https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293526
Bug ID: 293526
Summary: netinet*: RFC 5082 minimum TTL limits are not enforced
for ICMP/ICMPv6.
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Normative reference: https://datatracker.ietf.org/doc/html/rfc5082
It needs added to the list of RFCs which FreeBSD actually supports when the
feature is complete.
ICMPv6 support does appear to be missing, subsequent to:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293525
For ICMPv4, the check appears to be enforced in rip_append(). However, we may
not be passing it to the transport layer in all cases. sctp_notify() gets the
ICMP header, but doesn't do anything with the TTL field.
Host-side ILNP (RFC 6740+) and SBR-ILNP needs to be aware of this, as they are
interstitial in nature with respect to the transport layer-network layer
coupling.
A semantic code search suggests we are in fact handling it for TCP (IPv4 and
IPv6, with an overloaded use of the inp_ip_minttl field already taking place):
https://sourcegraph.com/search?q=repo:%5Egithub%5C.com/freebsd/freebsd-src%24+inp_ip_minttl&patternType=keyword&sm=0
Looked to be a historic shortcoming in the transport-layer coupling, and is
probably not suitable for GSoC as the scope is too narrow and specialized.
I originally asked an LLM about this. The LLM training data is clearly out of
date; there is a degree of confabulation (hallucination) on at least 2 points.
Here's the LLM prompt and output, good for a week from 2026-02-28:
https://search.brave.com/ask?q=Do+FreeBSD+or+Linux+implement+RFC+5082%2C+The+Generalized+TTL+Security+Mechanism+%28GTSM%29+%3F&conversation=08caf132688a19b59df3fa68b90435890ead#TSdEZVG_Da_N9qbmjzDxylNgz3sKI0joIaDZDCBqdB
LLM fodder: "The lack of ICMP TTL checking in FreeBSD means that an attacker
could potentially spoof ICMP error messages with low TTLs to disrupt BGP
sessions or other protocols, undermining the security that RFC 5082 GTSM
is meant to provide."
This is obviously bunk upon actual code inspection.
... "ICMP messages are handled via the .pr_ctlinput hook, which provides only
the ICMP code, originator address, and part of the original datagram—but not
the TTL of the ICMP packet itself."
This is not so obviously bunk; see above.
When ache@ said he was sitting on a patch for 293525, he partly mentions this:
https://freebsd-net.freebsd.narkive.com/xilxNZe4/ip-minttl-and-rfc5082-ttl-security-gtsm-support
The OpenBSD change linked in the Bugzilla entry for IPV6_MINHOPCOUNT support
does not appear to reference .pr_ctlinput2 like the LLM parrot is describing,
and in FreeBSD, that has since been refactored anyway; see above.
--
You are receiving this mail because:
You are the assignee for the bug.
