git: b9a2d84b1bf7 - main - icmp: clear offset and flags when reflecting a packet
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 18 Aug 2025 17:19:19 UTC
The branch main has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=b9a2d84b1bf7f9cf556e2f0b68023d5af8362797
commit b9a2d84b1bf7f9cf556e2f0b68023d5af8362797
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-08-18 17:15:39 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-08-18 17:19:13 +0000
icmp: clear offset and flags when reflecting a packet
When reflecting a packet, use an offset of 0 and clear all three bits,
in particular the DF bit.
PR: 288558
Reviewed by: markj, zlei
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D51991
---
sys/netinet/ip_icmp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 543b846fbba5..fc0848b2c944 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -391,7 +391,6 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, ntohs(oip->ip_len) -
nip->ip_hl = 5;
nip->ip_p = IPPROTO_ICMP;
nip->ip_tos = 0;
- nip->ip_off = 0;
if (V_error_keeptags)
m_tag_copy_chain(m, n, M_NOWAIT);
@@ -872,6 +871,8 @@ match:
mac_netinet_icmp_replyinplace(m);
#endif
ip->ip_src = t;
+ /* ip->ip_tos will be reflected. */
+ ip->ip_off = htons(0);
ip->ip_ttl = V_ip_defttl;
if (optlen > 0) {