Date: Sun, 25 Jul 1999 12:12:34 -0400 (EDT) From: Jim Flowers <jflowers@ezo.net> To: Bill Paul <wpaul@comet.columbia.edu> Cc: skip-info@skip-vpn.org, freebsd-security@FreeBSD.ORG Subject: Re: wi driver with SKIP Message-ID: <Pine.BSI.3.91.990725113208.4553B-100000@lily.ezo.net> In-Reply-To: <199907232130.RAA02570@comet.columbia.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Comments below.
Jim Flowers <jflowers@ezo.net>
#4 ISP on C|NET, #1 in Ohio
On Fri, 23 Jul 1999, Bill Paul wrote:
>
> Ideally what you ought to do is run tcpdump -n -e -p -x -s1514 -i wi0
> on both sides. This will avoid putting the interface into promiscuous
> mode (changes the operation of the NIC slightly) and will dump out the
> packet contents. At this point, you show me the packet contents so I can
> see for myself the difference between how the frame should look and how
> it ultimately does look.
OK the results are at the end of this email. Tests with SKIP turned off
show identical packets are copied to bpf at each end. These are
unencrypted so you can see the packet within the packet starting in the
sixth line.
From these tests, it seems conclusive that sometime after the outbound
packets are copied to bpf in the wi driver but before they are copied to
bpf in the pn driver, they are truncated to 64 bytes following the IP
header. Beyond that, the packet before it is truncated looks pretty
normal so I'm at a dead end. Maybe something will leap out at you.
>
> Furthermore, what happens when you ping W2 from W1?
>
Same thing, only there is no turnaround as the initial ping-request
cannot be de-encapsulated.
> > Would have done more but the building that Hillary Clinton is speaking
> > in front of is next to ours and we got kicked out by the secret service.
>
> You know, I've heard plenty of excuses in my time, but this one takes
> the cake. Not that I'm assusing you of lying, but this is definitely
> one for the books.
But, nontheless true. You don't want to be carrying around computer bags
and boxes with those SWAT guys on the rooftops.
Jim
---------------------------------
Recorded on initiating machine with WaveLAN/EC connected to pn0
10:40:13.653872 0:a0:cc:28:80:f8 0:60:1d:4:26:68 0800 306:
206.151.177.132 > 206.151.177.134: ip-proto-57 272
4500 0124 000f 0000 ff39 ba57 ce97 b184
ce97 b186 1008 0833 0000 9c3e 0200 0100
7669 1c83 2925 a284 30ed 377c 90fe ae5b
0e68 2525 f51c d938 38ce 30a7 d4f1 cdca
56e7 ea07 4e4e 0fc7 2847 f9a3 3912 e6bf
0404 0000 0000 0001 4ca2 2dd7 3e9f 5d13
a134 8e1a bd04 85a9 4500 00bc 000e 0000
ff39 bac0 ce97 b184 ce97 b186 1008 0833
0000 9c3e 0200 0100 7669 1c83 2925 a284
30ed 377c 90fe ae5b 0e68 2525 f51c d938
38ce 30a7 d4f1 cdca 56e7 ea07 4e4e 0fc7
2847 f9a3 3912 e6bf 0404 0000 0000 0001
bede 3f94 4fc9 0a27 f66a cd40 3bb4 ef48
4500 0054 02bf 0000 ff01 b8af ce97 b184
ce97 b186 0800 28f5 2202 0000 cd21 9b37
51ac 0800 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
10:40:14.590330 0:60:1d:4:26:68 0:a0:cc:28:80:f8 0800 98:
truncated-ip - 104 bytes missing!206.151.177.134 > 206.151.177.132:
ip-proto-57 168
4500 00bc 0015 0000 ff39 bab9 ce97 b186
ce97 b184 1008 0833 0000 9c3e 0200 0100
592d 3210 6557 0dba 6d08 19de af17 f7bb
56e7 ea07 4e4e 0fc7 2847 f9a3 3912 e6bf
0e68 2525 f51c d938 38ce 30a7 d4f1 cdca
0404 0000
Recorded on receiving machine using wi0 driver
10:37:16.033314 0:a0:cc:28:80:f8 0:60:1d:4:26:68 0800 306:
206.151.177.132 > 206.151.177.134: ip-proto-57 272
4500 0124 000f 0000 ff39 ba57 ce97 b184
ce97 b186 1008 0833 0000 9c3e 0200 0100
7669 1c83 2925 a284 30ed 377c 90fe ae5b
0e68 2525 f51c d938 38ce 30a7 d4f1 cdca
56e7 ea07 4e4e 0fc7 2847 f9a3 3912 e6bf
0404 0000 0000 0001 4ca2 2dd7 3e9f 5d13
a134 8e1a bd04 85a9 4500 00bc 000e 0000
ff39 bac0 ce97 b184 ce97 b186 1008 0833
0000 9c3e 0200 0100 7669 1c83 2925 a284
30ed 377c 90fe ae5b 0e68 2525 f51c d938
38ce 30a7 d4f1 cdca 56e7 ea07 4e4e 0fc7
2847 f9a3 3912 e6bf 0404 0000 0000 0001
bede 3f94 4fc9 0a27 f66a cd40 3bb4 ef48
4500 0054 02bf 0000 ff01 b8af ce97 b184
ce97 b186 0800 28f5 2202 0000 cd21 9b37
51ac 0800 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
10:37:16.957262 0:60:1d:4:26:68 0:a0:cc:28:80:f8 0800 202:
206.151.177.134 > 206.151.177.132: ip-proto-57 168
4500 00bc 0015 0000 ff39 bab9 ce97 b186
ce97 b184 1008 0833 0000 9c3e 0200 0100
592d 3210 6557 0dba 6d08 19de af17 f7bb
56e7 ea07 4e4e 0fc7 2847 f9a3 3912 e6bf
0e68 2525 f51c d938 38ce 30a7 d4f1 cdca
0404 0000 0000 0001 c94c 6b5f 8267 8eae
d19e 04f9 0900 8dc8 4500 0054 05d3 0000
ff01 b59b ce97 b186 ce97 b184 0000 36da
2202 0100 ce21 9b37 49c7 0800 0809 0a0b
0c0d 0e0f 1011 1213 1415 1617 1819 1a1b
1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
2c2d 2e2f 3031 3233 3435 3637
-------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.91.990725113208.4553B-100000>