IPFW2 versrcreach update

[James]

> >
> Where would the ICMP go anyway because you either don?t have a route to 
> where you would point the packet to or the route points to null.

Under uRPF drop condition, ICMP should not happen b/c the source of the route
is null route.

Under normal, non-uRPF drop condition, ICMP unreachable will go to the *source*
who is _not_ part of the null route.

For example: If you are host 10.10.10.2 behind a router 10.10.10.1, and you
run traceroute to 3.3.3.3 and if your router does not have a route for 3.3.3.3
(not even default route), the router will generate !N/!H icmp message back to
the source, that being 10.10.10.2, and that being you.

If you are host 10.10.10.2, and you spoof your IP address to 1.1.1.1, and the
router runs loose-check uRPF and has 1.1.1.1 as RTF_REJECT, the router will
obviously cannot generate ICMP back at you, b/c you are claiming to be
1.1.1.1 which is routed to null.

-J

-- 
James Jun                                            TowardEX Technologies, Inc.
Technical Lead                        Network Design, Consulting, IT Outsourcing
james at towardex.com                  Boston-based Colocation & Bandwidth Services
cell: 1(978)-394-2867           web: http://www.towardex.com , noc: www.twdx.net