22:10:10.467564 me > target: icmp: echo request [ttl 1]
4500 001c 0916 0000 0101 9b73 c0a8 4a03
c0a8 4a04 0800 eee8 0916 0001
22:10:10.467938 router > me: icmp: time exceeded in-transit [tos 0xc0]
45c0 004c 11d6 0000 4001 52c0 c0a8 4a07
c0a8 4a03 0b00 34fe 0000 0000 4500 001c
0916 0000 0001 9c73 c0a8 4a03 c0a8 4a04
0800 eee8 0916 0001 0000 0000 0000 0000
0000 0000 0000 0000 0000 c001
It seems that reading the answer is adding extra 20 bytes of zeroes
(except the last 2 bytes - checksum?). Strange.
First line and 4 bytes of the second line is the header. icmp type 0b -
time exceeded. code 0. checksum 34fe. 4 dummy bytes of 0. And the data
part. The original packet plus 18 bytes of zero plus 2 bytes of non-zero.
!!!!!! The packet is correct on the wire - verified with tcpdump on an
unrelated computer.
Both tcpdump and the custom pinger see the longer reply packets.
I can't see longer reply packets with tcpdump when I use normal ping
program (the latest one from ANK).
Smells like linux ip or raw socket bug. But I'm not sure yet.
Linux 2.1.131ac9.
---
Meelis Roos (mroos@tartu.cyber.ee)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/