celzero · ignoramous · Aug 27, 2025 · Aug 24, 2025
diff --git a/intra/netstack/icmp.go b/intra/netstack/icmp.go
@@ -117,41 +117,29 @@
 		if !f.h.Ping(data, src, dst) { // unreachable
 			err = f.icmpErr4(pkt, header.ICMPv4DstUnreachable, header.ICMPv4HostUnreachable)
 		} else { // reachable
-			newOptions := f.ipOpts(pkt, ipHdr)
-
-			// Correct IP header length (IHL in 32-bit words).
-			replyHeaderLength := uint8(header.IPv4MinimumSize + len(newOptions))
-			replyIPHdrView := buffer.NewView(int(replyHeaderLength))
-			replyIPHdrView.Write(ipHdr[:header.IPv4MinimumSize])
-			replyIPHdrView.Write(newOptions)
-
-			replyIPHdr := header.IPv4(replyIPHdrView.AsSlice())
-			replyIPHdr.SetHeaderLength(replyHeaderLength >> 2) // IHL in 32-bit words.
-			replyIPHdr.SetSourceAddress(route.LocalAddress())
-			replyIPHdr.SetDestinationAddress(route.RemoteAddress())
-			replyIPHdr.SetTTL(route.DefaultTTL())
-			replyIPHdr.SetTotalLength(uint16(len(replyIPHdr) + len(replyData.AsSlice())))
-			replyIPHdr.SetChecksum(0)
-			replyIPHdr.SetChecksum(^replyIPHdr.CalculateChecksum())
-
-			replyICMPHdr := header.ICMPv4(replyData.AsSlice())
+			originRef := replyData.AsSlice()
+			replyBuf := buffer.NewViewSize(len(originRef))
+			replyRef := replyBuf.AsSlice()
+
+			copy(replyRef[4:], originRef[4:])
+			replyICMPHdr := header.ICMPv4(replyRef)
 			replyICMPHdr.SetType(header.ICMPv4EchoReply)
 			replyICMPHdr.SetCode(0) // EchoReply must have Code=0.
-			replyICMPHdr.SetChecksum(0)
-			replyICMPHdr.SetChecksum(^checksum.Checksum(replyData.AsSlice(), 0))
+			replyICMPHdr.SetChecksum(^checksum.Checksum(replyRef, 0))
 
-			replyBuf := buffer.MakeWithView(replyIPHdrView)
-			replyBuf.Append(replyData.Clone())
 			replyPkt := stack.NewPacketBuffer(stack.PacketBufferOptions{
 				ReserveHeaderBytes: int(route.MaxHeaderLength()),
-				Payload:            replyBuf,
+				Payload:            buffer.MakeWithView(replyBuf),
 			})
 
 			log.D("icmp: v4: %s: ok type %v/%v sz[%d] from %v <= %v",
 				f.o, replyICMPHdr.Type(), replyICMPHdr.Code(), len(replyICMPHdr), src, dst)
 
 			// github.com/google/gvisor/blob/738e1d995f/pkg/tcpip/network/ipv4/icmp.go#L794
-			err = route.WriteHeaderIncludedPacket(replyPkt)
+			err = route.WritePacket(stack.NetworkHeaderParams{
+				Protocol: header.ICMPv4ProtocolNumber,
+				TTL:      route.DefaultTTL(),
+			}, replyPkt)
 		}
 		loge(err)("icmp: v4: %s: wrote reply to tun; err? %v", f.o, err)
 	})
@@ -497,25 +485,25 @@
 // github.com/google/gvisor/blob/738e1d995f/pkg/tcpip/network/ipv4/ipv4.go#L2007
 // optionAction describes possible actions that may be taken on an option
 // while processing it.
 type optionAction uint8

 const (
 	// optionRemove says that the option should not be in the output option set.
 	optionRemove optionAction = iota

 	// optionProcess says that the option should be fully processed.
 	optionProcess

 	// optionVerify says the option should be checked and passed unchanged.
 	optionVerify

 	// optionPass says to pass the output set without checking.
 	optionPass
 )

 // github.com/google/gvisor/blob/738e1d995f6/pkg/tcpip/network/ipv4/ipv4.go#L2026
 // optionActions list what to do for each option in a given scenario.
 type optionActions struct {
 	// timestamp controls what to do with a Timestamp option.
 	timestamp optionAction

@@ -529,7 +517,7 @@
 	unknown optionAction
 }

 func (f *icmpForwarder) ipOpts(pkt *stack.PacketBuffer, iph header.IPv4) (o header.IPv4Options) {
 	if opts := iph.Options(); len(opts) != 0 {
 		// RFC 1122 section 3.2.2.6 (page 43) (and similar for other round trip
 		// type ICMP packets):
@@ -567,7 +555,7 @@
 //
 // If there were no errors during parsing, the new set of options is returned as
 // a new buffer.
 func (f *icmpForwarder) processIPOptions(pkt *stack.PacketBuffer, opts header.IPv4Options, usage optionActions) (header.IPv4Options, *header.IPv4OptParameterProblem) {
 	optIter := opts.MakeIterator()

 	// Except NOP, each option must only appear at most once (RFC 791 section 3.1,