kern/144311: [pf] [icmp] massive ICMP storm on lo0 occurs when
using pf(4) 'reply-to'
Max Laier
max at love2party.net
Fri Mar 19 13:40:04 UTC 2010
The following reply was made to PR kern/144311; it has been noted by GNATS.
From: Max Laier <max at love2party.net>
To: bug-followup at freebsd.org,
kasahara at nc.kyushu-u.ac.jp
Cc: Pyun YongHyeon <pyunyh at gmail.com>
Subject: Re: kern/144311: [pf] [icmp] massive ICMP storm on lo0 occurs when using pf(4) 'reply-to'
Date: Fri, 19 Mar 2010 14:35:05 +0100
--Boundary-00=_J23oL/ZH/GBB7xo
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Can you please test the attached patch (by Pyun YongHyeon) and let us know if
this fixes the situation for you?
Thanks,
Max Laier
--Boundary-00=_J23oL/ZH/GBB7xo
Content-Type: text/x-patch;
charset="ISO-8859-1";
name="pf.routeto.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="pf.routeto.patch"
Index: sys/contrib/pf/net/pf.c
===================================================================
--- sys/contrib/pf/net/pf.c (revision 203960)
+++ sys/contrib/pf/net/pf.c (working copy)
@@ -6375,6 +6375,7 @@
m0->m_pkthdr.csum_flags &= ifp->if_hwassist;
if (ntohs(ip->ip_len) <= ifp->if_mtu ||
+ (m0->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 ||
(ifp->if_hwassist & CSUM_FRAGMENT &&
((ip->ip_off & htons(IP_DF)) == 0))) {
/*
@@ -6449,7 +6450,7 @@
* Too large for interface; fragment if possible.
* Must be able to put at least 8 bytes per fragment.
*/
- if (ip->ip_off & htons(IP_DF)) {
+ if (ip->ip_off & htons(IP_DF) || (m0->m_pkthdr.csum_flags & CSUM_TSO)) {
KMOD_IPSTAT_INC(ips_cantfrag);
if (r->rt != PF_DUPTO) {
#ifdef __FreeBSD__
--Boundary-00=_J23oL/ZH/GBB7xo--
More information about the freebsd-pf
mailing list