upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-02-18 18:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

icmp: clear offset and flags when reflecting a packet

Browse source 
When reflecting a packet, use an offset of 0 and clear all three bits,
in particular the DF bit.

PR:			288558
Reviewed by:		markj, zlei
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D51991

(cherry picked from commit b9a2d84b1bf7f9cf556e2f0b68023d5af8362797)
This commit is contained in:
Michael Tuexen 2025-08-18 19:15:39 +02:00 committed by Franco Fichtner
parent 89cd3740e9
commit 499bfea65d
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
sys/netinet/ip_icmp.c
View file

@ -393,7 +393,6 @@ stdreply: icmpelen = max(8, min(V_icmp_quotelen, ntohs(oip->ip_len) -
nip->ip_hl = 5;
nip->ip_p = IPPROTO_ICMP;
nip->ip_tos = 0;
nip->ip_off = 0;
if (V_error_keeptags)
m_tag_copy_chain(m, n, M_NOWAIT);
@ -879,6 +878,8 @@ match:
mac_netinet_icmp_replyinplace(m);
#endif
ip->ip_src = t;
/* ip->ip_tos will be reflected. */
ip->ip_off = htons(0);
ip->ip_ttl = V_ip_defttl;
if (optlen > 0) {