57 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -177,11 +177,19 @@ static void netlink_icmp_csum(struct icmphdr *h)
 static bool_t netlink_icmp_may_reply(struct buffer_if *buf)
 {
     struct iphdr *iph;
+    struct icmphdr *icmph;
     uint32_t source;
 
     iph=(struct iphdr *)buf->start;
-    if (iph->protocol==1) return False; /* Overly-broad; we may reply to
-                                          eg. icmp echo-request */
+    icmph=(struct icmphdr *)buf->start;
+    if (iph->protocol==1) {
+       switch(icmph->type) {
+       case 3: /* Destination unreachable */
+       case 11: /* Time Exceeded */
+       case 12: /* Parameter Problem */
+           return False;
+       }
+    }
     /* How do we spot broadcast destination addresses? */
     if (ntohs(iph->frag_off)&0x1fff) return False; /* Non-initial fragment */
     source=ntohl(iph->saddr);