Bug 18382

Summary: ICMP unreachable sent when ipfw drops packet
Product: Base System Reporter: blaze <blaze>
Component: kernAssignee: ru <ru>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 5.0-CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description blaze 2000-05-04 09:20:01 UTC 
When IP packet dropped by ipfw on second call of ip_fw_chk(), ip_forward()
sends ICMP unreachable packet. This causes 2 ICMP packets sent if matched
rule was `unreach'. And if rule was `deny' it should just drop packet,
without notifying sender.

How-To-Repeat: 
On router:
ipfw add unreach 1 ip from your.host to other.host out

On your.host ping other.host and see tcpdump
Comment 1 ru freebsd_committer freebsd_triage 2000-05-05 09:52:00 UTC 
Responsible Changed
From-To: freebsd-bugs->ru

I will commit the supplied fix after a bit of testing.
Comment 2 ru freebsd_committer freebsd_triage 2000-05-15 19:41:10 UTC 
State Changed
From-To: open->feedback

Fixed in 5.0-CURRENT, src/sys/netinet/ip_input.c,v 1.133.
Comment 3 ru freebsd_committer freebsd_triage 2000-06-13 08:12:55 UTC 
State Changed
From-To: feedback->closed

Fixed in all active branches.