From owner-freebsd-stable@FreeBSD.ORG Wed Oct 24 15:40:18 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A9DAFD16 for ; Wed, 24 Oct 2012 15:40:18 +0000 (UTC) (envelope-from jdc@koitsu.strangled.net) Received: from qmta14.emeryville.ca.mail.comcast.net (qmta14.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:44:76:96:27:212]) by mx1.freebsd.org (Postfix) with ESMTP id 8C9208FC1C for ; Wed, 24 Oct 2012 15:40:18 +0000 (UTC) Received: from omta01.emeryville.ca.mail.comcast.net ([76.96.30.11]) by qmta14.emeryville.ca.mail.comcast.net with comcast id F1jp1k0060EPchoAE3gJG8; Wed, 24 Oct 2012 15:40:18 +0000 Received: from koitsu.strangled.net ([67.180.84.87]) by omta01.emeryville.ca.mail.comcast.net with comcast id F3gH1k00A1t3BNj8M3gHxU; Wed, 24 Oct 2012 15:40:18 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 0D4C273A1A; Wed, 24 Oct 2012 08:40:17 -0700 (PDT) Date: Wed, 24 Oct 2012 08:40:17 -0700 From: Jeremy Chadwick To: h.schmalzbauer@omnilan.de Subject: Re: every 2nd echo-request malformed when ping -s >4067 Message-ID: <20121024154017.GA3167@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Cc: adrian@freebsd.org, freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2012 15:40:18 -0000 (Please keep me CC'd as I'm not subscribed) Regarding: http://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070239.html tcpdump -x is not helpful here. tcpdump -xx would be. tcpdump -x dumps the *payload* portion of the packet, while -xx dumps everything (all headers/protocol data included). The reason I say -xx would be helpful is because of this: > 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp > 0x0000: 4500 1000 0f2d 0040 4001 e4c7 0a05 317e The ICMP code/type and related header data is not being decoded correctly, or is being *encoded* incorrectly. I can't tell because all that's shown there is the payload! But the preceding line (with src/dst IPs) only indicates "it's icmp". It SHOULD be indicating type 8 (ECHO), etc... Regarding the payload itself: I couldn't care less what's in it. All that's stated per RFC 792 is: "The data received in the echo message must be returned in the echo reply message." If I remember right, the payload portion is 100% "vendor-specific", meaning you can put whatever you want there. Let's see... http://www.networksorcery.com/enp/protocol/icmp/msg8.htm "Data. Variable length. Implementation specific data." I've looked at src/sys/netinet/ip_icmp.c but it's not entirely clear what the payload consists of/is generated from. But like I said, I couldn't care less about the payload. What needs to be focused on is what's in the IP and ICMP header portion. -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB |