Nmap/Nping bug on udp checksum calculation

["Michael Weber" <post () michaelweber biz>]

Hi,
my name is Michael Weber and I'm a computer science student from Würzburg,
Germany.
I'm currently developing some network hardware and applied some tests to it
using Nmaps Nping to send some custom build frames.
While tracing them in wireshark I stumbled upon some strange behavior, which
might be a bug in Nmap/Nping.

Sending UDP data can contain but must not contain a checksum. The checksum,
must be transmitted as all ones if the calculated value is all zero. An all
zero value denotes that no checksum has been calculated (see rfc 768)
In Nmap the checksum is calculated in netutil.cc (ipv4_pseudoheader_cksum)
called from within UDPHeader.cc (UDPHeader::setSum) as a quick search in the
sources revealed.
I think the return value must be checked for zero like it's done in
ipv6_pseudoheader_cksum before it is returned or, if that will lead to some
trouble for TCP  checksum calculation, must be checked in UDPHeader::setSum
before the method returns.

Versions used:
Windows: nmap 6.40/nping 0.6.40 on win7x64ultimate
Linux: nmap 0.25/nping 0.6.25 on debian6.0.7

This is a snippet from a wireshark trace on my windows machine; the missing
dest mac is happening on windows only.
0000  00 00 00 00 00 00 90 e6  ba 2d 2e 1c 08 00 45 00   ........ .-....E.
0010  00 30 42 6b 00 00 40 11  ac f7 c0 a8 05 02 c0 a8   .0Bk..@. ........
0020  05 08 c9 a7 00 09 00 1c  _00 00_ 11 11 11 11 11 11   ........ ........
0030  11 11 11 11 11 11 11 11  11 11 11 11 11 11         ........ ......  

The calculated checksum should be 0xffff following the calculation
instructions in RFCs and on some other sources.

Kind regards,
Michael Weber

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/