From eugen@grosbein.net  Sun Mar 30 18:25:39 2014
Return-Path: <eugen@grosbein.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 90050342
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 18:25:39 +0000 (UTC)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id F1973B8A
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 18:25:38 +0000 (UTC)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221])
	by hz.grosbein.net (8.14.7/8.14.7) with ESMTP id s2UIPYZB047144
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 30 Mar 2014 20:25:34 +0200 (CEST)
	(envelope-from eugen@grosbein.net)
Received: from grosbein.net (188-123-32-240.rdtc.ru [188.123.32.240] (may be forged))
	by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s2UIP0EB092198
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 31 Mar 2014 01:25:25 +0700 (NOVT)
	(envelope-from eugen@grosbein.net)
Received: from grosbein.net (localhost [127.0.0.1])
	by grosbein.net (8.14.8/8.14.8) with ESMTP id s2UIP0i8022586;
	Mon, 31 Mar 2014 01:25:00 +0700 (NOVT)
	(envelope-from eugen@grosbein.net)
Received: (from eugen@localhost)
	by grosbein.net (8.14.8/8.14.8/Submit) id s2UIP0vb022585;
	Mon, 31 Mar 2014 01:25:00 +0700 (NOVT)
	(envelope-from eugen)
Message-Id: <201403301825.s2UIP0vb022585@grosbein.net>
Date: Mon, 31 Mar 2014 01:25:00 +0700 (NOVT)
From: Eugene Grosbein <eugen@grosbein.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [patch] icmp_error() fails to clear "fragmented" flag in the IP header
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         188092
>Category:       kern
>Synopsis:       [patch] icmp_error() fails to clear "fragmented" flag in the IP header
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ae
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar 30 18:30:00 UTC 2014
>Closed-Date:    Mon Apr 07 12:52:37 UTC 2014
>Last-Modified:  Mon Apr  7 13:00:02 UTC 2014
>Originator:     Eugene Grosbein
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
RDTC JSC
>Environment:
System: FreeBSD grosbein.net 9.2-STABLE FreeBSD 9.2-STABLE #3 r261670M: Sat Mar 1 22:38:42 NOVT 2014 root@grosbein.net:/usr/obj/usr/local/src/sys/DADV amd64

>Description:
	icmp_error() function copies "more fragments" flag
	from original IP header. This may generate "fragmented" ICMP error packet
	if original IP packed was fragmented.

>How-To-Repeat:
	Run "traceroute -I outerhost 1501" when your mtu is 1500 or less
	and next hop is FreeBSD router. You will see only "stars"
	for the first hop because of this error.

>Fix:

--- sys/netinet/ip_icmp.c.orig	2013-10-21 21:07:06.000000000 +0700
+++ sys/netinet/ip_icmp.c	2014-03-31 00:06:48.000000000 +0700
@@ -332,6 +332,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	 * reply should bypass as well.
 	 */
 	m->m_flags |= n->m_flags & M_SKIP_FIREWALL;
+	m->m_flags &= ~(M_FRAG | M_FIRSTFRAG | M_LASTFRAG);
 	m->m_data -= sizeof(struct ip);
 	m->m_len += sizeof(struct ip);
 	m->m_pkthdr.len = m->m_len;
@@ -343,6 +344,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
 	nip->ip_hl = 5;
 	nip->ip_p = IPPROTO_ICMP;
 	nip->ip_tos = 0;
+	nip->ip_off = 0;
 	icmp_reflect(m);
 
 freeit:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ae 
Responsible-Changed-By: ae 
Responsible-Changed-When: Mon Mar 31 12:43:42 UTC 2014 
Responsible-Changed-Why:  
Take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=188092 
State-Changed-From-To: open->patched 
State-Changed-By: ae 
State-Changed-When: Mon Mar 31 13:01:23 UTC 2014 
State-Changed-Why:  
Patched in head/. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=188092 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/188092: commit references a PR
Date: Mon, 31 Mar 2014 13:00:54 +0000 (UTC)

 Author: ae
 Date: Mon Mar 31 13:00:49 2014
 New Revision: 263966
 URL: http://svnweb.freebsd.org/changeset/base/263966
 
 Log:
   Don't copy the MF flag from original IP header to ICMP error message.
   
   PR:		188092
   MFC after:	1 week
   Sponsored by:	Yandex LLC
 
 Modified:
   head/sys/netinet/ip_icmp.c
 
 Modified: head/sys/netinet/ip_icmp.c
 ==============================================================================
 --- head/sys/netinet/ip_icmp.c	Mon Mar 31 09:37:11 2014	(r263965)
 +++ head/sys/netinet/ip_icmp.c	Mon Mar 31 13:00:49 2014	(r263966)
 @@ -348,6 +348,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
  	nip->ip_hl = 5;
  	nip->ip_p = IPPROTO_ICMP;
  	nip->ip_tos = 0;
 +	nip->ip_off = 0;
  	icmp_reflect(m);
  
  freeit:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: ae 
State-Changed-When: Mon Apr 7 12:52:04 UTC 2014 
State-Changed-Why:  
Merged to stable/10, stable/9, stable/8. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=188092 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/188092: commit references a PR
Date: Mon,  7 Apr 2014 12:50:39 +0000 (UTC)

 Author: ae
 Date: Mon Apr  7 12:50:34 2014
 New Revision: 264222
 URL: http://svnweb.freebsd.org/changeset/base/264222
 
 Log:
   MFC r263966:
     Don't copy the MF flag from original IP header to ICMP error message.
   
   PR:		188092
   Sponsored by:	Yandex LLC
 
 Modified:
   stable/9/sys/netinet/ip_icmp.c
 Directory Properties:
   stable/9/sys/   (props changed)
 
 Modified: stable/9/sys/netinet/ip_icmp.c
 ==============================================================================
 --- stable/9/sys/netinet/ip_icmp.c	Mon Apr  7 12:50:08 2014	(r264221)
 +++ stable/9/sys/netinet/ip_icmp.c	Mon Apr  7 12:50:34 2014	(r264222)
 @@ -343,6 +343,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
  	nip->ip_hl = 5;
  	nip->ip_p = IPPROTO_ICMP;
  	nip->ip_tos = 0;
 +	nip->ip_off = 0;
  	icmp_reflect(m);
  
  freeit:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/188092: commit references a PR
Date: Mon,  7 Apr 2014 12:50:12 +0000 (UTC)

 Author: ae
 Date: Mon Apr  7 12:50:08 2014
 New Revision: 264221
 URL: http://svnweb.freebsd.org/changeset/base/264221
 
 Log:
   MFC r263966:
     Don't copy the MF flag from original IP header to ICMP error message.
   
   PR:		188092
   Sponsored by:	Yandex LLC
 
 Modified:
   stable/10/sys/netinet/ip_icmp.c
 Directory Properties:
   stable/10/   (props changed)
 
 Modified: stable/10/sys/netinet/ip_icmp.c
 ==============================================================================
 --- stable/10/sys/netinet/ip_icmp.c	Mon Apr  7 07:06:13 2014	(r264220)
 +++ stable/10/sys/netinet/ip_icmp.c	Mon Apr  7 12:50:08 2014	(r264221)
 @@ -347,6 +347,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
  	nip->ip_hl = 5;
  	nip->ip_p = IPPROTO_ICMP;
  	nip->ip_tos = 0;
 +	nip->ip_off = 0;
  	icmp_reflect(m);
  
  freeit:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/188092: commit references a PR
Date: Mon,  7 Apr 2014 12:51:45 +0000 (UTC)

 Author: ae
 Date: Mon Apr  7 12:51:41 2014
 New Revision: 264223
 URL: http://svnweb.freebsd.org/changeset/base/264223
 
 Log:
   MFC r263966:
     Don't copy the MF flag from original IP header to ICMP error message.
   
   PR:		188092
   Sponsored by:	Yandex LLC
 
 Modified:
   stable/8/sys/netinet/ip_icmp.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/netinet/   (props changed)
 
 Modified: stable/8/sys/netinet/ip_icmp.c
 ==============================================================================
 --- stable/8/sys/netinet/ip_icmp.c	Mon Apr  7 12:50:34 2014	(r264222)
 +++ stable/8/sys/netinet/ip_icmp.c	Mon Apr  7 12:51:41 2014	(r264223)
 @@ -339,6 +339,7 @@ stdreply:	icmpelen = max(8, min(V_icmp_q
  	nip->ip_hl = 5;
  	nip->ip_p = IPPROTO_ICMP;
  	nip->ip_tos = 0;
 +	nip->ip_off = 0;
  	icmp_reflect(m);
  
  freeit:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
