From owner-freebsd-net Wed Aug 22 2: 5:39 2001 Delivered-To: freebsd-net@freebsd.org Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.14]) by hub.freebsd.org (Postfix) with ESMTP id 9BC8637B403 for ; Wed, 22 Aug 2001 02:05:25 -0700 (PDT) (envelope-from scott@renfro.org) Received: from renfro.org (qtoo80@sdn-ar-005casjosP059.dialsprint.net [63.180.20.43]) by proxy2.ba.best.com (8.9.3/8.9.2/best.out) with ESMTP id CAA02906; Wed, 22 Aug 2001 02:05:10 -0700 (PDT) Received: (from scott@localhost) by renfro.org (8.11.4/8.11.4) id f7M954t24541; Wed, 22 Aug 2001 02:05:04 -0700 (PDT) (envelope-from scott) Date: Wed, 22 Aug 2001 02:05:04 -0700 From: Scott Renfro To: freebsd-net@freebsd.org Cc: Jonathan Lemon , Jesper Skriver , Bill Fenner , Cory Scott Subject: Proposed change to icmp_may_rst induced ENETRESET Message-ID: <20010822020504.C24160@bonsai.home.renfro.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 27, 2001 at 10:48:26AM -0600, Jonathan Lemon wrote: > On Tue, Mar 27, 2001 at 06:36:46PM +0200, Jesper Skriver wrote: > > On Tue, Mar 27, 2001 at 10:19:22AM -0600, Jonathan Lemon wrote: > > > > > > I forget why I picked ENETRESET; probably because it was the > > > first thing that leaped out at me when I quickly skimmed over > > > looking for an appropriate error code; but I > > > didn't consider the UDP case. > > > > --- src/sys/netinet/ip_input.c 2001/03/08 23:14:54 > > 1.130.2.21 > > +++ src/sys/netinet/ip_input.c 2001/03/27 16:35:15 > > @@ -1484,7 +1484,7 @@ > > EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, > > EMSGSIZE, EHOSTUNREACH, 0, 0, > > 0, 0, > > 0, 0, > > - ENOPROTOOPT, ENETRESET > > + ENOPROTOOPT, ECONNREFUSED > > }; > > Yes, I think this probably is the best approach; just get rid > of the ENETRESET altogether for this case. In follow-up to this discussion from March (yes, I'm a slow reader ;-), I'd like to propose that we do, in fact, s/ENETRESET/ECONNREFUSED/ in the inetctlerrmap in ip_input.c. At work, we make extensive use of nmap, which uses a mixture of OS-provided stack features and direct packet capture/generation. We discovered that the icmp_may_rst code added to FreeBSD causes nmap to report incorrect results when ICMP_UNREACH_*_PROHIB messages are received in response to connect(2). We've considered just disabling the tunable, changing nmap, or changing FreeBSD. After much analysis, we've concluded that most sensible change is for FreeBSD to generate an ECONNREFUSED in response to the icmp unreach prohib messages. I'm sure other applications expect ECONNREFUSED but not ENETRESET in response to connect(2) calls as well. Since this only occurs in the TCPS_SYN_SENT state, there cannot be an actual tcp connection in place to reset. And, since we're in a SYN_SENT state, what is most likely happening is that our connection request is being refused by the remote host (or an upstream router/firewall). Finally, ECONNREFUSED is, and long has been, a documented error in the connect(2) man page. While I'm at it, I'll be bold and request that if this change is acceptable, it be MFC'd for 4.4-RELEASE (I think this is a low-risk, high-payoff change, but opinions may vary). (I do like the icmp_may_rst behavior in general, of course.) I've attached a copy of the desired patch since the one above may be hosed by message reformatting. cheers, --Scott -- Scott Renfro +1 650 862 4206 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="icmp_may_rst-econnrefused.diff" --- src/sys/netinet/ip_input.c.orig Wed Aug 22 01:49:43 2001 +++ src/sys/netinet/ip_input.c Wed Aug 22 01:50:06 2001 @@ -1562,7 +1562,7 @@ EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, EMSGSIZE, EHOSTUNREACH, 0, 0, 0, 0, 0, 0, - ENOPROTOOPT, ENETRESET + ENOPROTOOPT, ECONNREFUSED }; /* --2fHTh5uZTiUOsy+g-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message