introduced icmp_filter for forward socket to filter out unwanted icmp messages via setsockopt

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>

2 files changed, 6 insertions, 1 deletions

diff --git a/src/ptunnel.c b/src/ptunnel.c
index af164c5..f640d1b 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -62,7 +62,7 @@
 #define errno GetLastError()
 /** Local error string storage */
 static char errorstr[255];
-static char * print_last_windows_error()  {
+static char * print_last_windows_error() {
 	char last_errorstr[255];
 	DWORD last_error = GetLastError();
 
@@ -388,6 +388,7 @@ void* pt_proxy(void *args) {
 	in_addr_t          *adr;
 #endif
 	struct in_addr     in_addr;
+	struct icmp_filter filt;
 
 	/* Start the thread, initialize protocol and ring states. */
 	pt_log(kLog_debug, "Starting ping proxy..\n");
@@ -410,6 +411,9 @@ void* pt_proxy(void *args) {
 		else {
 			pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n");
 			fwd_sock		= socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+			filt.data		= ~((1<<ICMP_ECHO) | (1<<ICMP_ECHOREPLY));
+			if (setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1)
+				pt_log(kLog_error, "setockopt for ICMP_FILTER: %s\n", strerror(errno));
 		}
 		if (fwd_sock < 0) {
 			pt_log(kLog_error, "Couldn't create %s socket: %s\n",
diff --git a/src/ptunnel.h b/src/ptunnel.h
index 7566f92..657a2e6 100644
--- a/src/ptunnel.h
+++ b/src/ptunnel.h
@@ -45,6 +45,7 @@
 #define PING_TUNNEL_H 1
 
 #ifndef WIN32
+#include <linux/icmp.h>
 #ifdef HAVE_SYS_UNISTD_H
 #include <sys/unistd.h>
 #endif