icmp_error() fails to clear "fragmented" flag
Adrian Chadd
adrian at freebsd.org
Sun Mar 30 18:00:24 UTC 2014
Can you file a PR with exactly this? :-P
Thanks!
-a
On 30 March 2014 10:38, Eugene Grosbein <eugen at grosbein.net> wrote:
> Hi!
>
> Suppose, you have FreeBSD host A behind FreeBSD router R and run
> "traceroute -I outerhost 1501" command from A. You will see only "stars"
> for first hop. That's because router R erroneously sends ICMP "time exceeded" packets
> with "more fragments" flag in the IP header when original packet was fragmented.
> This flag is copied from original header.
>
> I've just tested the following patch, it fixes the problem:
> http://www.grosbein.net/freebsd/patches/ip_icmp.c.diff
>
> --- sys/netinet/ip_icmp.c.orig 2013-10-21 21:07:06.000000000 +0700
> +++ sys/netinet/ip_icmp.c 2014-03-31 00:06:48.000000000 +0700
> @@ -332,6 +332,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q
> * reply should bypass as well.
> */
> m->m_flags |= n->m_flags & M_SKIP_FIREWALL;
> + m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG);
> m->m_data -= sizeof(struct ip);
> m->m_len += sizeof(struct ip);
> m->m_pkthdr.len = m->m_len;
> @@ -343,6 +344,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q
> nip->ip_hl = 5;
> nip->ip_p = IPPROTO_ICMP;
> nip->ip_tos = 0;
> + nip->ip_off = 0;
> icmp_reflect(m);
>
> freeit:
>
>
> (I've discovered this while debugging real-world issue concerning
> problems with UDP fragmented traffic while using L2TP tunnel.)
>
> Please review/commit.
>
> Eugene Grosbein
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list