kern/188092: [patch] icmp_error() fails to clear "fragmented" flag in the IP header
Eugene Grosbein
eugen at grosbein.net
Sun Mar 30 18:30:02 UTC 2014
>Number: 188092
>Category: kern
>Synopsis: [patch] icmp_error() fails to clear "fragmented" flag in the IP header
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Mar 30 18:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Eugene Grosbein
>Release: FreeBSD 9.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.net 9.2-STABLE FreeBSD 9.2-STABLE #3 r261670M: Sat Mar 1 22:38:42 NOVT 2014 root at grosbein.net:/usr/obj/usr/local/src/sys/DADV amd64
>Description:
icmp_error() function copies "more fragments" flag
from original IP header. This may generate "fragmented" ICMP error packet
if original IP packed was fragmented.
>How-To-Repeat:
Run "traceroute -I outerhost 1501" when your mtu is 1500 or less
and next hop is FreeBSD router. You will see only "stars"
for the first hop because of this error.
>Fix:
--- sys/netinet/ip_icmp.c.orig 2013-10-21 21:07:06.000000000 +0700
+++ sys/netinet/ip_icmp.c 2014-03-31 00:06:48.000000000 +0700
@@ -332,6 +332,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q
* reply should bypass as well.
*/
m->m_flags |= n->m_flags & M_SKIP_FIREWALL;
+ m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG);
m->m_data -= sizeof(struct ip);
m->m_len += sizeof(struct ip);
m->m_pkthdr.len = m->m_len;
@@ -343,6 +344,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q
nip->ip_hl = 5;
nip->ip_p = IPPROTO_ICMP;
nip->ip_tos = 0;
+ nip->ip_off = 0;
icmp_reflect(m);
freeit:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list