set icmp_filter according forwarder/proxy

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-12-27 00:17:40 +0100
committer: Toni Uhlig <matzeton@googlemail.com> 2018-12-27 00:17:40 +0100
commit: b6afe103c2e1ff213e3510fd690c362644e2c7a1 (patch)
tree: 24acbd3b2bd04ca2264fcd2f2856004750f8c5b5 /src/ptunnel.c
parent: 5bd360af054f4cf33c09508d1a209e2440b75d2c (diff)
1 files changed, 11 insertions, 5 deletions
diff --git a/src/ptunnel.c b/src/ptunnel.c
index 52661ae..aa50883 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -402,17 +402,23 @@ void* pt_proxy(void *args) {
 		}
 	}
 	else {
-		if (opts.unprivileged) {
+		if (opts.unprivileged)
+		{
 			pt_log(kLog_debug, "Attempting to create unprivileged ICMP datagram socket..\n");
 			fwd_sock		= socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
-		}
-		else {
+		} else {
 			pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n");
 			fwd_sock		= socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
 #ifdef HAVE_ICMPFILTER
-			filt.data		= ~((1<<ICMP_ECHO) | (1<<ICMP_ECHOREPLY));
-			if (setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1)
+			if (opts.mode == kMode_forward)
+				filt.data	= ~(1<<ICMP_ECHOREPLY);
+			else
+				filt.data	= ~(1<<ICMP_ECHO);
+			if (fwd_sock >= 0 &&
+			    setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1)
+			{
 				pt_log(kLog_error, "setockopt for ICMP_FILTER: %s\n", strerror(errno));
+			}
 #endif
 		}
 		if (fwd_sock < 0) {
author	Toni Uhlig <matzeton@googlemail.com>	2018-12-27 00:17:40 +0100
committer	Toni Uhlig <matzeton@googlemail.com>	2018-12-27 00:17:40 +0100
commit	b6afe103c2e1ff213e3510fd690c362644e2c7a1 (patch)
tree	24acbd3b2bd04ca2264fcd2f2856004750f8c5b5 /src/ptunnel.c
parent	5bd360af054f4cf33c09508d1a209e2440b75d2c (diff)