On Fri, Jul 27, 2001 at 09:28:43AM +0400, Alexey Kuznetsov wrote:
> > 21:35:58.096727 guardian.51277 > ghanima.endorphin.org.echo: udp 0
> > 21:35:58.096871 guardian.51277 > ghanima.endorphin.org.8: udp 0
> > 21:35:58.097673 guardian.51277 > ghanima.endorphin.org.discard: udp 0
> > 21:35:58.098479 guardian.51277 > ghanima.endorphin.org.1: udp 0
> > 21:35:58.099285 guardian.51277 > ghanima.endorphin.org.2: udp 0
> > 21:35:58.100029 guardian.51277 > ghanima.endorphin.org.3: udp 0
> > 21:35:58.100721 guardian.51277 > ghanima.endorphin.org.6: udp 0
> > ..and so on.
> Check ICMP error rate limits: /proc/sys/net/ipv4/icmp_destunreach_rate
ghanima:~$ cat /proc/sys/net/ipv4/icmp_destunreach_rate
i want to thank you, for being the first one recognizing this bug report at
all, but please do read my description a little bit more careful.
<quote from="my original message">
i tried to use kdb to trace the icmp_send, but got stuck somewhere after
ip_output in dev_queue_xmit. so obviously 2.4.7 really tries to send
something out to eth0, but fails somewhere somehow in low-level routines.
anyway, i found out something new:
for some udp packets a correct icmp error packet _is_ sent out of eth0.
20:19:26.410213 guardian.2335 > ghanima.endorphin.org.domain: 19140+ A?
20:19:26.410264 ghanima.endorphin.org > guardian: icmp:
ghanima.endorphin.org udp port domain unreachable [tos 0xc0]
apsend: (arbitary udp packet sender)
22:45:04.663056 guardian.14214 > ghanima.endorphin.org.echo: udp 0 (DF)
22:45:04.663118 ghanima.endorphin.org > guardian: icmp:
ghanima.endorphin.org udp port echo unreachable [tos 0xd0]
either if constructed by host or by apsend an icmp error is returned.
but not for nmap. if an udp packet is sent by nmap only an icmp error is
generated on lo, not for eth0.
please note that there are no real difference between apsend and nmap
packets and that the kernel is willing to sent a icmp error for an nmap
packet since i've followed icmp_send down to dev_queue_xmit with kdb.
to anyone who is not convinced, try out yourself:
udp scan host A from host B with 'nmap -sU -p 1-10' and 'tcpdump -i eth0' on
host A before you do this.