Re: How to disable incoming ICMP redirects for SunOS 4.1.x ?

[Brad - Walker <bwalker @ shell . portal . com>]

> 
> Dear readers,
> 
> i wish to disable the possibility to change my routing tables with
> spoofed ICMP redirects. I know this is possible if i run gated
> on my host or when i shield my host with packet screens on my
> shielding routers.
> 
> But this isn't very kiss (keep it small and simple), it would be better
> to build an kernel which isn't sensitiv for this type of packets.
> 
> Question:
> 
> Is there a kernel option in SunOs 4.1.x or do i have to patch the
> code?
> 


the following was written by 

> David Mitchell, Systems Administrator,    email: D .
 Mitchell @
 dcs .
 shef .
 ac .
 uk
> Dept. Computer Science, Sheffield Uni.    phone: +44 742-825573
> 211 Portobello St, Sheffield S1 4DP, UK.  fax:   +44 742-780972

and here it is..

#!/bin/sh
#
# allow_mask_reply, DAPM 9-Jun-94
#
# D .
 Mitchell @
 dcs .
 shef .
 ac .
 uk
#
# allow/disallow a host to send out ICMP subnet mask replies.
# Useful if you're doing strange things with subnet masks and
# dont want to confuse hosts who pick up their mask via an ICMP subnet
# request.
#
# WARNING: this script works by altering the code in the in-core image
# of /vmunix using adb. Use at your own peril. Effect will not survive
# a reboot.
#
usage() {
	echo "usage: $0 {-y|-n}"
	exit 1
}
#
# How it works.
#
# The icmp code in the BSD src sys/netinet/ip_icmp.c has a section like this:
#        case ICMP_MASKREQ:
#                if (icmplen < ICMP_MASKLEN ||
#                    (ia = ifptoia(m->m_pkthdr.rcvif)) == 0)
#                        break;
#                icp->icmp_type = ICMP_MASKREPLY;
#                ..........
#
# I assume that the SunOS code is very similar. By converting the
# condititional branch associated with the " if (icmplen < ICMP_MASKLEN) break"
# code into an unconditional branch, the code is effectively changed to
#        case ICMP_MASKREQ: 
#                break;
#                ....
# ie we change the code
# 	_icmp_input+0x398:              cmp     %i2, 0xc
#	_icmp_input+0x39c:              bl,a    _icmp_input + 0x5a0
# to
#       _icmp_input+0x398:              cmp     %i2, 0xc 
#       _icmp_input+0x39c:              ba    _icmp_input + 0x5a0 
# which can be effected by changing the value at location _icmp_input+0x39c
# from 0x26800081 to 0x10800081
#
# Since this is very OS-specific, we check to see which OS is running.
# I have only tested this under 4.1.1 and 4.1.3_U1, but since the
# code is the same for both these releases, the chances are it will work
# for releases inbetween too.
# I havent even considered Solaris-2 !

[ $# -eq 1 ] || usage;
case $1 in
	-y) enable=1;;
	-n) enable=0;;
	 *) usage;;
esac

if [ $enable -eq 1 ]; then value=0x26800081; else value=0x10800081; fi

os=`/bin/uname -r`

case $os in
	4.1.1) ;;
	4.1.3_U1) ;;
	*) echo "unsupported OS: $os"; exit 1;;
esac



echo "_icmp_input+0x39c/W $value"  | adb -w -k /vmunix /dev/mem > /dev/null