Date: Mon, 13 May 2002 18:56:13 -0700 (PDT) From: Amagai Yoshiji <amagai@nue.org> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/38058: ppp alters IP header length field 40 -> 46 Message-ID: <200205140156.g4E1uDpL077368@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 38058
>Category: bin
>Synopsis: ppp alters IP header length field 40 -> 46
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 13 19:00:04 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: Amagai Yoshiji
>Release: FreeBSD 4.5-RELEASE-p4
>Organization:
New Unified Environment Research Project
>Environment:
System: FreeBSD may.nue.org 4.5-RELEASE FreeBSD 4.5-RELEASE #3: Fri Apr 26 14:2\
5:46 JST 2002 amagai@may.nue.org:/usr/src/sys/compile/MAY i386
>Description:
Sent a 40 octet length IP datagram (typically, TCP Ack only segment
without any TCP options) on ppp connection, the IP header length field
was alterd from 40 to 46 sometimes. It makes TCP checksum incorrect.
------ PPP ------- router
HostA ------TCP/IP-------- HostB ---- TCP/IP ------ HostC
on HostA: sysctl net.inet.tcp.rfc1323=0
on HostB: gateway_enable="YES"
I tried PPP in 2 modes, as follows, (on HostA)
set device "!rsh HostB exec /usr/sbin/ppp -direct vpn"
set device HostB:1001/tcp
IP datagram was broken in ether mode.
================================================================
caputerd on HostB Ether interface.
================================================================
Frame 31 (54 on wire, 54 captured)
Arrival Time: May 13, 2002 15:53:35.6882
Time delta from previous packet: 0.000796 seconds
Time relative to first packet: 7.598413 seconds
Frame Number: 31
Packet Length: 54 bytes
Capture Length: 54 bytes
Ethernet II
Destination: 00:02:17:7c:ec:1c (Cisco_7c:ec:1c)
Source: 00:30:48:10:64:2c (Supermic_10:64:2c)
Type: IP (0x0800)
Internet Protocol
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0891
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 250
Protocol: TCP (0x06)
Header checksum: 0x1a2a (correct)
Source: HostA
Destination: HostC
Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849
Source port: 1057 (1057)
Destination port: 4420 (4420)
Sequence number: 207433985
Acknowledgement number: 1555843849
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 2048
Checksum: 0x0f37 (correct)
0 0002 177c ec1c 0030 4810 642c 0800 4500 ...|...0H.d,..E.
10 0028 0891 0000 fa06 1a2a c005 d881 a38a .(.......*......
20 6203 0421 1144 0c5d 3101 5cbc 4b09 5010 b..!.D.]1.\.K.P.
30 0800 0f37 0000
================================================================
caputerd on HostC tun0 interface. broken.
================================================================
Frame 32 (50 on wire, 50 captured)
Arrival Time: May 13, 2002 15:52:56.9767
Time delta from previous packet: 0.001853 seconds
Time relative to first packet: 7.607596 seconds
Frame Number: 32
Packet Length: 50 bytes
Capture Length: 50 bytes
Null/Loopback
Family: IP (0x00000002)
Internet Protocol
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 46
Identification: 0x0891
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 247
Protocol: TCP (0x06)
Header checksum: 0x1d24 (correct)
Source: HostA
Destination: HostC
Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849
Source port: 1057 (1057)
Destination port: 4420 (4420)
Sequence number: 207433985
Next sequence number: 207433991
Acknowledgement number: 1555843849
Header length: 20 bytes
Flags: 0x0010 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 2048
Checksum: 0x0f37 (incorrect, should be 0x0f31)
Data (6 bytes)
0 0200 0000 4500 002e 0891 0000 f706 1d24 ....E..........$
10 c005 d881 a38a 6203 0421 1144 0c5d 3101 ......b..!.D.]1.
20 5cbc 4b09 5010 0800 0f37 0000 0000 0000 \.K.P....7......
30 0000 ..
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
X-Send-Pr-Version: www-1.0
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205140156.g4E1uDpL077368>