onion-tunnel: Silently drop ICMP packets (!305) · Merge requests · The Tor Project / Core / onionmasq

Clara Engler requested to merge cve/onionmasq:dev/cve/icmp_drop into main Oct 22, 2024

This commit modifies the parser source code to identify ICMP packets, which are then in a further call discarded.

This solution will not lead ping(8) to receive timeouts. It will just give a 100% packet loss. It might not be the cleanest solution, but it is much simpler than composing an ICMP packet alongside the IP boilderplate ourselves.

See #115 (closed) Fixes #118 (closed)

onion-tunnel: Silently drop ICMP packets

Merge request reports