<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: Re: Problem with short udp packets
From: Olaf Titz <olaf,AT,bigred,DOT,inka,DOT,de>
Date: Sat, 03 Jan 2004 21:57:07 +0100
Organization: private Linux site, southern Germany
References: <20031228123556.2854e613.skraw@ithnet.com>

> kernel: UDP: short packet: a.b.c.d:40025 1528/1512 to e.f.g.h:40025
>
> on the e.f.g.h side. The interesting part about it is that all this udp 
> packets
> contain an ID-field of 0, whereas the normal data packets are counted up. 
> After
> these appear the throughput seems to drop dramatically.
> Can this be a problem in key exchange?

This looks like these are in fact the KX packets. Apparently the KX
packets, which are sent out via the regular UDP sendmsg() mechanism,
are treated differently wrt. IP ID generation than data packets, where
we fill all IP headers ourselves. Being able to tell KX packets apart
this way is a security problem, this must be fixed.

Which kernel version? This stuff is highly kernel version dependent.

For the original problem, can you try if the problem is still present
in the CVS version?

Olaf


<< | Thread Index | >> ]    [ << | Date Index | >> ]