From owner-freebsd-net@FreeBSD.ORG Thu Nov 11 09:58:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0982616A4CE; Thu, 11 Nov 2004 09:58:03 +0000 (GMT) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4971643D2D; Thu, 11 Nov 2004 09:58:02 +0000 (GMT) (envelope-from andre.albsmeier@siemens.com) Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by david.siemens.de (8.12.6/8.12.6) with ESMTP id iAB9w0BO029732; Thu, 11 Nov 2004 10:58:00 +0100 Received: from mars.cert.siemens.com (mars.cert.siemens.com [139.25.19.9]) by mail3.siemens.de (8.12.6/8.12.6) with ESMTP id iAB9vxBO023941; Thu, 11 Nov 2004 10:57:59 +0100 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) mail/cert.mc.pre,v 1.65 2004/10/29 21:53:46 mailadm Exp $) with ESMTP id iAB9vxEP069064; Thu, 11 Nov 2004 10:57:59 +0100 (CET) Received: (from localhost) by curry.mchp.siemens.de (8.13.1/8.13.1) id iAB9vx5f028291; Date: Thu, 11 Nov 2004 10:57:58 +0100 From: Andre Albsmeier To: Pawel Malachowski Message-ID: <20041111095758.GA72069@curry.mchp.siemens.de> References: <20040805225408.GA70729@shellma.zin.lublin.pl> <20040809163739.GA95408@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040809163739.GA95408@shellma.zin.lublin.pl> X-Echelon: Hackers, cocaine, 767, 15kg, Ortega X-Advice: Drop that crappy M$-Outlook, I'm tired of your viruses! User-Agent: Mutt/1.5.4i cc: darrenr@freebsd.org cc: freebsd-net@freebsd.org Subject: Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Nov 2004 09:58:03 -0000 On Mon, 09-Aug-2004 at 18:37:39 +0200, Pawel Malachowski wrote: > On Fri, Aug 06, 2004 at 12:54:08AM +0200, Pawel Malachowski wrote: > > > I can see weird behavior of this command: > > traceroute -s privateIP -P UDP dst > > Outgoing UDP packets are translated, ICMP time-exceded message comes back, > > but traceroute shows '* * *'. ;) > > v3.4.35 import breaks things on my RELENG_4 box. FYI: > > With this ruleset, UDP-traceroute doesn't work (ICMP- works): > map fxp0 172.27.201.1/24 -> public/32 proxy port ftp ftp/tcp > map fxp0 172.27.201.1/24 -> public/32 portmap tcp/udp auto > map fxp0 172.27.201.1/24 -> public/32 > > % traceroute -s 172.27.201.1 -P udp www.yahoo.com > traceroute to www.yahoo.akadns.net (216.109.118.74) from 172.27.201.1, 64 hops max, 44 byte packets > 1 * * * > 2 * * * > 3 * * * > 4 * * * > 5 * * * > 6 * * * > 7 * * * > 8 * *^C > ... Since I was tired of waiting another 4 months until this is getting fixed (nobody seems to be interested in ipfilter anymore), I have patched ip_nat.c and it is working again. I am sure the patch is ugly/wrong/bad/completely_insane but it works and I haven't seen any side effects so far. If anybody is interested: --- sys/contrib/ipfilter/netinet/ip_nat.c.ORI Mon Jul 5 09:28:35 2004 +++ sys/contrib/ipfilter/netinet/ip_nat.c Tue Nov 9 18:49:30 2004 @@ -1783,7 +1783,7 @@ * Fix UDP pseudo header checksum to compensate for the * IP address change. */ - if ((oip->ip_p == IPPROTO_UDP) && (dlen >= 8) && udp->uh_sum) { + if ((oip->ip_p == IPPROTO_UDP) && (dlen >= 8)) { /* * The UDP checksum is optional, only adjust it * if it has been set. Maybe this helps Darren to find the real problem... -Andre