Date: Sun, 01 Mar 2026 13:58:12 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 293526] netinet*: RFC 5082 minimum TTL limits are not enforced for ICMP/ICMPv6. Message-ID: <bug-293526-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293526 Bug ID: 293526 Summary: netinet*: RFC 5082 minimum TTL limits are not enforced for ICMP/ICMPv6. Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: bms@FreeBSD.org Normative reference: https://datatracker.ietf.org/doc/html/rfc5082 It needs added to the list of RFCs which FreeBSD actually supports when the feature is complete. ICMPv6 support does appear to be missing, subsequent to: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293525 For ICMPv4, the check appears to be enforced in rip_append(). However, we may not be passing it to the transport layer in all cases. sctp_notify() gets the ICMP header, but doesn't do anything with the TTL field. Host-side ILNP (RFC 6740+) and SBR-ILNP needs to be aware of this, as they are interstitial in nature with respect to the transport layer-network layer coupling. A semantic code search suggests we are in fact handling it for TCP (IPv4 and IPv6, with an overloaded use of the inp_ip_minttl field already taking place): https://sourcegraph.com/search?q=repo:%5Egithub%5C.com/freebsd/freebsd-src%24+inp_ip_minttl&patternType=keyword&sm=0 Looked to be a historic shortcoming in the transport-layer coupling, and is probably not suitable for GSoC as the scope is too narrow and specialized. I originally asked an LLM about this. The LLM training data is clearly out of date; there is a degree of confabulation (hallucination) on at least 2 points. Here's the LLM prompt and output, good for a week from 2026-02-28: https://search.brave.com/ask?q=Do+FreeBSD+or+Linux+implement+RFC+5082%2C+The+Generalized+TTL+Security+Mechanism+%28GTSM%29+%3F&conversation=08caf132688a19b59df3fa68b90435890ead#TSdEZVG_Da_N9qbmjzDxylNgz3sKI0joIaDZDCBqdB LLM fodder: "The lack of ICMP TTL checking in FreeBSD means that an attacker could potentially spoof ICMP error messages with low TTLs to disrupt BGP sessions or other protocols, undermining the security that RFC 5082 GTSM is meant to provide." This is obviously bunk upon actual code inspection. ... "ICMP messages are handled via the .pr_ctlinput hook, which provides only the ICMP code, originator address, and part of the original datagram—but not the TTL of the ICMP packet itself." This is not so obviously bunk; see above. When ache@ said he was sitting on a patch for 293525, he partly mentions this: https://freebsd-net.freebsd.narkive.com/xilxNZe4/ip-minttl-and-rfc5082-ttl-security-gtsm-support The OpenBSD change linked in the Bugzilla entry for IPV6_MINHOPCOUNT support does not appear to reference .pr_ctlinput2 like the LLM parrot is describing, and in FreeBSD, that has since been refactored anyway; see above. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-293526-227>