pf: send ICMP destination unreachable fragmentation needed when appropriate
ClosedPublic
Actions

Authored by kp on Feb 3 2025, 10:51 AM.

Details

Reviewers

None

Group Reviewers

pfsense
network

Commits

rGfffedd81a4bf: pf: send ICMP destination unreachable fragmentation needed when appropriate

Summary

Just like we do for IPv6, generate an ICMP fragmentation needed packet if we're
going to need fragmenation for IPv4 as well (i.e. DF is set). Do so before full
processing, so we generate it with pre-NAT addreses, just as we do for IPv6.

Sponsored by: Rubicon Communications, LLC ("Netgate")

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 62230
Build 59114: arc lint + arc unit

Event Timeline

kp created this revision.Feb 3 2025, 10:51 AM

Herald added subscribers: vegeta_tuxpowered.net, glebius, melifaro and 3 others. · View Herald TranscriptFeb 3 2025, 10:51 AM

kp requested review of this revision.Feb 3 2025, 10:51 AM

Harbormaster completed remote builds in B62216: Diff 150389.Feb 3 2025, 10:51 AM

zlei added a subscriber: zlei.Feb 3 2025, 4:10 PM

Maybe commit changes to ip_output.c and ip_fastfwd.c separately? Cause they are a generic change, not something specific to ICMP.

Split off network stack changes

Harbormaster completed remote builds in B62230: Diff 150438.Feb 3 2025, 11:10 PM

In D48805#1113409, @glebius wrote:

Maybe commit changes to ip_output.c and ip_fastfwd.c separately? Cause they are a generic change, not something specific to ICMP.

Yeah, that's a good idea. See D48824 for those.

This revision was not accepted when it landed; it landed in state Needs Review.Feb 4 2025, 9:14 PM

Closed by commit rGfffedd81a4bf: pf: send ICMP destination unreachable fragmentation needed when appropriate (authored by kp). · Explain Why

This revision was automatically updated to reflect the committed changes.

kp added a commit: rGfffedd81a4bf: pf: send ICMP destination unreachable fragmentation needed when appropriate.