NetBSD Problem Report #47693

From fair@clock.org  Mon Mar 25 18:17:02 2013
Return-Path: <fair@clock.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 6FC9063E6FA
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 25 Mar 2013 18:17:02 +0000 (UTC)
Message-Id: <20130325181659.A04DC15EDBB@cesium.clock.org>
Date: Mon, 25 Mar 2013 11:16:59 -0700 (PDT)
From: fair@netbsd.org
Reply-To: fair@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: NetBSD ICMP processing does not handle unreachable code 13 - administratively prohibited
X-Send-Pr-Version: 3.95

>Number:         47693
>Category:       kern
>Synopsis:       NetBSD ICMP processing does not handle unreachable code 13 - administratively prohibited
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 25 18:20:00 +0000 2013
>Closed-Date:    Tue Jun 25 12:41:12 +0000 2013
>Last-Modified:  Tue Jun 25 12:41:12 +0000 2013
>Originator:     Erik E. Fair
>Release:        NetBSD 6.1_RC1
>Organization:
	the NetBSD Project
>Environment:


System: NetBSD cesium.clock.org 6.1_RC1 NetBSD 6.1_RC1 (V240) #0: Tue Feb 26 19:16:36 PST 2013 root@cesium.clock.org:/var/obj/sys/arch/sparc64/compile/V240 sparc64
Architecture: sparc64
Machine: sparc64
>Description:
	tcpdump one's incoming connection for ICMP, and watch

	Notice code 13 coming back multiple times in response to SMTP connection attempts

	Notice E-mail in queue to destination marked with "connection timed out"

	See ICMP_UNREACH_ADMIN_PROHIBIT in /usr/src/sys/netinet/ip_icmp.h
	Grep for it; find one reference in udp_userreq.c

	Look in /usr/src/sys/netinet/ip_icmp.c and see the case
	statement not handle that code; it defaults to "badcode" goto.

	Check netstat -s and find hundreds of "bad code" statistics, and wonder
	how many of those are (valid) code 13 versus something else.

>How-To-Repeat:

>Fix:
*** ip_icmp.c	Mon Jan  9 06:31:22 2012
--- /tmp/ip_icmp.c	Mon Mar 25 11:14:19 2013
***************
*** 491,496 ****
--- 491,497 ----
  			case ICMP_UNREACH_ISOLATED:
  			case ICMP_UNREACH_HOST_PROHIB:
  			case ICMP_UNREACH_TOSHOST:
+ 			case ICMP_UNREACH_ADMIN_PROHIBIT:
  				code = PRC_UNREACH_HOST;
  				break;


>Release-Note:

>Audit-Trail:
From: "Erik E. Fair" <fair@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/47693: NetBSD ICMP processing does not handle unreachable code 13 - administratively prohibited
Date: Mon, 25 Mar 2013 11:26:28 -0700

 Actually, I changed my mind; we need an EPERM return (see ip_input.c),
 but failing that, "connection refused" is a more appropriate error
 code to return.


 *** ip_icmp.c	Mon Jan  9 06:31:22 2012
 --- /tmp/ip_icmp.c	Mon Mar 25 11:24:12 2013
 ***************
 *** 470,475 ****
 --- 470,476 ----
   				break;

   			case ICMP_UNREACH_PORT:
 + 			case ICMP_UNREACH_ADMIN_PROHIBIT:
   				code = PRC_UNREACH_PORT;
   				break;


From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47693 CVS commit: src/sys/netinet
Date: Mon, 25 Mar 2013 14:43:31 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Mon Mar 25 18:43:30 UTC 2013

 Modified Files:
 	src/sys/netinet: ip_icmp.c

 Log Message:
 PR/47693: Erik E. Fair: Add missing code to icmp handling.
 - While there, add the rest of the missing codes
 - Merge groups
 - Fix indentation


 To generate a diff of this commit:
 cvs rdiff -u -r1.129 -r1.130 src/sys/netinet/ip_icmp.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Jeff Rizzo" <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47693 CVS commit: [netbsd-6] src/sys/netinet
Date: Sun, 31 Mar 2013 20:52:30 +0000

 Module Name:	src
 Committed By:	riz
 Date:		Sun Mar 31 20:52:29 UTC 2013

 Modified Files:
 	src/sys/netinet [netbsd-6]: ip_icmp.c

 Log Message:
 Pull up following revision(s) (requested by fair in ticket #860):
 	sys/netinet/ip_icmp.c: revision 1.130
 PR/47693: Erik E. Fair: Add missing code to icmp handling.
 - While there, add the rest of the missing codes
 - Merge groups
 - Fix indentation


 To generate a diff of this commit:
 cvs rdiff -u -r1.128 -r1.128.2.1 src/sys/netinet/ip_icmp.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47693 CVS commit: [netbsd-5] src/sys/netinet
Date: Sun, 9 Jun 2013 16:39:43 +0000

 Module Name:	src
 Committed By:	msaitoh
 Date:		Sun Jun  9 16:39:43 UTC 2013

 Modified Files:
 	src/sys/netinet [netbsd-5]: ip_icmp.c

 Log Message:
 Pull up following revision(s) (requested by fair in ticket #1855):
 	sys/netinet/ip_icmp.c: revision 1.130
 PR/47693: Erik E. Fair: Add missing code to icmp handling.
 - While there, add the rest of the missing codes
 - Merge groups
 - Fix indentation


 To generate a diff of this commit:
 cvs rdiff -u -r1.120 -r1.120.6.1 src/sys/netinet/ip_icmp.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: msaitoh@NetBSD.org
State-Changed-When: Tue, 25 Jun 2013 12:41:12 +0000
State-Changed-Why:
Fixed and pulled up to netbsd-[56] branches.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.