artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5195cf3) | patch
Do not send ICMP redirect if IP forwarding is IPsec only.
authorbluhm <bluhm@openbsd.org>
Thu, 20 Jun 2024 19:25:04 +0000 (19:25 +0000)
committerbluhm <bluhm@openbsd.org>
Thu, 20 Jun 2024 19:25:04 +0000 (19:25 +0000)
commit06c3a42dc93861c1eaa20e2e136411879dcd6b8a
tree4d9ce3214c75cffb86d2289fc71c026996601616tree | snapshot
parent5195cf3e618bda84decfe33567f115f453b00c92commit | diff
Do not send ICMP redirect if IP forwarding is IPsec only.

If sysctl net.inet.ip.forwarding is set to 2, only packets processed
by IPsec are forwarded.  I this case behave more like a router than
a host and do not accept ICMP redirect packets.

OK deraadt@ sashan@ florian@ claudio@
sys/netinet/ip_icmp.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim