* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) [not found] <20060520191153.GV3776@stingr.net> @ 2006-05-20 21:04 ` Andrew Morton 2006-05-22 18:22 ` Vlad Yasevich 0 siblings, 1 reply; 9+ messages in thread From: Andrew Morton @ 2006-05-20 21:04 UTC (permalink / raw) To: Paul P Komkoff Jr; +Cc: linux-kernel, netdev Paul P Komkoff Jr <i@stingr.net> wrote: > > Hello! > > I have a userspace application, which talks WCCP2 with cisco routers. > It sends and receives UDP packets on port 2048. After I've updated my > server to 2.6.16, it stopped working. > > Examining logs and packet dumps of previous (2.6.15 kernel) vs. > current, I found, that cisco will not understand packets generated by > 2.6.16. The only difference in that packets was IP id field, which was > increasing (1, 2, ...) with old kernel, and always 0 with 2.6.16. > > Looking thru the changelog, I've found a suspect. It was this commit: > http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d > > Reverting this patch fixes my problems - the router understands > packets again. > > I took a look through the code and ip_select_ident codepath but still > don't understand why it setting id to 0. (netdev cc added) ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-20 21:04 ` Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) Andrew Morton @ 2006-05-22 18:22 ` Vlad Yasevich 2006-05-22 18:48 ` Rick Jones 0 siblings, 1 reply; 9+ messages in thread From: Vlad Yasevich @ 2006-05-22 18:22 UTC (permalink / raw) To: Paul P Komkoff Jr; +Cc: linux-kernel, netdev On Sat, 2006-05-20 at 14:04 -0700, Andrew Morton wrote: > Paul P Komkoff Jr <i@stingr.net> wrote: > > > > Hello! > > > > I have a userspace application, which talks WCCP2 with cisco routers. > > It sends and receives UDP packets on port 2048. After I've updated my > > server to 2.6.16, it stopped working. > > > > Examining logs and packet dumps of previous (2.6.15 kernel) vs. > > current, I found, that cisco will not understand packets generated by > > 2.6.16. The only difference in that packets was IP id field, which was > > increasing (1, 2, ...) with old kernel, and always 0 with 2.6.16. > > > > Looking thru the changelog, I've found a suspect. It was this commit: > > http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1a55d57b107c3e06935763905dc0fb235214569d > > > > Reverting this patch fixes my problems - the router understands > > packets again. > > > > I took a look through the code and ip_select_ident codepath but still > > don't understand why it setting id to 0. IP id is set to 0 on unconnected sockets when the DF bit is set (path mtu discovery is enabled). Try issuing a connect() in your application and see if the ids are increasing again. -vlad ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 18:22 ` Vlad Yasevich @ 2006-05-22 18:48 ` Rick Jones 2006-05-22 18:54 ` Vlad Yasevich 2006-05-22 21:11 ` Alan Cox 0 siblings, 2 replies; 9+ messages in thread From: Rick Jones @ 2006-05-22 18:48 UTC (permalink / raw) To: Vlad Yasevich; +Cc: Paul P Komkoff Jr, linux-kernel, netdev > IP id is set to 0 on unconnected sockets when the DF bit is set (path > mtu discovery is enabled). Try issuing a connect() in your application > and see if the ids are increasing again. ID of zero again? I thought that went away years ago? Anyway, given the number of "helpful" devices out there willing to clear the DF bit, fragment and forward, perhaps always setting the IP ID to 0, even if DF is set, isn't such a good idea? rick jones ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 18:48 ` Rick Jones @ 2006-05-22 18:54 ` Vlad Yasevich 2006-05-22 20:21 ` Paul P Komkoff Jr 2006-05-22 21:11 ` Alan Cox 1 sibling, 1 reply; 9+ messages in thread From: Vlad Yasevich @ 2006-05-22 18:54 UTC (permalink / raw) To: Rick Jones; +Cc: Paul P Komkoff Jr, linux-kernel, netdev On Mon, 2006-05-22 at 11:48 -0700, Rick Jones wrote: > > IP id is set to 0 on unconnected sockets when the DF bit is set (path > > mtu discovery is enabled). Try issuing a connect() in your application > > and see if the ids are increasing again. > > ID of zero again? I thought that went away years ago? Anyway, given > the number of "helpful" devices out there willing to clear the DF bit, > fragment and forward, perhaps always setting the IP ID to 0, even if DF > is set, isn't such a good idea? Hey... I just report what I find... ;) I had to look at this code a bit for some SCTP cases as well and this seems to be how it works. Here a comment from the code for the case of the DF bit being set /* This is only to work around buggy Windows95/2000 * VJ compression implementations. If the ID field * does not change, they drop every other packet in * a TCP stream using header compression. */ -vlad > > rick jones > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 18:54 ` Vlad Yasevich @ 2006-05-22 20:21 ` Paul P Komkoff Jr 2006-05-22 21:10 ` Vlad Yasevich 0 siblings, 1 reply; 9+ messages in thread From: Paul P Komkoff Jr @ 2006-05-22 20:21 UTC (permalink / raw) To: Vlad Yasevich; +Cc: Rick Jones, Paul P Komkoff Jr, linux-kernel, netdev Replying to Vlad Yasevich: > /* This is only to work around buggy Windows95/2000 > * VJ compression implementations. If the ID field > * does not change, they drop every other packet in > * a TCP stream using header compression. > */ Unfortunately, cisco IOS also complains that packets are "duplicate". And, regarding to your previous message on how to fix this - IIRC, if I do connect() on this socket, it will refuse to receive datagrams from hosts other than specified in connect(), and I will be unable to bind another socket to the same port on my side. That said, the only solution which is close to what been before, will be to keep one socket for receive, and create socket for each router I am communicating with, right? -- Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key This message represents the official view of the voices in my head ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 20:21 ` Paul P Komkoff Jr @ 2006-05-22 21:10 ` Vlad Yasevich 0 siblings, 0 replies; 9+ messages in thread From: Vlad Yasevich @ 2006-05-22 21:10 UTC (permalink / raw) To: Paul P Komkoff Jr; +Cc: Rick Jones, linux-kernel, netdev On Tue, 2006-05-23 at 00:21 +0400, Paul P Komkoff Jr wrote: > Replying to Vlad Yasevich: > > /* This is only to work around buggy Windows95/2000 > > * VJ compression implementations. If the ID field > > * does not change, they drop every other packet in > > * a TCP stream using header compression. > > */ > > Unfortunately, cisco IOS also complains that packets are "duplicate". > And, regarding to your previous message on how to fix this - IIRC, if > I do connect() on this socket, it will refuse to receive datagrams > from hosts other than specified in connect(), and I will be unable to > bind another socket to the same port on my side. > > That said, the only solution which is close to what been before, will > be to keep one socket for receive, and create socket for each router I > am communicating with, right? Yewwww... I see you problem. To me this sounds like a bug in IOS. I hope someone else would comment. I did previously search a bunch of RFC and nowhere did a find a requirement that IDs should be non-zero when DF bit is set. The only time IP IDs are mentioned is in the fragmentation and reassembly description. -vlad ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 18:48 ` Rick Jones 2006-05-22 18:54 ` Vlad Yasevich @ 2006-05-22 21:11 ` Alan Cox 2006-05-22 21:06 ` Rick Jones [not found] ` <20060522.161951.92584947.davem@davemloft.net> 1 sibling, 2 replies; 9+ messages in thread From: Alan Cox @ 2006-05-22 21:11 UTC (permalink / raw) To: Rick Jones; +Cc: Vlad Yasevich, Paul P Komkoff Jr, linux-kernel, netdev On Llu, 2006-05-22 at 11:48 -0700, Rick Jones wrote: > ID of zero again? I thought that went away years ago? Anyway, given > the number of "helpful" devices out there willing to clear the DF bit, > fragment and forward, perhaps always setting the IP ID to 0, even if DF > is set, isn't such a good idea? Any device that clears DF is so terminally broken that you've already lost the battle the moment you bought it. Alan ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) 2006-05-22 21:11 ` Alan Cox @ 2006-05-22 21:06 ` Rick Jones [not found] ` <20060522.161951.92584947.davem@davemloft.net> 1 sibling, 0 replies; 9+ messages in thread From: Rick Jones @ 2006-05-22 21:06 UTC (permalink / raw) To: Alan Cox; +Cc: Vlad Yasevich, Paul P Komkoff Jr, linux-kernel, netdev Alan Cox wrote: > On Llu, 2006-05-22 at 11:48 -0700, Rick Jones wrote: > >>ID of zero again? I thought that went away years ago? Anyway, given >>the number of "helpful" devices out there willing to clear the DF bit, >>fragment and forward, perhaps always setting the IP ID to 0, even if DF >>is set, isn't such a good idea? > > > Any device that clears DF is so terminally broken that you've already > lost the battle the moment you bought it. Perhaps, but still, always setting the IP datagram ID to the same value even with the DF bit set seems contrary to the "conservative in what we send" that is so often brought-forth as a reason a stack behaves the way it does. rick jones ^ permalink raw reply [flat|nested] 9+ messages in thread
[parent not found: <20060522.161951.92584947.davem@davemloft.net>]
* Re: Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) [not found] ` <20060522.161951.92584947.davem@davemloft.net> @ 2006-05-23 8:13 ` Paul P Komkoff Jr 0 siblings, 0 replies; 9+ messages in thread From: Paul P Komkoff Jr @ 2006-05-23 8:13 UTC (permalink / raw) To: David S. Miller Cc: alan, rick.jones2, vladislav.yasevich, i, linux-kernel, netdev Replying to David S. Miller: > That's my position too and I'm pretty much going to ignore any > request to change this behavior. Accorind to this article, some people count this as security issue: http://www.securityfocus.com/archive/1/427622 Well ... someone with Cisco support contract can open a TAC case on this ? -- Paul P 'Stingray' Komkoff Jr // http://stingr.net/key <- my pgp key This message represents the official view of the voices in my head ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2006-05-23 8:13 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20060520191153.GV3776@stingr.net>
2006-05-20 21:04 ` Was change to ip_push_pending_frames intended to break udp (more specifically, WCCP?) Andrew Morton
2006-05-22 18:22 ` Vlad Yasevich
2006-05-22 18:48 ` Rick Jones
2006-05-22 18:54 ` Vlad Yasevich
2006-05-22 20:21 ` Paul P Komkoff Jr
2006-05-22 21:10 ` Vlad Yasevich
2006-05-22 21:11 ` Alan Cox
2006-05-22 21:06 ` Rick Jones
[not found] ` <20060522.161951.92584947.davem@davemloft.net>
2006-05-23 8:13 ` Paul P Komkoff Jr
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).