From owner-freebsd-bugs  Sat Oct 14 14:10: 7 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 9F95E37B66E
	for <freebsd-bugs@FreeBSD.org>; Sat, 14 Oct 2000 14:10:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id OAA97127;
	Sat, 14 Oct 2000 14:10:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 18B1C37B66E; Sat, 14 Oct 2000 14:06:38 -0700 (PDT)
Message-Id: <20001014210638.18B1C37B66E@hub.freebsd.org>
Date: Sat, 14 Oct 2000 14:06:38 -0700 (PDT)
From: ofir@itcon-ltd.com
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: misc/21992: FreeBSD 4.x Bug with ICMP Error Messages
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         21992
>Category:       misc
>Synopsis:       FreeBSD 4.x Bug with ICMP Error Messages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 14 14:10:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Ofir Arkin
>Release:        4.x
>Organization:
ITCon
>Environment:
>Description:
It is long known that FreeBSD uses a wrong IP Identification number
with its ICMP Error Messages. This fact was discovered by Fyodor
long ago.

I wish to identify were the problem is.

The next example is with FreeBSD 4.1:

00:52:19.055758 ppp0 > x.x.x.x.1393 > y.y.y.y.0: udp 0 [tos 0x8]  
(ttl 64, id 58965)
			 4508 001c e655 0000 4011 3f63 xxxx xxxx
			 yyyy yyyy 0571 0000 0008 a55c

00:52:19.464548 ppp0 < y.y.y.y > x.x.x.x: icmp: y.y.y.y udp port 0 
unreachable Offending pkt: x.x.x.x.1393 > y.y.y.y.0: udp 0 [tos 0x8]  
(ttl 47, id 21990, bad cksum 5063!) (ttl 238, id 27639)
			 4500 0038 6bf7 0000 ee01 0bbd yyyy yyyy
			 xxxx xxxx 0303 87f3 0000 0000 4508 001c
			 55e6 0000 2f11 5063 xxxx xxxx yyyy yyyy
			 0571 0000 0008 0000

A udp datagram sent to a closed udp port (port 0, can be any port). 
The original udp datagram used e655 hex as its IP Identification 
field value. The echoed IP Header inside the ICMP Error message 
states that this value was 55e6 (with the offending datagram).

FreeBSD 4.x simply flips between the first 8bits to the second 8
bits.

 
>How-To-Repeat:
hping2 -2 IP_Address_of_FBSD_machine
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message