lost UDP packet

Wed Jan 15 22:00:32 UTC 2003

> no packet filtering, but I guess the reason might be due to udp_checksum,
> but I don't have idea how to check it.

	Well tcpdump will check the checksum for you with the right
	options or you can just check it yourself using the program
	below.

	I forget which program I ripped in_cksum() from (most
	probably tcpdump or ping).  I had to verify a packet and
	all I had was the output from a packet trace from someone
	reporting a similar problem.

	Mark

> I.G
> 

#include <sys/types.h>
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/udp.h>


/*
 * in_cksum --
 *	Checksum routine for Internet Protocol family headers (C Version)
 */
u_short
in_cksum(addr, len)
	u_short *addr;
	int len;
{
	register int nleft = len;
	register u_short *w = addr;
	register int sum = 0;
	union {
		u_short	us;
		u_char	uc[2];
	} last;
	u_short answer;

	/*
	 * Our algorithm is simple, using a 32 bit accumulator (sum), we add
	 * sequential 16 bit words to it, and at the end, fold back all the
	 * carry bits from the top 16 bits into the lower 16 bits.
	 */
	while (nleft > 1)  {
		sum += *w++;
		nleft -= 2;
	}

	/* mop up an odd byte, if necessary */
	if (nleft == 1) {
		last.uc[0] = *(u_char *)w;
		last.uc[1] = 0;
		sum += last.us;
	}

	/* add back carry outs from top 16 bits to low 16 bits */
	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
	sum += (sum >> 16);			/* add carry */
	answer = ~sum;				/* truncate to 16 bits */
	return(answer);
}

#if 1
unsigned char packet[] = {
0x45, 0x00, 0x00, 0x40, 0x22, 0x12, 0x00, 0x00, 0xfe, 0x11, 0x3a, 0xc9, 0x0a, 0xde, 0xdf, 0x01,
0xc0, 0xa8, 0xb5, 0x49, 0x23, 0x29, 0x00, 0x35, 0x00, 0x2c, 0x81, 0x22, 0xdd, 0x91, 0x01, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x70, 0x61, 0x75, 0x6c, 0x69, 0x67, 0x05,
0x73, 0x6f, 0x72, 0x76, 0x69, 0x05, 0x62, 0x6f, 0x67, 0x75, 0x73, 0x00, 0x00, 0x01,  0x00, 0x01
};
#else
	/* known good packet */
unsigned char packet[] = {
	0x45, 0x00, 0x00, 0x3d, 0xca, 0x07, 0x00, 0x00,
	0x40, 0x11, 0x2b, 0x9c, 0x82, 0x9b, 0xbf, 0xec,
	0x82, 0x9b, 0xbf, 0xe9, 0x0c, 0x5d, 0x00, 0x35,
	0x00, 0x29, 0x39, 0x14, 0x00, 0x06, 0x01, 0x00,
	0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x04, 0x62, 0x73, 0x64, 0x69, 0x02, 0x64, 0x76,
	0x03, 0x69, 0x73, 0x63, 0x03, 0x6f, 0x72, 0x67,
	0x00, 0x00, 0x01, 0x00, 0x01 };
#endif


unsigned char buf[64*1024];

main() {
	struct ip iph, *ipp;
	struct udphdr udph, *udpp;
	unsigned char *cp = buf;
	int len = sizeof(packet);
	u_short uh_sum;
	
	/* method 1 */
	memcpy(&iph, packet, sizeof(iph));
	memcpy(cp, &iph.ip_src, sizeof(iph.ip_src));
	cp += sizeof(iph.ip_src);
	memcpy(cp, &iph.ip_dst, sizeof(iph.ip_dst));
	cp += sizeof(iph.ip_dst);
	*cp++ = 0;
	*cp++ = iph.ip_p;
	memcpy(&udph, packet + sizeof(iph), sizeof(udph));
	memcpy(cp, &udph.uh_ulen, sizeof(udph.uh_ulen));
	cp += sizeof(udph.uh_ulen);
	uh_sum = udph.uh_sum;
	udph.uh_sum = 0;
	memcpy(cp, &udph, sizeof(udph));
	cp += sizeof(udph);
	len -= sizeof(iph) + sizeof(udph);
	memcpy(cp, packet + sizeof(iph) + sizeof(udph), len);
	cp += len;
	printf("%x %x\n", uh_sum, in_cksum(buf, cp - buf));

	/* method 2 */
	memcpy(buf, packet, sizeof(packet));
	memset(buf, 0, 9);
	ipp = (struct ip*)buf;
	ipp->ip_sum = udph.uh_ulen;
	udpp = (struct udphdr*)(buf + sizeof(*ipp));
	udpp->uh_sum = 0;
	printf("%x %x\n", uh_sum, in_cksum(buf, sizeof(packet)));
	
	return (0);
}
> samval wrote:
> 
> > "xrstig" <cuxiart at latinmail.com> a écrit dans le message de news:
> > b01blh$43mp$1 at isrv4.isc.org...
> > >
> > > I have a DNS server running on  linux.. DNS runs bind software 9.2.1
> > >
> > > The tcpdump shows the following client query  request arriving to the
> > > host, where the
> > > DNS server resides:
> > >
> > > > tcpdump -Nnx -i eth0 -s 100 udp port 53
> > > tcpdump: listening on eth0
> > >
> > > 16:24:56.512899 10.222.223.1.9001 > 192.168.181.73.domain:  56721+ A?
> > > paulig.sorvi.bogus. (36)
> > >                          4500 0040 2212 0000 fe11 3ac9 0ade df01
> > >                          c0a8 b549 2329 0035 002c 8122 dd91 0100
> > >                          0001 0000 0000 0000 0670 6175 6c69 6705
> > >                          736f 7276 6905 626f 6775 7300 0001 0001
> > >
> > >
> > > However the output debug of the DNS server does not show the reception
> > > of this UDP packet, and hence  none response is sent to the client.
> > >
> > >
> > > My question: How might I find out what is happening to the received
> > > packet?
> > > and why it's not send to the application server.
> > >
> > > thanks
> > >
> > are you packet filtering anything ????
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org