Fix the length check for reinjected ICMP packets: sizeof(struct icmp) is

28 but an ICMP packet can be as small as 8 bytes (e.g. an ICMP echo
request packet with no payload), so check against ICMP_MINLEN instead.

Prior to this fix, divert(4) would erroneously discard valid ICMP
packets that are shorter than 20 bytes.

ICMPv6 is not affected, so this change applies to ICMP over IPv4 only.

ok florian@ henning@

diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c
index 3547df8..7055f63 100644 (file)
--- a/sys/netinet/ip_divert.c
+++ b/sys/netinet/ip_divert.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ip_divert.c,v 1.28 2014/08/10 03:24:51 lteo Exp $ */
+/*      $OpenBSD: ip_divert.c,v 1.29 2014/08/10 03:26:20 lteo Exp $ */
 
 /*
  * Copyright (c) 2009 Michele Marchetto <michele@openbsd.org>
@@ -126,7 +126,7 @@ divert_output(struct inpcb *inp, struct mbuf *m, struct mbuf *nam,
                m->m_pkthdr.csum_flags |= M_UDP_CSUM_OUT;
                break;
        case IPPROTO_ICMP:
-               min_hdrlen = sizeof(struct icmp);
+               min_hdrlen = ICMP_MINLEN;
                m->m_pkthdr.csum_flags |= M_ICMP_CSUM_OUT;
                break;
        default: