CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2015/09/11 09:12:29
Modified files:
sys/netinet : ip_icmp.c
sys/netinet6 : icmp6.c
Log message:
When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag in
the mbuf packet header. If the packet and is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
IPv6 uses m_copym() and M_PREPEND() which preserve the packet header.
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears
the packet header, so the problem does not occur. But setting the
csum_flags explicitly also makes sense for icmp_send(). Do not or
M_ICMP_CSUM_OUT to a value that is 0 because of some function calls
before.
OK mpi@ lteo@
