Subject: kern/3782: icmp port unreachable messages from udp is wrong
To: None <>
From: None <>
List: netbsd-bugs
Date: 06/24/1997 15:59:23
>Number:         3782
>Category:       kern
>Synopsis:       icmp port unreachable messages from udp is wrong
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 24 00:05:00 1997
>Originator:     Koji Imada - je4owb/2
Mathematics Group of Graduate School of Human
	Infomatics, Nagoya University, Japan.
>Release:        970622
System: NetBSD bimota 1.2E NetBSD 1.2E (BIMOTA) #: Wed Jun 11 02:13:27 JST 1997 koji@ducati:/mnt2/NetBSD/work/src-ufs-mod/sys/arch/i386/compile/BIMOTA i386

	udp adds iphlen to ip->ip_len before calling icmp_error() in
	udp_input(). But this is done in icmp_error() too. So returned 
	ip header by icmp has 20 bytes too large.

	This is described in p.774 of "TCP/IP Illustrated Vol. 2".
	Just look icmp port unreachable message from udp with tcpdump
	and compare with original packet.
	Apply following patch.

Index: sys/netinet/udp_usrreq.c
RCS file: /mnt2/NetBSD/cvsroot/netbsd/sys/netinet/udp_usrreq.c,v
retrieving revision
diff -u -r1.1.1.2 udp_usrreq.c
--- udp_usrreq.c	1997/04/01 07:17:36
+++ udp_usrreq.c	1997/06/24 06:36:38
@@ -291,7 +291,9 @@
 				goto bad;
 			*ip = save_ip;
+#if 0 /* This is done in icmp_error() */
 			ip->ip_len += iphlen;
 #if NIPKDB > 0
 			if (checkipkdb(&ip->ip_src,