Routers need to ingore ICMP redirects in anycase so it would make sense to
disable ICMP redirects as soon as ipforwarding is set to 1.
The IPv6 counterpart already does this.
OK?
--
:wq Claudio
Index: netinet/ip_icmp.c
===================================================================
RCS file: /cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.92
diff -u -p -r1.92 ip_icmp.c
--- netinet/ip_icmp.c 13 Sep 2010 09:59:32 -0000 1.92
+++ netinet/ip_icmp.c 24 Mar 2011 10:39:46 -0000
@@ -313,6 +313,7 @@ icmp_input(struct mbuf *m, ...)
void *(*ctlfunc)(int, struct sockaddr *, u_int, void *);
int code;
extern u_char ip_protox[];
+ extern int ipforwarding;
int hlen;
va_list ap;
struct rtentry *rt;
@@ -558,7 +559,7 @@ reflect:
/* Free packet atttributes */
if (m->m_flags & M_PKTHDR)
m_tag_delete_chain(m);
- if (icmp_rediraccept == 0)
+ if (icmp_rediraccept == 0 || ipforwarding == 1)
goto freeit;
if (code > 3)
goto badcode;
