Receiving UDP (DNS) over PPPoS, source and destination ports same?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Receiving UDP (DNS) over PPPoS, source and destination ports same?

Andrew Pullin
I am having a little issue with lwip on ESP32 here.

I am using a PPP (over serial) link to get two IP stacks to communicate.
And then later doing some source routing and other stuff, but this issue
manifests far before that, upon reception of a packet from the PPP netif:
UDP packets are showing up with the source and destination port the same.

Early in `ip4_input`, I added a check for IP_PROTO_UDP to grab the UDP
header and then read out the src and dest ports, and I am seeing that
both are the same for PPP input. e.g. for a DNS request, I see both are 53.

This seems incorrect. Or maybe there is something I am overlooking?

Wireshark reflect the same result, src=dest=53.
I am also seeing mDNS UDP packets with src=dest=5353, but that appears
to be correct per 6762.

I wanted to get the expert's input before going to the level of sniffing
the UART transmission and manually disassembling the actual PPP frame to
see what is possibly going on ...

A bug in the sending side of the PPP is not out of the question, but
that is a "professional" network stack there, so it seems unlikely.

Any ideas?

Thanks,
Andrew Pullin



_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: Receiving UDP (DNS) over PPPoS, source and destination ports same?

Sylvain Rochet
Hi Andrew,

On Thu, Feb 13, 2020 at 09:29:39PM -0800, Andrew Pullin wrote:

> I am having a little issue with lwip on ESP32 here.
>
> I am using a PPP (over serial) link to get two IP stacks to communicate. And
> then later doing some source routing and other stuff, but this issue
> manifests far before that, upon reception of a packet from the PPP netif:
> UDP packets are showing up with the source and destination port the same.
>
> Early in `ip4_input`, I added a check for IP_PROTO_UDP to grab the UDP
> header and then read out the src and dest ports, and I am seeing that both
> are the same for PPP input. e.g. for a DNS request, I see both are 53.
>
> This seems incorrect. Or maybe there is something I am overlooking?
Nothing prevent a DNS request to use the same port as source and
destination. It's bad for security (DNS poisoning) but it is technically
correct to do so.

A correct NAT implementation should randomise the source port if there
is a conflict with a previously established tracked session (same dest,
same source port, from two differents NATed hosts).

Sylvain

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

signature.asc (188 bytes) Download Attachment