On Wed, 23 Dec 2020 14:06:12 GMT, Jamie Le Tual <github.com+55101029+jamielet...@openjdk.org> wrote:
>> Users have been able to send ICMP packets without the need for root >> privileges or the CAP_NET_RAW capability since at least kernel 3.11. >> >> For some time now, if the kernel parameter net.ipv4.ping_group_range >> included the gid of a user sending an icmp packet with the IPPROTO_ICMP >> protocol, then the packet would> >> It's important to note that the both the checksum and ident field are >> overwritten by the kernel when this is done. >> >> Newer distributions are now setting the default value of >> net.ipv4.ping_group_range to be open to all possible group ids (Fedora 31 >> and Ubuntu 20.04 for example) so it can b> >> >> Also of note is the that this is also implemented in MacOS. >> >> This patch proposes attempting to use IPPROTO_ICMP first, and then fall back >> to attempting a raw socket and ultimately failing over to tcp echo. >> This patch also alters the logic for identifying icmp reply packets, since >> the kernel overwrites id ident field when using the IPPROTO_ICMP protocol. >> The method is similar to that used by the ping(8) utility in the iputils >> package, where we compare data in the icmp_data member of the icmp struct >> to identify the packet as our response. The ping utility compares the >> timeval, whereas this patch proposes to compare both the timeval and the >> user's pid. > > Jamie Le Tual has updated the pull request incrementally with one additional > commit since the last revision: > > Fixed formatting src/java.base/unix/native/libnet/Inet6AddressImpl.c line 713: > 711: This usually requires "root" privileges, so it's likely to fail. > 712: If all else fails, fall back to TCP and implement tcp echo > 713: */ This is one of the block comments that needs a tidy, same thing in Inet4Address.c. Also check the // comments and you'll see some of the inconsistencies there. It's just nit picking, the patch itself is good, just hard to test. ------------- PR: https://git.openjdk.java.net/jdk/pull/1502
