Date: Mon, 28 Aug 2000 16:10:02 -0700 (PDT) From: volf@oasis.IAEhv.nl (Frank Volf) To: freebsd-bugs@FreeBSD.org Subject: Re: kern/20877: ICMP error msg on UDP port unreachable is incorrect Message-ID: <200008282310.QAA36508@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/20877; it has been noted by GNATS. From: volf@oasis.IAEhv.nl (Frank Volf) To: Ruslan Ermilov <ru@FreeBSD.org> Cc: Frank Volf <volf@oasis.IAEhv.nl>, bug-followup@FreeBSD.org, Garrett Wollman <wollman@FreeBSD.org>, Sheldon Hearn <sheldonh@FreeBSD.org> Subject: Re: kern/20877: ICMP error msg on UDP port unreachable is incorrect Date: Tue, 29 Aug 2000 01:03:44 +0200 (CEST) Ruslan, I verified your patch, and it seems to work for udp based traceroutes. I do have two questions though: 1) You might have broken ipfw, ipfilter and possibly other packet filtering systems that are called in ip_input(); if they use icmp_error() and they did the right thing (fixing ip_id e.a) then they do now the wrong thing :-) 2) I do not understand why you remove HTONS(ip->ip_id) from ip_forward(). I have the feeling, without being able to pin point it, that you have broken something: because now you change the ip_id for every ip packet that goes through ip_forward()! If this was not broken before it must be broken now (or I must get some sleep....). Frank Ruslan Ermilov wrote: > On Sun, Aug 27, 2000 at 07:45:22PM +0200, Frank Volf wrote: > > > > I disagree with the fact that you simply close this pr as being a duplicate > > case of PR 16240. > > > > PR 16240 tries to address the generic problem, which is indeed present in > > many network implementations and may or maynot be difficult to fix. > > > > Here, a very simple patch is presented for a special instance of 16240 > > (an instance that occurs a lot, e.g. using udp based tracerouted). I see no > > reason why this patch cannot be applied to FreeBSD. > > > The reason is simple -- your patch is wrong and incomplete. > > > If there *are* issues that I overlooked I would like to hear about them, > > and have them properly discussed. > > > You overlooked (amongst other things) that ip_off field is also vulnerable. > > The basic idea is that all IP header fields SHOULD BE in host byte order > right after the start of ip_input(), and ip_output() converts them back > to network byte order. So in icmp_error() the bytes should still be in > host byte order, this is even implied by the following piece of code: > > /* > * Don't send error if not the first fragment of message. > * Don't error if the old packet protocol was ICMP > * error message, only known informational types. > */ > if (oip->ip_off &~ (IP_MF|IP_DF)) > goto freeit; > > > Attached is the patch that fixes part of problems with ICMP error generation. > It could be applied to both 5.0-CURRENT and 4.1-STABLE. This patch is still > incomplete, it misses the ip_output() portion of fixes. I will develop and > test the remaining bits tomorrow and commit it along with this patch. > > > Cheers, > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age [ Attachment, skipping... ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008282310.QAA36508>