From owner-freebsd-net@FreeBSD.ORG Sat Oct 14 17:21:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F3F616A403 for ; Sat, 14 Oct 2006 17:21:40 +0000 (UTC) (envelope-from rosti.bsd@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.235]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FDB243D46 for ; Sat, 14 Oct 2006 17:21:38 +0000 (GMT) (envelope-from rosti.bsd@gmail.com) Received: by wx-out-0506.google.com with SMTP id i27so1108615wxd for ; Sat, 14 Oct 2006 10:21:36 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer:mime-version:content-type; b=Fb1J1DU6Gw3lp99EHIytl5goQaiUck7jnXLrGYhq7Q1JopKGkavjqZt3sjypDr8d9fPl7YCDbv8QAmKw+er0KGlsFgKRl83tCKMR/7j5ZUj8CmujpZONUpddzB/P067NwLGjHz7MssOY4azYpZ7VxPrXLQ5Hhnmv1JyXQ+2dl1k= Received: by 10.90.94.2 with SMTP id r2mr2992085agb; Sat, 14 Oct 2006 10:21:36 -0700 (PDT) Received: from saturn.lan ( [212.143.154.227]) by mx.google.com with ESMTP id 26sm5382186wra.2006.10.14.10.21.31; Sat, 14 Oct 2006 10:21:35 -0700 (PDT) Date: Sat, 14 Oct 2006 19:21:17 +0200 From: Rostislav Krasny To: "Crist J. Clark" Message-Id: <20061014192117.4b74b5dd.rosti.bsd@gmail.com> In-Reply-To: <20060821195938.GA16332@goku.cjclark.org> References: <20060818235756.25f72db4.rosti.bsd@gmail.com> <20060821092350.GL20788@insomnia.benzedrine.cx> <20060821195938.GA16332@goku.cjclark.org> X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.8.20; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart=_Sat__14_Oct_2006_19_21_17_+0200_gIzOgAJze2s0DnOR" Cc: freebsd-net@freebsd.org, Daniel Hartmeier Subject: Re: PF or "traceroute -e -P TCP" bug? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Oct 2006 17:21:40 -0000 This is a multi-part message in MIME format. --Multipart=_Sat__14_Oct_2006_19_21_17_+0200_gIzOgAJze2s0DnOR Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi, On Mon, 21 Aug 2006 12:59:38 -0700 "Crist J. Clark" wrote: > On Mon, Aug 21, 2006 at 11:23:50AM +0200, Daniel Hartmeier wrote: > > [ I'm CC'ing Crist, maybe he can explain why -e behaves like it does ] [hided] > So, to expand on the three points above, we need (1) fixed > destination port, (2) to increment IP TTL, (3) the sequence > number encoded in some head field, and (3) a source port > chosen so that multiple traceroute invocations do not > share any src-sport-dst-dport-tuples during their lifetime. > In the past, using the PID worked for the sport, but think about > what happens if you start with the PID then start incrementing > or decrementing, you get overlaps (unless your system does a > decent job with random PIDs; not the default for FreeBSD > unfortunately). > > The patch to freebsd-net addresses these problems. It > changes the sorce port so that we don't have overlapping > src-sport-dst-dport-tuples, and uses a base source port from > the LSBs of the clock for a "random" number. That would seem > to fix the problem. The only question would be is that a good > way to pick the base source port? It's probably good enough, > although some kind of hash of the PID might be better. What do you think about new version of the patch, attached to this email? It swaps high and low bytes of the "ident" - 16-bits integer variable. This technique should produce far standing numbers from any close standing numbers. --Multipart=_Sat__14_Oct_2006_19_21_17_+0200_gIzOgAJze2s0DnOR Content-Type: text/plain; name="traceroute.c.diff" Content-Disposition: attachment; filename="traceroute.c.diff" Content-Transfer-Encoding: 7bit --- traceroute.c.orig Fri Aug 18 18:52:57 2006 +++ traceroute.c Sat Oct 14 18:49:11 2006 @@ -721,7 +721,8 @@ main(int argc, char **argv) outip->ip_dst = to->sin_addr; outip->ip_hl = (outp - (u_char *)outip) >> 2; - ident = (getpid() & 0xffff) | 0x8000; + ident = getpid(); + ident = ((ident << CHAR_BIT) | (ident >> CHAR_BIT) & 0xffff) | 0x8000; if (pe == NULL) { Fprintf(stderr, "%s: unknown protocol %s\n", prog, cp); @@ -1355,7 +1356,7 @@ tcp_prep(struct outdata *outdata) { struct tcphdr *const tcp = (struct tcphdr *) outp; - tcp->th_sport = htons(ident); + tcp->th_sport = htons(ident + (fixedPort ? outdata->seq : 0)); tcp->th_dport = htons(port + (fixedPort ? 0 : outdata->seq)); tcp->th_seq = (tcp->th_sport << 16) | (tcp->th_dport + (fixedPort ? outdata->seq : 0)); @@ -1375,9 +1376,10 @@ tcp_check(const u_char *data, int seq) { struct tcphdr *const tcp = (struct tcphdr *) data; - return (ntohs(tcp->th_sport) == ident + return (ntohs(tcp->th_sport) == ident + (fixedPort ? seq : 0) && ntohs(tcp->th_dport) == port + (fixedPort ? 0 : seq)) - && tcp->th_seq == (ident << 16) | (port + seq); + && tcp->th_seq == (tcp->th_sport << 16) | + (port + (fixedPort ? seq : 0)); } void --Multipart=_Sat__14_Oct_2006_19_21_17_+0200_gIzOgAJze2s0DnOR--