git: 9feb2ac05b77 - stable/14 - icmp: clear offset and flags when reflecting a packet
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 05 Sep 2025 19:05:48 UTC
The branch stable/14 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=9feb2ac05b77a10f992107f2fbc1ab61c058f200
commit 9feb2ac05b77a10f992107f2fbc1ab61c058f200
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-08-18 17:15:39 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-09-05 19:05:15 +0000
icmp: clear offset and flags when reflecting a packet
When reflecting a packet, use an offset of 0 and clear all three bits,
in particular the DF bit.
PR: 288558
Reviewed by: markj, zlei
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D51991
(cherry picked from commit b9a2d84b1bf7f9cf556e2f0b68023d5af8362797)
---
sys/netinet/ip_icmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index fffe7e280a8e..29ce294fefd2 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -393,7 +393,6 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, ntohs(oip->ip_len) -
nip->ip_hl = 5;
nip->ip_p = IPPROTO_ICMP;
nip->ip_tos = 0;
- nip->ip_off = 0;
if (V_error_keeptags)
m_tag_copy_chain(m, n, M_NOWAIT);
@@ -879,6 +878,8 @@ match:
mac_netinet_icmp_replyinplace(m);
#endif
ip->ip_src = t;
+ /* ip->ip_tos will be reflected. */
+ ip->ip_off = htons(0);
ip->ip_ttl = V_ip_defttl;
if (optlen > 0) {