Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Oct 2012 08:40:17 -0700
From:      Jeremy Chadwick <jdc@koitsu.org>
To:        h.schmalzbauer@omnilan.de
Cc:        adrian@freebsd.org, freebsd-stable@freebsd.org
Subject:   Re: every 2nd echo-request malformed when ping -s >4067
Message-ID:  <20121024154017.GA3167@icarus.home.lan>

next in thread | raw e-mail | index | archive | help
(Please keep me CC'd as I'm not subscribed)

Regarding:

http://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070239.html

tcpdump -x is not helpful here.  tcpdump -xx would be.

tcpdump -x dumps the *payload* portion of the packet, while -xx dumps
everything (all headers/protocol data included).

The reason I say -xx would be helpful is because of this:

> 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp
>         0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e

The ICMP code/type and related header data is not being decoded
correctly, or is being *encoded* incorrectly.  I can't tell because all
that's shown there is the payload!  But the preceding line (with src/dst
IPs) only indicates "it's icmp".  It SHOULD be indicating type 8 (ECHO),
etc...

Regarding the payload itself: I couldn't care less what's in it.  All
that's stated per RFC 792 is:

  "The data received in the echo message must be returned in the echo
   reply message."

If I remember right, the payload portion is 100% "vendor-specific",
meaning you can put whatever you want there.  Let's see...

http://www.networksorcery.com/enp/protocol/icmp/msg8.htm

  "Data. Variable length.
  Implementation specific data."

I've looked at src/sys/netinet/ip_icmp.c but it's not entirely clear
what the payload consists of/is generated from.  But like I said,
I couldn't care less about the payload.  What needs to be focused on
is what's in the IP and ICMP header portion.

-- 
| Jeremy Chadwick                                   jdc@koitsu.org |
| UNIX Systems Administrator                http://jdc.koitsu.org/ |
| Mountain View, CA, US                                            |
| Making life hard for others since 1977.             PGP 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121024154017.GA3167>