Date: Mon, 13 May 2002 18:56:13 -0700 (PDT) From: Amagai Yoshiji <amagai@nue.org> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/38058: ppp alters IP header length field 40 -> 46 Message-ID: <200205140156.g4E1uDpL077368@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 38058 >Category: bin >Synopsis: ppp alters IP header length field 40 -> 46 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 13 19:00:04 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Amagai Yoshiji >Release: FreeBSD 4.5-RELEASE-p4 >Organization: New Unified Environment Research Project >Environment: System: FreeBSD may.nue.org 4.5-RELEASE FreeBSD 4.5-RELEASE #3: Fri Apr 26 14:2\ 5:46 JST 2002 amagai@may.nue.org:/usr/src/sys/compile/MAY i386 >Description: Sent a 40 octet length IP datagram (typically, TCP Ack only segment without any TCP options) on ppp connection, the IP header length field was alterd from 40 to 46 sometimes. It makes TCP checksum incorrect. ------ PPP ------- router HostA ------TCP/IP-------- HostB ---- TCP/IP ------ HostC on HostA: sysctl net.inet.tcp.rfc1323=0 on HostB: gateway_enable="YES" I tried PPP in 2 modes, as follows, (on HostA) set device "!rsh HostB exec /usr/sbin/ppp -direct vpn" set device HostB:1001/tcp IP datagram was broken in ether mode. ================================================================ caputerd on HostB Ether interface. ================================================================ Frame 31 (54 on wire, 54 captured) Arrival Time: May 13, 2002 15:53:35.6882 Time delta from previous packet: 0.000796 seconds Time relative to first packet: 7.598413 seconds Frame Number: 31 Packet Length: 54 bytes Capture Length: 54 bytes Ethernet II Destination: 00:02:17:7c:ec:1c (Cisco_7c:ec:1c) Source: 00:30:48:10:64:2c (Supermic_10:64:2c) Type: IP (0x0800) Internet Protocol Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x0891 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 250 Protocol: TCP (0x06) Header checksum: 0x1a2a (correct) Source: HostA Destination: HostC Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849 Source port: 1057 (1057) Destination port: 4420 (4420) Sequence number: 207433985 Acknowledgement number: 1555843849 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 2048 Checksum: 0x0f37 (correct) 0 0002 177c ec1c 0030 4810 642c 0800 4500 ...|...0H.d,..E. 10 0028 0891 0000 fa06 1a2a c005 d881 a38a .(.......*...... 20 6203 0421 1144 0c5d 3101 5cbc 4b09 5010 b..!.D.]1.\.K.P. 30 0800 0f37 0000 ================================================================ caputerd on HostC tun0 interface. broken. ================================================================ Frame 32 (50 on wire, 50 captured) Arrival Time: May 13, 2002 15:52:56.9767 Time delta from previous packet: 0.001853 seconds Time relative to first packet: 7.607596 seconds Frame Number: 32 Packet Length: 50 bytes Capture Length: 50 bytes Null/Loopback Family: IP (0x00000002) Internet Protocol Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 46 Identification: 0x0891 Flags: 0x00 .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 247 Protocol: TCP (0x06) Header checksum: 0x1d24 (correct) Source: HostA Destination: HostC Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849 Source port: 1057 (1057) Destination port: 4420 (4420) Sequence number: 207433985 Next sequence number: 207433991 Acknowledgement number: 1555843849 Header length: 20 bytes Flags: 0x0010 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 2048 Checksum: 0x0f37 (incorrect, should be 0x0f31) Data (6 bytes) 0 0200 0000 4500 002e 0891 0000 f706 1d24 ....E..........$ 10 c005 d881 a38a 6203 0421 1144 0c5d 3101 ......b..!.D.]1. 20 5cbc 4b09 5010 0800 0f37 0000 0000 0000 \.K.P....7...... 30 0000 .. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: X-Send-Pr-Version: www-1.0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205140156.g4E1uDpL077368>