On Wed, 5 Jun 2002, Joe Patterson wrote: > although, in the case of the question that Nathan asked, my answer didn't > address those particular packet types. My suspicion is that source quench > is treated as related, because it should be. Redirects are somewhat more > tricky. They *should* never be routed, because routing them makes no sense. > I think that they often are anyway, since pure routers don't want to spend > the effort to care. I would posit that in general, a firewall, which by its > nature *can* spend the effort to care, should never forward them. If I'm > reading the rfc's correctly, a gateway should not send an icmp redirect to a > source address that is not on a directly attached network. Furthermore, a > host that recieves a redirect from *either* 1) a gateway that is not the > gateway that it would route the packet that caused the redirect to in the > first place or 2) a gateway that is not on a directly connected network, > then that host should ignore the redirect entirely.
According to the source code, the following ICMP messages are treated as RELATED (if the payload matches one of the already existing connection): destination-ureachable source-quench time-exceeded paremeterproblem redirect Regards, Jozsef - E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] WWW-Home: http://www.kfki.hu/~kadlec Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
