Bug 16240
| Summary: | ICMP error generation fails to correctly insert IP ID on returned packet | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | kannanv <kannanv> | ||||||||||||||||||
| Component: | kern | Assignee: | ru <ru> | ||||||||||||||||||
| Status: | Closed FIXED | ||||||||||||||||||||
| Severity: | Affects Only Me | ||||||||||||||||||||
| Priority: | Normal | ||||||||||||||||||||
| Version: | 3.3-RELEASE | ||||||||||||||||||||
| Hardware: | Any | ||||||||||||||||||||
| OS: | Any | ||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||
On Thu, Jan 20, 2000 at 03:19:18PM -0800, kannanv@research.bell-labs.com wrote: > > >Number: 16240 > >Category: kern > >Synopsis: ICMP error generation fails to correctly insert IP ID on returned packet > >Severity: non-critical [...] > See tcpdump traces below: > > 16:31:54.084947 0:90:27:61:e7:99 0:50:4:b1:f0:90 0800 162: 135.104.73.82.2094666972 > 135.104.73.129.2049: 120 getattr [|nfs] > 4500 0094 012d 0000 3d11 da88 8768 4952 > 8768 4981 03e5 0801 0080 d6a1 7cda 14dc > 0000 0000 0000 0002 0001 86a3 0000 0003 > 0000 0001 0000 > ### ORIGINATING PACKET. NOTE IP ID is 0194 > 16:31:54.085012 0:50:4:b1:f0:90 0:60:1d:9:0:5a 0800 154: 135.104.73.11.2049 > 135.104.73.82.2094666972: reply ok 112 getattr [|nfs] > 4500 008c 0194 0000 4011 d79f 8768 490b > 8768 4952 0801 03e5 0078 152e 7cda 14dc > 0000 0001 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 > > ### ICMP ERROR RETURNED. NOTE IP ID on returned packet is 9401, > ### indicating some byte-ordering problems. > 16:31:54.085486 0:60:1d:9:0:5a 0:50:4:b1:f0:90 0800 70: 135.104.73.82 > 135.104.73.11: icmp: 135.104.73.82 udp port 997 unreachable > 4500 0038 012e 0000 fd01 1b69 8768 4952 > 8768 490b 0303 5e31 0000 0000 4500 008c > 9401 0000 3e11 d99f 8768 490b 8768 4952 > 0801 03e5 0078 > It is an old known bug, for which there is no easy fix, see attached. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age Excuse me for being stupid here, but what does ping from SCO hosts have
to do with how freebsd behaves? Here's a different synopsis of the bug:
freebsd host, call it X, decides to send an ICMP error message.
It has to copy back some portion of the original packet that caused
the error.
During the copy process, the ip_d field of the original packet is not
in network byte order.
Here's another look at the tcpdump trace:
> ### ORIGINATING PACKET. NOTE IP ID is 0194
> 16:31:54.085012 0:50:4:b1:f0:90 0:60:1d:9:0:5a 0800 154: 135.104.73.11.2049 > 135.104.73.82.2094666972: reply ok 112 getattr [|nfs]
> 4500 008c 0194 0000 4011 d79f 8768 490b
^^^^ ORIGINAL ip_id
> 8768 4952 0801 03e5 0078 152e 7cda 14dc
> 0000 0001 0000 0000 0000 0000 0000 0000
> 0000 0000 0000
>
> ### ICMP ERROR RETURNED. NOTE IP ID on returned packet is 9401,
> ### indicating some byte-ordering problems.
> 16:31:54.085486 0:60:1d:9:0:5a 0:50:4:b1:f0:90 0800 70: 135.104.73.82 > 135.104.73.11: icmp: 135.104.73.82 udp port 997 unreachable
> 4500 0038 012e 0000 fd01 1b69 8768 4952
> 8768 490b 0303 5e31 0000 0000 4500 008c
> 9401 0000 3e11 d99f 8768 490b 8768 4952
^^^^ Copied ip_id.
> 0801 03e5 0078
Looking over the icmp_error code in /sys/netinet/ip_icmp.c, towards the
end where it copies the original packet into the icmp packet, we have:
179 icp->icmp_code = code;
180 bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen);
181 nip = &icp->icmp_ip;
182 nip->ip_len = htons((u_short)(nip->ip_len + oiplen));
183
Clearly, the code goes to the trouble of making sure the ip_len is in
network byte order. Why does it not do the same for nip->ip_id? Is
that not sufficient?
Kannan
On Fri, Jan 21, 2000 at 12:12:53PM -0500, Kannan Varadhan wrote: > Excuse me for being stupid here, but what does ping from SCO hosts have > to do with how freebsd behaves? Here's a different synopsis of the bug: > Ping from SCO differ in that SCO sets DF bit in ICMP packets, which triggers the same bug as you observe (the bytes in ICMP response packets appear in the host order). -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age State Changed From-To: open->analyzed The patch is being developed. Responsible Changed From-To: freebsd-bugs->ru I am working on the patch. State Changed From-To: analyzed->feedback Fixed in 5.0-CURRENT in the following files/revisions: src/sys/netinet/ip_divert.c, rev 1.46 src/sys/netinet/ip_icmp.c, rev 1.44 src/sys/netinet/ip_input.c, rev 1.139 src/sys/netinet/ip_mroute.c, rev 1.58 src/sys/netinet/ip_output.c, rev 1.110 src/sys/netinet/raw_ip.c, rev 1.68 src/sys/netinet/udp_usrreq.c, rev 1.73 State Changed From-To: feedback->closed Fixed in 4.1-STABLE. Won't be merged onto RELENG_3 branch, sorry. |
See tcpdump traces below: 16:31:54.084947 0:90:27:61:e7:99 0:50:4:b1:f0:90 0800 162: 135.104.73.82.2094666972 > 135.104.73.129.2049: 120 getattr [|nfs] 4500 0094 012d 0000 3d11 da88 8768 4952 8768 4981 03e5 0801 0080 d6a1 7cda 14dc 0000 0000 0000 0002 0001 86a3 0000 0003 0000 0001 0000 ### ORIGINATING PACKET. NOTE IP ID is 0194 16:31:54.085012 0:50:4:b1:f0:90 0:60:1d:9:0:5a 0800 154: 135.104.73.11.2049 > 135.104.73.82.2094666972: reply ok 112 getattr [|nfs] 4500 008c 0194 0000 4011 d79f 8768 490b 8768 4952 0801 03e5 0078 152e 7cda 14dc 0000 0001 0000 0000 0000 0000 0000 0000 0000 0000 0000 ### ICMP ERROR RETURNED. NOTE IP ID on returned packet is 9401, ### indicating some byte-ordering problems. 16:31:54.085486 0:60:1d:9:0:5a 0:50:4:b1:f0:90 0800 70: 135.104.73.82 > 135.104.73.11: icmp: 135.104.73.82 udp port 997 unreachable 4500 0038 012e 0000 fd01 1b69 8768 4952 8768 490b 0303 5e31 0000 0000 4500 008c 9401 0000 3e11 d99f 8768 490b 8768 4952 0801 03e5 0078