FreeBSD Mail Archives

Date:      Tue, 22 Apr 2003 09:53:58 -0700 (PDT)
From:      Don Lewis <truckman@FreeBSD.org>
To:        freebsd-net@FreeBSD.org
Subject:   IP fragmentation disagreement between current and stable
Message-ID:  <200304221654.h3MGrwXB027200@gw.catspoiler.org>

next in thread | raw e-mail | index | archive | help

It looks like I've stumbled across an IP fragmentation bug in either
5.0-current or 4.8-stable that afflicts certain packet sizes.

If I ping from the 4.8-stable machine to the 5.0-current machine

# ping -c 1 -s 3176 192.168.101.3

I observe the following using tcpdump on the 5.0-current machine:

09:27:47.457860 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 47248:1480@0+) (ttl 64, len 1500)
                         4500 05dc b890 2000 4001 513a c0a8 6502
                         c0a8 6503 0800 3479 9953 0000 836d a53e
                         9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:27:47.457957 192.168.101.2 > 192.168.101.3: icmp (frag 47248:1480@1480+) (ttl 64, len 1500)
                         4500 05dc b890 20b9 4001 5081 c0a8 6502
                         c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:27:47.457976 192.168.101.2 > 192.168.101.3: icmp (frag 47248:224@2960) (ttl 64, len 244)
                         4500 00f4 b890 0172 4001 74b0 c0a8 6502
                         c0a8 6503 8889 8a8b 8c8d 8e8f 9091 9293
                         9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3
                         a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3
                         b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3
                         c4c5
09:27:47.458040 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 16298:1480@0+) (ttl 64, len 1500)
                         4500 05dc 3faa 2000 4001 ca20 c0a8 6503
                         c0a8 6502 0000 3c79 9953 0000 836d a53e
                         9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:27:47.458046 192.168.101.3 > 192.168.101.2: icmp (frag 16298:1480@1480+) (ttl 64, len 1500)
                         4500 05dc 3faa 20b9 4001 c967 c0a8 6503
                         c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:27:47.458050 192.168.101.3 > 192.168.101.2: icmp (frag 16298:224@2960) (ttl 64, len 244)
                         4500 00f4 3faa 0172 4001 ed96 c0a8 6503
                         c0a8 6502 8889 8a8b 8c8d 8e8f 9091 9293
                         9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3
                         a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3
                         b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3
                         c4c5

The -current machine is seenig the echo request and is sending a
response.  If I observe the same traffic on the -stable machine,
I see:

09:27:47.458727 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 47248:1480@0+) (ttl 64, len 1500)
                         4500 05dc b890 2000 4001 513a c0a8 6502
                         c0a8 6503 0800 3479 9953 0000 836d a53e
                         9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:27:47.458743 192.168.101.2 > 192.168.101.3: icmp (frag 47248:1480@1480+) (ttl 64, len 1500)
                         4500 05dc b890 20b9 4001 5081 c0a8 6502
                         c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:27:47.458758 192.168.101.2 > 192.168.101.3: icmp (frag 47248:224@2960) (ttl 64, len 244)
                         4500 00f4 b890 0172 4001 74b0 c0a8 6502
                         c0a8 6503 8889 8a8b 8c8d 8e8f 9091 9293
                         9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3
                         a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3
                         b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3
                         c4c5
09:27:47.459525 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 16298:1480@0+) (ttl 64, len 1500)
                         4500 05dc 3faa 2000 4001 ca20 c0a8 6503
                         c0a8 6502 0000 3c79 9953 0000 836d a53e
                         9dff 0600 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:27:47.459641 192.168.101.3 > 192.168.101.2: icmp (frag 16298:1480@1480+) (ttl 64, len 1500)
                         4500 05dc 3faa 20b9 4001 c967 c0a8 6503
                         c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:27:47.459657 truncated-ip - 2 bytes missing! 192.168.101.3 > 192.168.101.2: icmp (frag 16298:224@2960) (ttl 64, len 244)
                         4500 00f4 3faa 0172 4001 ed96 c0a8 6503
                         c0a8 6502 8889 8a8b 8c8d 8e8f 9091 9293
                         9495 9697 9899 9a9b 9c9d 9e9f a0a1 a2a3
                         a4a5 a6a7 a8a9 aaab acad aeaf b0b1 b2b3
                         b4b5 b6b7 b8b9 babb bcbd bebf c0c1 c2c3
                         c4c5

For some reason, the stable machine doesn't like the last fragment, and
the IP stack and the ping command don't see the response.  If I ping
from -current to -stable, the -stable machine doesn't like the last
fragment of the echo request and doesn't send a response.

If I increase the packet size by any multiple of 1480 bytes (which
results in the same final fragment size), I see the same symptoms.
Interestingly, I don't see any problems if I decrease the packet size by
1480 bytes to 1696, everything works just fine.

Viewed from -current:

09:51:31.518033 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 57049:1480@0+) (ttl 64, len 1500)
                         4500 05dc ded9 2000 4001 2af1 c0a8 6502
                         c0a8 6503 0800 c081 ef53 0000 1373 a53e
                         49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:51:31.518064 192.168.101.2 > 192.168.101.3: icmp (frag 57049:224@1480) (ttl 64, len 244)
                         4500 00f4 ded9 00b9 4001 4f20 c0a8 6502
                         c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:51:31.518136 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 40560:1480@0+) (ttl 64, len 1500)
                         4500 05dc 9e70 2000 4001 6b5a c0a8 6503
                         c0a8 6502 0000 c881 ef53 0000 1373 a53e
                         49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:51:31.518141 192.168.101.3 > 192.168.101.2: icmp (frag 40560:224@1480) (ttl 64, len 244)
                         4500 00f4 9e70 00b9 4001 8f89 c0a8 6503
                         c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd


Viewed from -stable:

09:51:31.520577 192.168.101.2 > 192.168.101.3: icmp: echo request (frag 57049:1480@0+) (ttl 64, len 1500)
                         4500 05dc ded9 2000 4001 2af1 c0a8 6502
                         c0a8 6503 0800 c081 ef53 0000 1373 a53e
                         49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:51:31.520592 192.168.101.2 > 192.168.101.3: icmp (frag 57049:224@1480) (ttl 64, len 244)
                         4500 00f4 ded9 00b9 4001 4f20 c0a8 6502
                         c0a8 6503 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd
09:51:31.521293 192.168.101.3 > 192.168.101.2: icmp: echo reply (frag 40560:1480@0+) (ttl 64, len 1500)
                         4500 05dc 9e70 2000 4001 6b5a c0a8 6503
                         c0a8 6502 0000 c881 ef53 0000 1373 a53e
                         49f1 0700 0809 0a0b 0c0d 0e0f 1011 1213
                         1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
                         2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
                         3435
09:51:31.521310 192.168.101.3 > 192.168.101.2: icmp (frag 40560:224@1480) (ttl 64, len 244)
                         4500 00f4 9e70 00b9 4001 8f89 c0a8 6503
                         c0a8 6502 c0c1 c2c3 c4c5 c6c7 c8c9 cacb
                         cccd cecf d0d1 d2d3 d4d5 d6d7 d8d9 dadb
                         dcdd dedf e0e1 e2e3 e4e5 e6e7 e8e9 eaeb
                         eced eeef f0f1 f2f3 f4f5 f6f7 f8f9 fafb
                         fcfd

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304221654.h3MGrwXB027200>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation