Date: Mon, 12 Aug 2019 11:36:15 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239799] IP_MINTTL broken Message-ID: <bug-239799-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239799 Bug ID: 239799 Summary: IP_MINTTL broken Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: vincent@bernat.ch Hey! Use of IP_MINTTL to ensure a minimum TTL on input TCP packets is broken. Wh= en this option is enabled for a socket, all incoming packets are dropped. When= it comes to compare the TTL in `tcp_input.c`, the reported TTL is 0: ```c if (inp->inp_ip_minttl !=3D 0) { #ifdef INET6 if (isipv6) { if (inp->inp_ip_minttl > ip6->ip6_hlim) goto dropunlock; } else #endif if (inp->inp_ip_minttl > ip->ip_ttl) goto dropunlock; } ``` A few lines earlier, we have: ```c struct ipovly *ipov =3D (struct ipovly *)ip; /* * Checksum extended TCP header and data. */ len =3D off0 + tlen; bzero(ipov->ih_x1, sizeof(ipov->ih_x1)); ipov->ih_len =3D htons(tlen); th->th_sum =3D in_cksum(m, len); /* Reset length for SDT probes. */ ip->ip_len =3D htons(len); /* Reset TOS bits */ ip->ip_tos =3D iptos; /* Re-initialization for later version check */ ip->ip_v =3D IPVERSION; ip->ip_hl =3D off0 >> 2; ``` `ip->ip_ttl` also needs to be restored after this code. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239799-227>