Date: Wed, 22 Aug 2001 02:05:04 -0700 From: Scott Renfro <scott@renfro.org> To: freebsd-net@freebsd.org Cc: Jonathan Lemon <jlemon@flugsvamp.com>, Jesper Skriver <jesper@skriver.dk>, Bill Fenner <fenner@research.att.com>, Cory Scott <cory@crazypenguin.com> Subject: Proposed change to icmp_may_rst induced ENETRESET Message-ID: <20010822020504.C24160@bonsai.home.renfro.org>
next in thread | raw e-mail | index | archive | help
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 27, 2001 at 10:48:26AM -0600, Jonathan Lemon wrote: > On Tue, Mar 27, 2001 at 06:36:46PM +0200, Jesper Skriver wrote: > > On Tue, Mar 27, 2001 at 10:19:22AM -0600, Jonathan Lemon wrote: > > > > > > I forget why I picked ENETRESET; probably because it was the > > > first thing that leaped out at me when I quickly skimmed over > > > <sys/errno.h> looking for an appropriate error code; but I > > > didn't consider the UDP case. > > > > --- src/sys/netinet/ip_input.c 2001/03/08 23:14:54 > > 1.130.2.21 > > +++ src/sys/netinet/ip_input.c 2001/03/27 16:35:15 > > @@ -1484,7 +1484,7 @@ > > EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, > > EMSGSIZE, EHOSTUNREACH, 0, 0, > > 0, 0, > > 0, 0, > > - ENOPROTOOPT, ENETRESET > > + ENOPROTOOPT, ECONNREFUSED > > }; > > Yes, I think this probably is the best approach; just get rid > of the ENETRESET altogether for this case. In follow-up to this discussion from March (yes, I'm a slow reader ;-), I'd like to propose that we do, in fact, s/ENETRESET/ECONNREFUSED/ in the inetctlerrmap in ip_input.c. At work, we make extensive use of nmap, which uses a mixture of OS-provided stack features and direct packet capture/generation. We discovered that the icmp_may_rst code added to FreeBSD causes nmap to report incorrect results when ICMP_UNREACH_*_PROHIB messages are received in response to connect(2). We've considered just disabling the tunable, changing nmap, or changing FreeBSD. After much analysis, we've concluded that most sensible change is for FreeBSD to generate an ECONNREFUSED in response to the icmp unreach prohib messages. I'm sure other applications expect ECONNREFUSED but not ENETRESET in response to connect(2) calls as well. Since this only occurs in the TCPS_SYN_SENT state, there cannot be an actual tcp connection in place to reset. And, since we're in a SYN_SENT state, what is most likely happening is that our connection request is being refused by the remote host (or an upstream router/firewall). Finally, ECONNREFUSED is, and long has been, a documented error in the connect(2) man page. While I'm at it, I'll be bold and request that if this change is acceptable, it be MFC'd for 4.4-RELEASE (I think this is a low-risk, high-payoff change, but opinions may vary). (I do like the icmp_may_rst behavior in general, of course.) I've attached a copy of the desired patch since the one above may be hosed by message reformatting. cheers, --Scott -- Scott Renfro <scott@renfro.org> +1 650 862 4206 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="icmp_may_rst-econnrefused.diff" --- src/sys/netinet/ip_input.c.orig Wed Aug 22 01:49:43 2001 +++ src/sys/netinet/ip_input.c Wed Aug 22 01:50:06 2001 @@ -1562,7 +1562,7 @@ EHOSTUNREACH, EHOSTUNREACH, ECONNREFUSED, ECONNREFUSED, EMSGSIZE, EHOSTUNREACH, 0, 0, 0, 0, 0, 0, - ENOPROTOOPT, ENETRESET + ENOPROTOOPT, ECONNREFUSED }; /* --2fHTh5uZTiUOsy+g-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010822020504.C24160>