NetBSD Problem Report #43510
From www@NetBSD.org Fri Jun 25 10:07:53 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id A267063BA54
for <gnats-bugs@gnats.NetBSD.org>; Fri, 25 Jun 2010 10:07:53 +0000 (UTC)
Message-Id: <20100625100753.43B9163BA50@www.NetBSD.org>
Date: Fri, 25 Jun 2010 10:07:53 +0000 (UTC)
From: ryo@iij.ad.jp
Reply-To: ryo@iij.ad.jp
To: gnats-bugs@NetBSD.org
Subject: kernel reply TCP-RST for bad checksum TCP-SYN packet
X-Send-Pr-Version: www-1.0
>Number: 43510
>Category: kern
>Synopsis: kernel reply TCP-RST for bad checksum TCP-SYN packet
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 25 10:10:00 +0000 2010
>Closed-Date: Wed Sep 09 16:20:17 +0000 2015
>Last-Modified: Wed Sep 09 16:20:17 +0000 2015
>Originator: Ryo SHIMIZU
>Release: NetBSD 5.1_RC3
>Organization:
Internet Initiative Japan Inc.
>Environment:
NetBSD netbsd 5.1_RC3 NetBSD 5.1_RC3 (GENERIC) #0: Sun Jun 13 03:21:24 UTC 2010 builds@b8.netbsd.org:/home/builds/ab/netbsd-5-1-RC3/i386/201006130031Z-obj/home/builds/ab/netbsd-5-1-RC3/src/sys/arch/i386/compile/GENERIC i386
>Description:
kernel reply TCP-RST for bad checksum TCP-SYN packet to *non-listened* port.
Any bad checksum TCP packet must be always discarded. (RFC1122)
Bad checksum TCP-SYN packet for *listend-port* will be normally discarded.
send TCP-SYN packet to no-listend port(23456) on netbsd
# /usr/pkg/sbin/hping2 -c 1 -S -p 23456 netbsd
HPING netbsd (wm0 192.168.0.66): S set, 40 headers + 0 data bytes
len=46 ip=192.168.0.66 ttl=64 id=0 sport=23456 flags=RA seq=0 win=0 rtt=0.4 ms
--- netbsd hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.4/0.4/0.4 ms
send *BAD CHECKSUM* TCP-SYN packet to no-listend port(23456) on netbsd
# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 netbsd
HPING netbsd (wm0 192.168.0.66): S set, 40 headers + 0 data bytes
len=46 ip=192.168.0.66 ttl=64 id=0 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms
--- netbsd hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.6 ms
Other OS discard bad checksum TCP-SYN packet.
# /usr/pkg/sbin/hping2 -c 1 -S -p 23456 freebsd
HPING freebsd (wm0 192.168.0.61): S set, 40 headers + 0 data bytes
len=46 ip=192.168.0.61 ttl=64 DF id=20851 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms
--- freebsd hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.6 ms
# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 freebsd
HPING freebsd (wm0 192.168.0.61): S set, 40 headers + 0 data bytes
--- freebsd hping statistic ---
1 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
# /usr/pkg/sbin/hping2 -c 1 -S -p 23456 windows
HPING windows (wm0 192.168.0.44): S set, 40 headers + 0 data bytes
len=46 ip=192.168.0.44 ttl=128 id=21611 sport=23456 flags=RA seq=0 win=0 rtt=0.6 ms
--- windows hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.6/0.6/0.6 ms
# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 windows
HPING windows (wm0 192.168.0.44): S set, 40 headers + 0 data bytes
--- windows hping statistic ---
1 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
>How-To-Repeat:
# /usr/pkg/sbin/hping2 -b -c 1 -S -p 23456 netbsd
>Fix:
>Release-Note:
>Audit-Trail:
From: Mihai Chelaru <mihai.chelaru@NGNetworks.ro>
To: gnats-bugs@NetBSD.org
Cc: netbsd-bugs@netbsd.org, ryo@iij.ad.jp
Subject: Re: kern/43510: kernel reply TCP-RST for bad checksum TCP-SYN packet
Date: Fri, 25 Jun 2010 20:23:44 +0300
This is a multi-part message in MIME format.
--------------020908070003060306010607
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
On 06/25/10 13:10, ryo@iij.ad.jp wrote:
>> Synopsis: kernel reply TCP-RST for bad checksum TCP-SYN packet
Try the attached patch, it should fix the issue. I will not commit it
yet, I need to ask people with more TCP knowledge if it's OK.
From RFC793 section 1.5: Damage is handled by adding a checksum to each
segment transmitted, checking it at the receiver, and discarding damaged
segments.
--
Mihai
--------------020908070003060306010607
Content-Type: text/plain;
name="c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="c.diff"
Index: tcp_input.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_input.c,v
retrieving revision 1.305
diff -u -p -r1.305 tcp_input.c
--- tcp_input.c 26 May 2010 17:38:29 -0000 1.305
+++ tcp_input.c 25 Jun 2010 17:20:22 -0000
@@ -1185,6 +1185,12 @@ tcp_input(struct mbuf *m, ...)
tiflags = th->th_flags;
/*
+ * Checksum extended TCP header and data.
+ */
+ if (tcp_input_checksum(af, m, th, toff, off, tlen))
+ goto badcsum;
+
+ /*
* Locate pcb for segment.
*/
findpcb:
@@ -1322,12 +1328,6 @@ findpcb:
KASSERT(so->so_lock == softnet_lock);
KASSERT(solocked(so));
- /*
- * Checksum extended TCP header and data.
- */
- if (tcp_input_checksum(af, m, th, toff, off, tlen))
- goto badcsum;
-
tcp_fields_to_host(th);
/* Unscale the window into a 32-bit value. */
--------------020908070003060306010607--
From: "Mihai Chelaru" <kefren@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/43510 CVS commit: src/sys/netinet
Date: Fri, 15 May 2015 18:03:45 +0000
Module Name: src
Committed By: kefren
Date: Fri May 15 18:03:45 UTC 2015
Modified Files:
src/sys/netinet: tcp_input.c
Log Message:
Don't try to do PCB lookup for bad checksummed segments
Fixes PR/43510 and PR/48452
To generate a diff of this commit:
cvs rdiff -u -r1.339 -r1.340 src/sys/netinet/tcp_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Tue, 08 Sep 2015 04:53:20 +0000
State-Changed-Why:
Did the commit (back in may) fix the problem?
From: Ryo Shimizu <ryo@iij.ad.jp>
To: gnats-bugs@NetBSD.org
Cc: kern-bug-people@netbsd.org, netbsd-bugs@netbsd.org, gnats-admin@netbsd.org,
dholland@NetBSD.org
Subject: Re: kern/43510 (kernel reply TCP-RST for bad checksum TCP-SYN packet)
Date: Thu, 10 Sep 2015 00:48:57 +0900
>State-Changed-From-To: open->feedback
>State-Changed-By: dholland@NetBSD.org
>State-Changed-When: Tue, 08 Sep 2015 04:53:20 +0000
>State-Changed-Why:
>Did the commit (back in may) fix the problem?
I'm sorry for the late response.
confirmed fixed, thanks!
172.17.4.74# nping --tcp -p 12345 --badsum 172.17.4.65
Starting Nping 0.6.47 ( http://nmap.org/nping ) at 2015-09-10 00:44 JST
SENT (0.0145s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40 seq=958630331 win=1480
SENT (1.0149s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40 seq=958630331 win=1480
SENT (2.0154s) TCP 172.17.4.74:32887 > 172.17.4.65:12345 S ttl=64 id=45439 iplen=40 seq=958630331 win=1480
^C
172.17.4.65# uname -a
NetBSD current 7.99.21 NetBSD 7.99.21 (GENERIC) #0: Wed Sep 9 15:04:14 JST 2015 ryo@moveq:/usr/src/sys/arch/amd64/compile/GENERIC amd64
172.17.4.65# tcpdump -n -ivmx0 host 172.17.4.74
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmx0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:44:10.564825 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
00:44:11.565459 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
00:44:12.565910 IP 172.17.4.74.32887 > 172.17.4.65.12345: Flags [S], seq 958630331, win 1480, length 0
^C
3 packets captured
3694 packets received by filter
0 packets dropped by kernel
--
ryo shimizu
State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Wed, 09 Sep 2015 16:20:17 +0000
State-Changed-Why:
I forgot to ask :-) thanks for confirming.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.