From owner-freebsd-bugs@FreeBSD.ORG Mon Sep 22 13:04:20 2008 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB5C6106566B; Mon, 22 Sep 2008 13:04:20 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 9D6F38FC19; Mon, 22 Sep 2008 13:04:20 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute2.internal (compute2.internal [10.202.2.42]) by out1.messagingengine.com (Postfix) with ESMTP id 1615F1665D1; Mon, 22 Sep 2008 09:04:20 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute2.internal (MEProxy); Mon, 22 Sep 2008 09:04:20 -0400 X-Sasl-enc: Ugzkj0Ptc+8R7iJOzYhcSq4PsxNgsEIB+Hrx2BfDo3a4 1222088659 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTPSA id 48BB627E0B; Mon, 22 Sep 2008 09:04:19 -0400 (EDT) Message-ID: <48D797D1.1080403@FreeBSD.org> Date: Mon, 22 Sep 2008 14:04:17 +0100 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.14 (X11/20080514) MIME-Version: 1.0 To: Chris Buechler References: <200809212103.m8LL3v61012961@freefall.freebsd.org> <48D6C6CE.3060404@FreeBSD.org> <48D6D489.5070506@pfsense.org> In-Reply-To: <48D6D489.5070506@pfsense.org> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@FreeBSD.org, remko@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/127528: [icmp]: icmp socket receives icmp replies not owned by the process. X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 13:04:21 -0000 Chris Buechler wrote: >> >> This PR is bogus because: >> ICMP has no concept of datagrams being "owned" by a process. There is >> no field in the ICMP protocol which differentiates ICMP "sessions" on >> a per-process basis, and this is because ICMP has no concept of >> "sessions" -- ICMP messages are directed at IP endpoints. > > ICMP echo and echo replies do have "sessions" of sorts, at least > unique identifying fields - identifier and sequence number. These fields do exist in ICMP, and as you point out, they are sometimes used to implement session-like behaviour. Many NAT implementations use them in this way. However there is no way of specifying them in a bind() call -- ICMP can only be received on a raw socket, and raw sockets will not filter these things on behalf of a user process, nor have they ever done to the best of my knowledge. They are not part of the address structures for a raw socket (SOCK_RAW, PF_INET, * or IPPROTO_ICMP). > > This was opened by a pfSense maintainer because it's a change in > behavior from 6.x releases where this was never an issue, and is > something we feel is a regression. Robert has replied outlining a few situations where the behaviour might have changed. Raw sockets do support binding laddr/faddr, there is the possibility this could have changed, however there is no notion of processes "owning" streams of ICMP messages, this has never been part of the ICMP protocol and to think in these terms is misleading. It sounds to me as though the application is relying on a form of filtering which isn't happening, and the way to track this down is to carefully note what, if anything, changed in the expected behaviour between releases. For example, does the application bind() to any given host addresses? This is the only form of filtering, apart from multicast SSM, that raw sockets would support, and SSM ain't in the tree [yet]. thanks BMS