Date: Sun, 21 Sep 2008 20:19:39 GMT From: Seth Mos <seth.mos@xs4all.nl> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/127528: icmp socket receives icmp replies not owned by the process. Message-ID: <200809212019.m8LKJdqf076837@www.freebsd.org> Resent-Message-ID: <200809212020.m8LKK29S008277@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 127528 >Category: kern >Synopsis: icmp socket receives icmp replies not owned by the process. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Sep 21 20:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Seth Mos >Release: 7.0p4 >Organization: pfSense >Environment: # uname -a FreeBSD beerme.iserv.nl 7.0-RELEASE-p3 FreeBSD 7.0-RELEASE-p3 #0: Fri Aug 29 05:17:50 EDT 2008 sullrich@builder7.bgn.pfsense.org:/usr/obj.pfSense/usr/src/sys/pfSense_wrap.7 i386 >Description: When running simultaneous ping processes from the host to the same target on a FreeBSD host where 2 different processes ping the same host, one process will see the echo replies from the other process and fail. We came to see this on pfSense 1.2.1 which is based on FreeBSD 7.0p4 and is using fping to monitor the gateways. People in our forum started complaining that gateways were invalidly marked as down. More investigation from the users led to the discovery that out of sequence replies were causing fping to fail. >How-To-Repeat: This can be demonstrated in a number of ways. When running apinger in the foreground with apinger -c /var/etc/apinger.conf -df it is pinging a gateway once a second it works fine. Start up a seperate ping process in another terminal and apinger will start logging "Alien icmp echo replies". These replies belong to the other process. Another example is where the icmp replies are received out of sequence. This can be demonstrated using fping. When using fping to monitor the gateway we use a initial timeout value of 400ms. When a reply is received after 400ms the reply upsets the fping socket and starts failing replies. This was previously never a issue on FreeBSD 6(1,2,3). A tcpdump on the wire confirms that both processes are actively sending out icmp requests and receiving icmp echo replies. It also shows that both echo requests have different identifiers in the id field which should keep the icmp streams seperated. >Fix: Would the network stack not keep unique icmp streams apart? >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809212019.m8LKJdqf076837>