From owner-freebsd-bugs@FreeBSD.ORG Sun Sep 21 20:20:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69C2A1065670 for ; Sun, 21 Sep 2008 20:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 47CFF8FC1A for ; Sun, 21 Sep 2008 20:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m8LKK2Ip008278 for ; Sun, 21 Sep 2008 20:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m8LKK29S008277; Sun, 21 Sep 2008 20:20:02 GMT (envelope-from gnats) Resent-Date: Sun, 21 Sep 2008 20:20:02 GMT Resent-Message-Id: <200809212020.m8LKK29S008277@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Seth Mos Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 356CE1065672 for ; Sun, 21 Sep 2008 20:19:40 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 254838FC19 for ; Sun, 21 Sep 2008 20:19:40 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id m8LKJdFd076838 for ; Sun, 21 Sep 2008 20:19:39 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id m8LKJdqf076837; Sun, 21 Sep 2008 20:19:39 GMT (envelope-from nobody) Message-Id: <200809212019.m8LKJdqf076837@www.freebsd.org> Date: Sun, 21 Sep 2008 20:19:39 GMT From: Seth Mos To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/127528: icmp socket receives icmp replies not owned by the process. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Sep 2008 20:20:02 -0000 >Number: 127528 >Category: kern >Synopsis: icmp socket receives icmp replies not owned by the process. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 21 20:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Seth Mos >Release: 7.0p4 >Organization: pfSense >Environment: # uname -a FreeBSD beerme.iserv.nl 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #0: Fri Aug 29 05:17:50 EDT 2008 sullrich@builder7.bgn.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense_wrap.7 i386 >Description: When running simultaneous ping processes from the host to the same target on a FreeBSD host where 2 different processes ping the same host, one process will see the echo replies from the other process and fail. We came to see this on pfSense 1.2.1 which is based on FreeBSD 7.0p4 and is using fping to monitor the gateways. People in our forum started complaining that gateways were invalidly marked as down. More investigation from the users led to the discovery that out of sequence replies were causing fping to fail. >How-To-Repeat: This can be demonstrated in a number of ways. When running apinger in the foreground with apinger -c /var/etc/apinger.conf -df it is pinging a gateway once a second it works fine. Start up a seperate ping process in another terminal and apinger will start logging "Alien icmp echo replies". These replies belong to the other process. Another example is where the icmp replies are received out of sequence. This can be demonstrated using fping. When using fping to monitor the gateway we use a initial timeout value of 400ms. When a reply is received after 400ms the reply upsets the fping socket and starts failing replies. This was previously never a issue on FreeBSD 6(1,2,3). A tcpdump on the wire confirms that both processes are actively sending out icmp requests and receiving icmp echo replies. It also shows that both echo requests have different identifiers in the id field which should keep the icmp streams seperated. >Fix: Would the network stack not keep unique icmp streams apart? >Release-Note: >Audit-Trail: >Unformatted: