From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 22 08:56:46 2008 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BF541065677; Mon, 22 Sep 2008 08:56:46 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 454758FC13; Mon, 22 Sep 2008 08:56:46 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTP id EC33546B52; Mon, 22 Sep 2008 04:56:45 -0400 (EDT) Date: Mon, 22 Sep 2008 09:56:45 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Chris Buechler In-Reply-To: <48D6D489.5070506@pfsense.org> Message-ID: References: <200809212103.m8LL3v61012961@freefall.freebsd.org> <48D6C6CE.3060404@FreeBSD.org> <48D6D489.5070506@pfsense.org> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-net@FreeBSD.org, remko@FreeBSD.org, "Bruce M. Simpson" , freebsd-bugs@FreeBSD.org Subject: Re: kern/127528: [icmp]: icmp socket receives icmp replies not owned by the process. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 08:56:46 -0000 On Sun, 21 Sep 2008, Chris Buechler wrote: >> This PR is bogus because: ICMP has no concept of datagrams being "owned" by >> a process. There is no field in the ICMP protocol which differentiates ICMP >> "sessions" on a per-process basis, and this is because ICMP has no concept >> of "sessions" -- ICMP messages are directed at IP endpoints. > > ICMP echo and echo replies do have "sessions" of sorts, at least unique > identifying fields - identifier and sequence number. > > This was opened by a pfSense maintainer because it's a change in behavior > from 6.x releases where this was never an issue, and is something we feel is > a regression. > > Ideally you don't want to be pinging the same host from two different > processes, but it's difficult to avoid in some circumstances and it's > something that always worked fine prior to FreeBSD 7.0. As far as I'm aware, IP raw sockets have never supported using the ID field to identify sessions or direct packets to specific sockets. This means that a kernel regression in that session semantic is unlikely. However, it could be that you're seeing the impact of another regression relating to other behavior for restricting ICMP received on the raw socket. The kernel code in question is in raw_ip.c:rip_input(), which performs the following checks for each raw IP socket it considers a candidate for delivery: - If a non-zero 'protocol' argument was specified in the socket() call, is the protocol of the packet the same as the protocol on the socket? - If a local address is bound on the raw socket, is it the same as the destination address on the packet? - If a forieng address is bound on the raw socket, is it the same as the source address on the packet? - If the socket was created by a process in a jail, is the jail IP the same as the destination address on the packet? With these in mind, I'd look for one of two things that might have lead to the symptoms you're seeing: a change in the way your application is written or run such that the address limits on packets received are no longer requested or may now be ambiguous, or a change in the way our system works such that it's no longer implementing the above checks correctly. Ping applications are, btw, supposed to select unique identifiers (typically the pid is used) and then ignore replies with a different identifier, and last I checked ping(8) did that. Could it be that your application is not doing that? Robert N M Watson Computer Laboratory University of Cambridge