Hello!
I’ve recently downloaded Comodo Personal Firewall 2.3.2.21 BETA, hoping that it’d help me getting one of the games run online over Hamachi. Although I haven’t had any more success than with v2.2.0.11, I’m glad to see that the logging is being improved, as it helped me identify the problem I’m having.
The details:
After looking at the logs in the BETA version, it’s obvious that some packets incoming from my peer’s Hamachi IP address are being dropped with either of the following two reasons:
- Reason: Fragmented IP packets are not allowed
- Reason: UDP packet length and the size on the wire(xxxx bytes) do not match
Ok, the first one I can solve by disabling “Block fragmented IP datagrams” on the Security/Advanced tab, but I still keep losing packets with incorrect UDP packet lengths.
I did some analysis on the packets with The Ethereal Network Analyzer.
For example here is some info on one of the fragmented UDP packets that CPF/Ethereal reports:
CPF:
Date/Time :2006-08-09 16:19:32
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP Incoming
Source: (My Hamachi IP:someport)
Remote: (Peer’s Hamachi IP:someotherport)
Reason: UDP packet length and the size on the wire(5901 bytes) do not match
Ethereal:
Packet #30:
Total Length: 1404
Flags: 0x02 (More Fragments)
Fragment offset: 0
Data (1384 bytes)
Packet #31:
Total Length: 1404
Flags: 0x02 (More Fragments)
Fragment offset: 1384
Data (1384 bytes)
Packet #32:
Total Length: 1404
Flags: 0x02 (More Fragments)
Fragment offset: 2768
Data (1384 bytes)
Packet #35:
Total Length: 1404
Flags: 0x02 (More Fragments)
Fragment offset: 4152
Data (1384 bytes)
Packet #36:
Total Length: 385
Flags: 0x00
Fragment offset: 5536
[IP Fragments (5901 bytes): #30(1384), #31(1384), #32(1384), #35(1384), #36(365)]
User Datagram Protocol
Length: 5901 (bogus, should be 365)
Data (5893 bytes)
As you can see, Ethereal also reports that the length of the last fragment is incorrect. It seems that it contains the sum of all the UDP data transmitted in the fragments, instead of the length of the data in the last fragment. Is this normal behavior for fragmented packets, or is this a problem related to Hamachi, the game, or something else? Is there any way to let those “Fake or Malformed” UDP packets through other than disabling the Network Monitor? (Which is the only way I could get the game work so far… even if the packets are malformed, it seems to cause no problems in the game.)
Thanks in advance for any help!