[Bug 239799] IP_MINTTL broken
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 12 11:36:15 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239799
Bug ID: 239799
Summary: IP_MINTTL broken
Product: Base System
Version: 12.0-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: vincent at bernat.ch
Hey!
Use of IP_MINTTL to ensure a minimum TTL on input TCP packets is broken. When
this option is enabled for a socket, all incoming packets are dropped. When it
comes to compare the TTL in `tcp_input.c`, the reported TTL is 0:
```c
if (inp->inp_ip_minttl != 0) {
#ifdef INET6
if (isipv6) {
if (inp->inp_ip_minttl > ip6->ip6_hlim)
goto dropunlock;
} else
#endif
if (inp->inp_ip_minttl > ip->ip_ttl)
goto dropunlock;
}
```
A few lines earlier, we have:
```c
struct ipovly *ipov = (struct ipovly *)ip;
/*
* Checksum extended TCP header and data.
*/
len = off0 + tlen;
bzero(ipov->ih_x1, sizeof(ipov->ih_x1));
ipov->ih_len = htons(tlen);
th->th_sum = in_cksum(m, len);
/* Reset length for SDT probes. */
ip->ip_len = htons(len);
/* Reset TOS bits */
ip->ip_tos = iptos;
/* Re-initialization for later version check */
ip->ip_v = IPVERSION;
ip->ip_hl = off0 >> 2;
```
`ip->ip_ttl` also needs to be restored after this code.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list