diff options
| author |   bluhm <bluhm@openbsd.org> | 2017-08-10 02:26:26 +0000 |
|---|---|---|
| committer | bluhm <bluhm@openbsd.org> | 2017-08-10 02:26:26 +0000 |
| commit | 41649a76d028486a63681c547cc0755f38f4cad6 (patch) | |
| tree | b576ba1a180ccec566e1566c5fefaa6a7c5f3f2e | |
| parent | Pull out the code that identifies if we have an ECC cipher in the cipher (diff) | |
| download | wireguard-openbsd-41649a76d028486a63681c547cc0755f38f4cad6.tar.xz wireguard-openbsd-41649a76d028486a63681c547cc0755f38f4cad6.zip | |
icmp_mtudisc() might be called by TCP even on loopback after a
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
| -rw-r--r-- | sys/netinet/ip_icmp.c | 12 | ||||
| -rw-r--r-- | sys/netinet6/icmp6.c | 12 |
2 files changed, 22 insertions, 2 deletions
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index a30c96d7253..cdfa20cccd7 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_icmp.c,v 1.170 2017/06/19 17:58:49 bluhm Exp $ */ +/* $OpenBSD: ip_icmp.c,v 1.171 2017/08/10 02:26:26 bluhm Exp $ */ /* $NetBSD: ip_icmp.c,v 1.19 1996/02/13 23:42:22 christos Exp $ */ /* @@ -961,6 +961,16 @@ icmp_mtudisc_clone(struct in_addr dst, u_int rtableid) return (NULL); } + /* + * No PMTU for local routes and permanent neighbors, + * ARP and NDP use the same expire timer as the route. + */ + if (ISSET(rt->rt_flags, RTF_LOCAL) || + (ISSET(rt->rt_flags, RTF_LLINFO) && rt->rt_expire == 0)) { + rtfree(rt); + return (NULL); + } + /* If we didn't get a host route, allocate one */ if ((rt->rt_flags & RTF_HOST) == 0) { struct rtentry *nrt; diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index eaff1dc0924..1b7d4feacca 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: icmp6.c,v 1.214 2017/08/03 15:46:00 florian Exp $ */ +/* $OpenBSD: icmp6.c,v 1.215 2017/08/10 02:26:26 bluhm Exp $ */ /* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */ /* @@ -1786,6 +1786,16 @@ icmp6_mtudisc_clone(struct sockaddr *dst, u_int rtableid) return (NULL); } + /* + * No PMTU for local routes and permanent neighbors, + * ARP and NDP use the same expire timer as the route. + */ + if (ISSET(rt->rt_flags, RTF_LOCAL) || + (ISSET(rt->rt_flags, RTF_LLINFO) && rt->rt_expire == 0)) { + rtfree(rt); + return (NULL); + } + /* If we didn't get a host route, allocate one */ if ((rt->rt_flags & RTF_HOST) == 0) { struct rtentry *nrt; |