Date: Thu, 01 Apr 2021 04:44:34 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 254623] traceroute6: ICMP6 no longer works due to Capsicum'ization: data too short (-1 bytes) from invalid Message-ID: <bug-254623-7501-XY65HS5btR@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-254623-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-254623-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D254623 --- Comment #7 from Zhenlei Huang <zlei.huang@gmail.com> --- (In reply to Mark Johnston from comment #6) The patch D29523 works greatly :) I do not have a FreeBSD phabricator account, and just registered one and the account is not approved yet. So I comment directly here. Summary from review D29523: > For ICMP6 we were using the same socket for both, and we limited rights on the socket such that it's impossible to receive anything. At first glance it seems the regression was due to no sufficient rights on receiving socket, and I tried setting CAP_RECV on the receiving socket with= out luck, I also tried disabling capsicum entirely and it behaves the same. So = the root cause is not no sufficient rights on receiving socket.=20 Limit rights on the recv socket is great :) PS, man of cap_rights_limit gives an example entering capability mode before limiting rights. I tried setting CAP_RECV on recv socket after entering capability mode it also works greatly :-) I'm not familiar with capsicum a= nd it's pleasant if someone clarify this. --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-254623-7501-XY65HS5btR>