Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Jun 2002 00:35:26 -0700 (PDT)
From:      Phil Dibowitz <mss@ipom.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/39141: Broken PTMUD
Message-ID:  <200206110735.g5B7ZQi7050243@www.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         39141
>Category:       kern
>Synopsis:       Broken PTMUD
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jun 11 00:40:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Phil Dibowitz
>Release:        5.0-CURRENT
>Organization:
MSS Initiative
>Environment:
FreeBSD trantor.xs4all.nl 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Mon Apr 15
20:16:39 MET DST 2002
>Description:
BUG OVERVIEW
I believe there is a bug in the PMTUD (Path MTU Discovery) implementation in FreeBSD. According to RFC 1191, when using PMTUD all TCP datagrams must have the Don't Fragment (DF) bit set. It seems that FreeBSD does not fully obey this rule. On "SYN ACK" packets, the DF bit is not set. It is set on all other packets though (including SYN packets). The details are below - I have been unable to find any reason for this behavior.

SEVERITY
I don't consider this a big security hole, but it is a bug. It could be used to do TCP fingerprinting, and it also breaks a standard.

DETAILS
I have made available packet sniffer logs of both sides of a test at the following locations.
http://home.earthlink.net/~jaymzh666/mss/snoop-log-solaris-to-bsd.gz
http://home.earthlink.net/~jaymzh666/mss/tcpdump-log-bsd-to-solaris.gz

The test systems were as follows:
$ uname -a
SunOS mort 5.9 s81_57 sun4u sparc SUNW,Sun-Blade-100
$ uname -a
FreeBSD trantor.xs4all.nl 5.0-CURRENT FreeBSD 5.0-CURRENT #6: Mon Apr 15
20:16:39 MET DST 2002
paulz@trantor.xs4all.nl:/usr/obj/usr/source/src/sys/trantor i386

If I can provide any more information, please let me know.


>How-To-Repeat:
Connect to a FreeBSD server with Path MTU Discovery Enabled, and check the SYN+ACK packet.
>Fix:
Set the DF bit on SYN+ACK packets when PMTUD is enabled.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206110735.g5B7ZQi7050243>