From owner-freebsd-stable@FreeBSD.ORG Wed Oct 24 18:12:40 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A331022B for ; Wed, 24 Oct 2012 18:12:40 +0000 (UTC) (envelope-from jdc@koitsu.strangled.net) Received: from qmta01.emeryville.ca.mail.comcast.net (qmta01.emeryville.ca.mail.comcast.net [IPv6:2001:558:fe2d:43:76:96:30:16]) by mx1.freebsd.org (Postfix) with ESMTP id 7ECDE8FC0A for ; Wed, 24 Oct 2012 18:12:40 +0000 (UTC) Received: from omta15.emeryville.ca.mail.comcast.net ([76.96.30.71]) by qmta01.emeryville.ca.mail.comcast.net with comcast id F2E51k0081Y3wxoA16Cgyq; Wed, 24 Oct 2012 18:12:40 +0000 Received: from koitsu.strangled.net ([67.180.84.87]) by omta15.emeryville.ca.mail.comcast.net with comcast id F6Cf1k00R1t3BNj8b6CfCf; Wed, 24 Oct 2012 18:12:40 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 4680D73A1A; Wed, 24 Oct 2012 11:12:39 -0700 (PDT) Date: Wed, 24 Oct 2012 11:12:39 -0700 From: Jeremy Chadwick To: Harald Schmalzbauer Subject: Re: every 2nd echo-request malformed when ping -s >4067 Message-ID: <20121024181239.GA5755@icarus.home.lan> References: <20121024154017.GA3167@icarus.home.lan> <5088163E.2090506@omnilan.de> <20121024165148.GA4250@icarus.home.lan> <50881EC7.9030400@omnilan.de> <20121024174425.GA4699@icarus.home.lan> <50882D3B.5050704@omnilan.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50882D3B.5050704@omnilan.de> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Adrian Chadd , FreeBSD Stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Oct 2012 18:12:40 -0000 On Wed, Oct 24, 2012 at 08:02:35PM +0200, Harald Schmalzbauer wrote: > schrieb Jeremy Chadwick am 24.10.2012 19:44 (localtime): > > ... > > Okay, so let's decode what you got. Too bad we don't have snoop-like > > output, since it can decode all of this and output it in a > > human-friendly way. Gotta do this by hand... > > > > > > 12:21:09.048447 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id 46597, seq 0, length 4076 > > 0x0000: 4500 1000 0f2d 4000 4001 a507 0a05 317e > > > > 0x45 = bits 7-4: IPv4 protocol > > = bits 3-0: header length: 20 bytes > > 0x00 = DSF / RFC 2474 stuff (don't ask me :-) ) > > 0x1000 = datagram length: 4096 bytes > > 0x0f2d = fragment id > > 0x4000 = bits 15-13: %010 = reserved bit (0), DF bit (1), MF bit (0) > > = bits 12-0: fragment offset: 0 > > 0x40 = TTL: 64 > > 0x01 = protocol: 1 (ICMP) > > 0xe4c7 = header checksum > > 0x0a05317e = source IP > > > > Now for the malformed/wonky packet: > > > > 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp > > 0x0000: 4500 1000 0f2d 0040 4001 e4c7 0a05 317e > > > > 0x45 = bits 7-4: IPv4 protocol > > = bits 3-0: header length: 20 bytes > > 0x00 = DSF / RFC 2474 stuff (don't ask me :-) ) > > 0x1000 = datagram length: 4096 bytes > > 0x0f2d = fragment id > > 0x0040 = bits 15-13: %000 = reserved bit (0), DF bit (0), MF bit (0) > > = bits 12-0: fragment offset: 64 > > 0x40 = TTL: 64 > > 0x01 = protocol: 1 (ICMP) > > 0xe4c7 = header checksum > > 0x0a05317e = source IP > > Thanks a lot for your effort! > What do you use for decoding? I do it all manually -- honest. For some of the portions I had to bust out Wireshark and correlate bytes in my own captures to the ASCII output from tcpdump -x. A quick Google search turned up this, which is pretty helpful too: http://www.networksorcery.com/enp/protocol/ip.htm > Please find attached the requested info. Thanks, got 'em! I'll reply in a follow-up mail with the decoded results. > Can you reproduce this oddity via your lo0? Or is 'ping -D -s 4068 > 127.0.0.1' working on your machine? Sorry I forgot to do that when you asked before; got sidetracked staring at bytes. :-) Let me give it a try. root@icarus:/root # ping -D -s 4068 127.0.0.1 PING 127.0.0.1 (127.0.0.1): 4068 data bytes 4076 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.030 ms 4076 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.032 ms 4076 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.024 ms ^C --- 127.0.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.024/0.029/0.032/0.003 ms I also ran tcpdump for this too; no anomalies -- all 3 packets showed up correctly (decoded correctly). My uname -a is below, with csup run about 20 minutes before the kernel build date. FreeBSD icarus.home.lan 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0: Sun Oct 21 05:24:09 PDT 2012 root@icarus.home.lan:/usr/obj/usr/src/sys/X7SBA_RELENG_9_amd64 amd64 This is on bare-metal hardware, BTW. I mention that because I've seen some of your other threads talking about NIC driver ordeals under VMs (I think). -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB |