Hey! Use of IP_MINTTL to ensure a minimum TTL on input TCP packets is broken. When this option is enabled for a socket, all incoming packets are dropped. When it comes to compare the TTL in `tcp_input.c`, the reported TTL is 0: ```c if (inp->inp_ip_minttl != 0) { #ifdef INET6 if (isipv6) { if (inp->inp_ip_minttl > ip6->ip6_hlim) goto dropunlock; } else #endif if (inp->inp_ip_minttl > ip->ip_ttl) goto dropunlock; } ``` A few lines earlier, we have: ```c struct ipovly *ipov = (struct ipovly *)ip; /* * Checksum extended TCP header and data. */ len = off0 + tlen; bzero(ipov->ih_x1, sizeof(ipov->ih_x1)); ipov->ih_len = htons(tlen); th->th_sum = in_cksum(m, len); /* Reset length for SDT probes. */ ip->ip_len = htons(len); /* Reset TOS bits */ ip->ip_tos = iptos; /* Re-initialization for later version check */ ip->ip_v = IPVERSION; ip->ip_hl = off0 >> 2; ``` `ip->ip_ttl` also needs to be restored after this code.
A commit references this bug: Author: ae Date: Tue Aug 13 12:47:54 UTC 2019 New revision: 350974 URL: https://svnweb.freebsd.org/changeset/base/350974 Log: Save ip_ttl value and restore it after checksum calculation. Since ipvoly is used for checksum calculation, part of original IP header is zeroed. This part includes ip_ttl field, that can be used later in IP_MINTTL socket option handling. PR: 239799 MFC after: 1 week Changes: head/sys/netinet/tcp_input.c
A commit references this bug: Author: ae Date: Fri Aug 23 10:11:11 UTC 2019 New revision: 351419 URL: https://svnweb.freebsd.org/changeset/base/351419 Log: MFC r350974: Since ipvoly is used for checksum calculation, part of original IP header is zeroed. This part includes ip_ttl field, that can be used later in IP_MINTTL socket option handling. PR: 239799 Changes: _U stable/12/ stable/12/sys/netinet/tcp_input.c
A commit references this bug: Author: ae Date: Fri Aug 23 10:12:42 UTC 2019 New revision: 351420 URL: https://svnweb.freebsd.org/changeset/base/351420 Log: MFC r350974: Save ip_ttl value and restore it after checksum calculation. Since ipvoly is used for checksum calculation, part of original IP header is zeroed. This part includes ip_ttl field, that can be used later in IP_MINTTL socket option handling. PR: 239799 Changes: _U stable/11/ stable/11/sys/netinet/tcp_input.c
Fixed in head/, stable/12 and stable/11. Thanks!