Subject: Re: kern/18517
To: None <darrenr@netbsd.org, gnats-admin@netbsd.org,>
From: Tero Kivinen <kivinen@iki.fi>
List: netbsd-bugs
Date: 11/03/2005 11:51:07
The following reply was made to PR kern/18517; it has been noted by GNATS.
From: Tero Kivinen <kivinen@iki.fi>
To: gnats-bugs@netbsd.org (NetBSD Problem Report DB Administrator)
Cc:
Subject: Re: kern/18517
Date: Thu, 3 Nov 2005 13:50:39 +0200
I checked the situation again now with NetBSD 2.0.2 kernel (IP numbers
and architecture has changed since last time, but config is still same):
NetBSD fireball.kivinen.iki.fi 2.0.2 NetBSD 2.0.2 (FIREBALL) #3: Sat Aug 13 22:52:00 EEST 2005 root@fireball.kivinen.iki.fi:/usr/src/sys/arch/amd64/compile/FIREBALL amd64
Both of the cases still work incorrectluy. The return-rst case:
block return-rst in log proto tcp from any to any flags S/SA group 100
sends out invalid TCP checksums:
13:31:57.585565 0:30:b6:6a:c8:0 0:30:48:82:ec:2c 0800 64: 83.145.195.7.25 > 212.16.98.49.52291: R [bad tcp cksum 11ac!] 0:0(0) ack 2115730265 win 32768 (DF) (ttl 60, id 45494, len 40)
0x0000 4500 0028 b1b6 4000 3c06 403f 5391 c307 E..(..@.<.@?S...
0x0010 d410 6231 0019 cc43 0000 0000 7e1b 7b59 ..b1...C....~.{Y
0x0020 5014 8000 7112 0000 0000 0000 0000 125a P...q..........Z
0x0030 623c b<
The host-unreachable case:
block return-icmp(host-unr) in log proto tcp from any to any flags S/SA group 100
Still returns wrong ICMP checksum, and wrong host IP-address inside
the ICMP packet, wrong IP-address inside the contained TCP packet
inside the ICMP packet, and few other bad checksums.
13:44:37.360118 0:1:2:b3:bd:74 0:13:60:ae:db:40 0800 78: 83.145.195.1 > 212.16.98.49: icmp: host 192.168.2.2 unreachable (wrong icmp csum) for 212.16.98.49 > 192.168.2.2: tcp (frag 25539:15340@512) (ttl 61, len 15360, bad cksum 8d1e (->ffffa2c7)!) (DF) (ttl 64, id 51382, len 64, bad cksum 0 (->ffffcddb)!)
0x0000 4500 0040 c8b6 4000 4001 0000 5391 c301 E..@..@.@...S...
0x0010 d410 6231 0301 5ed8 9f88 169d 4500 3c00 ..b1..^.....E.<.
0x0020 63c3 0040 3d06 8d1e d410 6231 c0a8 0202 c..@=.....b1....
0x0030 fe59 0019 1e62 2316 710a 915d d2c6 2758 .Y...b#.q..]..'X
--
kivinen@safenet-inc.com