Subject: kern/3782: icmp port unreachable messages from udp is wrong
To: None <gnats-bugs@gnats.netbsd.org>
From: None <koji@math.human.nagoya-u.ac.jp>
List: netbsd-bugs
Date: 06/24/1997 15:59:23
>Number: 3782
>Category: kern
>Synopsis: icmp port unreachable messages from udp is wrong
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jun 24 00:05:00 1997
>Last-Modified:
>Originator: Koji Imada - je4owb/2
>Organization:
Mathematics Group of Graduate School of Human
Infomatics, Nagoya University, Japan.
>Release: 970622
>Environment:
System: NetBSD bimota 1.2E NetBSD 1.2E (BIMOTA) #: Wed Jun 11 02:13:27 JST 1997 koji@ducati:/mnt2/NetBSD/work/src-ufs-mod/sys/arch/i386/compile/BIMOTA i386
>Description:
udp adds iphlen to ip->ip_len before calling icmp_error() in
udp_input(). But this is done in icmp_error() too. So returned
ip header by icmp has 20 bytes too large.
This is described in p.774 of "TCP/IP Illustrated Vol. 2".
>How-To-Repeat:
Just look icmp port unreachable message from udp with tcpdump
and compare with original packet.
>Fix:
Apply following patch.
Index: sys/netinet/udp_usrreq.c
===================================================================
RCS file: /mnt2/NetBSD/cvsroot/netbsd/sys/netinet/udp_usrreq.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 udp_usrreq.c
--- udp_usrreq.c 1997/04/01 07:17:36 1.1.1.2
+++ udp_usrreq.c 1997/06/24 06:36:38
@@ -291,7 +291,9 @@
goto bad;
}
*ip = save_ip;
+#if 0 /* This is done in icmp_error() */
ip->ip_len += iphlen;
+#endif
#if NIPKDB > 0
if (checkipkdb(&ip->ip_src,
uh->uh_sport,
>Audit-Trail:
>Unformatted: