From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 20 Mar 2014 00:18:21 +0000 (+0000)
Subject: netlink: Be more conservative about ICMP errors
X-Git-Tag: wip.frag.v1~12
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=686b7f1da023663c0df9bdcf351b4313b5726888

netlink: Be more conservative about ICMP errors

Default to not sending ICMP error messages for unknown incoming ICMP
type codes.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/debian/changelog b/debian/changelog
index 33b7c0b..fe6caae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,7 @@ secnet (0.3.1~~unstable) unstable; urgency=low
   * Additions to the test-example suite.
   * SECURITY: Fixes to MTU and fragmentation handling.
   * SECURITY: Correctly set "unused" ICMP header field.
+  * Do not send ICMP errors in response to unknown incoming ICMP.
 
  --
 
diff --git a/netlink.c b/netlink.c
index 87b6671..d420f7b 100644
--- a/netlink.c
+++ b/netlink.c
@@ -304,9 +304,17 @@ static bool_t netlink_icmp_may_reply(struct buffer_if *buf)
     icmph=(struct icmphdr *)buf->start;
     if (iph->protocol==1) {
 	switch(icmph->type) {
-	case 3: /* Destination unreachable */
-	case 11: /* Time Exceeded */
-	case 12: /* Parameter Problem */
+	    /* Based on http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-types
+	     * as retrieved Thu, 20 Mar 2014 00:16:44 +0000.
+	     * Deprecated, reserved, unassigned and experimental
+	     * options are treated as not safe to reply to.
+	     */
+	case 0: /* Echo Reply */
+	case 8: /* Echo */
+	case 13: /* Timestamp */
+	case 14: /* Timestamp Reply */
+	    return True;
+	default:
 	    return False;
 	}
     }