thr3ads.net - freebsd stable - every 2nd echo-request malformed when ping -s >4067 [Oct 2012]

If this information is useful, please help other people find it:
Share via:

Harald Schmalzbauer

2012-Oct-24 12:31 UTC

every 2nd echo-request malformed when ping -s >4067

Hello,

while checking new mtu9k-setup, I discovered that ping has some odd
behaviour.
If I use payloadsize > 4067, every 2nd icmp-echo-request seems to be
malformed:

ping -s 4068 -D 10.5.49.65

1st: 12:21:09.048447 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
46597, seq 0, length 4076
        0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e

2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp
        0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e

3rd: 12:21:11.062900 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
46597, seq 2, length 4076
        0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e

4th: 12:21:12.072915 IP 10.5.49.126 > 10.5.49.65: icmp
        0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e

5th: 12:21:13.082900 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
46597, seq 4, length 4076
        0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e

When payload is 4076, outgoing _every_ outgoing request begins with
    4500 xxxx xxxx 4000 4001,
while above we see every second request starting with
    4500 xxxx xxxx 0040 4001.

Does anybody know header composing off pat? Haven't seen these bits for
quiet some time...

Thanks,

-Harry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121024/d6908dde/attachment.sig>

Adrian Chadd

2012-Oct-24 13:48 UTC

head link

every 2nd echo-request malformed when ping -s >4067

On 24 October 2012 05:31, Harald Schmalzbauer <h.schmalzbauer at
omnilan.de> wrote:>  Hello,
>
> while checking new mtu9k-setup, I discovered that ping has some odd
> behaviour.
> If I use payloadsize > 4067, every 2nd icmp-echo-request seems to be
> malformed:
Is this on -HEAD?
> ping -s 4068 -D 10.5.49.65
>
> 1st: 12:21:09.048447 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
> 46597, seq 0, length 4076
>         0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e
>
> 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp
>         0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e
>
> 3rd: 12:21:11.062900 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
> 46597, seq 2, length 4076
>         0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e
>
> 4th: 12:21:12.072915 IP 10.5.49.126 > 10.5.49.65: icmp
>         0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e
>
> 5th: 12:21:13.082900 IP 10.5.49.126 > 10.5.49.65: ICMP echo request, id
> 46597, seq 4, length 4076
>         0x0000:  4500 1000 0f2d 4000 4001 a507 0a05 317e
>
> When payload is 4076, outgoing _every_ outgoing request begins with
>     4500 xxxx xxxx 4000 4001,
> while above we see every second request starting with
>     4500 xxxx xxxx 0040 4001.
> Does anybody know header composing off pat? Haven't seen these bits for
> quiet some time...
Glebius was recently in the networking stack in -HEAD, fiddling with
how IP headers are treated. Maybe this is some corner case fallout
from that?



adrian

Jeremy Chadwick

2012-Oct-24 15:40 UTC

head link

every 2nd echo-request malformed when ping -s >4067

(Please keep me CC'd as I'm not subscribed)

Regarding:

http://lists.freebsd.org/pipermail/freebsd-stable/2012-October/070239.html

tcpdump -x is not helpful here.  tcpdump -xx would be.

tcpdump -x dumps the *payload* portion of the packet, while -xx dumps
everything (all headers/protocol data included).

The reason I say -xx would be helpful is because of this:
> 2nd: 12:21:10.052891 IP 10.5.49.126 > 10.5.49.65: icmp
>         0x0000:  4500 1000 0f2d 0040 4001 e4c7 0a05 317e
The ICMP code/type and related header data is not being decoded
correctly, or is being *encoded* incorrectly.  I can't tell because all
that's shown there is the payload!  But the preceding line (with src/dst
IPs) only indicates "it's icmp".  It SHOULD be indicating type 8
(ECHO),
etc...

Regarding the payload itself: I couldn't care less what's in it.  All
that's stated per RFC 792 is:

  "The data received in the echo message must be returned in the echo
   reply message."

If I remember right, the payload portion is 100% "vendor-specific",
meaning you can put whatever you want there.  Let's see...

http://www.networksorcery.com/enp/protocol/icmp/msg8.htm

  "Data. Variable length.
  Implementation specific data."

I've looked at src/sys/netinet/ip_icmp.c but it's not entirely clear
what the payload consists of/is generated from.  But like I said,
I couldn't care less about the payload.  What needs to be focused on
is what's in the IP and ICMP header portion.

-- 
| Jeremy Chadwick                                   jdc at koitsu.org |
| UNIX Systems Administrator                http://jdc.koitsu.org/ |
| Mountain View, CA, US                                            |
| Making life hard for others since 1977.             PGP 4BD6C0CB |

Apparently Analagous Threads

Search for more reasonably related threads

freebsd stable - Oct 2012 - every 2nd echo-request malformed when ping -s >4067

every 2nd echo-request malformed when ping -s >4067

every 2nd echo-request malformed when ping -s >4067

every 2nd echo-request malformed when ping -s >4067

Apparently Analagous Threads