diff --git a/icmp.c b/icmp.c index 57d954a..49fdf91 100644 --- a/icmp.c +++ b/icmp.c @@ -87,10 +87,17 @@ void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, struct sockaddr_in6 *sr6 = (struct sockaddr_in6 *)&sr; struct icmp6hdr *ih = (struct icmp6hdr *)buf; + id = ntohs(ih->icmp6_identifier); + + /* If bind() fails e.g. because of a broken SELinux policy, this + * might happen. Fix up the identifier to match the sent one. + */ + if (id != ref.icmp.id) + ih->icmp6_identifier = htons(ref.icmp.id); + /* In PASTA mode, we'll get any reply we send, discard them. */ if (c->mode == MODE_PASTA) { seq = ntohs(ih->icmp6_sequence); - id = ntohs(ih->icmp6_identifier); if (icmp_id_map[V6][id].seq == seq) return; @@ -103,9 +110,12 @@ void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, struct sockaddr_in *sr4 = (struct sockaddr_in *)&sr; struct icmphdr *ih = (struct icmphdr *)buf; + id = ntohs(ih->un.echo.id); + if (id != ref.icmp.id) + ih->un.echo.id = htons(ref.icmp.id); + if (c->mode == MODE_PASTA) { seq = ntohs(ih->un.echo.sequence); - id = ntohs(ih->un.echo.id); if (icmp_id_map[V4][id].seq == seq) return; @@ -148,7 +158,7 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr, if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO) return 1; - id = ntohs(ih->un.echo.id); + iref.id = id = ntohs(ih->un.echo.id); if ((s = icmp_id_map[V4][id].sock) <= 0) { s = sock_l4(c, AF_INET, IPPROTO_ICMP, id, 0, iref.u32); @@ -177,7 +187,7 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr, (ih->icmp6_type != 128 && ih->icmp6_type != 129)) return 1; - id = ntohs(ih->icmp6_identifier); + iref.id = id = ntohs(ih->icmp6_identifier); if ((s = icmp_id_map[V6][id].sock) <= 0) { s = sock_l4(c, AF_INET6, IPPROTO_ICMPV6, id, 0, iref.u32); diff --git a/icmp.h b/icmp.h index 12547b7..27f0a5c 100644 --- a/icmp.h +++ b/icmp.h @@ -15,10 +15,12 @@ void icmp_timer(struct ctx *c, struct timespec *ts); * union icmp_epoll_ref - epoll reference portion for ICMP tracking * @v6: Set for IPv6 sockets or connections * @u32: Opaque u32 value of reference + * @id: Associated echo identifier, needed if bind() fails */ union icmp_epoll_ref { struct { - uint32_t v6:1; + uint32_t v6:1, + id:16; }; uint32_t u32; }; diff --git a/tap.c b/tap.c index e31a419..68d3633 100644 --- a/tap.c +++ b/tap.c @@ -134,6 +134,11 @@ void tap_ip_send(struct ctx *c, struct in6_addr *src, uint8_t proto, struct udphdr *uh = (struct udphdr *)(iph + 1); uh->check = 0; + } else if (iph->protocol == IPPROTO_ICMP) { + struct icmphdr *ih = (struct icmphdr *)(iph + 1); + + ih->checksum = 0; + ih->checksum = csum_unaligned(ih, len, 0); } tap_send(c, buf, len + sizeof(*iph) + sizeof(*eh), 1);