Subject: Re: kern/4785: directed bcasts sysctl doens't turn off icmp
To: Jason Thorpe <firstname.lastname@example.org>
From: Erik E. Fair <email@example.com>
Date: 01/06/1998 23:45:04
RFC 1122 (host requirements, part 1), section 3.2.2, page 38:
An ICMP error message MUST NOT be sent as the result of
* an ICMP error message, or
* a datagram destined to an IP broadcast or IP multicast
* a datagram sent as a link-layer broadcast, or
* a non-initial fragment, or
* a datagram whose source address does not define a single
host -- e.g., a zero address, a loopback address, a
broadcast address, a multicast address, or a Class E
NOTE: THESE RESTRICTIONS TAKE PRECEDENCE OVER ANY REQUIREMENT
ELSEWHERE IN THIS DOCUMENT FOR SENDING ICMP ERROR MESSAGES.
Alas, ICMP Echo Reply is not included in the list of "ICMP error messages".
However, later on in section 22.214.171.124:
126.96.36.199 Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that
receives Echo Requests and sends corresponding Echo Replies.
A host SHOULD also implement an application-layer interface
for sending an Echo Request and receiving an Echo Reply, for
An ICMP Echo Request destined to an IP broadcast or IP
multicast address MAY be silently discarded.
This neutral provision results from a passionate debate
between those who feel that ICMP Echo to a broadcast
address provides a valuable diagnostic capability and
those who feel that misuse of this feature can too
easily create packet storms.
I suggest that we make the NetBSD default be to silently discard ICMP ECHO
messages that are broadcasts.
chapter & verse,