X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/secnet/blobdiff_plain/c6f79b178fe27ee315055dccb371b63ca1a6183a..8dea8d37a13fcc615daba3375809900f04a2e5a2:/netlink.c

diff --git a/netlink.c b/netlink.c
index f77d6bd..b7cdb4c 100644
--- a/netlink.c
+++ b/netlink.c
@@ -177,11 +177,19 @@ static void netlink_icmp_csum(struct icmphdr *h)
 static bool_t netlink_icmp_may_reply(struct buffer_if *buf)
 {
     struct iphdr *iph;
+    struct icmphdr *icmph;
     uint32_t source;
 
     iph=(struct iphdr *)buf->start;
-    if (iph->protocol==1) return False; /* Overly-broad; we may reply to
-					   eg. icmp echo-request */
+    icmph=(struct icmphdr *)buf->start;
+    if (iph->protocol==1) {
+	switch(icmph->type) {
+	case 3: /* Destination unreachable */
+	case 11: /* Time Exceeded */
+	case 12: /* Parameter Problem */
+	    return False;
+	}
+    }
     /* How do we spot broadcast destination addresses? */
     if (ntohs(iph->frag_off)&0x1fff) return False; /* Non-initial fragment */
     source=ntohl(iph->saddr);