From nobody  Tue Apr 14 07:32:45 1998
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA22353;
          Tue, 14 Apr 1998 07:32:45 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199804141432.HAA22353@hub.freebsd.org>
Date: Tue, 14 Apr 1998 07:32:45 -0700 (PDT)
From: tqbf@secnet.com
To: freebsd-gnats-submit@freebsd.org
Subject: IP_HDRINCL sockets force header fields to be in host byte order
X-Send-Pr-Version: www-1.0

>Number:         6296
>Category:       kern
>Synopsis:       IP_HDRINCL sockets force header fields to be in host byte order
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 14 07:40:01 PDT 1998
>Closed-Date:    Fri Nov 16 13:46:08 PST 2001
>Last-Modified:  Fri Nov 16 13:48:53 PST 2001
>Originator:     Thomas H. Ptacek
>Release:        3.0-980311-SNAP
>Organization:
Secure Networks, Inc.
>Environment:
FreeBSD foo.rdist.org 3.0-980311-SNAP FreeBSD 3.0-980311-SNAP #1: Sun Mar 29 02:08:26 CST 1998     root@foo.rdist.org:/usr/src/sys/compile/RFORK  i386
>Description:
When writing a complete IP packet to the network via a raw socket
with the IP_HDRINCL option set, the FreeBSD kernel incorrectly
examines IP header fields (forgetting to ntohs() them) and thus
forces those fields to be set in host byte order. This is
particularly obvious with ip_len, which must be set correctly for
the packet to be written to the network.
>How-To-Repeat:
Create a raw socket, set it HDRINCL, try to write out an ICMP
ECHO_REQUEST packet with the IP packet length set (correctly) in
network byte order, watch it fail. Set the packet length in host
byte order. Watch it succeed.
>Fix:
The problem (or at least part of it) is in line 203 of raw_ip.c in
netinet. The conditional checks the user-created IP header to ensure
that header fields are valid; when it checks to make sure length is
less than the buffer size and greater than the header length, it
examines ip_len directly without ntohs()'ing it.
>Release-Note:
>Audit-Trail:

From: Bill Fenner <fenner@parc.xerox.com>
To: tqbf@secnet.com
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/6296: IP_HDRINCL sockets force header fields to be in host byte order 
Date: Tue, 14 Apr 1998 08:50:34 PDT

 This is a backwards-compatibility issue; it has been this way since
 4.3-Reno when IP_HDRINCL was introduced (or before, if you count the
 patches that Van distributed with traceroute).  I'd be worried about
 backwards compatibility when making this change (for example, Van's
 "pathchar" utility is only available as a binary...).  It might make
 sense to rename the current IP_HDRINCL and create a new one with new
 semantics.
 
   Bill
 
 (P.S. At least it's not Solaris, where you have to know that you put
 the transport length into the transport checksum field and the kernel
 computes the transport checksum!...)
State-Changed-From-To: open->closed 
State-Changed-By: bmah 
State-Changed-When: Fri Nov 16 13:46:08 PST 2001 
State-Changed-Why:  
I agree this is a bug, but it's a well-known one, one that's generally 
expected when writing code for BSDs.  As fenner pointed out, "fixing" 
this would break binary compatability. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=6296 
>Unformatted:
