Date: Thu, 11 Nov 2004 10:57:58 +0100 From: Andre Albsmeier <andre.albsmeier@siemens.com> To: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl> Cc: freebsd-net@freebsd.org Subject: Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem Message-ID: <20041111095758.GA72069@curry.mchp.siemens.de> In-Reply-To: <20040809163739.GA95408@shellma.zin.lublin.pl> References: <20040805225408.GA70729@shellma.zin.lublin.pl> <20040809163739.GA95408@shellma.zin.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 09-Aug-2004 at 18:37:39 +0200, Pawel Malachowski wrote:
> On Fri, Aug 06, 2004 at 12:54:08AM +0200, Pawel Malachowski wrote:
>
> > I can see weird behavior of this command:
> > traceroute -s privateIP -P UDP dst
> > Outgoing UDP packets are translated, ICMP time-exceded message comes back,
> > but traceroute shows '* * *'. ;)
>
> v3.4.35 import breaks things on my RELENG_4 box. FYI:
>
> With this ruleset, UDP-traceroute doesn't work (ICMP- works):
> map fxp0 172.27.201.1/24 -> public/32 proxy port ftp ftp/tcp
> map fxp0 172.27.201.1/24 -> public/32 portmap tcp/udp auto
> map fxp0 172.27.201.1/24 -> public/32
>
> % traceroute -s 172.27.201.1 -P udp www.yahoo.com
> traceroute to www.yahoo.akadns.net (216.109.118.74) from 172.27.201.1, 64 hops max, 44 byte packets
> 1 * * *
> 2 * * *
> 3 * * *
> 4 * * *
> 5 * * *
> 6 * * *
> 7 * * *
> 8 * *^C
> ...
Since I was tired of waiting another 4 months until this is getting
fixed (nobody seems to be interested in ipfilter anymore), I have
patched ip_nat.c and it is working again.
I am sure the patch is ugly/wrong/bad/completely_insane but it works
and I haven't seen any side effects so far. If anybody is interested:
--- sys/contrib/ipfilter/netinet/ip_nat.c.ORI Mon Jul 5 09:28:35 2004
+++ sys/contrib/ipfilter/netinet/ip_nat.c Tue Nov 9 18:49:30 2004
@@ -1783,7 +1783,7 @@
* Fix UDP pseudo header checksum to compensate for the
* IP address change.
*/
- if ((oip->ip_p == IPPROTO_UDP) && (dlen >= 8) && udp->uh_sum) {
+ if ((oip->ip_p == IPPROTO_UDP) && (dlen >= 8)) {
/*
* The UDP checksum is optional, only adjust it
* if it has been set.
Maybe this helps Darren to find the real problem...
-Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041111095758.GA72069>