Corrupt packets in Jnet (Was: Re: rtentry and rtrequest)

Alan Garfield alan at fromorbit.com
Mon Apr 23 00:24:48 UTC 2007 

On Sat, 2007-04-21 at 03:36 +0400, Yar Tikhiy wrote:

> > ----
> > Disconnecting: Corrupted MAC on input.
> > ----
> 
> That looks like data corruption happening when TCP segments and/or
> IP packets become relatively large, i.e., approach or reach the mtu
> limit.

The reply looks disturbing from the SP (note the packet size)....

----
IP (tos 0x0, ttl  64, id 2493, offset 0, flags [none], proto: ICMP (1),
length: 108) 169.254.101.3 > 169.254.101.2: ICMP echo request, id 31748,
seq 3, length 88
        0x0000:  4500 006c 09bd 0000 4001 52d2 a9fe 6503
        0x0010:  a9fe 6502 0800 843d 7c04 0003 462b fbe5
        0x0020:  0001 c4b7 abcd efab cdef abcd efab cdef
        0x0030:  abcd efab cdef abcd efab cdef abcd efab
        0x0040:  cdef abcd efab cdef abcd efab cdef abcd
        0x0050:  efab cdef abcd efab cdef abcd efab cdef
        0x0060:  abcd efab cdef abcd efab cdef
IP (tos 0x0, ttl 255, id 57441, offset 0, flags [none], proto: ICMP (1),
length: 108) 169.254.101.2 > 169.254.101.3: ICMP echo reply, id 31748,
seq 3, length 88
        0x0000:  4500 006c e061 0000 ff01 bd2c a9fe 6502
        0x0010:  a9fe 6503 0000 8c3d 7c04 0003 462b fbe5
        0x0020:  0001 c4b7 abcd efab cdef abcd efab cdef
        0x0030:  abcd efab cdef abcd efab cdef abcd efab
        0x0040:  cdef abcd efab cdef abcd efab cdef abcd
        0x0050:  efab cdef abcd efab cdef abcd efab cdef
        0x0060:  abcd efab cdef abcd efab cdef 0000 0000
        0x0070:  0000 0000 0000 0000 0000 0000 0000 0000
        0x0080:  0000 0000 0000 0000 0000 0000 0000 0000
        0x0090:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00a0:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00b0:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00c0:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00d0:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00e0:  0000 0000 0000 0000 0000 0000 0000 0000
        0x00f0:  00
----

So obviously it cannot deal with fragmented packets. A ping over 213
will over flow the packet and make the ping request fragment, the other
side simply drops it to the floor.

But that still doesn't make sense with SSH complaining about a corrupt
MAC on input. I see no corruption here only dumped packets if they are
over-sized.

Should I pad out the packet on the platform side to be the same as the
SP?

Thanks,
Alan.

More information about the freebsd-net mailing list