tech-net: Re: strangeness while using SOCK

Subject: Re: strangeness while using SOCK_RAW
To: None <tech-net@netbsd.org>
From: Eric Auge <eau@phear.org>
List: tech-net
Date: 02/08/2007 15:59:30
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7D72C34079BE1F6C35CA3B58
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Re Hello,

I found out an answer to that behavior within the kernel :

the default handler for SOCK_RAW and undefined protocols
is located in :
/usr/src/sys/netinet/in_proto.c :
[...]
/* raw wildcard */
{ SOCK_RAW,     &inetdomain,    0,              PR_ATOMIC|PR_ADDR|PR_LAST=
HDR,
  rip_input,    rip_output,     rip_ctlinput,   rip_ctloutput,
  rip_usrreq,
  rip_init,     0,              0,              0,
},
[...]

which reference rip_input() function.

/usr/src/sys/netinet/raw_ip.c :
[...]
/*
 * XXX Compatibility: programs using raw IP expect ip_len
 * XXX to have the header length subtracted, and in host order.
 * XXX ip_off is also expected to be host order.
 */
 ip->ip_len =3D ntohs(ip->ip_len) - (ip->ip_hl << 2);
 NTOHS(ip->ip_off);
[...]

I don't understand this behavior and comment.

What "programs" using SOCK_RAW, IPPROTO_RAW (the behavior for undefined p=
rotos
seems to be similar to the IPPROTO_RAW one) expect the RAW IP header
len(ip->ip_len) to be substracted from the size of the IP header without =
ripping
off the header itself ...?

Hope someone can enlighten me.

Regards,
Eric.

Eric Auge wrote:
> Hello,
>=20
> while porting openospfd to netbsd, I'm facing some voodoo
> problem that might be obvious but i can't see it.
>=20
> the application is using socket(PF_INET, SOCK_RAW, IPPROTO_OSPF)
> with
> [...]
> #define IPPROTO_OSPF             89
> [...]
>=20
> the recvfrom() return 80, while the IP header length field return 60 (o=
f
> recvfrom()'ed packet).
>=20
> dump from the application buffer after the recvfrom() :
> 0x45 0x00 0x3c 0x00 0x73 0x60 0x00 0x00  0x01 0x59 0x3a 0xe5 0x0a 0x09 =
0x21 0x02
> 0xe0 0x00 0x00 0x05 0x02 0x01 0x00 0x2c  0x0a 0x09 0x21 0x02 0x00 0x00 =
0x00 0x00
> 0x00 0x00 0x00 0x02 0x00 0x00 0x01 0x10  0x08 0x79 0x47 0xd5 0xff 0xff =
0xff 0x00
> 0x00 0x05 0x02 0x01 0x00 0x00 0x00 0x28  0x0a 0x09 0x21 0x02 0x00 0x00 =
0x00 0x00
> 0x9b 0x5c 0x59 0x99 0xf3 0xe7 0x85 0xc6  0xe7 0xb5 0xcd 0x3b 0x09 0x7f =
0xda 0xb4
>=20
> tcpdump from the same packet :
> 0x0000:  4500 0050 7360 0000 0159 3ae5 0a09 2102  E..Ps`...Y:...!.
> 0x0010:  e000 0005 0201 002c 0a09 2102 0000 0000  .......,..!.....
> 0x0020:  0000 0002 0000 0110 0879 47d5 ffff ff00  .........yG.....
> 0x0030:  0005 0201 0000 0028 0a09 2102 0000 0000  .......(..!.....
> 0x0040:  9b5c 5999 f3e7 85c6 e7b5 cd3b 097f dab4  .\Y........;....
>=20
> 0x50 (80 bytes) on the wire become suddenly 0x3c (60 bytes) when
> send to userland, while tcpdump uses bpf so the packet arrives unmodifi=
ed.
>=20
> looks like the kernel is removing 20 from the length value (ip->ip_len)=
 of the
> IP header which could be the size of the IP header.
> It look strange to me that it changes the size from the IP header witho=
ut
> removing the header itself...
>=20
> I dont really know where to look in the kernel to check...
>=20
> any ideas ? can someone enlighten me on this ?
>=20
> Regards,
> Eric.
>=20


--------------enig7D72C34079BE1F6C35CA3B58
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (NetBSD)

iD8DBQFFyzrVSdZNA80H8MYRAhc7AKCvM+1nT7PMtbpvBfzDCUZDQlWzUQCfbdgK
CUW5flSqCZMZfOY2bdIMzrU=
=k+7V
-----END PGP SIGNATURE-----

--------------enig7D72C34079BE1F6C35CA3B58--