From nobody@www.freebsd.org  Mon May 13 18:56:14 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 56E8B37B404
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 13 May 2002 18:56:14 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4E1uDhG077369
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 13 May 2002 18:56:13 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g4E1uDpL077368;
	Mon, 13 May 2002 18:56:13 -0700 (PDT)
Message-Id: <200205140156.g4E1uDpL077368@www.freebsd.org>
Date: Mon, 13 May 2002 18:56:13 -0700 (PDT)
From: Amagai Yoshiji <amagai@nue.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ppp alters IP header length field 40 -> 46

>Number:         38058
>Category:       bin
>Synopsis:       ppp w/ VJ compression alters IP header length field 40 -> 46
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 13 19:00:04 PDT 2002
>Closed-Date:    Thu Feb 03 10:55:18 GMT 2005
>Last-Modified:  Thu Feb 03 10:55:18 GMT 2005
>Originator:     Amagai Yoshiji
>Release:        FreeBSD 4.5-RELEASE-p4
>Organization:
New Unified Environment Research Project
>Environment:
System: FreeBSD may.nue.org 4.5-RELEASE FreeBSD 4.5-RELEASE #3: Fri Apr 26 14:2\
5:46 JST 2002 amagai@may.nue.org:/usr/src/sys/compile/MAY i386

>Description:
 Sent a 40 octet length IP datagram (typically, TCP Ack only segment
without any TCP options) on ppp connection, the IP header length field
was alterd from 40 to 46 sometimes.  It makes TCP checksum incorrect.

       ------ PPP -------  router
HostA ------TCP/IP-------- HostB ---- TCP/IP ------ HostC

on HostA: sysctl net.inet.tcp.rfc1323=0
on HostB: gateway_enable="YES"

I tried PPP in 2 modes, as follows, (on HostA)

 set device "!rsh HostB exec /usr/sbin/ppp -direct vpn"

 set device HostB:1001/tcp

IP datagram was broken in ether mode.
================================================================
caputerd on HostB Ether interface.
================================================================
Frame 31 (54 on wire, 54 captured)
    Arrival Time: May 13, 2002 15:53:35.6882
    Time delta from previous packet: 0.000796 seconds
    Time relative to first packet: 7.598413 seconds
    Frame Number: 31
    Packet Length: 54 bytes
    Capture Length: 54 bytes
Ethernet II
    Destination: 00:02:17:7c:ec:1c (Cisco_7c:ec:1c)
    Source: 00:30:48:10:64:2c (Supermic_10:64:2c)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x0891
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 250
    Protocol: TCP (0x06)
    Header checksum: 0x1a2a (correct)
    Source: HostA
    Destination: HostC
Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849
    Source port: 1057 (1057)
    Destination port: 4420 (4420)
    Sequence number: 207433985
    Acknowledgement number: 1555843849
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 2048
    Checksum: 0x0f37 (correct)

   0  0002 177c ec1c 0030 4810 642c 0800 4500   ...|...0H.d,..E.
  10  0028 0891 0000 fa06 1a2a c005 d881 a38a   .(.......*......
  20  6203 0421 1144 0c5d 3101 5cbc 4b09 5010   b..!.D.]1.\.K.P.
  30  0800 0f37 0000 
================================================================
caputerd on HostC tun0 interface. broken.
================================================================
Frame 32 (50 on wire, 50 captured)
    Arrival Time: May 13, 2002 15:52:56.9767
    Time delta from previous packet: 0.001853 seconds
    Time relative to first packet: 7.607596 seconds
    Frame Number: 32
    Packet Length: 50 bytes
    Capture Length: 50 bytes
Null/Loopback
    Family: IP (0x00000002)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 46
    Identification: 0x0891
    Flags: 0x00
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 247
    Protocol: TCP (0x06)
    Header checksum: 0x1d24 (correct)
    Source: HostA
    Destination: HostC
Transmission Control Protocol, Src Port: 1057 (1057), Dst Port: 4420 (4420), Seq: 207433985, Ack: 1555843849
    Source port: 1057 (1057)
    Destination port: 4420 (4420)
    Sequence number: 207433985
    Next sequence number: 207433991
    Acknowledgement number: 1555843849
    Header length: 20 bytes
    Flags: 0x0010 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 2048
    Checksum: 0x0f37 (incorrect, should be 0x0f31)
Data (6 bytes)

   0  0200 0000 4500 002e 0891 0000 f706 1d24   ....E..........$
  10  c005 d881 a38a 6203 0421 1144 0c5d 3101   ......b..!.D.]1.
  20  5cbc 4b09 5010 0800 0f37 0000 0000 0000   \.K.P....7......
  30  0000                                      ..




>How-To-Repeat:
      
>Fix:
      
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: brian 
Responsible-Changed-When: Mon May 13 19:29:05 PDT 2002 
Responsible-Changed-Why:  
ppp's mine 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38058 

From: Brian Somers <brian@Awfulhak.org>
To: Amagai Yoshiji <amagai@nue.org>
Cc: freebsd-gnats-submit@FreeBSD.ORG, brian@Awfulhak.org
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46 
Date: Tue, 14 May 2002 03:28:42 +0100

 > >Number:         38058
 > >Category:       bin
 > >Synopsis:       ppp alters IP header length field 40 -> 46
 
 Can the submitter enable physical logging on each side of the link in 
 ppp with
 
   set log +physical
 
 This can then be compared against the data ``on the wire''.
 
 I would think that this is unlikely to be anything to do with ppp - 
 which doesn't go near the payload except to:
 
   a) examine it for logging purposes
   b) filter based on content
   c) NAT.
 
 Also, where did you measure the traffic.  Are you measuring on the 
 tun interface, or are you running something like PPPoE and measuring 
 on the PPPoE interface ?
 
 Cheers.
 
 -- 
 Brian <brian@Awfulhak.org>                    <brian@freebsd-services.com>
       <http://www.Awfulhak.org>                   <brian@[uk.]FreeBSD.org>
 Don't _EVER_ lose your sense of humour !          <brian@[uk.]OpenBSD.org>
 
 

From: Brian Somers <brian@Awfulhak.org>
To: amagai@nue.org
Cc: brian@Awfulhak.org, freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46 
Date: Tue, 14 May 2002 12:05:05 +0100

 > Hi,
 > I put 'disable vjcomp'  to ppp.conf, then everythig works well!
 
 Wow, that's bad news... well, I guess it's good that we know what's 
 to blame.
 
 I'll look into things and try to reproduce the problem locally.
 
 > Regards,
 > 
 > Amagai
 
 Cheers.
 -- 
 Brian <brian@Awfulhak.org>                    <brian@freebsd-services.com>
       <http://www.Awfulhak.org>                   <brian@[uk.]FreeBSD.org>
 Don't _EVER_ lose your sense of humour !          <brian@[uk.]OpenBSD.org>
 
 

From: amagai@nue.org
To: brian@Awfulhak.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46 
Date: Wed, 15 May 2002 13:16:11 +0900 (JST)

 Hi,
 
 > Wow, that's bad news... well, I guess it's good that we know what's 
 
 I think so.  This is another capture data.
 
 Uncompressing may be no probem. But, length of Frame 35 Physical data
 is bad.
 
 Physical:  7e 2d 04 bd 67 00 0b 68 00 00 00 00 00 00 c8 13  ~-..g..h........ 
 Physical:  7e                                               ~ 
 
 7e 2d   flag, protcol compressed tcp
 04      change flag = 4 NewA
 bd 67   tcp checksum
 00 0b 68    delta Ack 0x0b68 == 2920 :  1731322184 - 1731319264
 00 00 00 00 00 00  <<<<<< illegal data
 c8 13   FCS
 7e      flag
 
 Amagai Yoshiji
 
 ================================================================
 May 15 11:20:28  Physical: read 
 May 15 11:20:28  Physical:  7e 2f 45 08 00 28 6e 58 40 00 3d 05 31 90 c0 05  ~/E..(nX@.=.1... 
 May 15 11:20:28  Physical:  d8 48 a3 8a 62 07 c0 48 04 6d b0 ff 53 a1 67 31  .H..b..H.m..S.g1 
 May 15 11:20:28  Physical:  d5 e0 50 10 42 bc c8 cf 00 00 cb 08 7e           ..P.B.......~ 
 May 15 11:20:28  Debug: deflink: DescriptorRead: read 45/2048 from 2 
 May 15 11:20:28  Debug: deflink: hdlc_LayerPull: fcs = f0b8 (good) 
 May 15 11:20:28  Debug: proto_LayerPull: unknown -> 0x002f 
 May 15 11:20:28  Debug: vj_LayerPull: PROTO_VJUNCOMP -> PROTO_IP 
 May 15 11:20:28  Debug: link_PullPacket: Despatch proto 0x0021 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: vj_LayerWrite: type = 80 
 May 15 11:20:28  Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 11:20:28  Debug: proto_LayerPush: Using 0x002d 
 May 15 11:20:28  Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 
 Frame 29 (44 on wire, 44 captured)
     Arrival Time: May 15, 2002 11:20:28.890499000
     Time delta from previous packet: 0.077026000 seconds
     Time relative to first packet: 6.091643000 seconds
     Frame Number: 29
     Packet Length: 44 bytes
     Capture Length: 44 bytes
 Null/Loopback
     Family: IP (0x00000002)
 Internet Protocol, Src Addr: 192.5.216.72 (192.5.216.72), Dst Addr: 163.138.98.7 (163.138.98.7)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)
         0000 10.. = Differentiated Services Codepoint: Unknown (0x02)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 40
     Identification: 0x6e58
     Flags: 0x04
         .1.. = Don't fragment: Set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 61
     Protocol: TCP (0x06)
     Header checksum: 0x3190 (correct)
     Source: 192.5.216.72 (192.5.216.72)
     Destination: 163.138.98.7 (163.138.98.7)
 Transmission Control Protocol, Src Port: 49224 (49224), Dst Port: 1133 (1133), Seq: 2969523105, Ack: 1731319264
     Source port: 49224 (49224)
     Destination port: 1133 (1133)
     Sequence number: 2969523105
     Acknowledgement number: 1731319264
     Header length: 20 bytes
     Flags: 0x0010 (ACK)
         0... .... = Congestion Window Reduced (CWR): Not set
         .0.. .... = ECN-Echo: Not set
         ..0. .... = Urgent: Not set
         ...1 .... = Acknowledgment: Set
         .... 0... = Push: Not set
         .... .0.. = Reset: Not set
         .... ..0. = Syn: Not set
         .... ...0 = Fin: Not set
     Window size: 17084
     Checksum: 0xc8cf (correct)
 
 May 15 11:20:28  Physical: write 
 May 15 11:20:28  Physical:  7e 2d 2f e9 c7 07 20 23 54 33 35 20 a5 d4 a5 e9  ~-/... #T35 .... 
 ...
 May 15 11:20:28  Physical:  d7 a5 ed a5 b0 a5 e9 a5 df a5 11 60 7e           ...........`~ 
 May 15 11:20:28  Debug: deflink: DescriptorWrite: wrote 1469(1469) to 2 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: vj_LayerWrite: type = 80 
 May 15 11:20:28  Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 11:20:28  Debug: proto_LayerPush: Using 0x002d 
 May 15 11:20:28  Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 May 15 11:20:28  Physical: write 
 May 15 11:20:28  Physical:  7e 2d 0f e5 1a f3 a5 b0 bc ea cb a1 0a 50 a4 ed  ~-...........P.. 
 ...
 May 15 11:20:28  Physical:  a4 ed a4 c8 63 a4 aa 6c 20 23 54 33 35 20 a5 d7  ....c..l #T35 .. 
 May 15 11:20:28  Debug: deflink: DescriptorWrite: wrote 1468(1468) to 2 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: vj_LayerWrite: type = 80 
 May 15 11:20:28  Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 11:20:28  Debug: proto_LayerPush: Using 0x002d 
 May 15 11:20:28  Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 
 May 15 11:20:28  Physical: read 
 May 15 11:20:28  Physical:  7e 2d 04 bd 67 00 0b 68 00 00 00 00 00 00 c8 13  ~-..g..h........ 
 May 15 11:20:28  Physical:  7e                                               ~ 
 May 15 11:20:28  Debug: deflink: DescriptorRead: read 17/2048 from 2 
 May 15 11:20:28  Debug: deflink: hdlc_LayerPull: fcs = f0b8 (good) 
 May 15 11:20:28  Debug: proto_LayerPull: unknown -> 0x002d 
 May 15 11:20:28  Debug: vj_LayerPull: PROTO_VJCOMP -> PROTO_IP 
 May 15 11:20:28  Debug: compressed: changes = 04 
 May 15 11:20:28  Debug: Uncompress: id = 596e, seq = b0ff53a1 
 May 15 11:20:28  Debug: Uncompress: olen = 12, dlen = 6, hlen = 20, cs_hlen 40, cs->cs_ip.ip_len = 46 
 May 15 11:20:28  Debug: link_PullPacket: Despatch proto 0x0021 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 
 Frame 35 (50 on wire, 50 captured)
     Arrival Time: May 15, 2002 11:20:28.933370000
     Time delta from previous packet: 0.023792000 seconds
     Time relative to first packet: 6.134514000 seconds
     Frame Number: 35
     Packet Length: 50 bytes
     Capture Length: 50 bytes
 Null/Loopback
     Family: IP (0x00000002)
 Internet Protocol, Src Addr: 192.5.216.72 (192.5.216.72), Dst Addr: 163.138.98.7 (163.138.98.7)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)
         0000 10.. = Differentiated Services Codepoint: Unknown (0x02)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 46
     Identification: 0x6e59
     Flags: 0x04
         .1.. = Don't fragment: Set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 61
     Protocol: TCP (0x06)
     Header checksum: 0x3189 (correct)
     Source: 192.5.216.72 (192.5.216.72)
     Destination: 163.138.98.7 (163.138.98.7)
 Transmission Control Protocol, Src Port: 49224 (49224), Dst Port: 1133 (1133), Seq: 2969523105, Ack: 1731322184
     Source port: 49224 (49224)
     Destination port: 1133 (1133)
     Sequence number: 2969523105
     Next sequence number: 2969523111
     Acknowledgement number: 1731322184
     Header length: 20 bytes
     Flags: 0x0010 (ACK)
         0... .... = Congestion Window Reduced (CWR): Not set
         .0.. .... = ECN-Echo: Not set
         ..0. .... = Urgent: Not set
         ...1 .... = Acknowledgment: Set
         .... 0... = Push: Not set
         .... .0.. = Reset: Not set
         .... ..0. = Syn: Not set
         .... ...0 = Fin: Not set
     Window size: 17084
     Checksum: 0xbd67 (incorrect, should be 0xbd61)
 FTP Data
     FTP Data: \000\000\000\000\000\000
 
 May 15 11:20:28  Physical: write 
 May 15 11:20:28  Physical:  7e 2d 0f ad ae e0 a5 bf a5 d6 0a 53 79 6d a4 dc  ~-.........Sym.. 
 ...
 May 15 11:20:28  Physical:  c4 64 79 20 23 54 33 30 20 e9 b1 7e              .dy #T30 ..~ 
 May 15 11:20:28  Debug: deflink: DescriptorWrite: wrote 1468(1468) to 2 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: vj_LayerWrite: type = 80 
 May 15 11:20:28  Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 11:20:28  Debug: proto_LayerPush: Using 0x002d 
 May 15 11:20:28  Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 May 15 11:20:28  Physical: write 
 May 15 11:20:28  Physical:  7e 2d 0f 40 18 a5 b9 a5 bf a5 c7 a5 a3 0a 53 a4  ~-.@..........S. 
 ...
 May 15 11:20:28  Physical:  35 20 a5 e9 a5 b9 a5 c8 0a a8 15 7e              5 .........~ 
 May 15 11:20:28  Debug: deflink: DescriptorWrite: wrote 1468(1468) to 2 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: vj_LayerWrite: type = 80 
 May 15 11:20:28  Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 11:20:28  Debug: proto_LayerPush: Using 0x002d 
 May 15 11:20:28  Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 11:20:28  Debug: m_enqueue: len = 1 
 May 15 11:20:28  Physical: read 
 May 15 11:20:28  Physical:  7e 2d 04 b1 ff 00 0b 68 00 00 00 00 00 00 ba e8  ~-.....h........ 
 May 15 11:20:28  Physical:  7e                                               ~ 
 May 15 11:20:28  Debug: deflink: DescriptorRead: read 17/2048 from 2 
 May 15 11:20:28  Debug: deflink: hdlc_LayerPull: fcs = f0b8 (good) 
 May 15 11:20:28  Debug: proto_LayerPull: unknown -> 0x002d 
 May 15 11:20:28  Debug: vj_LayerPull: PROTO_VJCOMP -> PROTO_IP 
 May 15 11:20:28  Debug: compressed: changes = 04 
 May 15 11:20:28  Debug: Uncompress: id = 5a6e, seq = b0ff53a1 
 May 15 11:20:28  Debug: Uncompress: olen = 12, dlen = 6, hlen = 20, cs_hlen 40, cs->cs_ip.ip_len = 46 
 May 15 11:20:28  Debug: link_PullPacket: Despatch proto 0x0021 
 May 15 11:20:28  Debug: m_dequeue: queue len = 1 
 May 15 11:20:28  Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 ================================================================

From: amagai@nue.org
To: brian@Awfulhak.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46 
Date: Wed, 15 May 2002 15:26:13 +0900 (JST)

 Hi,
 I put some debug print to PPP sources.
 In bundle.c, PPP read IP data from tun interface. 
 And, tun return with extra bytes sometimes.
 
 Frame 30, it returns 40 (+ 4 for header), but, Frame 35 return 46
 bytes.  VJ-compress treats the extra 6 bytes as a TCP data.static int
 
 Ethereal alos captured 44 and 50 octets....
 
 static int
 bundle_IsSet(struct fdescriptor *d, const fd_set *fdset)
 {
 ...
    n = read(bundle->dev.fd, data, sz);
     if (n < 0) {
       log_Printf(LogWARN, "%s: read: %s\n", bundle->dev.Name, strerror(errno));
       return;
     }
     log_Printf(LogDEBUG, "bundle_DescriptorRead 0: n %d\n", n);  <<<< 
 
 Amagai
 ================================================================
 May 15 14:54:16 Debug: bundle_DescriptorRead 0: n 44 
 May 15 14:54:16 TCP/IP: OUT TCP: 192.5.216.72:49238 ---> 163.138.98.7:1164 ACK  seq:a84f279c  ack:6478bc72 (0/40) 
 May 15 14:54:16 Debug: ip_Enqueue 0: count 44 
 May 15 14:54:16 Debug: m_enqueue: len = 1 
 May 15 14:54:16 Debug: m_dequeue: queue len = 1 
 May 15 14:54:16 Debug: tcpmss_Check 0: mlength 40 
 May 15 14:54:16 Debug: vj_LayerPush 0: mlength 40 
 May 15 14:54:16 Debug: compressed 0: mlength 40 
 May 15 14:54:16 Debug: vj_LayerWrite: type = 70 
 May 15 14:54:16 Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 14:54:16 Debug: DeflateOutput: Proto 2f (40 bytes) 
 May 15 14:54:16 Debug: DeflateOutput: Compress packet: 
 May 15 14:54:16 Debug:  45 08 00 28 ed b6 40 00 3d 01 b2 31 c0 05 d8 48  E..(..@.=..1...H 
 May 15 14:54:16 Debug:  a3 8a 62 07 c0 56 04 8c a8 4f 27 9c 64 78 bc 72  ..b..V...O'.dx.r 
 May 15 14:54:16 Debug:  50 10 42 bc 19 7f 00 00                          P.B..... 
 May 15 14:54:16 Debug: DeflateOutput: Seq 10 
 May 15 14:54:16 Debug: DeflateOutput: 40 => 32 bytes, proto 0x002f 
 May 15 14:54:16 Debug: proto_LayerPush: Using 0x00fd 
 May 15 14:54:16 Debug: link_PushPacket: Transmit proto 0x00fd 
 May 15 14:54:16 Debug: m_enqueue: len = 1 
 May 15 14:54:16 Debug: m_dequeue: queue len = 1 
 May 15 14:54:16 Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 May 15 14:54:16 Physical: write 
 May 15 14:54:16 Physical:  7e fd 00 0a d2 77 e5 60 d0 78 bb 0d 68 17 e3 26  ~....w.`.x..h..& 
 May 15 14:54:16 Physical:  43 34 bb e6 a4 54 ec 29 0a 10 70 da 23 59 cf c0  C4...T.)..p.#Y.. 
 May 15 14:54:16 Physical:  00 00 e8 a3 7e                                   ....~ 
 
 Frame 30 (44 on wire, 44 captured)
     Arrival Time: May 15, 2002 14:51:28.691017000
     Time delta from previous packet: 0.053057000 seconds
     Time relative to first packet: 6.502060000 seconds
     Frame Number: 30
     Packet Length: 44 bytes
     Capture Length: 44 bytes
 Null/Loopback
     Family: IP (0x00000002)
 Internet Protocol, Src Addr: 192.5.216.72 (192.5.216.72), Dst Addr: 163.138.98.7 (163.138.98.7)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)
         0000 10.. = Differentiated Services Codepoint: Unknown (0x02)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 40
     Identification: 0xedb6
     Flags: 0x04
         .1.. = Don't fragment: Set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 61
     Protocol: TCP (0x06)
     Header checksum: 0xb231 (correct)
     Source: 192.5.216.72 (192.5.216.72)
     Destination: 163.138.98.7 (163.138.98.7)
 Transmission Control Protocol, Src Port: 49238 (49238), Dst Port: 1164 (1164), Seq: 2823759772, Ack: 1685634162
     Source port: 49238 (49238)
     Destination port: 1164 (1164)
     Sequence number: 2823759772
     Acknowledgement number: 1685634162
     Header length: 20 bytes
     Flags: 0x0010 (ACK)
         0... .... = Congestion Window Reduced (CWR): Not set
         .0.. .... = ECN-Echo: Not set
         ..0. .... = Urgent: Not set
         ...1 .... = Acknowledgment: Set
         .... 0... = Push: Not set
         .... .0.. = Reset: Not set
         .... ..0. = Syn: Not set
         .... ...0 = Fin: Not set
     Window size: 17084
     Checksum: 0x197f (correct)
 
 ================================================================
 May 15 14:54:16 Debug: bundle_DescriptorRead 0: n 50 
 May 15 14:54:16 TCP/IP: OUT TCP: 192.5.216.72:49238 ---> 163.138.98.7:1164 ACK  seq:a84f279c  ack:6478c226 (0/46) 
 May 15 14:54:16 Debug: ip_Enqueue 0: count 50 
 May 15 14:54:16 Debug: m_enqueue: len = 1 
 May 15 14:54:16 Debug: m_dequeue: queue len = 1 
 May 15 14:54:16 Debug: tcpmss_Check 0: mlength 46 
 May 15 14:54:16 Debug: vj_LayerPush 0: mlength 46 
 May 15 14:54:16 Debug: compressed 0: mlength 46 
 May 15 14:54:16 Debug: compressed: deltaA = 5b4 
 May 15 14:54:16 Debug: compressed: cp - new_seq = 6, hlen 40, mlength 46 
 May 15 14:54:16 Debug: compressed m 
 May 15 14:54:16 Debug:  45 08 00 28 ed b7 40 00 3d 06 b2 30 c0 05 d8 48  E..(..@.=..0...H 
 May 15 14:54:16 Debug:  a3 8a 62 07 c0 56 04 8c a8 4f 27 9c 64 78 c2 26  ..b..V...O'.dx.& 
 May 15 14:54:16 Debug:  50 10 44 70 12 17 00 00 00 00 00 00 00 00        P.Dp.......... 
 May 15 14:54:16 Debug: vj_LayerWrite: type = 80 
 May 15 14:54:16 Debug: vj_LayerPush: PROTO_IP -> PROTO_VJUNCOMP 
 May 15 14:54:16 Debug: DeflateOutput: Proto 2d (15 bytes) 
 May 15 14:54:16 Debug: DeflateOutput: Compress packet: 
 May 15 14:54:16 Debug:  06 12 17 00 01 b4 00 05 b4 00 00 00 00 00 00     ............... 
 May 15 14:54:16 Debug: DeflateOutput: Seq 11 
 May 15 14:54:16 Debug: DeflateOutput: 15 => 17: Uncompressible (0x002d) 
 May 15 14:54:16 Debug: proto_LayerPush: Using 0x002d 
 May 15 14:54:16 Debug: link_PushPacket: Transmit proto 0x002d 
 May 15 14:54:16 Debug: m_enqueue: len = 1 
 May 15 14:54:16 Debug: m_dequeue: queue len = 1 
 May 15 14:54:16 Debug: link_Dequeue: Dequeued from queue 0, containing 0 more packets 
 May 15 14:54:16 Physical: write 
 May 15 14:54:16 Physical:  7e 2d 06 12 17 00 01 b4 00 05 b4 00 00 00 00 00  ~-.............. 
 May 15 14:54:16 Physical:  00 3f 52 7e                                      .?R~ 
 May 15 14:54:16 Debug: deflink: DescriptorWrite: wrote 20(20) to 0 
 
 Frame 35 (50 on wire, 50 captured)
     Arrival Time: May 15, 2002 14:51:28.748186000
     Time delta from previous packet: 0.056990000 seconds
     Time relative to first packet: 6.559229000 seconds
     Frame Number: 35
     Packet Length: 50 bytes
     Capture Length: 50 bytes
 Null/Loopback
     Family: IP (0x00000002)
 Internet Protocol, Src Addr: 192.5.216.72 (192.5.216.72), Dst Addr: 163.138.98.7 (163.138.98.7)
     Version: 4
     Header length: 20 bytes
     Differentiated Services Field: 0x08 (DSCP 0x02: Unknown DSCP; ECN: 0x00)
         0000 10.. = Differentiated Services Codepoint: Unknown (0x02)
         .... ..0. = ECN-Capable Transport (ECT): 0
         .... ...0 = ECN-CE: 0
     Total Length: 46
     Identification: 0xedb7
     Flags: 0x04
         .1.. = Don't fragment: Set
         ..0. = More fragments: Not set
     Fragment offset: 0
     Time to live: 61
     Protocol: TCP (0x06)
     Header checksum: 0xb22a (correct)
     Source: 192.5.216.72 (192.5.216.72)
     Destination: 163.138.98.7 (163.138.98.7)
 Transmission Control Protocol, Src Port: 49238 (49238), Dst Port: 1164 (1164), Seq: 2823759772, Ack: 1685635622
     Source port: 49238 (49238)
     Destination port: 1164 (1164)
     Sequence number: 2823759772
     Next sequence number: 2823759778
     Acknowledgement number: 1685635622
     Header length: 20 bytes
     Flags: 0x0010 (ACK)
         0... .... = Congestion Window Reduced (CWR): Not set
         .0.. .... = ECN-Echo: Not set
         ..0. .... = Urgent: Not set
         ...1 .... = Acknowledgment: Set
         .... 0... = Push: Not set
         .... .0.. = Reset: Not set
         .... ..0. = Syn: Not set
         .... ...0 = Fin: Not set
     Window size: 17520
     Checksum: 0x1217 (incorrect, should be 0x1211)
 FTP Data
     FTP Data: \000\000\000\000\000\000
 ================================================================

From: amagai@nue.org
To: brian@Awfulhak.org
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46 
Date: Wed, 15 May 2002 18:46:15 +0900 (JST)

 Here is a dirty hack. 
 Transmission was suceeded with vjcomp.
 
 Amagai
 
  * $FreeBSD: src/usr.sbin/ppp/slcompress.c,v 1.31.2.1 2000/03/21 10:23:18 brian Exp $
 
 --- ppp/slcompress.c.org	Wed May 15 18:41:14 2002
 +++ ppp/slcompress.c	Wed May 15 18:42:06 2002
 @@ -250,2 +250,7 @@
  
 +  if (ntohs(ip->ip_len) < m->m_len) {
 +    log_Printf(LogDEBUG, "sl_compress_tcp: m_adj %d\n", ntohs(ip->ip_len) - m->m_len);
 +    m_adj(m, ntohs(ip->ip_len) - m->m_len);
 +  }
 +
    if (((u_short *) ip)[0] != ((u_short *) & cs->cs_ip)[0] ||
 

From: Brian Somers <brian@Awfulhak.org>
To: Amagai Yoshiji <amagai@nue.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/38058: ppp alters IP header length field 40 -> 46
Date: Mon, 10 Jan 2005 09:55:43 +0000

 Hi,
 
 I've just committed a change to ppp that might affect this area.  The
 fix is an alignment fix, but there were some subtle mistakes in the
 older code where I did ``memcpy(nak.data, &pcomp, 2)'' where pcomp was
 a pointer.  As pcomp is now the actual data structure, the above is
 likely to work a little better...!!
 
 Could you retest this and let me know when you get a chance?
 
 Thanks.
 
 -- 
 Brian Somers                                          <brian@Awfulhak.org>
 Don't _EVER_ lose your sense of humour !               <brian@FreeBSD.org>
State-Changed-From-To: open->feedback 
State-Changed-By: brian 
State-Changed-When: Mon Jan 10 12:43:52 GMT 2005 
State-Changed-Why:  
Awaiting feedback.... hopefully I've fixed this issue (in -current) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38058 
State-Changed-From-To: feedback->closed 
State-Changed-By: brian 
State-Changed-When: Thu Feb 3 10:54:46 GMT 2005 
State-Changed-Why:  
I've now MFCd the changes.  Hopefully the issue is actually fixed!! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=38058 
>Unformatted:
 X-Send-Pr-Version: www-1.0
 
 
