every 2nd echo-request malformed when ping -s >4067
Jeremy Chadwick
jdc at koitsu.org
Wed Oct 24 15:40:18 UTC 2012
(Please keep me CC'd as I'm not subscribed)
Regarding:
http://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070239.html
tcpdump -x is not helpful here. tcpdump -xx would be.
tcpdump -x dumps the *payload* portion of the packet, while -xx dumps
everything (all headers/protocol data included).
The reason I say -xx would be helpful is because of this:
> 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp
> 0x0000: 4500 1000 0f2d 0040 4001 e4c7 0a05 317e
The ICMP code/type and related header data is not being decoded
correctly, or is being *encoded* incorrectly. I can't tell because all
that's shown there is the payload! But the preceding line (with src/dst
IPs) only indicates "it's icmp". It SHOULD be indicating type 8 (ECHO),
etc...
Regarding the payload itself: I couldn't care less what's in it. All
that's stated per RFC 792 is:
"The data received in the echo message must be returned in the echo
reply message."
If I remember right, the payload portion is 100% "vendor-specific",
meaning you can put whatever you want there. Let's see...
http://www.networksorcery.com/enp/protocol/icmp/msg8.htm
"Data. Variable length.
Implementation specific data."
I've looked at src/sys/netinet/ip_icmp.c but it's not entirely clear
what the payload consists of/is generated from. But like I said,
I couldn't care less about the payload. What needs to be focused on
is what's in the IP and ICMP header portion.
--
| Jeremy Chadwick jdc at koitsu.org |
| UNIX Systems Administrator http://jdc.koitsu.org/ |
| Mountain View, CA, US |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the freebsd-stable
mailing list