From owner-freebsd-net@FreeBSD.ORG  Sun Mar 30 17:49:09 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B2483FD2;
 Sun, 30 Mar 2014 17:49:09 +0000 (UTC)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3CBE1806;
 Sun, 30 Mar 2014 17:49:08 +0000 (UTC)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.7/8.14.7) with ESMTP id s2UHcq2n046999
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Sun, 30 Mar 2014 19:38:56 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: melifaro@freebsd.org
Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1])
 by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s2UHcgbv091234;
 Mon, 31 Mar 2014 00:38:42 +0700 (NOVT)
 (envelope-from eugen@grosbein.net)
Message-ID: <533856A2.7030401@grosbein.net>
Date: Mon, 31 Mar 2014 00:38:42 +0700
From: Eugene Grosbein <eugen@grosbein.net>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130415 Thunderbird/17.0.5
MIME-Version: 1.0
To: freebsd-net <freebsd-net@freebsd.org>,
 "Alexander V. Chernikov" <melifaro@freebsd.org>
Subject: icmp_error() fails to clear "fragmented" flag
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=3.1 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q, 
 LOCAL_FROM autolearn=no version=3.3.2
X-Spam-Report: * 2.8 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after
 Received: date
 * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net
X-Spam-Level: ***
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 17:49:09 -0000

Hi!

Suppose, you have FreeBSD host A behind FreeBSD router R and run
"traceroute -I outerhost 1501" command from A. You will see only "stars"
for first hop. That's because router R erroneously sends ICMP "time exceeded" packets
with "more fragments" flag in the IP header when original packet was fragmented.
This flag is copied from original header.

I've just tested the following patch, it fixes the problem:
http://www.grosbein.net/freebsd/patches/ip_icmp.c.diff

--- sys/netinet/ip_icmp.c.orig	2013-10-21 21:07:06.000000000 +0700
+++ sys/netinet/ip_icmp.c	2014-03-31 00:06:48.000000000 +0700
@@ -332,6 +332,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	 * reply should bypass as well.
 	 */
 	m->m_flags |= n->m_flags & M_SKIP_FIREWALL;
+	m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG);
 	m->m_data -= sizeof(struct ip);
 	m->m_len += sizeof(struct ip);
 	m->m_pkthdr.len = m->m_len;
@@ -343,6 +344,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	nip->ip_hl = 5;
 	nip->ip_p = IPPROTO_ICMP;
 	nip->ip_tos = 0;
+	nip->ip_off = 0;
 	icmp_reflect(m);
 
 freeit:


(I've discovered this while debugging real-world issue concerning
problems with UDP fragmented traffic while using L2TP tunnel.)

Please review/commit.

Eugene Grosbein