-
Notifications
You must be signed in to change notification settings - Fork 263
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] ping: set random ident also for ICMP datagram socket #490
base: master
Are you sure you want to change the base?
Conversation
Hi! |
Before 87dbb3a both raw socket and ICMP datagram socket used random ident (PID of ping at the time). 87dbb3a stop setting random ident for ICMP datagram socket, instead the default value max value 65535 (via htons(-1)) was used. This commit removed the need of root privileges for running ping and maybe that was needed at the time (2015-05-29: kernel v4.0 or maybe 3.16.x which already had ICMP datagram socket support and was still used) ICMP datagram socket really required root for setting ident. But that's not true any more now. Tested on kernel 6.4.x, 5.10.x. Kernel v4.14.x is still LTS, but these are used on distros which will not update iputils. Fixes: 87dbb3a ("This patch allows running ping and ping6 without root privileges on kernels that support it. Almost identical to Lorenzo Colitti's original patch except:") Signed-off-by: Petr Vorel <pvorel@suse.cz>
@rumvadim Thanks for a hint (could you quote kernel code?), I removed that code and update docs, but I need to verify that with I also set a random ident also for ICMP datagram socket, thus there should be always |
3d103e0
to
f2e9f55
Compare
Document the reason why ident -1 is not printed: When the ident is -1, the ident for the group of requests is chosen by the kernel and most likely it's not 65535 (htons(-1)). Link: iputils#490 (comment) Suggested-by: Vadim Rumyantsev <vadelve@yandex.ru> Signed-off-by: Petr Vorel <pvorel@suse.cz>
f2e9f55
to
59da996
Compare
When the ident is -1 the ident for the group of requests is chosen by the kernel and most likely it's not 65535. That's why it was not printed in 43e38f2. But since previous commit random ident was set even for ICMP datagram socket and we don't allow to set ident < 0. Thus it should be safe to always print ident. Link: iputils#490 (comment) Link: iputils#489 (comment) Reported-by: Miloslav Hůla Signed-off-by: Petr Vorel <pvorel@suse.cz>
59da996
to
286707b
Compare
@nmav Could you please also have look? |
The kernel code is here: https://elixir.bootlin.com/linux/latest/source/net/ipv4/ping.c#L78 (ping_get_port) |
Before 87dbb3a both raw socket and ICMP datagram socket used
random ident (PID of ping at the time). 87dbb3a stop setting
random ident for ICMP datagram socket, instead the default value max
value 65535 (via htons(-1)) was used.
This commit removed the need of root privileges for running ping and
maybe that was needed at the time (2015-05-29: kernel v4.0 or maybe
3.16.x which already had ICMP datagram socket support and was still
used) ICMP datagram socket really required root for setting ident. But
that's not true any more now.
Tested on kernel 6.4.x, 5.10.x. Kernel v4.14.x is still LTS, but these
are used on distros which will not update iputils.
Fixes: 87dbb3a
When the ident is -1 the ident for the group of requests is chosen by
the kernel and most likely it's not 65535. That's why it was not printed
in 43e38f2. But since previous commit random ident was set even for ICMP
datagram socket and we don't allow to set ident < 0. Thus it should be
safe to always print ident.
#489 (comment)