On 11/09/15(Fri) 13:20, Alexander Bluhm wrote: > Hi, > > When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag in > the mbuf packet header. If the packet is later dropped in > ip6_forward(), the TCP mbuf is copied and passed to icmp6_error(). > The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with > incorrect checksum. So reset the csum_flags when packets are > generated by icmp6_reflect() or icmp6_redirect_output().
Don't you think the same problem can occur in IPv4 and icmp_send() could also benefit from the same fix? > Index: netinet6/icmp6.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/icmp6.c,v > retrieving revision 1.167 > diff -u -p -r1.167 icmp6.c > --- netinet6/icmp6.c 11 Sep 2015 08:17:06 -0000 1.167 > +++ netinet6/icmp6.c 11 Sep 2015 10:51:11 -0000 > @@ -1283,7 +1283,7 @@ icmp6_reflect(struct mbuf *m, size_t off > ip6->ip6_hlim = ip6_defhlim; > > icmp6->icmp6_cksum = 0; > - m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT; > + m->m_pkthdr.csum_flags = M_ICMP_CSUM_OUT; > > /* > * XXX option handling > @@ -1786,7 +1786,7 @@ noredhdropt: > ip6->ip6_plen = htons(m->m_pkthdr.len - sizeof(struct ip6_hdr)); > > nd_rd->nd_rd_cksum = 0; > - m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT; > + m->m_pkthdr.csum_flags = M_ICMP_CSUM_OUT; > > /* send the packet to outside... */ > ip6_output(m, NULL, NULL, 0, NULL, NULL); >
