Hello, We have been trying to get NIST Net to delay UDP packets from a specific host and port, and it was not working.
The lab setup had PC's running Fedora 8, and the IP header flag Don't Fragment (DF) was set on most IP packets. After looking at the NIST Net kernel module source code, specifically the nistnet_table.c file. In the "lt_find_by_ipheader" function, it ensures the packet is not fragmented before adding the Layer 4 information to the key. However, the function did not clear the DF bit in frag_off. So if the DF flag was set, the "frag" variable would be non-zero, even though the IP packet did not contain fragmented data. A patch has been attached, which clears the DF flag in the "frag" variable before checking if the packet is fragmented. diff -ur nistnet-3.0a.orig/kernel/nistnet_table.c nistnet-3.0a/kernel/nistnet_table.c --- nistnet-3.0a.orig/kernel/nistnet_table.c 2004-09-29 18:32:24.000000000 -0400 +++ nistnet-3.0a/kernel/nistnet_table.c 2008-09-18 14:22:35.000000000 -0400 @@ -819,7 +819,7 @@ key.ltkDest = iph->daddr; key.ltkProtocol = iph->protocol; key.ltkCoS = iph->tos; - frag = iph->frag_off; + frag = iph->frag_off & 0xbf; /* clear the DF flag */ /* Others are protocol-specific */ /* Note: only udp and tcp have actual "ports." For the other - Sandeep
nistnet-df.patch
Description: nistnet-df.patch
_______________________________________________ nistnet mailing list nistnet@antd.nist.gov http://www-x.antd.nist.gov/mailman/listinfo/nistnet