Hi,
When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag in
the mbuf packet header. If the packet is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
ok?
bluhm
Index: netinet6/icmp6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.167
diff -u -p -r1.167 icmp6.c
--- netinet6/icmp6.c 11 Sep 2015 08:17:06 -0000 1.167
+++ netinet6/icmp6.c 11 Sep 2015 10:51:11 -0000
@@ -1283,7 +1283,7 @@ icmp6_reflect(struct mbuf *m, size_t off
ip6->ip6_hlim = ip6_defhlim;
icmp6->icmp6_cksum = 0;
- m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT;
+ m->m_pkthdr.csum_flags = M_ICMP_CSUM_OUT;
/*
* XXX option handling
@@ -1786,7 +1786,7 @@ noredhdropt:
ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr));
nd_rd->nd_rd_cksum = 0;
- m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT;
+ m->m_pkthdr.csum_flags = M_ICMP_CSUM_OUT;
/* send the packet to outside... */
ip6_output(m, NULL, NULL, 0, NULL, NULL);
