From sthomas@denali.lart.net  Mon Jul  6 14:38:17 1998
Received: from denali.lart.net (denali.lart.net [205.240.209.210])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA23921
          for <FreeBSD-gnats-submit@freebsd.org>; Mon, 6 Jul 1998 14:38:10 -0700 (PDT)
          (envelope-from sthomas@denali.lart.net)
Received: (from sthomas@localhost)
	by denali.lart.net (8.8.8/8.8.8) id VAA00378;
	Mon, 6 Jul 1998 21:37:35 GMT
	(envelope-from sthomas)
Message-Id: <199807062137.VAA00378@denali.lart.net>
Date: Mon, 6 Jul 1998 21:37:35 GMT
From: sthomas@lart.net
Reply-To: sthomas@lart.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: FreeBSD 2.2.6 generates Source-route prohibited when not routing
X-Send-Pr-Version: 3.2

>Number:         7191
>Category:       kern
>Synopsis:       ICMP source-route prohibited received from non-router
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul  6 14:40:00 PDT 1998
>Closed-Date:    Wed Jul 8 23:05:30 PDT 1998
>Last-Modified:  Wed Jul  8 23:06:29 PDT 1998
>Originator:     Sam Thomas
>Release:        FreeBSD 2.2.6-RELEASE (PAO) i386
>Organization:
Netowrk Operations, Verio Inc.
>Environment:


Jul  1 04:03:09 rainier /kernel: attempted source route from 205.240.209.213 to
+198.32.136.64                                                     
Jul  5 14:06:41 rainier /kernel: attempted source route from 205.240.209.210 to
+205.238.48.1

USER       PID %CPU %MEM   VSZ  RSS  TT  STAT STARTED       TIME COMMAND        
sthomas   1160 76.9  3.0   732  300  v0- RN   22May98  65171:14.37 ./rc5des
root         1  0.0  0.8   408   76  ??  Is   21May98    0:00.54 /sbin/init --  
root         2  0.0  0.2     0   12  ??  DL   21May98    0:17.87  (pagedaemon)
root         3  0.0  0.2     0   12  ??  DL   21May98    0:02.50  (vmdaemon)  
root         4  0.0  0.2     0   12  ??  DL   21May98   31:50.84  (update)
root        37  0.0  0.0  2164    0 con- IW   -          0:00.00 (pccardd)
root        86  0.0  2.9   204  292  ??  Ss   21May98    1:44.72 syslogd
root       130  0.0  0.0   180    0  ??  IWs  -          0:00.00 (inetd)
root       133  0.0  2.0   332  192  ??  Is   21May98    4:25.98 cron
root       200  0.0  0.0   180    0  v1  IWs+ -          0:00.00 (getty) 
root       201  0.0  0.0   180    0  v2  IWs+ -          0:00.00 (getty)
sthomas   9675  0.0  8.8   660  892  v0  Ds   19Jun98    0:02.09 -tcsh (tcsh)   
sthomas   5072  0.0  2.7   640  272  v0  R+    8:28PM    0:00.02 ps -aux
root         0  0.0  0.1     0    0  ??  DLs  21May98    0:18.20  (swapper)
sthomas   5073  0.0  8.8   660  892  v0  RV    1Jan70    0:00.00 -tcsh (tcsh)

hosts on network:

205.240.209.209 sierra (router)
205.240.209.210 denali FreeBSD-2.2.6-RELEASE
205.240.209.211 fuji NeXTStation NeXTStep 3.3
205.240.209.212 rainier FreeBSD-2.2.6-PAO
205.240.209.213 k2 OpenBSD 2.1 (sparc)
205.240.209.214 acaoncagua OpenBSD 2.1 (sparc)


rainier's kernel config:
#
#	Sample Laptop Configuration
#	for lenlen.ntc.keio.ac.jp (Toshiba Libretto 50CT)
#	Tatsumi Hosokawa <hosokawa@jp.FreeBSD.org>
#
#	Note: wlp and scc drivers are not configured without
#	without installing these drivers (because they make
#	the size of sys.patch in PAO-boot.flp larger).
#

machine		"i386"
#cpu		"I386_CPU"
cpu		"I486_CPU"
#cpu		"I586_CPU"
#cpu		"I686_CPU"
ident		RAINIER
maxusers	64

options		GPL_MATH_EMULATE	#Support for x87 emulation
options		INET			#InterNETworking
options		FFS			#Berkeley Fast Filesystem
options		NFS			#Network Filesystem
options		MFS			#Memory Filesystem
options		MSDOSFS			#MSDOS Filesystem
options		"CD9660"		#ISO 9660 Filesystem
options		PROCFS			#Process filesystem
options		"COMPAT_43"		#Compatible with BSD 4.3 [KEEP THIS!]
#options		"SCSI_DELAY=15"		#Be pessimistic about Joe SCSI device
#options		BOUNCE_BUFFERS		#include support for DMA bounce buffers
options		UCONSOLE		#Allow users to grab the console
options		FAILSAFE		#Be conservative
options		USERCONFIG		#boot -c editor
options		VISUAL_USERCONFIG	#visual boot -c editor

options		SYSVSHM
options		SYSVSEM
options		SYSVMSG

# laptop-specific configuration
options		LAPTOP

# If your laptop have not had Windoze95-Ready BIOS, please update it.
# Such old BIOS'es sometimes have critical bugs at 32-bit protected
# mode APM BIOS interface (which have not used by Windoze 3.1).

# PC-card suspend/resume support (experimental)
options		APM_PCCARD_RESUME
options		PCIC_RESUME_RESET

# Keep power for serial cards when the system suspends
# (If your machine hangs up when you try to suspend the system with
#  FAX/Modem PCMCIA card, uncomment this option).
#options	SIO_SUSP_KEEP_PWR       

# Detach SCSI devices when the SCSI card is removed
#options		SCSI_DETACH

# Japanese version of WaveLAN PCMCIA uses 2.4GHz band instead of 915MHz
# band that US version uses.  If you want to use Japanese version of
# WaveLAN, uncomment this line, or edit the corresponding config entry
# of /etc/pccard.conf.
#options	"WAVELAN_PCMCIA_24"

# Suspend the system when the battery status is "Low"
#options	"APM_BATT_LOW_SUSPEND"

# If you want to use NTP on laptop machines, uncomment the following 
# option.  Current APM implementation affects NTP client.
#options	"APM_NO_CLOCK_ADJUST"

# Some X-servers cannot survive suspend/resume on laptop.
# This option kicks her when the system is resumed from suspended mode.
#options	SYSCONS_VTY_RESUME


config		kernel	root on wd0 

controller	isa0
#controller	eisa0
#controller	pci0

# Dont remove these two lines!
pseudo-device	card	1
device		pcic0   at isa? port 0x3e0 irq 5 vector pcicintr
#device		pcic1   at isa? port 0x3e2	# for HiNote Ultra II
#device		pcic1   at isa? port 0x3e4

# If your machine says that PC-cards are inserted and removed frequently
# even if you don't insert or remove the cards, please try to specify
# the IRQ of PCIC explicitly.
#options	"PCIC_IRQ=12"		# for machines with serial trackball
#options	"PCIC_IRQ=0"		# zero means no IRQ mode

# Some PCMCIA-PCI bridge has peculiar I/O address (default: 0x3e0).  
# If you want to specify I/O address explicitly, uncomment and edit the
# following line (for example, I/O address of PCMCIA bridge of SOTEC 
# Winbook Quattro/V is 0x3000).  To know this value, please read the
# manual of your laptop or device property of PCMCIA bridge from
# Windows95's device control panel.
#options	"PCIC_IO=0x3000"	# for Sotec Winbook Quattro/V

# This option might be usefule for those who has a PCI-ISA bridge that
# is capable of IRQ routing and BIOS that properly configures it.
# Assumes this condition, one could possibly use IRQ9 and IRQ10, which
# CLPD6701 Interrupt Deserializer cannot handle.
# We can't blindly assume this condition, this option is turned off by
# default.
#options 	"PCIC_CLPD6832_NO_EXPLICIT_ISA_IRQ"

controller	fdc0	at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
disk		fd0	at fdc0 drive 0
disk		fd1	at fdc0 drive 1
tape		ft0	at fdc0 drive 2

controller	wdc0	at isa? port "IO_WD1" bio irq 14 vector wdintr
disk		wd0	at wdc0 drive 0

controller	wdc1	at isa? port "IO_WD2" bio irq 15 vector wdintr
disk		wd1	at wdc1 drive 0

#controller	wdc2	at isa? disable port "IO_WD2" bio irq 15 vector wdintr
#disk		wd2	at wdc2 drive 0

#controller	wdc3	at isa? disable port "IO_WD2" bio irq 15 vector wdintr
#disk		wd3	at wdc3 drive 0

options         ATAPI		#Enable ATAPI support for IDE bus
options		ATAPI_STATIC	#Don't do it as an LKM

#device          wcd0    #IDE CD-ROM
#device		wfd0	#LS-120

#controller	ncr0
#controller	ahb0
#controller	ahc0

#controller	bt0	at isa? port "IO_BT0" bio irq ? vector bt_isa_intr
#controller	uha0	at isa? port "IO_UHA0" bio irq ? drq 5 vector uhaintr
#controller	aha0	at isa? port "IO_AHA0" bio irq ? drq 5 vector ahaintr
#controller	aic0    at isa? port 0x340 bio irq 11 vector aicintr
#controller	nca0	at isa? port 0x1f88 bio irq 10 vector ncaintr
#controller	nca1	at isa? port 0x350 bio irq 5 vector ncaintr
#controller	sea0	at isa? bio irq 5 iomem 0xc8000 iosiz 0x2000 vector seaintr
#controller	spc0	at isa? port 0x320 bio irq 11 iomem 0xd0000 flags 0x01 vector spcintr

# Future domain and Q-logic PC-card SCSI drivers 
# 	ported from NetBSD/pc98 (based on NetBSD 1.2)
#options		SCSI_LOW	# XXX: for ncv? and stg? driver
#controller	ncv0	at isa? port 0x320 bio irq 5 vector ncvintr
#controller	stg0	at isa? port 0x320 bio irq 5 vector stgintr

#controller	scbus0
#device		sd0
#device		od0	#See LINT for possible `od' options
#device		st0
#device		cd0	#Only need one of these, the code dynamically grows
#device		wt0	at isa? port 0x300 bio irq 5 drq 1 vector wtintr
#device		mcd0	at isa? port 0x300 bio irq 10 vector mcdintr
#controller	matcd0	at isa? port 0x230 bio
#device		scd0	at isa? port 0x230 bio

# syscons is the default console driver, resembling an SCO console
device		sc0	at isa? port "IO_KBD" tty irq 1 vector scintr
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device		vt0	at isa? port "IO_KBD" tty irq 1 vector pcrint
#options		"PCVT_FREEBSD=210"	# pcvt running on FreeBSD 2.1
options		XSERVER			# include code for XFree86
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options		PCVT_SCANSET=2		# IBM keyboards are non-std

# Mandatory, don't remove
device		npx0	at isa? port "IO_NPX" flags 0x01 irq 13 vector npxintr

#
# Laptop support (see LINT for more options)
#
device		apm0    at isa?		# Advanced Power Management
options		APM_BROKEN_STATCLOCK	# Workaround some buggy APM BIOS

device		sio0	at isa? port "IO_COM1" tty irq 4 vector siointr
device		sio1	at isa? port "IO_COM2" tty irq 3 vector siointr
#device		sio2	at isa? port "IO_COM3" tty irq 5 vector siointr
#device		sio3	at isa? disable port "IO_COM4" tty irq 9 vector siointr
#device		sio4	at isa? disable port "IO_COM3" tty irq 5 vector siointr

device		lpt0	at isa? port? tty irq 7 vector lptintr
#device		lpt1	at isa? port? tty
#device		mse0	at isa? port 0x23c tty irq 5 vector mseintr
#device		psm0	at isa? disable port "IO_KBD" conflicts tty irq 12 vector psmintr
device		psm0	at isa? port "IO_KBD" conflicts tty irq 12 vector psmintr 
# Order is important here due to intrusive probes, do *not* alphabetize
# this list of network interfaces until the probes have been fixed.
# Right now it appears that the ie0 must be probed before ep0. See
# revision 1.20 of this file.
#device de0
#device fxp0
#device vx0
#device cnw0 at isa? port 0x300 net irq 5 vector cnwintr
#device cnw1 at isa? disable port 0x300 net irq 5 vector cnwintr
#device ed0 at isa? port 0x280 net irq  5 iomem 0xd8000 vector edintr
#device ed1 at isa? disable port 0x300 net irq  5 iomem 0xd8000 vector edintr
#device ie0 at isa? port 0x360 net irq  7 iomem 0xd0000 vector ieintr
device ep0 at isa? port 0x300 net irq 10 vector epintr
#device ep1 at isa? disable port 0x300 net irq 10 vector epintr
#device fe0 at isa? port 0x300 net irq 10 vector feintr
#device fe1 at isa? disable port 0x300 net irq 10 vector feintr
#device ix0 at isa? port 0x300 net irq 10 iomem 0xd0000 iosiz 32768 vector ixintr
#device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 vector le_intr
#device lnc0 at isa? port 0x280 net irq 10 drq 0 vector lncintr
#device sn0 at isa? port 0x300 net irq 10 vector snintr
#device sn1 at isa? disable port 0x300 net irq 10 vector snintr
#device wlp0 at isa? port 0x300 net irq 11 vector wlpintr
#device wlp1 at isa? disable port 0x300 net irq 11 vector wlpintr

# do not enable ze0 and zp0 (these devices are obsolete)
##device ze0 at isa? port 0x300 net irq 5 iomem 0xd8000 vector zeintr
##device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector zpintr

# IBM Smart Capture PCMCIA card
#device	scc0	at isa? port 0x240 irq 10 iomem 0xd4000 vector sccintr
#device	scc1	at isa? disable port 0x244 irq 11 iomem 0xd8000 vector sccintr

# Hitachi microcomputer system Speach Synthesizer card
#device hss0     at isa? port?
#device hss1     at isa? port?

# PCMCIA Joystick
#device		joy0	at isa? port "IO_GAME"

pseudo-device	loop
pseudo-device	ether
pseudo-device	log
#pseudo-device	sl	1
# DHCP uses BPF (Berkeley Packet Filter)
pseudo-device   bpfilter        4
# ijppp uses tun instead of ppp device
#pseudo-device	ppp	1
#pseudo-device	tun	1
pseudo-device	pty	64
pseudo-device	gzip		# Exec gzipped a.out's
pseudo-device	vn		#Vnode driver (turns a file into a device)

options		DDB

# KTRACE enables the system-call tracing facility ktrace(2).
# This adds 4 KB bloat to your kernel, and slightly increases
# the costs of each syscall.
#options	KTRACE		#kernel tracing

>Description:

numerous machines on local network...when one  attempts to 
LSR traceroute, the other (rainier) generates ICMP Source Route Prohibited
packets, and sends them to first machine, even though rainier is not a
router, and has never been a router. problem does not occur when rainier
attempts to LSR traceroute, however

>How-To-Repeat:

run traceroute with -g from any box but rainier on local network

>Fix:
	
unknown

>Release-Note:
>Audit-Trail:

From: Niall Smart <rotel@indigo.ie>
To: sthomas@lart.net, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Mon, 6 Jul 1998 23:21:42 +0000

 On Jul 6,  9:37pm, sthomas@lart.net wrote:
 } Subject: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when n
 > 
 > Jul  1 04:03:09 rainier /kernel: attempted source route from 205.240.209.213 to
 > +198.32.136.64                                                     
 > 
 > numerous machines on local network...when one  attempts to 
 > LSR traceroute, the other (rainier) generates ICMP Source Route Prohibited
 > packets, and sends them to first machine, even though rainier is not a
 > router, and has never been a router. problem does not occur when rainier
 > attempts to LSR traceroute, however
 
 This is not a bug; its a feature designed to increase the security of your
 system.  Loose and struct source routing can be used to determine the
 initial sequence numbers for a TCP connection trivially, which is a bad
 thing.  If you are sure you understand the implications, you can enable
 them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 
 	sysctl -w net.inet.ip.accept_sourceroute=1
 	
 Niall
 
 -- 
 Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 FreeBSD: Turning PC's into Workstations: www.freebsd.org

From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
To: Niall Smart <rotel@indigo.ie>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing 
Date: Mon, 06 Jul 1998 20:40:31 -0400

 Niall Smart wrote in message ID
 <199807062230.PAA00817@freefall.freebsd.org>:
 > The following reply was made to PR kern/7191; it has been noted by GNATS.
 >  This is not a bug; its a feature designed to increase the security of your
 >  system.  Loose and struct source routing can be used to determine the
 >  initial sequence numbers for a TCP connection trivially, which is a bad
 >  thing.  If you are sure you understand the implications, you can enable
 >  them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 >  
 >  	sysctl -w net.inet.ip.accept_sourceroute=1
 
 Err. Yes, but why is the FreeBSD box sending ICMP messages when the
 packets should not be being seen by the BSD box in the first place?  I
 think the submitter needs to double check his routing tables. I can't
 think why the BSD box will be seeing the packets in the first place
 otherwise.
 
 
 Gary
 --
 Gary Palmer                                          FreeBSD Core Team Member
 FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info

From: Niall Smart <rotel@indigo.ie>
To: "Gary Palmer" <gpalmer@freebsd.org>, Niall Smart <rotel@indigo.ie>
Cc: freebsd-gnats-submit@freebsd.org, sthomas@lart.net
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 03:24:50 +0000

 On Jul 6,  8:40pm, "Gary Palmer" wrote:
 } Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited wh
 > Niall Smart wrote in message ID
 > 
 > Err. Yes, but why is the FreeBSD box sending ICMP messages when the
 > packets should not be being seen by the BSD box in the first place?  I
 > think the submitter needs to double check his routing tables. I can't
 > think why the BSD box will be seeing the packets in the first place
 > otherwise.
 
 Ah, sorry, I read it a bit too quickly, who exactly is the originator
 source routing through?
 
 Niall
 
 -- 
 Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 FreeBSD: Turning PC's into Workstations: www.freebsd.org
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Tue Jul 7 02:37:36 PDT 1998 
State-Changed-Why:  
FreeBSD seems to do what is expected from it, but why the source routes 
are there in the first place seems to be the problem. 

From: Samuel S Thomas <sthomas@lart.net>
To: rotel@indigo.ie, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 12:11:06 +0000

 > This is not a bug;
 
 This *IS* a bug... I beg you to read the RFC's (I'll dig up numbers if
 you need)
 
  its a feature designed to increase the security of your
 > system.
 
 that's fine, but I assure you that the system has no business in the
 source-routing of other systems on the network
 
   Loose and struct source routing can be used to determine the
 > initial sequence numbers for a TCP connection trivially, which is a bad
 > thing.  If you are sure you understand the implications, you can enable
 > them by modifying the net.inet.ip.accept_sourceroute sysctl thus:
 
 I am quite clear on the implications...my concern is that the LSR
 packets were neither originating from, nor destined to the machine
 generating the ICMP Source-route prohibited messages.
 
 > 	sysctl -w net.inet.ip.accept_sourceroute=1
 > 	
 > Niall
 > 
 > -- 
 > Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 > FreeBSD: Turning PC's into Workstations: www.freebsd.org

From: Samuel S Thomas <sthomas@lart.net>
To: rotel@indigo.ie, Gary Palmer <gpalmer@freebsd.org>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 12:20:05 +0000

 There seems to be some confusion about the problem I reported, I'll
 attempt to clarify.
 
 assume three machines of signifigace on the network:
 
 router: 205.240.209.209
 rainier (offender): 205.240.209.212
 any other machine :205.240.209.208/28 member
 
 <k2:~> netstat -rn
 Routing tables
 
 Internet:
 Destination        Gateway            Flags     Refs     Use    Mtu
 Interface
 default            205.240.209.209    UGS         1     5123      -  le0
 127                127.0.0.1          UGRS        0        0      -  lo0
 127.0.0.1          127.0.0.1          UH          2       78      -  lo0
 205.240.209.208    link#1             UC          0        0      -  le0
 205.240.209.209    0:0:93:b4:2:be     UHL         1        0      -  le0
 205.240.209.210    0:40:5:50:4b:32    UHL         0       80      -  le0
 205.240.209.211    0:0:f:0:70:fb      UHL         2     2622      -  le0
 205.240.209.213    127.0.0.1          UGHS        1     1031      -  lo0
 224                link#1             UCS         0        0      -  le0
 
 Encap:
 Source address/netmask          Port  Destination address/netmask
 Port  Proto SA(Address/SPI/Proto)     
 
 So, clearly it would route through 205.240.209.209...
 
 <k2:~> traceroute -g 205.238.48.1 www.infoseek.com
 traceroute to guide-p.infoseek.com (204.162.96.21), 30 hops max, 48 byte
 packets
  1  rainier.lart.net (205.240.209.212)  3.453 ms !S  3.118 ms !S  2.844
 ms !S
 
 why is rainier.lart.net not minding its own business?
 
 <k2:~> ifconfig -a
 ...
 le0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
         inet 205.240.209.213 netmask 0xfffffff0 broadcast 205.240.209.223
 ...
 
 On Tue, Jul 07, 1998 at 03:24:50AM +0000, Niall Smart wrote:
 > On Jul 6,  8:40pm, "Gary Palmer" wrote:
 > } Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited wh
 > > Niall Smart wrote in message ID
 > > 
 > > Err. Yes, but why is the FreeBSD box sending ICMP messages when the
 > > packets should not be being seen by the BSD box in the first place?  I
 > > think the submitter needs to double check his routing tables. I can't
 > > think why the BSD box will be seeing the packets in the first place
 > > otherwise.
 > 
 > Ah, sorry, I read it a bit too quickly, who exactly is the originator
 > source routing through?
 > 
 > Niall
 > 
 > -- 
 > Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 > FreeBSD: Turning PC's into Workstations: www.freebsd.org

From: Niall Smart <rotel@indigo.ie>
To: Samuel S Thomas <sthomas@lart.net>, rotel@indigo.ie,
        FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 14:11:26 +0000

 On Jul 7, 12:11pm, Samuel S Thomas wrote:
 } Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited wh
 > > This is not a bug;
 > 
 > This *IS* a bug... I beg you to read the RFC's (I'll dig up numbers if
 > you need)
 > 
 >  its a feature designed to increase the security of your
 > > system.
 > 
 > that's fine, but I assure you that the system has no business in the
 > source-routing of other systems on the network
 
 Yes, my apologies, I replied too hastily.  Is it possible for you
 to run "tcpdump -ttvvne udp or icmp" on one of the hosts while this
 is happening?
 
 Niall
 
 -- 
 Niall Smart.        PGP: finger njs3@motmot.doc.ic.ac.uk
 FreeBSD: Turning PC's into Workstations: www.freebsd.org

From: Samuel S Thomas <sthomas@lart.net>
To: rotel@indigo.ie, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/7191: FreeBSD 2.2.6 generates Source-route prohibited when not routing
Date: Tue, 7 Jul 1998 13:41:51 +0000

 > Yes, my apologies, I replied too hastily.  Is it possible for you
 > to run "tcpdump -ttvvne udp or icmp" on one of the hosts while this
 > is happening?
 
 My appologies for rude tone. I can be a right bastard when I know I'm
 right. ;-)
 
 here's the dump you requested (run on a third-party observer on the
 network):
 
 899818304.137459 0:40:5:50:4b:32 0:0:93:b4:2:be 0800 62:
 205.240.209.210.32985 > 205.238.48.1.33435: udp 12 [ttl 1] (id 32986,
 optlen=8 NOP LSRR{#205.238.52.46})
 
 899818304.138573 0:a0:24:b0:27:75 0:40:5:50:4b:32 0800 78:
 205.240.209.212 > 205.240.209.210: icmp: 205.238.48.1 unreachable -
 source route failed (ttl 255, id 11571)
 
 899818304.138868 0:0:93:b4:2:be 0:40:5:50:4b:32 0800 78: 205.240.209.209
 > 205.240.209.210: icmp: time exceeded in-transit (ttl 59, id 11496)
 
 899818304.139004 0:40:5:50:4b:32 8:0:20:c:87:e3 0800 88:
 205.240.209.210.1028 > 205.240.209.213.53: 54252+ (46) (ttl 64, id 54)
 
 899818304.147297 8:0:20:c:87:e3 0:40:5:50:4b:32 0800 216:
 205.240.209.213.53 > 205.240.209.210.1028: 54252* q: 212.209.240.2 1/2/2
 . (174) (ttl 64, id 215)
 
 899818304.148499 0:40:5:50:4b:32 0:0:93:b4:2:be 0800 62:
 205.240.209.210.32985 > 205.238.48.1.33436: udp 12 [ttl 1] (id 32987,
 optlen=8 NOP LSRR{#205.238.52.46})
 
 899818304.149502 0:a0:24:b0:27:75 0:40:5:50:4b:32 0800 78:
 205.240.209.212 > 205.240.209.210: icmp: 205.238.48.1 unreachable -
 source route failed (ttl 255, id 11572)
 
 899818304.149963 0:0:93:b4:2:be 0:40:5:50:4b:32 0800 78: 205.240.209.209
 > 205.240.209.210: icmp: time exceeded in-transit (ttl 59, id 11497)
 
 899818304.150122 0:40:5:50:4b:32 0:0:93:b4:2:be 0800 62:
 205.240.209.210.32985 > 205.238.48.1.33437: udp 12 [ttl 1] (id 32988,
 optlen=8 NOP LSRR{#205.238.52.46})
 
 899818304.151123 0:a0:24:b0:27:75 0:40:5:50:4b:32 0800 78:
 205.240.209.212 > 205.240.209.210: icmp: 205.238.48.1 unreachable -
 source route failed (ttl 255, id 11573)
 
 899818304.151530 0:0:93:b4:2:be 0:40:5:50:4b:32 0800 78: 205.240.209.209
 > 205.240.209.210: icmp: time exceeded in-transit (ttl 59, id 11498)
 
 It's plenty messy (vi set to wrap at col72 for email), but I think it
 clearly shows the problem (and lack of MAC address tricks)
State-Changed-From-To: closed->open 
State-Changed-By: jkh 
State-Changed-When: Tue Jul 7 07:36:11 PDT 1998 
State-Changed-Why:  
As is our policy, any closed PR in dispute gets reopened. 
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Wed Jul 8 23:05:30 PDT 1998 
State-Changed-Why:  
fixed by dg in src/sys/netinet/ip_input 1.96 
The 3com driver problem should be taken to the pao people 
>Unformatted:
