git: b9a2d84b1bf7 - main - icmp: clear offset and flags when reflecting a packet

Michael Tuexen Mon, 18 Aug 2025 10:19:26 -0700

The branch main has been updated by tuexen:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=b9a2d84b1bf7f9cf556e2f0b68023d5af8362797


commit b9a2d84b1bf7f9cf556e2f0b68023d5af8362797
Author:     Michael Tuexen <tue...@freebsd.org>
AuthorDate: 2025-08-18 17:15:39 +0000
Commit:     Michael Tuexen <tue...@freebsd.org>
CommitDate: 2025-08-18 17:19:13 +0000

    icmp: clear offset and flags when reflecting a packet
    
    When reflecting a packet, use an offset of 0 and clear all three bits,
    in particular the DF bit.
    
    PR:                     288558
    Reviewed by:            markj, zlei
    MFC after:              1 week
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D51991
---
 sys/netinet/ip_icmp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 543b846fbba5..fc0848b2c944 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -391,7 +391,6 @@ stdreply:   icmpelen = max(8, min(V_icmp_quotelen, 
ntohs(oip->ip_len) -
        nip->ip_hl = 5;
        nip->ip_p = IPPROTO_ICMP;
        nip->ip_tos = 0;
-       nip->ip_off = 0;
 
        if (V_error_keeptags)
                m_tag_copy_chain(m, n, M_NOWAIT);
@@ -872,6 +871,8 @@ match:
        mac_netinet_icmp_replyinplace(m);
 #endif
        ip->ip_src = t;
+       /* ip->ip_tos will be reflected. */
+       ip->ip_off = htons(0);
        ip->ip_ttl = V_ip_defttl;
 
        if (optlen > 0) {

git: b9a2d84b1bf7 - main - icmp: clear offset and flags when reflecting a packet

Reply via email to