lost UDP packet
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jan 15 22:00:32 UTC 2003
> no packet filtering, but I guess the reason might be due to udp_checksum,
> but I don't have idea how to check it.
Well tcpdump will check the checksum for you with the right
options or you can just check it yourself using the program
below.
I forget which program I ripped in_cksum() from (most
probably tcpdump or ping). I had to verify a packet and
all I had was the output from a packet trace from someone
reporting a similar problem.
Mark
> I.G
>
#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>
/*
* in_cksum --
* Checksum routine for Internet Protocol family headers (C Version)
*/
u_short
in_cksum(addr, len)
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
union {
u_short us;
u_char uc[2];
} last;
u_short answer;
/*
* Our algorithm is simple, using a 32 bit accumulator (sum), we add
* sequential 16 bit words to it, and at the end, fold back all the
* carry bits from the top 16 bits into the lower 16 bits.
*/
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
/* mop up an odd byte, if necessary */
if (nleft == 1) {
last.uc[0] = *(u_char *)w;
last.uc[1] = 0;
sum += last.us;
}
/* add back carry outs from top 16 bits to low 16 bits */
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return(answer);
}
#if 1
unsigned char packet[] = {
0x45, 0x00, 0x00, 0x40, 0x22, 0x12, 0x00, 0x00, 0xfe, 0x11, 0x3a, 0xc9, 0x0a, 0xde, 0xdf, 0x01,
0xc0, 0xa8, 0xb5, 0x49, 0x23, 0x29, 0x00, 0x35, 0x00, 0x2c, 0x81, 0x22, 0xdd, 0x91, 0x01, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x70, 0x61, 0x75, 0x6c, 0x69, 0x67, 0x05,
0x73, 0x6f, 0x72, 0x76, 0x69, 0x05, 0x62, 0x6f, 0x67, 0x75, 0x73, 0x00, 0x00, 0x01, 0x00, 0x01
};
#else
/* known good packet */
unsigned char packet[] = {
0x45, 0x00, 0x00, 0x3d, 0xca, 0x07, 0x00, 0x00,
0x40, 0x11, 0x2b, 0x9c, 0x82, 0x9b, 0xbf, 0xec,
0x82, 0x9b, 0xbf, 0xe9, 0x0c, 0x5d, 0x00, 0x35,
0x00, 0x29, 0x39, 0x14, 0x00, 0x06, 0x01, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x04, 0x62, 0x73, 0x64, 0x69, 0x02, 0x64, 0x76,
0x03, 0x69, 0x73, 0x63, 0x03, 0x6f, 0x72, 0x67,
0x00, 0x00, 0x01, 0x00, 0x01 };
#endif
unsigned char buf[64*1024];
main() {
struct ip iph, *ipp;
struct udphdr udph, *udpp;
unsigned char *cp = buf;
int len = sizeof(packet);
u_short uh_sum;
/* method 1 */
memcpy(&iph, packet, sizeof(iph));
memcpy(cp, &iph.ip_src, sizeof(iph.ip_src));
cp += sizeof(iph.ip_src);
memcpy(cp, &iph.ip_dst, sizeof(iph.ip_dst));
cp += sizeof(iph.ip_dst);
*cp++ = 0;
*cp++ = iph.ip_p;
memcpy(&udph, packet + sizeof(iph), sizeof(udph));
memcpy(cp, &udph.uh_ulen, sizeof(udph.uh_ulen));
cp += sizeof(udph.uh_ulen);
uh_sum = udph.uh_sum;
udph.uh_sum = 0;
memcpy(cp, &udph, sizeof(udph));
cp += sizeof(udph);
len -= sizeof(iph) + sizeof(udph);
memcpy(cp, packet + sizeof(iph) + sizeof(udph), len);
cp += len;
printf("%x %x\n", uh_sum, in_cksum(buf, cp - buf));
/* method 2 */
memcpy(buf, packet, sizeof(packet));
memset(buf, 0, 9);
ipp = (struct ip*)buf;
ipp->ip_sum = udph.uh_ulen;
udpp = (struct udphdr*)(buf + sizeof(*ipp));
udpp->uh_sum = 0;
printf("%x %x\n", uh_sum, in_cksum(buf, sizeof(packet)));
return (0);
}
> samval wrote:
>
> > "xrstig" <cuxiart at latinmail.com> a écrit dans le message de news:
> > b01blh$43mp$1 at isrv4.isc.org...
> > >
> > > I have a DNS server running on linux.. DNS runs bind software 9.2.1
> > >
> > > The tcpdump shows the following client query request arriving to the
> > > host, where the
> > > DNS server resides:
> > >
> > > > tcpdump -Nnx -i eth0 -s 100 udp port 53
> > > tcpdump: listening on eth0
> > >
> > > 16:24:56.512899 10.222.223.1.9001 > 192.168.181.73.domain: 56721+ A?
> > > paulig.sorvi.bogus. (36)
> > > 4500 0040 2212 0000 fe11 3ac9 0ade df01
> > > c0a8 b549 2329 0035 002c 8122 dd91 0100
> > > 0001 0000 0000 0000 0670 6175 6c69 6705
> > > 736f 7276 6905 626f 6775 7300 0001 0001
> > >
> > >
> > > However the output debug of the DNS server does not show the reception
> > > of this UDP packet, and hence none response is sent to the client.
> > >
> > >
> > > My question: How might I find out what is happening to the received
> > > packet?
> > > and why it's not send to the application server.
> > >
> > > thanks
> > >
> > are you packet filtering anything ????
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list