[LWN Logo]

Date:	Sun, 27 Feb 2000 15:15:59 +0100
From:	Olaf Kirch <okir@caldera.de>
To:	"Theodore Y. Ts'o" <tytso@MIT.EDU>
Subject: Re: How to survive in a Micro$oft environment??


Hi all,

I think a brief explanation of what's going on is in order here.

The behavior observed by Merkey is not what the lizard typically does;
this is a bug triggered by an unfortunate sequence of events.

We did receive occasional bug reports on this problem previously
(some three of four altogether), but have never been able to obtain any
tcpdump or other from people reporting this problem. All bug reports did
implicate NT servers, so this initially lead us to assume that this is
an NT specific problem. It appears however as if this is not the case.

By default, netprobe (that's the component that does the network probing)
sends out an ICMP echo (and, recently, timestamp) request to the broadcast
address (all it needs at that point is its own IP and the netmask).

For every response it receives, it extracts the IP and MAC address and
transmits a DNS query for its in-addr.arpa reverted name, as well
as a gateway probe. The latter is basically a traceroute packet to
sunsite.unc.edu or tsx-12.mit.edu, with a TTL of 2 (this usually elicts
an ICMP redirect and/or a time exceeded, from which we can piece together
the gateway's IP).

[I have also considered to ask the root DNS servers, as Ted suggested,
but that usually takes longer than the probe is supposed to run.
BOOTP/DHCP we're doing already]

In the case demonstrated by Merkey, the DNS server does not reply in time,
or not at all.

Now what's wrong is that I added some code post festum that scans the
entire class C if we don't find a DNS server on the local subnet. This
wouldn't be much of a problem in itself, but there was an unnoticed bug
that causes this scan to go berserk.

The basic principle of netprobe has initially been to restrict any active
probing to the local subnet. Scanning the entire class C is definitely
in violation of that principle, and will be removed.

We apologize for not having been able to pinpoint the problem earlier.
We are currently investigating how this problem can be resolved for COL
2.3 and earlier.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.            

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/