bin/104746: [PATCH] 'traceroute -e -P TCP' cannot work through a router which does NAT by PF

Tue Oct 24 05:30:24 PDT 2006

>Number:         104746
>Category:       bin
>Synopsis:       [PATCH] 'traceroute -e -P TCP' cannot work through a router which does NAT by PF
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 24 12:30:22 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Rostislav Krasny
>Release:        6.2-PRERELEASE
>Organization:
>Environment:
FreeBSD saturn.lan 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Sat Oct 21 22:50:39 IST 2006     root at saturn.lan:/usr/obj/usr/src/sys/MYKERNEL  i386
>Description:
> traceroute -nq 1 -e -P TCP -p 80 216.136.204.117
traceroute to 216.136.204.117 (216.136.204.117), 64 hops max, 52 bytepackets
 1  192.168.1.1  0.619 ms
 2  10.0.0.138  2.108 ms
 3  192.168.1.1  0.481 ms !H

Also, read following discussion:

http://lists.freebsd.org/pipermail/freebsd-net/2006-August/011382.html
http://lists.freebsd.org/pipermail/freebsd-net/2006-August/011397.html
http://lists.freebsd.org/pipermail/freebsd-net/2006-August/011401.html
http://lists.freebsd.org/pipermail/freebsd-net/2006-August/011409.html
http://lists.freebsd.org/pipermail/freebsd-net/2006-October/012136.html
>How-To-Repeat:
See the above description
>Fix:

--- traceroute.c.orig	Fri Aug 18 18:52:57 2006
+++ traceroute.c	Sat Oct 14 18:49:11 2006
@@ -721,7 +721,8 @@ main(int argc, char **argv)
 		outip->ip_dst = to->sin_addr;
 
 	outip->ip_hl = (outp - (u_char *)outip) >> 2;
-	ident = (getpid() & 0xffff) | 0x8000;
+	ident = getpid();
+	ident = ((ident << CHAR_BIT) | (ident >> CHAR_BIT) & 0xffff) | 0x8000;
 
 	if (pe == NULL) {
 		Fprintf(stderr, "%s: unknown protocol %s\n", prog, cp);
@@ -1355,7 +1356,7 @@ tcp_prep(struct outdata *outdata)
 {
 	struct tcphdr *const tcp = (struct tcphdr *) outp;
 
-	tcp->th_sport = htons(ident);
+	tcp->th_sport = htons(ident + (fixedPort ? outdata->seq : 0));
 	tcp->th_dport = htons(port + (fixedPort ? 0 : outdata->seq));
 	tcp->th_seq = (tcp->th_sport << 16) | (tcp->th_dport +
 	    (fixedPort ? outdata->seq : 0));
@@ -1375,9 +1376,10 @@ tcp_check(const u_char *data, int seq)
 {
 	struct tcphdr *const tcp = (struct tcphdr *) data;
 
-	return (ntohs(tcp->th_sport) == ident
+	return (ntohs(tcp->th_sport) == ident + (fixedPort ? seq : 0)
 	    && ntohs(tcp->th_dport) == port + (fixedPort ? 0 : seq))
-	    && tcp->th_seq == (ident << 16) | (port + seq);
+	    && tcp->th_seq == (tcp->th_sport << 16) |
+		(port + (fixedPort ? seq : 0));
 }
 
 void


>Release-Note:
>Audit-Trail:
>Unformatted:
