From 98ab4df1686a018323e843a1b6bb3574dc8c8460 Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 3 Dec 2005 04:41:02 +0000
Subject: [PATCH] fix icmp type/code 3/0 response handling to port scans (port
 is filtered)

---
 CHANGELOG      | 4 ++++
 scan_engine.cc | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 1de0f11bb..07522010d 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$)
 
+o Better handle ICMP type 3, code 0 (network unreachable) responses to
+  port scan packets.  These are rarely seen when scanning hosts that
+are actually online, but are still worth handling.
+
 o Fixed a problem with the -S and option on Windows reporting "Failed
   to resolve/decode supposed IPv4 source address".  The -D (decoy)
   option was probably broken on that platform too.  Thanks to kx
diff --git a/scan_engine.cc b/scan_engine.cc
index bde23e69f..479628a31 100644
--- a/scan_engine.cc
+++ b/scan_engine.cc
@@ -2798,6 +2798,9 @@ static bool get_pcap_result(UltraScanInfo *USI, struct timeval *stime) {
 	    break;
 	  }
 	  switch(icmp->icmp_code) {
+	  case 0: /* Network unreachable */
+	    newstate = PORT_FILTERED;
+	    break;
 	  case 1: /* Host Unreachable */
 	    newstate = PORT_FILTERED;
 	    break;