From owner-freebsd-net@FreeBSD.ORG Tue Apr 22 09:54:07 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F279337B401 for ; Tue, 22 Apr 2003 09:54:06 -0700 (PDT) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2D6743FBD for ; Tue, 22 Apr 2003 09:54:05 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (scratch.catspoiler.org [192.168.101.3]) by gw.catspoiler.org (8.12.6/8.12.6) with ESMTP id h3MGrwXB027200 for ; Tue, 22 Apr 2003 09:54:02 -0700 (PDT) (envelope-from truckman@FreeBSD.org) Message-Id: <200304221654.h3MGrwXB027200@gw.catspoiler.org> Date: Tue, 22 Apr 2003 09:53:58 -0700 (PDT) From: Don Lewis To: freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Subject: IP fragmentation disagreement between current and stable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Apr 2003 16:54:07 -0000 It looks like I've stumbled across an IP fragmentation bug in either 5.0-current or 4.8-stable that afflicts certain packet sizes. If I ping from the 4.8-stable machine to the 5.0-current machine # ping -c 1 -s 3176 192.168.101.3 I observe the following using tcpdump on the 5.0-current machine: 09:27:47.457860 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 47248:1480@0+) (ttl 64, len 1500) 4500 05dc b890 2000 4001 513a c0a8 6502 c0a8 6503 0800 3479 9953 0000 836d a53e 9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:27:47.457957 192.168.101.2 > 192.168.101.3: icmp (frag 47248:1480@1480+) (ttl 64, len 1500) 4500 05dc b890 20b9 4001 5081 c0a8 6502 c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:27:47.457976 192.168.101.2 > 192.168.101.3: icmp (frag 47248:224@2960) (ttl 64, len 244) 4500 00f4 b890 0172 4001 74b0 c0a8 6502 c0a8 6503 8889 8a8b 8c8d 8e8f 9091 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3 c4c5 09:27:47.458040 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 16298:1480@0+) (ttl 64, len 1500) 4500 05dc 3faa 2000 4001 ca20 c0a8 6503 c0a8 6502 0000 3c79 9953 0000 836d a53e 9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:27:47.458046 192.168.101.3 > 192.168.101.2: icmp (frag 16298:1480@1480+) (ttl 64, len 1500) 4500 05dc 3faa 20b9 4001 c967 c0a8 6503 c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:27:47.458050 192.168.101.3 > 192.168.101.2: icmp (frag 16298:224@2960) (ttl 64, len 244) 4500 00f4 3faa 0172 4001 ed96 c0a8 6503 c0a8 6502 8889 8a8b 8c8d 8e8f 9091 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3 c4c5 The -current machine is seenig the echo request and is sending a response. If I observe the same traffic on the -stable machine, I see: 09:27:47.458727 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 47248:1480@0+) (ttl 64, len 1500) 4500 05dc b890 2000 4001 513a c0a8 6502 c0a8 6503 0800 3479 9953 0000 836d a53e 9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:27:47.458743 192.168.101.2 > 192.168.101.3: icmp (frag 47248:1480@1480+) (ttl 64, len 1500) 4500 05dc b890 20b9 4001 5081 c0a8 6502 c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:27:47.458758 192.168.101.2 > 192.168.101.3: icmp (frag 47248:224@2960) (ttl 64, len 244) 4500 00f4 b890 0172 4001 74b0 c0a8 6502 c0a8 6503 8889 8a8b 8c8d 8e8f 9091 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3 c4c5 09:27:47.459525 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 16298:1480@0+) (ttl 64, len 1500) 4500 05dc 3faa 2000 4001 ca20 c0a8 6503 c0a8 6502 0000 3c79 9953 0000 836d a53e 9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:27:47.459641 192.168.101.3 > 192.168.101.2: icmp (frag 16298:1480@1480+) (ttl 64, len 1500) 4500 05dc 3faa 20b9 4001 c967 c0a8 6503 c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:27:47.459657 truncated-ip - 2 bytes missing! 192.168.101.3 > 192.168.101.2: icmp (frag 16298:224@2960) (ttl 64, len 244) 4500 00f4 3faa 0172 4001 ed96 c0a8 6503 c0a8 6502 8889 8a8b 8c8d 8e8f 9091 9293 9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3 a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3 b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3 c4c5 For some reason, the stable machine doesn't like the last fragment, and the IP stack and the ping command don't see the response. If I ping from -current to -stable, the -stable machine doesn't like the last fragment of the echo request and doesn't send a response. If I increase the packet size by any multiple of 1480 bytes (which results in the same final fragment size), I see the same symptoms. Interestingly, I don't see any problems if I decrease the packet size by 1480 bytes to 1696, everything works just fine. Viewed from -current: 09:51:31.518033 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 57049:1480@0+) (ttl 64, len 1500) 4500 05dc ded9 2000 4001 2af1 c0a8 6502 c0a8 6503 0800 c081 ef53 0000 1373 a53e 49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:51:31.518064 192.168.101.2 > 192.168.101.3: icmp (frag 57049:224@1480) (ttl 64, len 244) 4500 00f4 ded9 00b9 4001 4f20 c0a8 6502 c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:51:31.518136 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 40560:1480@0+) (ttl 64, len 1500) 4500 05dc 9e70 2000 4001 6b5a c0a8 6503 c0a8 6502 0000 c881 ef53 0000 1373 a53e 49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:51:31.518141 192.168.101.3 > 192.168.101.2: icmp (frag 40560:224@1480) (ttl 64, len 244) 4500 00f4 9e70 00b9 4001 8f89 c0a8 6503 c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd Viewed from -stable: 09:51:31.520577 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 57049:1480@0+) (ttl 64, len 1500) 4500 05dc ded9 2000 4001 2af1 c0a8 6502 c0a8 6503 0800 c081 ef53 0000 1373 a53e 49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:51:31.520592 192.168.101.2 > 192.168.101.3: icmp (frag 57049:224@1480) (ttl 64, len 244) 4500 00f4 ded9 00b9 4001 4f20 c0a8 6502 c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd 09:51:31.521293 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 40560:1480@0+) (ttl 64, len 1500) 4500 05dc 9e70 2000 4001 6b5a c0a8 6503 c0a8 6502 0000 c881 ef53 0000 1373 a53e 49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435 09:51:31.521310 192.168.101.3 > 192.168.101.2: icmp (frag 40560:224@1480) (ttl 64, len 244) 4500 00f4 9e70 00b9 4001 8f89 c0a8 6503 c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb fcfd