From owner-freebsd-bugs@FreeBSD.ORG  Sun Mar 30 18:30:02 2014
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DC654396
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sun, 30 Mar 2014 18:30:01 +0000 (UTC)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B0B26BC3
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Sun, 30 Mar 2014 18:30:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s2UIU1GA020540
 for <freebsd-bugs@freefall.freebsd.org>; Sun, 30 Mar 2014 18:30:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s2UIU1c2020539;
 Sun, 30 Mar 2014 18:30:01 GMT (envelope-from gnats)
Resent-Date: Sun, 30 Mar 2014 18:30:01 GMT
Resent-Message-Id: <201403301830.s2UIU1c2020539@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
 Eugene Grosbein <eugen@grosbein.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 90050342
 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 18:25:39 +0000 (UTC)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id F1973B8A
 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 18:25:38 +0000 (UTC)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
 by hz.grosbein.net (8.14.7/8.14.7) with ESMTP id s2UIPYZB047144
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
 for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 20:25:34 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
Received: from grosbein.net (188-123-32-240.rdtc.ru [188.123.32.240] (may be
 forged))
 by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s2UIP0EB092198
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
 for <FreeBSD-gnats-submit@freebsd.org>; Mon, 31 Mar 2014 01:25:25 +0700 (NOVT)
 (envelope-from eugen@grosbein.net)
Received: from grosbein.net (localhost [127.0.0.1])
 by grosbein.net (8.14.8/8.14.8) with ESMTP id s2UIP0i8022586;
 Mon, 31 Mar 2014 01:25:00 +0700 (NOVT)
 (envelope-from eugen@grosbein.net)
Received: (from eugen@localhost)
 by grosbein.net (8.14.8/8.14.8/Submit) id s2UIP0vb022585;
 Mon, 31 Mar 2014 01:25:00 +0700 (NOVT) (envelope-from eugen)
Message-Id: <201403301825.s2UIP0vb022585@grosbein.net>
Date: Mon, 31 Mar 2014 01:25:00 +0700 (NOVT)
From: Eugene Grosbein <eugen@grosbein.net>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.114
Subject: kern/188092: [patch] icmp_error() fails to clear "fragmented" flag in
 the IP header
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 18:30:02 -0000


>Number:         188092
>Category:       kern
>Synopsis:       [patch] icmp_error() fails to clear "fragmented" flag in the IP header
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 30 18:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Eugene Grosbein
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.net 9.2-STABLE FreeBSD 9.2-STABLE #3 r261670M: Sat Mar 1 22:38:42 NOVT 2014 root@grosbein.net:/usr/obj/usr/local/src/sys/DADV amd64

>Description:
	icmp_error() function copies "more fragments" flag
	from original IP header. This may generate "fragmented" ICMP error packet
	if original IP packed was fragmented.

>How-To-Repeat:
	Run "traceroute -I outerhost 1501" when your mtu is 1500 or less
	and next hop is FreeBSD router. You will see only "stars"
	for the first hop because of this error.

>Fix:

--- sys/netinet/ip_icmp.c.orig	2013-10-21 21:07:06.000000000 +0700
+++ sys/netinet/ip_icmp.c	2014-03-31 00:06:48.000000000 +0700
@@ -332,6 +332,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	 * reply should bypass as well.
 	 */
 	m->m_flags |= n->m_flags & M_SKIP_FIREWALL;
+	m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG);
 	m->m_data -= sizeof(struct ip);
 	m->m_len += sizeof(struct ip);
 	m->m_pkthdr.len = m->m_len;
@@ -343,6 +344,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	nip->ip_hl = 5;
 	nip->ip_p = IPPROTO_ICMP;
 	nip->ip_tos = 0;
+	nip->ip_off = 0;
 	icmp_reflect(m);
 
 freeit:


>Release-Note:
>Audit-Trail:
>Unformatted: