X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=netlink.c;h=b7cdb4cdef4a4ca6496f18b2ffa0cd08f3900f57;hp=f77d6bd8ff4ddd9813723b4ac3de12ea4822bb6f;hb=refs%2Ftags%2Fv0.1.9;hpb=c6f79b178fe27ee315055dccb371b63ca1a6183a

diff --git a/netlink.c b/netlink.c
index f77d6bd..b7cdb4c 100644
--- a/netlink.c
+++ b/netlink.c
@@ -177,11 +177,19 @@ static void netlink_icmp_csum(struct icmphdr *h)
 static bool_t netlink_icmp_may_reply(struct buffer_if *buf)
 {
     struct iphdr *iph;
+    struct icmphdr *icmph;
     uint32_t source;
 
     iph=(struct iphdr *)buf->start;
-    if (iph->protocol==1) return False; /* Overly-broad; we may reply to
-					   eg. icmp echo-request */
+    icmph=(struct icmphdr *)buf->start;
+    if (iph->protocol==1) {
+	switch(icmph->type) {
+	case 3: /* Destination unreachable */
+	case 11: /* Time Exceeded */
+	case 12: /* Parameter Problem */
+	    return False;
+	}
+    }
     /* How do we spot broadcast destination addresses? */
     if (ntohs(iph->frag_off)&0x1fff) return False; /* Non-initial fragment */
     source=ntohl(iph->saddr);