Re: ping(8) put hop_limit warning in verbose mode
still ok
Florian Obser(flor...@openbsd.org) on 2020.10.20 21:36:06 +0200:
> On Tue, Oct 20, 2020 at 01:11:09PM -0600, Theo de Raadt wrote:
> > I believe most of the new local variables you added in main,
> > can instead be added in the flush loop you wrote, even if you
> > have to instantiate them. Or move it into a new function,
> > then it is even easier. their scope is just too large...
>
> Sure, I'd like to go with this for now and then refactor main later
> and split it into functions. It's always a pain to find the spot where
> it does anything...
>
> diff --git ping.c ping.c
> index d198d233921..7cca8c70342 100644
> --- ping.c
> +++ ping.c
> @@ -786,6 +786,55 @@ main(int argc, char *argv[])
> smsghdr.msg_iov =
> smsghdr.msg_iovlen = 1;
>
> + /* Drain our socket. */
> + (void)signal(SIGALRM, onsignal);
> + memset(, 0, sizeof(itimer));
> + itimer.it_value.tv_sec = 1; /* make sure we don't get stuck */
> + (void)setitimer(ITIMER_REAL, , NULL);
> + for (;;) {
> + struct msghdr m;
> + union {
> + struct cmsghdr hdr;
> + u_char buf[CMSG_SPACE(1024)];
> + } cmsgbuf;
> + struct ioveciov[1];
> + struct pollfd pfd;
> + struct sockaddr_in peer4;
> + struct sockaddr_in6 peer6;
> + ssize_t cc;
> +
> + if (seenalrm)
> + break;
> +
> + pfd.fd = s;
> + pfd.events = POLLIN;
> +
> + if (poll(, 1, 0) <= 0)
> + break;
> +
> + if (v6flag) {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer6);
> + } else {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer4);
> + }
> + memset(, 0, sizeof(iov));
> + iov[0].iov_base = (caddr_t)packet;
> + iov[0].iov_len = packlen;
> +
> + m.msg_iov = iov;
> + m.msg_iovlen = 1;
> + m.msg_control = (caddr_t)
> + m.msg_controllen = sizeof(cmsgbuf.buf);
> +
> + cc = recvmsg(s, , 0);
> + if (cc == -1 && errno != EINTR)
> + break;
> + }
> + memset(, 0, sizeof(itimer));
> + (void)setitimer(ITIMER_REAL, , NULL);
> +
> while (preload--) /* Fire off them quickies. */
> pinger(s);
>
>
>
> --
> I'm not entirely sure you are real.
>
Re: ping(8) put hop_limit warning in verbose mode
On Tue, Oct 20, 2020 at 01:11:09PM -0600, Theo de Raadt wrote:
> I believe most of the new local variables you added in main,
> can instead be added in the flush loop you wrote, even if you
> have to instantiate them. Or move it into a new function,
> then it is even easier. their scope is just too large...
Sure, I'd like to go with this for now and then refactor main later
and split it into functions. It's always a pain to find the spot where
it does anything...
diff --git ping.c ping.c
index d198d233921..7cca8c70342 100644
--- ping.c
+++ ping.c
@@ -786,6 +786,55 @@ main(int argc, char *argv[])
smsghdr.msg_iov =
smsghdr.msg_iovlen = 1;
+ /* Drain our socket. */
+ (void)signal(SIGALRM, onsignal);
+ memset(, 0, sizeof(itimer));
+ itimer.it_value.tv_sec = 1; /* make sure we don't get stuck */
+ (void)setitimer(ITIMER_REAL, , NULL);
+ for (;;) {
+ struct msghdr m;
+ union {
+ struct cmsghdr hdr;
+ u_char buf[CMSG_SPACE(1024)];
+ } cmsgbuf;
+ struct ioveciov[1];
+ struct pollfd pfd;
+ struct sockaddr_in peer4;
+ struct sockaddr_in6 peer6;
+ ssize_t cc;
+
+ if (seenalrm)
+ break;
+
+ pfd.fd = s;
+ pfd.events = POLLIN;
+
+ if (poll(, 1, 0) <= 0)
+ break;
+
+ if (v6flag) {
+ m.msg_name =
+ m.msg_namelen = sizeof(peer6);
+ } else {
+ m.msg_name =
+ m.msg_namelen = sizeof(peer4);
+ }
+ memset(, 0, sizeof(iov));
+ iov[0].iov_base = (caddr_t)packet;
+ iov[0].iov_len = packlen;
+
+ m.msg_iov = iov;
+ m.msg_iovlen = 1;
+ m.msg_control = (caddr_t)
+ m.msg_controllen = sizeof(cmsgbuf.buf);
+
+ cc = recvmsg(s, , 0);
+ if (cc == -1 && errno != EINTR)
+ break;
+ }
+ memset(, 0, sizeof(itimer));
+ (void)setitimer(ITIMER_REAL, , NULL);
+
while (preload--) /* Fire off them quickies. */
pinger(s);
--
I'm not entirely sure you are real.
Re: ping(8) put hop_limit warning in verbose mode
I believe most of the new local variables you added in main,
can instead be added in the flush loop you wrote, even if you
have to instantiate them. Or move it into a new function,
then it is even easier. their scope is just too large...
> @@ -240,6 +240,17 @@ void pr_retip6(struct ip6_hdr *,
> u_char *);
> int
> main(int argc, char *argv[])
> {
> + struct msghdr m;
> + union {
> + struct cmsghdr hdr;
> + u_char buf[CMSG_SPACE(1024)];
> + } cmsgbuf;
> + struct ioveciov[1];
> + struct pollfd pfd;
> + struct sockaddr_in peer4;
> + struct sockaddr_in6 peer6;
> + ssize_t cc;
> +
> struct addrinfo hints, *res;
> struct itimerval itimer;
> struct sockaddr *from, *dst;
> @@ -786,6 +797,44 @@ main(int argc, char *argv[])
> smsghdr.msg_iov =
> smsghdr.msg_iovlen = 1;
>
> + if (v6flag) {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer6);
> + } else {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer4);
> + }
> + memset(, 0, sizeof(iov));
> + iov[0].iov_base = (caddr_t)packet;
> + iov[0].iov_len = packlen;
> +
> + /* Drain our socket. */
> + (void)signal(SIGALRM, onsignal);
> + memset(, 0, sizeof(itimer));
> + itimer.it_value.tv_sec = 1; /* make sure we don't get stuck */
> + (void)setitimer(ITIMER_REAL, , NULL);
> + for (;;) {
> + if (seenalrm)
> + break;
> +
> + pfd.fd = s;
> + pfd.events = POLLIN;
> +
> + if (poll(, 1, 0) <= 0)
> + break;
> +
> + m.msg_iov = iov;
> + m.msg_iovlen = 1;
> + m.msg_control = (caddr_t)
> + m.msg_controllen = sizeof(cmsgbuf.buf);
> +
> + cc = recvmsg(s, , 0);
> + if (cc == -1 && errno != EINTR)
> + break;
> + }
> + memset(, 0, sizeof(itimer));
> + (void)setitimer(ITIMER_REAL, , NULL);
> +
> while (preload--) /* Fire off them quickies. */
> pinger(s);
>
> @@ -805,17 +854,7 @@ main(int argc, char *argv[])
> seeninfo = 0;
>
> for (;;) {
> - struct msghdr m;
> - union {
> - struct cmsghdr hdr;
> - u_char buf[CMSG_SPACE(1024)];
> - } cmsgbuf;
> - struct ioveciov[1];
> - struct pollfd pfd;
> - struct sockaddr_in peer4;
> - struct sockaddr_in6 peer6;
> - ssize_t cc;
> - int timeout;
> + int timeout;
>
> /* signal handling */
> if (seenint)
> @@ -864,16 +903,6 @@ main(int argc, char *argv[])
> if (poll(, 1, timeout) <= 0)
> continue;
>
> - if (v6flag) {
> - m.msg_name =
> - m.msg_namelen = sizeof(peer6);
> - } else {
> - m.msg_name =
> - m.msg_namelen = sizeof(peer4);
> - }
> - memset(, 0, sizeof(iov));
> - iov[0].iov_base = (caddr_t)packet;
> - iov[0].iov_len = packlen;
> m.msg_iov = iov;
> m.msg_iovlen = 1;
> m.msg_control = (caddr_t)
>
>
> --
> I'm not entirely sure you are real.
>
Re: ping(8) put hop_limit warning in verbose mode
i had observed this before with
for i in `jot 5`;do ping6 -c 1 2001:4860:4860:: 1>/dev/null
diff fixes the problem and looks correct to me.
ok benno@
Florian Obser(flor...@openbsd.org) on 2020.10.20 18:39:58 +0200:
> On Tue, Oct 20, 2020 at 04:07:41PM +0200, Martijn van Duren wrote:
> > When running:
> > /usr/local/libexec/nagios/check_ping -vv -6 -H -c 500,75% -w 250,50%
> > in a tight loop at some point I get the following output:
> >
> > CMD: /sbin/ping6 -n -c 5
> > Output: PING (): 56 data bytes
> > Output: 64 bytes from : icmp_seq=0 hlim=57 time=1.724 ms
> > Output: 64 bytes from : icmp_seq=1 hlim=57 time=1.612 ms
> > Output: 64 bytes from : icmp_seq=2 hlim=57 time=1.785 ms
> > Output: 64 bytes from : icmp_seq=3 hlim=57 time=1.762 ms
> > Output: 64 bytes from : icmp_seq=4 hlim=57 time=1.708 ms
> > Output:
> > Output: --- ping statistics ---
> > Output: 5 packets transmitted, 5 packets received, 0.0% packet loss
> > Output: round-trip min/avg/max/std-dev = 1.612/1.718/1.785/0.060 ms
> > Got stderr: ping6: failed to get receiving hop limit
> > PING WARNING - System call sent warnings to stderr Packet loss = 0%, RTA =
> > 1.72 ms|rta=1.718000ms;3000.00;5000.00;0.00 pl=0%;80;100;0
> > 3000.00:80% 5000.00:100%
> >
> > So I have 5 echo requests, 5 echo replies and one unrelated packet not
> > related to my ping command. Yet this notice to stderr forces check_ping
> > into a warning state.
> >
>
> Oh, got it know. The problem is packets arriving between socket(2) and
> whenever we are finished calling all setsockopt(2)s. In this case
> IPV6_RECVHOPLIMIT.
>
> We need to drain the socket after we are fully setup.
>
> Can you give this a spin? OK?
>
> diff --git ping.c ping.c
> index d198d233921..acfe2ed8e18 100644
> --- ping.c
> +++ ping.c
> @@ -240,6 +240,17 @@ void pr_retip6(struct ip6_hdr *,
> u_char *);
> int
> main(int argc, char *argv[])
> {
> + struct msghdr m;
> + union {
> + struct cmsghdr hdr;
> + u_char buf[CMSG_SPACE(1024)];
> + } cmsgbuf;
> + struct ioveciov[1];
> + struct pollfd pfd;
> + struct sockaddr_in peer4;
> + struct sockaddr_in6 peer6;
> + ssize_t cc;
> +
> struct addrinfo hints, *res;
> struct itimerval itimer;
> struct sockaddr *from, *dst;
> @@ -786,6 +797,44 @@ main(int argc, char *argv[])
> smsghdr.msg_iov =
> smsghdr.msg_iovlen = 1;
>
> + if (v6flag) {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer6);
> + } else {
> + m.msg_name =
> + m.msg_namelen = sizeof(peer4);
> + }
> + memset(, 0, sizeof(iov));
> + iov[0].iov_base = (caddr_t)packet;
> + iov[0].iov_len = packlen;
> +
> + /* Drain our socket. */
> + (void)signal(SIGALRM, onsignal);
> + memset(, 0, sizeof(itimer));
> + itimer.it_value.tv_sec = 1; /* make sure we don't get stuck */
> + (void)setitimer(ITIMER_REAL, , NULL);
> + for (;;) {
> + if (seenalrm)
> + break;
> +
> + pfd.fd = s;
> + pfd.events = POLLIN;
> +
> + if (poll(, 1, 0) <= 0)
> + break;
> +
> + m.msg_iov = iov;
> + m.msg_iovlen = 1;
> + m.msg_control = (caddr_t)
> + m.msg_controllen = sizeof(cmsgbuf.buf);
> +
> + cc = recvmsg(s, , 0);
> + if (cc == -1 && errno != EINTR)
> + break;
> + }
> + memset(, 0, sizeof(itimer));
> + (void)setitimer(ITIMER_REAL, , NULL);
> +
> while (preload--) /* Fire off them quickies. */
> pinger(s);
>
> @@ -805,17 +854,7 @@ main(int argc, char *argv[])
> seeninfo = 0;
>
> for (;;) {
> - struct msghdr m;
> - union {
> - struct cmsghdr hdr;
> - u_char buf[CMSG_SPACE(1024)];
> - } cmsgbuf;
> - struct ioveciov[1];
> - struct pollfd pfd;
> - struct sockaddr_in peer4;
> - struct sockaddr_in6 peer6;
> - ssize_t cc;
> - int timeout;
> + int timeout;
>
> /* signal handling */
> if (seenint)
> @@ -864,16 +903,6 @@ main(int argc, char *argv[])
> if (poll(, 1, timeout) <= 0)
> continue;
>
> - if (v6flag) {
> - m.msg_name =
> - m.msg_namelen = sizeof(peer6);
> - } else {
> - m.msg_name =
> - m.msg_namelen = sizeof(peer4);
> - }
> - memset(, 0, sizeof(iov));
> - iov[0].iov_base = (caddr_t)packet;
> -
Re: ping(8) put hop_limit warning in verbose mode
On Tue, Oct 20, 2020 at 04:07:41PM +0200, Martijn van Duren wrote:
> When running:
> /usr/local/libexec/nagios/check_ping -vv -6 -H -c 500,75% -w 250,50%
> in a tight loop at some point I get the following output:
>
> CMD: /sbin/ping6 -n -c 5
> Output: PING (): 56 data bytes
> Output: 64 bytes from : icmp_seq=0 hlim=57 time=1.724 ms
> Output: 64 bytes from : icmp_seq=1 hlim=57 time=1.612 ms
> Output: 64 bytes from : icmp_seq=2 hlim=57 time=1.785 ms
> Output: 64 bytes from : icmp_seq=3 hlim=57 time=1.762 ms
> Output: 64 bytes from : icmp_seq=4 hlim=57 time=1.708 ms
> Output:
> Output: --- ping statistics ---
> Output: 5 packets transmitted, 5 packets received, 0.0% packet loss
> Output: round-trip min/avg/max/std-dev = 1.612/1.718/1.785/0.060 ms
> Got stderr: ping6: failed to get receiving hop limit
> PING WARNING - System call sent warnings to stderr Packet loss = 0%, RTA =
> 1.72 ms|rta=1.718000ms;3000.00;5000.00;0.00 pl=0%;80;100;0
> 3000.00:80% 5000.00:100%
>
> So I have 5 echo requests, 5 echo replies and one unrelated packet not
> related to my ping command. Yet this notice to stderr forces check_ping
> into a warning state.
>
Oh, got it know. The problem is packets arriving between socket(2) and
whenever we are finished calling all setsockopt(2)s. In this case
IPV6_RECVHOPLIMIT.
We need to drain the socket after we are fully setup.
Can you give this a spin? OK?
diff --git ping.c ping.c
index d198d233921..acfe2ed8e18 100644
--- ping.c
+++ ping.c
@@ -240,6 +240,17 @@ voidpr_retip6(struct ip6_hdr *,
u_char *);
int
main(int argc, char *argv[])
{
+ struct msghdr m;
+ union {
+ struct cmsghdr hdr;
+ u_char buf[CMSG_SPACE(1024)];
+ } cmsgbuf;
+ struct ioveciov[1];
+ struct pollfd pfd;
+ struct sockaddr_in peer4;
+ struct sockaddr_in6 peer6;
+ ssize_t cc;
+
struct addrinfo hints, *res;
struct itimerval itimer;
struct sockaddr *from, *dst;
@@ -786,6 +797,44 @@ main(int argc, char *argv[])
smsghdr.msg_iov =
smsghdr.msg_iovlen = 1;
+ if (v6flag) {
+ m.msg_name =
+ m.msg_namelen = sizeof(peer6);
+ } else {
+ m.msg_name =
+ m.msg_namelen = sizeof(peer4);
+ }
+ memset(, 0, sizeof(iov));
+ iov[0].iov_base = (caddr_t)packet;
+ iov[0].iov_len = packlen;
+
+ /* Drain our socket. */
+ (void)signal(SIGALRM, onsignal);
+ memset(, 0, sizeof(itimer));
+ itimer.it_value.tv_sec = 1; /* make sure we don't get stuck */
+ (void)setitimer(ITIMER_REAL, , NULL);
+ for (;;) {
+ if (seenalrm)
+ break;
+
+ pfd.fd = s;
+ pfd.events = POLLIN;
+
+ if (poll(, 1, 0) <= 0)
+ break;
+
+ m.msg_iov = iov;
+ m.msg_iovlen = 1;
+ m.msg_control = (caddr_t)
+ m.msg_controllen = sizeof(cmsgbuf.buf);
+
+ cc = recvmsg(s, , 0);
+ if (cc == -1 && errno != EINTR)
+ break;
+ }
+ memset(, 0, sizeof(itimer));
+ (void)setitimer(ITIMER_REAL, , NULL);
+
while (preload--) /* Fire off them quickies. */
pinger(s);
@@ -805,17 +854,7 @@ main(int argc, char *argv[])
seeninfo = 0;
for (;;) {
- struct msghdr m;
- union {
- struct cmsghdr hdr;
- u_char buf[CMSG_SPACE(1024)];
- } cmsgbuf;
- struct ioveciov[1];
- struct pollfd pfd;
- struct sockaddr_in peer4;
- struct sockaddr_in6 peer6;
- ssize_t cc;
- int timeout;
+ int timeout;
/* signal handling */
if (seenint)
@@ -864,16 +903,6 @@ main(int argc, char *argv[])
if (poll(, 1, timeout) <= 0)
continue;
- if (v6flag) {
- m.msg_name =
- m.msg_namelen = sizeof(peer6);
- } else {
- m.msg_name =
- m.msg_namelen = sizeof(peer4);
- }
- memset(, 0, sizeof(iov));
- iov[0].iov_base = (caddr_t)packet;
- iov[0].iov_len = packlen;
m.msg_iov = iov;
m.msg_iovlen = 1;
m.msg_control = (caddr_t)
--
I'm not entirely sure you are real.
Re: ping(8) put hop_limit warning in verbose mode
On Tue, 2020-10-20 at 15:59 +0200, Florian Obser wrote: > On Tue, Oct 20, 2020 at 03:46:19PM +0200, Martijn van Duren wrote: > > On Tue, 2020-10-20 at 15:19 +0200, Florian Obser wrote: > > > On Tue, Oct 20, 2020 at 09:20:32AM +0200, Martijn van Duren wrote: > > > > I have an icinga-instance running on openbsd.amsterdam. Here I found > > > > that sometimes check_ping from the monitoring-plugins package fails, > > > > because ping(8) sends "failed to get receiving hop limit", but still > > > > receives all the ping replies. These packets/annomalies are clearly > > > > not meant for us. > > > > > > But it is. This is comming from the local machine, > > > see L949ff of netinet6/ip6_input.c. > > > > What I meant to say is meant for ping(8). All the icmp echo replies > > still arrive and are accounted for. > > > > I don't understand. > > I patched the kernel to make sbcreatecontrol() fail 50% of the time: > > $ ping6 -qc10 fe80::5667:51ff:fede:e7ce%vio0 > PING fe80::5667:51ff:fede:e7ce%vio0 (fe80::5667:51ff:fede:e7ce%vio0): 56 data > bytes > ping6: failed to get receiving hop limit > ping6: failed to get receiving hop limit > ping6: failed to get receiving hop limit > ping6: failed to get receiving hop limit > > --- fe80::5667:51ff:fede:e7ce%vio0 ping statistics --- > 10 packets transmitted, 6 packets received, 40.0% packet loss > round-trip min/avg/max/std-dev = 0.980/1.196/1.955/0.342 ms > > I assure you, I do not have 40% packet loss towards my gateway. > The packets are not accounted for. > When running: /usr/local/libexec/nagios/check_ping -vv -6 -H -c 500,75% -w 250,50% in a tight loop at some point I get the following output: CMD: /sbin/ping6 -n -c 5 Output: PING (): 56 data bytes Output: 64 bytes from : icmp_seq=0 hlim=57 time=1.724 ms Output: 64 bytes from : icmp_seq=1 hlim=57 time=1.612 ms Output: 64 bytes from : icmp_seq=2 hlim=57 time=1.785 ms Output: 64 bytes from : icmp_seq=3 hlim=57 time=1.762 ms Output: 64 bytes from : icmp_seq=4 hlim=57 time=1.708 ms Output: Output: --- ping statistics --- Output: 5 packets transmitted, 5 packets received, 0.0% packet loss Output: round-trip min/avg/max/std-dev = 1.612/1.718/1.785/0.060 ms Got stderr: ping6: failed to get receiving hop limit PING WARNING - System call sent warnings to stderr Packet loss = 0%, RTA = 1.72 ms|rta=1.718000ms;3000.00;5000.00;0.00 pl=0%;80;100;0 3000.00:80% 5000.00:100% So I have 5 echo requests, 5 echo replies and one unrelated packet not related to my ping command. Yet this notice to stderr forces check_ping into a warning state.
Re: ping(8) put hop_limit warning in verbose mode
On Tue, Oct 20, 2020 at 03:46:19PM +0200, Martijn van Duren wrote: > On Tue, 2020-10-20 at 15:19 +0200, Florian Obser wrote: > > On Tue, Oct 20, 2020 at 09:20:32AM +0200, Martijn van Duren wrote: > > > I have an icinga-instance running on openbsd.amsterdam. Here I found > > > that sometimes check_ping from the monitoring-plugins package fails, > > > because ping(8) sends "failed to get receiving hop limit", but still > > > receives all the ping replies. These packets/annomalies are clearly > > > not meant for us. > > > > But it is. This is comming from the local machine, > > see L949ff of netinet6/ip6_input.c. > > What I meant to say is meant for ping(8). All the icmp echo replies > still arrive and are accounted for. > I don't understand. I patched the kernel to make sbcreatecontrol() fail 50% of the time: $ ping6 -qc10 fe80::5667:51ff:fede:e7ce%vio0 PING fe80::5667:51ff:fede:e7ce%vio0 (fe80::5667:51ff:fede:e7ce%vio0): 56 data bytes ping6: failed to get receiving hop limit ping6: failed to get receiving hop limit ping6: failed to get receiving hop limit ping6: failed to get receiving hop limit --- fe80::5667:51ff:fede:e7ce%vio0 ping statistics --- 10 packets transmitted, 6 packets received, 40.0% packet loss round-trip min/avg/max/std-dev = 0.980/1.196/1.955/0.342 ms I assure you, I do not have 40% packet loss towards my gateway. The packets are not accounted for. -- I'm not entirely sure you are real.
Re: ping(8) put hop_limit warning in verbose mode
On Tue, 2020-10-20 at 15:19 +0200, Florian Obser wrote:
> On Tue, Oct 20, 2020 at 09:20:32AM +0200, Martijn van Duren wrote:
> > I have an icinga-instance running on openbsd.amsterdam. Here I found
> > that sometimes check_ping from the monitoring-plugins package fails,
> > because ping(8) sends "failed to get receiving hop limit", but still
> > receives all the ping replies. These packets/annomalies are clearly
> > not meant for us.
>
> But it is. This is comming from the local machine,
> see L949ff of netinet6/ip6_input.c.
What I meant to say is meant for ping(8). All the icmp echo replies
still arrive and are accounted for.
> sbcreatecontrol() fails because it tries to allocate space with
> M_DONTWAIT. Looks like you drove your system out of resources.
I see nothing in dmesg or the logs. Is there another to verify this?
And assuming it is indeed run out of resources, is there a way to
fix this, because the (virtual) hardware doesn't looks swamped.
>
> While the local system receives all replies and passes them on to
> ping6(8) they are not counted as received. So ping6(8) will report
> packet loss while there is none.
In this case it's the other way around: warnings are being generated,
but all icmp echo replies are received intact by ping(8). But I
understand your point. The question remains then how I can debug this
further.
> I think it's a mistake to hide the warning because it will lead people
> on a wild goose chase.
> Also since ping6(8) will report packet loss I'm not conviced this will
> solve your problem.
>
> > Since this check is done before the ICMP6_ECHO_REPLY check and our
> > manpage states:
> > -v Verbose output. ICMP packets other than ECHO_REPLY that are
> > received are listed.
> > I think the following diff is warranted and solves my false warning
> > states.
> >
> > OK?
> >
> > martijn@
> >
> > Index: ping.c
> > ===
> > RCS file: /cvs/src/sbin/ping/ping.c,v
> > retrieving revision 1.240
> > diff -u -p -r1.240 ping.c
> > --- ping.c 11 Feb 2020 18:41:39 - 1.240
> > +++ ping.c 20 Oct 2020 07:19:49 -
> > @@ -1180,7 +1180,8 @@ pr_pack(u_char *buf, int cc, struct msgh
> > icp6 = (struct icmp6_hdr *)buf;
> >
> > if ((hoplim = get_hoplim(mhdr)) == -1) {
> > - warnx("failed to get receiving hop limit");
> > + if (options & F_VERBOSE)
> > + warnx("failed to get receiving hop limit");
> > return;
> > }
> >
> >
Re: ping(8) put hop_limit warning in verbose mode
On Tue, Oct 20, 2020 at 09:20:32AM +0200, Martijn van Duren wrote:
> I have an icinga-instance running on openbsd.amsterdam. Here I found
> that sometimes check_ping from the monitoring-plugins package fails,
> because ping(8) sends "failed to get receiving hop limit", but still
> receives all the ping replies. These packets/annomalies are clearly
> not meant for us.
But it is. This is comming from the local machine,
see L949ff of netinet6/ip6_input.c.
sbcreatecontrol() fails because it tries to allocate space with
M_DONTWAIT. Looks like you drove your system out of resources.
While the local system receives all replies and passes them on to
ping6(8) they are not counted as received. So ping6(8) will report
packet loss while there is none.
I think it's a mistake to hide the warning because it will lead people
on a wild goose chase.
Also since ping6(8) will report packet loss I'm not conviced this will
solve your problem.
>
> Since this check is done before the ICMP6_ECHO_REPLY check and our
> manpage states:
> -v Verbose output. ICMP packets other than ECHO_REPLY that are
> received are listed.
> I think the following diff is warranted and solves my false warning
> states.
>
> OK?
>
> martijn@
>
> Index: ping.c
> ===
> RCS file: /cvs/src/sbin/ping/ping.c,v
> retrieving revision 1.240
> diff -u -p -r1.240 ping.c
> --- ping.c11 Feb 2020 18:41:39 - 1.240
> +++ ping.c20 Oct 2020 07:19:49 -
> @@ -1180,7 +1180,8 @@ pr_pack(u_char *buf, int cc, struct msgh
> icp6 = (struct icmp6_hdr *)buf;
>
> if ((hoplim = get_hoplim(mhdr)) == -1) {
> - warnx("failed to get receiving hop limit");
> + if (options & F_VERBOSE)
> + warnx("failed to get receiving hop limit");
> return;
> }
>
>
--
I'm not entirely sure you are real.
