NetBSD Problem Report #43510

From www@NetBSD.org  Fri Jun 25 10:07:53 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id A267063BA54
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 25 Jun 2010 10:07:53 +0000 (UTC)
Message-Id: <20100625100753.43B9163BA50@www.NetBSD.org>
Date: Fri, 25 Jun 2010 10:07:53 +0000 (UTC)
From: ryo@iij.ad.jp
Reply-To: ryo@iij.ad.jp
To: gnats-bugs@NetBSD.org
Subject: kernel reply TCP-RST for bad checksum TCP-SYN packet
X-Send-Pr-Version: www-1.0

>Number:         43510
>Category:       kern
>Synopsis:       kernel reply TCP-RST for bad checksum TCP-SYN packet
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 25 10:10:00 +0000 2010
>Closed-Date:    Wed Sep 09 16:20:17 +0000 2015
>Last-Modified:  Wed Sep 09 16:20:17 +0000 2015
>Originator:     Ryo SHIMIZU
>Release:        NetBSD 5.1_RC3
>Organization:
Internet Initiative Japan Inc.
>Environment:
NetBSD netbsd 5.1_RC3 NetBSD 5.1_RC3 (GENERIC) #0: Sun Jun 13 03:21:24 UTC 2010  builds@b8.netbsd.org:/home/builds/ab/netbsd-5-1-RC3/i386/201006130031Z-obj/home/builds/ab/netbsd-5-1-RC3/src/sys/arch/i386/compile/GENERIC i386
>Description:
kernel reply TCP-RST for bad checksum TCP-SYN packet to *non-listened* port.
Any bad checksum TCP packet must be always discarded. (RFC1122)

Bad checksum TCP-SYN packet for *listend-port* will be normally discarded.


send TCP-SYN packet to no-listend port(23456) on netbsd

	# /usr/pkg/sbin/hping2    -c 1 -S -p 23456 netbsd
	HPING netbsd (wm0 192.168.0.66): S set, 40 headers + 0 data bytes
	len=46 ip=192.168.0.66 ttl=64 id=0 sport=23456 flags=RA seq=0 win=0 rtt=0.4 ms

	--- netbsd hping statistic ---
	1 packets tramitted, 1 packets received, 0% packet loss
	round-trip min/avg/max = 0.4/0.4/0.4 ms

send *BAD CHECKSUM* TCP-SYN packet to no-listend port(23456) on netbsd

	# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 netbsd
	HPING netbsd (wm0 192.168.0.66): S set, 40 headers + 0 data bytes
	len=46 ip=192.168.0.66 ttl=64 id=0 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms

	--- netbsd hping statistic ---
	1 packets tramitted, 1 packets received, 0% packet loss
	round-trip min/avg/max = 0.6/0.6/0.6 ms



Other OS discard bad checksum TCP-SYN packet.

	# /usr/pkg/sbin/hping2    -c 1 -S -p 23456 freebsd
	HPING freebsd (wm0 192.168.0.61): S set, 40 headers + 0 data bytes
	len=46 ip=192.168.0.61 ttl=64 DF id=20851 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms

	--- freebsd hping statistic ---
	1 packets tramitted, 1 packets received, 0% packet loss
	round-trip min/avg/max = 0.6/0.6/0.6 ms

	# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 freebsd
	HPING freebsd (wm0 192.168.0.61): S set, 40 headers + 0 data bytes

	--- freebsd hping statistic ---
	1 packets tramitted, 0 packets received, 100% packet loss
	round-trip min/avg/max = 0.0/0.0/0.0 ms



	# /usr/pkg/sbin/hping2 -c 1 -S -p 23456 windows
	HPING windows (wm0 192.168.0.44): S set, 40 headers + 0 data bytes
	len=46 ip=192.168.0.44 ttl=128 id=21611 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms

	--- windows hping statistic ---
	1 packets tramitted, 1 packets received, 0% packet loss
	round-trip min/avg/max = 0.6/0.6/0.6 ms

	# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 windows
	HPING windows (wm0 192.168.0.44): S set, 40 headers + 0 data bytes

	--- windows hping statistic ---
	1 packets tramitted, 0 packets received, 100% packet loss
	round-trip min/avg/max = 0.0/0.0/0.0 ms
>How-To-Repeat:
# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 netbsd
>Fix:

>Release-Note:

>Audit-Trail:
From: Mihai Chelaru <mihai.chelaru@NGNetworks.ro>
To: gnats-bugs@NetBSD.org
Cc: netbsd-bugs@netbsd.org, ryo@iij.ad.jp
Subject: Re: kern/43510: kernel reply TCP-RST for bad checksum TCP-SYN packet
Date: Fri, 25 Jun 2010 20:23:44 +0300

 This is a multi-part message in MIME format.
 --------------020908070003060306010607
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit

 On 06/25/10 13:10, ryo@iij.ad.jp wrote:
 >> Synopsis:       kernel reply TCP-RST for bad checksum TCP-SYN packet

 Try the attached patch, it should fix the issue. I will not commit it
 yet, I need to ask people with more TCP knowledge if it's OK.

 From RFC793 section 1.5: Damage is handled by adding a checksum to each
 segment transmitted, checking it at the receiver, and discarding damaged
 segments.

 -- 
 Mihai

 --------------020908070003060306010607
 Content-Type: text/plain;
  name="c.diff"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="c.diff"

 Index: tcp_input.c
 ===================================================================
 RCS file: /cvsroot/src/sys/netinet/tcp_input.c,v
 retrieving revision 1.305
 diff -u -p -r1.305 tcp_input.c
 --- tcp_input.c	26 May 2010 17:38:29 -0000	1.305
 +++ tcp_input.c	25 Jun 2010 17:20:22 -0000
 @@ -1185,6 +1185,12 @@ tcp_input(struct mbuf *m, ...)
  	tiflags = th->th_flags;

  	/*
 +	 * Checksum extended TCP header and data.
 +	 */
 +	if (tcp_input_checksum(af, m, th, toff, off, tlen))
 +		goto badcsum;
 +
 +	/*
  	 * Locate pcb for segment.
  	 */
  findpcb:
 @@ -1322,12 +1328,6 @@ findpcb:
  	KASSERT(so->so_lock == softnet_lock);
  	KASSERT(solocked(so));

 -	/*
 -	 * Checksum extended TCP header and data.
 -	 */
 -	if (tcp_input_checksum(af, m, th, toff, off, tlen))
 -		goto badcsum;
 -
  	tcp_fields_to_host(th);

  	/* Unscale the window into a 32-bit value. */

 --------------020908070003060306010607--

From: "Mihai Chelaru" <kefren@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/43510 CVS commit: src/sys/netinet
Date: Fri, 15 May 2015 18:03:45 +0000

 Module Name:	src
 Committed By:	kefren
 Date:		Fri May 15 18:03:45 UTC 2015

 Modified Files:
 	src/sys/netinet: tcp_input.c

 Log Message:
 Don't try to do PCB lookup for bad checksummed segments
 Fixes PR/43510 and PR/48452


 To generate a diff of this commit:
 cvs rdiff -u -r1.339 -r1.340 src/sys/netinet/tcp_input.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 08 Sep 2015 04:53:20 +0000
State-Changed-Why:
Did the commit (back in may) fix the problem?


From: Ryo Shimizu <ryo@iij.ad.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org, gnats-admin@netbsd.org,
        dholland@NetBSD.org
Subject: Re: kern/43510 (kernel reply TCP-RST for bad checksum TCP-SYN packet)
Date: Thu, 10 Sep 2015 00:48:57 +0900

 >State-Changed-From-To: open->feedback
 >State-Changed-By: dholland@NetBSD.org
 >State-Changed-When: Tue, 08 Sep 2015 04:53:20 +0000
 >State-Changed-Why:
 >Did the commit (back in may) fix the problem?

 I'm sorry for the late response.
 confirmed fixed, thanks!

     172.17.4.74# nping --tcp -p 12345 --badsum 172.17.4.65
     Starting Nping 0.6.47 ( http://nmap.org/nping ) at 2015-09-10 00:44 JST
     SENT (0.0145s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40  seq=958630331 win=1480 
     SENT (1.0149s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40  seq=958630331 win=1480 
     SENT (2.0154s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40  seq=958630331 win=1480 
     ^C 

     172.17.4.65# uname -a
     NetBSD current 7.99.21 NetBSD 7.99.21 (GENERIC) #0: Wed Sep  9 15:04:14 JST 2015  ryo@moveq:/usr/src/sys/arch/amd64/compile/GENERIC amd64
     172.17.4.65# tcpdump -n -ivmx0 host 172.17.4.74
     tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
     listening on vmx0, link-type EN10MB (Ethernet), capture size 65535 bytes
     00:44:10.564825 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
     00:44:11.565459 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
     00:44:12.565910 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
     ^C
     3 packets captured
     3694 packets received by filter
     0 packets dropped by kernel

 --
 ryo shimizu

State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 09 Sep 2015 16:20:17 +0000
State-Changed-Why:
I forgot to ask :-)  thanks for confirming.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.