Duplicates in packet filters.

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Alan Cox: "Re: Problems to connect to certains WebSite"
• Previous message: Paiement, Michel Guy: "Problems to connect to certains WebSite"

I am running packet filters (i.e. tcpdump) on a Linux machine
(kernel 2.0.18 - Redhat 4.0), and I have observed the following problem :
any packet that comes _from_ the machine is seen twice by tcpdump (with
different TTL).

This is on a subnetted class C network. It is really puzzling because
I have done a mirror of the Linux system on another machine, have changed
the IP configuration (for another class C network -- not subnetted),
and on this other system there is no problem.

The question is : is this a bug in the kernel or simply a misconfiguration ?

Demonstration of the problem
............................

[root@m1 /tmp]# uname -a
Linux m1 2.0.18 #4 Mon Jan 27 18:13:53 MET 1997 i586

[root@m1 /tmp]# $TCPDUMP_PATH/tcpdump -v icmp
tcpdump: listening on eth0
tcpdump: WARNING: compensating for unaligned libpcap packets
15:00:02.923584 m1 > m2: icmp: echo request (ttl 64, id 55186)
15:00:02.923852 m1 > m2: icmp: echo request (ttl 63, id 55186)
15:00:03.138192 m2 > m1: icmp: echo reply (ttl 63, id 5286)
15:00:12.923585 m1 > m2: icmp: echo request (ttl 64, id 55195)
15:00:12.923865 m1 > m2: icmp: echo request (ttl 63, id 55195)
15:00:12.967968 m2 > m1: icmp: echo reply (ttl 63, id 5295)
15:00:22.923578 m1 > m2: icmp: echo request (ttl 64, id 55202)
15:00:22.923845 m1 > m2: icmp: echo request (ttl 63, id 55202)
15:00:23.025897 m2 > m1: icmp: echo reply (ttl 63, id 5302)
15:00:32.923592 m1 > m2: icmp: echo request (ttl 64, id 55210)
15:00:32.923866 m1 > m2: icmp: echo request (ttl 63, id 55210)
15:00:32.987712 m2 > m1: icmp: echo reply (ttl 63, id 5310)
[...]

(a "ping -i 10 m2" is done on m1, where tcpdump is run)

Clearly there are duplicate packets, since there is two ping-replies with
same id.
[ Note: the kernel is modified to have microsecond (pseudo-)resolution,
but duplicates are also observed with unmodified 2.0.18 kernel ]

Ethernet interface and IP addresses are:
........................................

The network is a Class C network which is subnetted:
Let [Class C] be the 3 bytes of the class C network...

broadcast: [Class C].15
netmask: [Class C].248
gateway: [Class C].14
m1 inet addr: [Class C].13
m2 : on another network

Kernel routing table is:
........................

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
[Class C].8 * 255.255.255.248 U 0 0 7 eth0
127.0.0.0 * 255.0.0.0 U 0 0 1 lo
default gateway 0.0.0.0 UG 0 0 7 eth0

Thanks for any help,

-- Cedric Adjih / cedric.adjih@inria.fr

• Next message: Alan Cox: "Re: Problems to connect to certains WebSite"
• Previous message: Paiement, Michel Guy: "Problems to connect to certains WebSite"