Date: Mon, 7 Feb 2005 18:22:24 +0200 From: "Emil Cazamir" <emil.cazamir@galati.rdsnet.ro> To: "'David Malone'" <dwmalone@maths.tcd.ie> Cc: freebsd-bugs@FreeBSD.org Subject: RE: kern/76966: udp/520 reply packets when routed is not running Message-ID: <20050207161833.A673AA734D@main.galati.rdsnet.ro> In-Reply-To: <200502071209.aa89005@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
-----Original Message----- From: David Malone [mailto:dwmalone@maths.tcd.ie] Sent: 7 februarie 2005 14:09 To: Emil Cazamir Cc: freebsd-bugs@FreeBSD.org Subject: Re: kern/76966: udp/520 reply packets when routed is not running > There is no problem with the netmask, there are several subnets sharing the > same wire. I lokked into few kernel config files and I didn't found anything > specific. I think that the cause of what's happening is somewhere in > natd/libalias, all the machines which respond to [or forward] udp/520 > packets are running natd. I will make available kernel config files, process > listings, etc if it is required. OK - that probably explains how the source address of the packet was changed. I can suggest two things that might be useful. First, if you could check with tcpdump -X that the payloads of the packets look identical. Second, it might be worth posting your natd/libalias config. David. ---- I captured some packets at the same time on two machines: the gateway [common for all subnets] and one freebsd box running natd. Tcpdump's timestamp shows a 12 minutes difference, but I can assure you that they were taken at the same time. Gateway: I changed the real IP addresses with 192.168.x.x, using the same netmask. The subnets are: 192.168.0.126/26, 192.168.1.0/28 and 192.168.2.0/26. The machine running routed is a linux box [don't know what distribution/kernel] ---> [linux gateway] 17:57:31.528159 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 4011 2a34 51c4 367e E..4..@.@.*4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528555 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b34 51c4 367e E..4..@.?.+4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528712 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b34 51c4 367e E..4..@.?.+4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528721 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b34 51c4 367e E..4..@.?.+4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528771 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.1.83.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 46c5 d45d 9853 E..4..@.?.F..].S 0x0010: 51c4 367f 0208 0208 0020 0599 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528780 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.2.33.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b91 51c4 3621 E..4..@.?.+.Q.6! 0x0010: 51c4 367f 0208 0208 0020 ea64 0101 0000 Q.6........d.... 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.528806 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b34 51c4 367e E..4..@.?.+4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 17:57:31.529237 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], length: 52) 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1, Request, length: 24 0x0000: 0101 0000 0000 0000 0000 0000 0000 0000 0x0010: 0000 0000 0000 0010 0x0000: 4500 0034 0000 4000 3f11 2b34 51c4 367e E..4..@.?.+4Q.6~ 0x0010: 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030: 0000 0010 .... 8 packets captured 8 packets received by filter 0 packets dropped by kernel <--- Gateway a Freebsd host in one subnet, running natd: ---> [freebsd-4.10-box]:~# tcpdump -nXvvni rl0 -p udp and port 520 tcpdump: listening on rl0 17:45:48.504732 192.168.0.126.520 > 192.168.0.127.520: [udp sum ok] RIPv1-req 24 (DF) (ttl 64, id 0, len 52) 0x0000 4500 0034 0000 4000 4011 2a34 51c4 367e E..4..@.@.*4Q.6~ 0x0010 51c4 367f 0208 0208 0020 ea07 0101 0000 Q.6............. 0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030 0000 0010 .... 17:45:48.505114 192.168.2.33.520 > 192.168.0.127.520: [udp sum ok] RIPv1-req 24 (DF) (ttl 63, id 0, len 52) 0x0000 4500 0034 0000 4000 3f11 2b91 51c4 3621 E..4..@.?.+.Q.6! 0x0010 51c4 367f 0208 0208 0020 ea64 0101 0000 Q.6........d.... 0x0020 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0030 0000 0010 .... ^C 670 packets received by filter 0 packets dropped by kernel <--- Best regards, Emil Cazamir
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050207161833.A673AA734D>