sys/netinet/ip_output.c ... int ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, u_long if_hwassist_flags) { int error = 0; int hlen = ip->ip_hl << 2; int len = (mtu - hlen) & ~7; /* size of payload in each fragment */ int off; struct mbuf *m0 = *m_frag; /* the original packet */ int firstlen; struct mbuf **mnext; int nfrags; uint16_t ip_len, ip_off; ip_len = ntohs(ip->ip_len); ip_off = ntohs(ip->ip_off); if (ip_off & IP_DF) { /* Fragmentation not allowed */ IPSTAT_INC(ips_cantfrag); return EMSGSIZE; } /* * Must be able to put at least 8 bytes per fragment. */ if (len < 8) return EMSGSIZE; ... In all other error cases IPSTAT_INC() called before exit. Without this stat more time required to debug.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=da6715bbb125ebe5d3ca7fd7656e8409b2d31921 commit da6715bbb125ebe5d3ca7fd7656e8409b2d31921 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2022-09-15 02:22:40 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2022-09-15 02:22:40 +0000 ip_output: always increase "cantfrag" stat if ip_fragment() fails While here, join two unlikely cases into one if clause. Submitted by: Ivan Rozhuk <rozhuk.im gmail.com> PR: 265718 Reviewed by: mjg, melifaro Differential revision: https://reviews.freebsd.org/D36584 sys/netinet/ip_output.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-)
Thanks! Hope see it soon in stable/13.
(In reply to Ivan Rozhuk from comment #2) Then I would ask you to cherry-pick the patch exactly as it is in main and test it on stable/13.