[Bug 215874] [patch] [icmp] [mbuf_tags] teach icmp_error() optionally keep original packet's mbuf_tags

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=215874

            Bug ID: 215874
           Summary: [patch] [icmp] [mbuf_tags] teach icmp_error()
                    optionally keep original packet's mbuf_tags
           Product: Base System
           Version: 11.0-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: ports at grosbein.net
          Keywords: patch

Created attachment 178624
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=178624&action=edit
introduce new sysctl net.inet.icmp.error_keeptags

Currently, icmp_error() function copies FIB number into generated ICMP response
from original packet but not mbuf_tags(9) chain. This prevents us from easily
matching of ICMP packets corresponding to tagged original ones by means of
ipfw(8).

For example, ICMP "time-exceeded in-transit" packets (usually generated in
response to traceroute probes) lose tags attached to original packets. Attached
simble patch introduces new sysctl net.inet.icmp.error_keeptags with default
value 0 corresponding to current behaviour to avoid extra overhead.

sysctl net.inet.icmp.error_keeptags=1 makes icmp_error() copy mbuf_tags from
original packet to generated ICMP response.

-- 
You are receiving this mail because:
You are the assignee for the bug.