Bugtraq mailing list archives
Re: TOS Field value in ICMP Error Messages with LINUX Kernels 2.2.x & 2.4
From: Robert Bihlmeyer <robbe () ORCUS PRIV AT>
Date: Tue, 17 Oct 2000 17:45:56 +0200
Ofir Arkin <ofir () ITCON-LTD COM> writes:
RFC 1349 states that ICMP Error messages should be sent with TOS field value of 0x00. Nearly all stack implementations send back 0x00 as the TOS field value when generating an ICMP error message. All but LINUX.
There seems to be a misunderstanding about what bits comprise the "TOS field". Specifically, you cite rfc1349 which talks about a four bit "TOS field", which is part of the "type of service octet". Here you seem to refer to the whole octet:
Fyodor had outlined in his paper ``Remote OS Identification by TCP/IP Fingerprinting" the fact that LINUX is using the value of 0xc0 (an unused precedence value) as its TOS field value with ICMP Port Unreachable error messages.
rfc1349 does say nothing about precedence, so the tos *octet* may as well be non-zero. [...]
How is the TOS field value used in the LINUX ICMP Error message is calculated?
Essentially, what Linux does boils down to (tos denotes the whole octet, here): icmp_error->tos = (incoming->tos & 0x1E) | 0xC0 This is readily apparent from the source code (net/ipv4/icmp.h) The code implements the following SHOULDs of rfc1812: 4.3.2.5 TOS and Precedence ICMP error messages SHOULD have their TOS bits set to the same value as the TOS bits in the packet that provoked the sending of the ICMP error message, unless setting them to that value would cause the ICMP error message to be immediately discarded because it could not be routed to its destination. [...] An ICMP reply message SHOULD have its TOS bits set to the same value as the TOS bits in the ICMP request that provoked the reply. ICMP Source Quench error messages, [...] All other ICMP error messages (Destination Unreachable, Redirect, Time Exceeded, and Parameter Problem) SHOULD have their precedence value set to 6 (INTERNETWORK CONTROL) or 7 (NETWORK CONTROL). [...]
I hope this will clarify the subject.
Ditto, -- Robbe
Attachment:
signature.ng
Description:
Current thread:
- TOS Field value in ICMP Error Messages with LINUX Kernels 2.2.x & 2.4 Ofir Arkin (Oct 15)
- Re: TOS Field value in ICMP Error Messages with LINUX Kernels 2.2.x & 2.4 Robert Bihlmeyer (Oct 17)