Date: Mon, 28 Aug 2000 16:10:02 -0700 (PDT) From: volf@oasis.IAEhv.nl (Frank Volf) To: freebsd-bugs@FreeBSD.org Subject: Re: kern/20877: ICMP error msg on UDP port unreachable is incorrect Message-ID: <200008282310.QAA36508@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/20877; it has been noted by GNATS.
From: volf@oasis.IAEhv.nl (Frank Volf)
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: Frank Volf <volf@oasis.IAEhv.nl>, bug-followup@FreeBSD.org,
Garrett Wollman <wollman@FreeBSD.org>,
Sheldon Hearn <sheldonh@FreeBSD.org>
Subject: Re: kern/20877: ICMP error msg on UDP port unreachable is incorrect
Date: Tue, 29 Aug 2000 01:03:44 +0200 (CEST)
Ruslan,
I verified your patch, and it seems to work for udp based traceroutes.
I do have two questions though:
1) You might have broken ipfw, ipfilter and possibly other packet filtering
systems that are called in ip_input(); if they use icmp_error() and they
did the right thing (fixing ip_id e.a) then they do now the wrong thing
:-)
2) I do not understand why you remove HTONS(ip->ip_id) from ip_forward().
I have the feeling, without being able to pin point it, that you have
broken something: because now you change the ip_id for every ip packet
that goes through ip_forward()! If this was not broken before it must
be broken now (or I must get some sleep....).
Frank
Ruslan Ermilov wrote:
> On Sun, Aug 27, 2000 at 07:45:22PM +0200, Frank Volf wrote:
> >
> > I disagree with the fact that you simply close this pr as being a duplicate
> > case of PR 16240.
> >
> > PR 16240 tries to address the generic problem, which is indeed present in
> > many network implementations and may or maynot be difficult to fix.
> >
> > Here, a very simple patch is presented for a special instance of 16240
> > (an instance that occurs a lot, e.g. using udp based tracerouted). I see no
> > reason why this patch cannot be applied to FreeBSD.
> >
> The reason is simple -- your patch is wrong and incomplete.
>
> > If there *are* issues that I overlooked I would like to hear about them,
> > and have them properly discussed.
> >
> You overlooked (amongst other things) that ip_off field is also vulnerable.
>
> The basic idea is that all IP header fields SHOULD BE in host byte order
> right after the start of ip_input(), and ip_output() converts them back
> to network byte order. So in icmp_error() the bytes should still be in
> host byte order, this is even implied by the following piece of code:
>
> /*
> * Don't send error if not the first fragment of message.
> * Don't error if the old packet protocol was ICMP
> * error message, only known informational types.
> */
> if (oip->ip_off &~ (IP_MF|IP_DF))
> goto freeit;
>
>
> Attached is the patch that fixes part of problems with ICMP error generation.
> It could be applied to both 5.0-CURRENT and 4.1-STABLE. This patch is still
> incomplete, it misses the ip_output() portion of fixes. I will develop and
> test the remaining bits tomorrow and commit it along with this patch.
>
>
> Cheers,
> --
> Ruslan Ermilov Oracle Developer/DBA,
> ru@sunbay.com Sunbay Software AG,
> ru@FreeBSD.org FreeBSD committer,
> +380.652.512.251 Simferopol, Ukraine
>
> http://www.FreeBSD.org The Power To Serve
> http://www.oracle.com Enabling The Information Age
[ Attachment, skipping... ]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008282310.QAA36508>