On Mon, Jan 29, 2018 at 12:28 AM, Stephen Hemminger
<stephen@xxxxxxxxxxxxxxxxxx> wrote:
> These symptoms sound like an MTU mismatch.
> The padding is not related. More likely, the issue is that one side
> is sending a larger frame than the MTU of the underlying interface.
> Since the bridge is a pure layer 2 interface, it has not choice
> but to drop any frame where the size is greater than the MTU.
I did some traces in both ssh client and server side, and I can find
all the frames in both sides, no one is missing.
Here is an example with the padding issue I see: in the ssh server
side, there is a 54 bytes TCP ACK frame send by the server, to
acknowledge that it has received the initial ssh client protocol
version advertisement:
x.x.x.250 x.x.x.115 SSHv2 82 Client: Protocol
(SSH-2.0-PuTTY_Release_0.70)
x.x.x.115 x.x.x.250 TCP 54 22 → 49810 [ACK] Seq=1
Ack=29 Win=29312 Len=0
In this 54 bytes TCP ACK frame, the Ethernet II header is 14 bytes
long, the IP header is 20 bytes long, the TCP header is another 20
bytes in length, and there is no TCP payload, so in total 54 bytes.
When this frame arrives in the client side, it is 60 bytes in length,
and it is interpreted by the Wireshark as a SSHv2 frame, because of
the 6 additional 0x00 padding bytes in the TCP payload. I find this
exact frame in a working ssh session, and those 6 additional 0x00
padding bytes are correctly shows at the Ethernet II frame level.
x.x.x.250 x.x.x.115 SSHv2 82 Client: Protocol
(SSH-2.0-PuTTY_Release_0.70)
x.x.x.115 x.x.x.250 SSHv2 60 Server: Encrypted packet (len=6)
Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: RealtekU_40:31:85 (52:54:00:40:31:85), Dst:
Vmware_a6:ba:8a (00:50:56:a6:ba:8a)
Destination: Vmware_a6:ba:8a (00:50:56:a6:ba:8a)
Source: RealtekU_40:31:85 (52:54:00:40:31:85)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: x.x.x.115, Dst: x.x.x.250
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 46
Identification: 0xf6f1 (63217)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x76d4 [validation disabled]
[Header checksum status: Unverified]
Source: x.x.x.115
Destination: x.x.x.250
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 22, Dst Port: 49810, Seq: 1,
Ack: 29, Len: 6
Source Port: 22
Destination Port: 49810
[Stream index: 0]
[TCP Segment Len: 6]
Sequence number: 1 (relative sequence number)
[Next sequence number: 7 (relative sequence number)]
Acknowledgment number: 29 (relative ack number)
0101 .... = Header Length: 20 bytes (5)
Flags: 0x010 (ACK)
Window size value: 229
[Calculated window size: 29312]
[Window size scaling factor: 128]
Checksum: 0x9e76 [correct]
[Checksum Status: Good]
[Calculated Checksum: 0x9e76]
Urgent pointer: 0
[SEQ/ACK analysis]
TCP payload (6 bytes)
SSH Protocol
SSH Version 2
Packet Length (encrypted): 00000000
Encrypted Packet: 0000
