> This is a fragment from a tcpdump of a session of a ping-like program:
>
> 22:10:10.467564 me > target: icmp: echo request [ttl 1]
> 4500 001c 0916 0000 0101 9b73 c0a8 4a03
> c0a8 4a04 0800 eee8 0916 0001
> 22:10:10.467938 router > me: icmp: time exceeded in-transit [tos 0xc0]
> 45c0 004c 11d6 0000 4001 52c0 c0a8 4a07
> c0a8 4a03 0b00 34fe 0000 0000 4500 001c
> 0916 0000 0001 9c73 c0a8 4a03 c0a8 4a04
> 0800 eee8 0916 0001 0000 0000 0000 0000
> 0000 0000 0000 0000 0000 c001
>
> It seems that reading the answer is adding extra 20 bytes of zeroes
> (except the last 2 bytes - checksum?). Strange.
>
> First line and 4 bytes of the second line is the header. icmp type 0b -
> time exceeded. code 0. checksum 34fe. 4 dummy bytes of 0. And the data
> part. The original packet plus 18 bytes of zero plus 2 bytes of non-zero.
>
> !!!!!! The packet is correct on the wire - verified with tcpdump on an
> unrelated computer.
>
> Both tcpdump and the custom pinger see the longer reply packets.
> I can't see longer reply packets with tcpdump when I use normal ping
> program (the latest one from ANK).
>
> Smells like linux ip or raw socket bug. But I'm not sure yet.
>
I think there is a minimum packet length allowed and it is being
padded to the minimum length. If you invent your own "raw" packet
it is possible to send a below-minimum length. However, ICMP reply
packets will get padded to the minumum length.
Cheers,
Dick Johnson
***** FILE SYSTEM WAS MODIFIED *****
Penguin : Linux version 2.1.131 on an i686 machine (400.59 BogoMips).
Warning : It's hard to remain at the trailing edge of technology.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/