Date: Mon, 31 Mar 2014 00:38:42 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: freebsd-net <freebsd-net@freebsd.org>, "Alexander V. Chernikov" <melifaro@freebsd.org> Subject: icmp_error() fails to clear "fragmented" flag Message-ID: <533856A2.7030401@grosbein.net>
next in thread | raw e-mail | index | archive | help
Hi! Suppose, you have FreeBSD host A behind FreeBSD router R and run "traceroute -I outerhost 1501" command from A. You will see only "stars" for first hop. That's because router R erroneously sends ICMP "time exceeded" packets with "more fragments" flag in the IP header when original packet was fragmented. This flag is copied from original header. I've just tested the following patch, it fixes the problem: http://www.grosbein.net/freebsd/patches/ip_icmp.c.diff --- sys/netinet/ip_icmp.c.orig 2013-10-21 21:07:06.000000000 +0700 +++ sys/netinet/ip_icmp.c 2014-03-31 00:06:48.000000000 +0700 @@ -332,6 +332,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q * reply should bypass as well. */ m->m_flags |= n->m_flags & M_SKIP_FIREWALL; + m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG); m->m_data -= sizeof(struct ip); m->m_len += sizeof(struct ip); m->m_pkthdr.len = m->m_len; @@ -343,6 +344,7 @@ stdreply: icmpelen = max(8, min(V_icmp_q nip->ip_hl = 5; nip->ip_p = IPPROTO_ICMP; nip->ip_tos = 0; + nip->ip_off = 0; icmp_reflect(m); freeit: (I've discovered this while debugging real-world issue concerning problems with UDP fragmented traffic while using L2TP tunnel.) Please review/commit. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?533856A2.7030401>