Discussion:
netbsd 5.1_rc3 ipf and bad header checksums
(too old to reply)
Mark Davies
2010-06-15 05:22:42 UTC
Permalink
On NetBSD 5.x ipf seems to be producing IP packets with bad header
checksums for ICMP packets larger than 180 bytes in size.

The attached tcpdump pcap file shows 12 icmp port unreachable packets,
and the outgoing packets that caused them, captured on the internal
interface of a 5.1_RC3 box running ipf.

The first 4 are length 180 and pass through OK.
The second 4 are length 181 and have incorrect ip header checksums.
The last 4 are length 181 but ipf is disabled and they pass through
OK.

For this test the ipf ruleset was just:
pass in all
pass out all


Any immediate ideas or should I file a PR?


cheers
mark
Mark Davies
2010-06-15 05:25:44 UTC
Permalink
Post by Mark Davies
Any immediate ideas or should I file a PR?
Looks like it might be a byte ordering issue - the packets in
question are coming in as 201 bytes in length and leaving as 51456,
which is 201 byteswapped. Interesting that it only happens on that
subset of packets.
cheers
mark

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Mark Davies
2010-06-16 02:09:05 UTC
Permalink
Post by Mark Davies
Any immediate ideas or should I file a PR?
PR kern/43484

and I tried the latest -current MONOLITHIC kernel with a 5.1_RC3
userland and got the same result.

cheers
mark

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...