kern/47693: NetBSD ICMP processing does not handle unreachable code 13 - administratively prohibited

[fair%netbsd.org@localhost]

>Number:         47693
>Category:       kern
>Synopsis:       NetBSD ICMP processing does not handle unreachable code 13 - 
>administratively prohibited
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 25 18:20:00 +0000 2013
>Originator:     Erik E. Fair
>Release:        NetBSD 6.1_RC1
>Organization:
        the NetBSD Project
>Environment:
        
        
System: NetBSD cesium.clock.org 6.1_RC1 NetBSD 6.1_RC1 (V240) #0: Tue Feb 26 
19:16:36 PST 2013 
root%cesium.clock.org@localhost:/var/obj/sys/arch/sparc64/compile/V240 sparc64
Architecture: sparc64
Machine: sparc64
>Description:
        tcpdump one's incoming connection for ICMP, and watch

        Notice code 13 coming back multiple times in response to SMTP 
connection attempts

        Notice E-mail in queue to destination marked with "connection timed out"

        See ICMP_UNREACH_ADMIN_PROHIBIT in /usr/src/sys/netinet/ip_icmp.h
        Grep for it; find one reference in udp_userreq.c

        Look in /usr/src/sys/netinet/ip_icmp.c and see the case
        statement not handle that code; it defaults to "badcode" goto.

        Check netstat -s and find hundreds of "bad code" statistics, and wonder
        how many of those are (valid) code 13 versus something else.

>How-To-Repeat:
        
>Fix:
*** ip_icmp.c   Mon Jan  9 06:31:22 2012
--- /tmp/ip_icmp.c      Mon Mar 25 11:14:19 2013
***************
*** 491,496 ****
--- 491,497 ----
                        case ICMP_UNREACH_ISOLATED:
                        case ICMP_UNREACH_HOST_PROHIB:
                        case ICMP_UNREACH_TOSHOST:
+                       case ICMP_UNREACH_ADMIN_PROHIBIT:
                                code = PRC_UNREACH_HOST;
                                break;
  

>Unformatted: