ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by ChilyWil » Mon, 02 Dec 2002 03:31:41



Hi All,

I've written a simple little C program that uses a raw socket to
send out ICMP ECHO_REQUEST packets and waits to receive ICMP ECHO_
REPLIES. Things seem to work just fine with non-Loopback addresses
on my machine (ECHO_REQ leads to ECHO_REPLY etc). However, if I
use the loopback address (127.0.0.1), I also see the ECHO_REQ arrive
on my socket (ie just before the ECHO_REPLY arrives).

Here's the scenario:

On my local network (192.168.1.100 (host A) - 192.168.1.101 (host B)):

ECHO_REQ from A to B    ------>
ECHO_REPLY from B to A  <-------

On the loopback of either A or B (both running Linux 2.4.19)

ECHO_REQ from A to 127.0.0.1   ------->
ECHO_REQ from A to 127.0.0.1   <------- (whoa! the same req. I just sent)
ECHO_REPLY from 127.0.0.1 to A <-------

Any ideas what's causing this? I've tested with some other OSes,
(SGI, BSD 4.0, SunOS/Solaris) but have not seen this behavior.

TIA.

 
 
 

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by Karl Heye » Mon, 02 Dec 2002 03:48:20



> ECHO_REQ from A to 127.0.0.1   ------->
> ECHO_REQ from A to 127.0.0.1   <------- (whoa! the same req. I just sent)
> ECHO_REPLY from 127.0.0.1 to A <-------

> Any ideas what's causing this? I've tested with some other OSes,
> (SGI, BSD 4.0, SunOS/Solaris) but have not seen this behavior.

Why is this unexpected?. You listening on an interface that has
just had a packet sent on it.

karl.

 
 
 

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by ChilyWil » Mon, 02 Dec 2002 05:10:55




>> ECHO_REQ from A to 127.0.0.1   ------->
>> ECHO_REQ from A to 127.0.0.1   <------- (whoa! the same req. I just
>> sent) ECHO_REPLY from 127.0.0.1 to A <-------

>> Any ideas what's causing this? I've tested with some other OSes,
>> (SGI, BSD 4.0, SunOS/Solaris) but have not seen this behavior.

> Why is this unexpected?. You listening on an interface that has
> just had a packet sent on it.

> karl.

Becaue ECHO_REQs are supposed to be *only* answered by kernel - not
sent up to the user application.
 
 
 

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by Karl Heye » Mon, 02 Dec 2002 09:11:02



>> Why is this unexpected?. You listening on an interface that has
>> just had a packet sent on it.

>> karl.

> Becaue ECHO_REQs are supposed to be *only* answered by kernel - not
> sent up to the user application.

Nothing states that. You have the socket in raw mode, the kernel is
telling you that a packet over that interface has been seen. The fact
that you issued it does not stop you from seeing it.

With netfiler any packet can be sent to userspace anyway.

karl.

 
 
 

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by ChilyWil » Tue, 03 Dec 2002 13:27:52




>>> Why is this unexpected?. You listening on an interface that has
>>> just had a packet sent on it.

>>> karl.

>> Becaue ECHO_REQs are supposed to be *only* answered by kernel - not
>> sent up to the user application.

> Nothing states that. You have the socket in raw mode, the kernel is
> telling you that a packet over that interface has been seen. The fact
> that you issued it does not stop you from seeing it.

Karl,

Thanks for your response - I was going off based on Steven

(around pg. 82) there's a nice table showing which ICMP messages
are handled by the kernel vs. those delivered to the user process.

I should've looked closed because it's caption reads "Handling of
ICMP message types by _4.4BSD_." - that combined with the fact that
most other Unix flavored OSes don't seem to send the ECHO REQs up
to the application led me this newsgroup... But you're point is
well taken. So I will try to see what behavior I get from pinging
my eth0 device directly. I know that loopback works differently in
the route that messages take but I would like to know for
consistency what happens (FWIW I'll post here my results)

Quote:

> With netfiler any packet can be sent to userspace anyway.

> karl.

Thanks for pointing me to netfiler - It seems handy.
 
 
 

ICMP ECHO_REQUEST visible to sending host on Linux 2.4.19

Post by Karl Heye » Tue, 03 Dec 2002 23:52:23



> I should've looked closed because it's caption reads "Handling of
> ICMP message types by _4.4BSD_." - that combined with the fact that
> most other Unix flavored OSes don't seem to send the ECHO REQs up
> to the application led me this newsgroup... But you're point is
> well taken. So I will try to see what behavior I get from pinging
> my eth0 device directly. I know that loopback works differently in
> the route that messages take but I would like to know for
> consistency what happens (FWIW I'll post here my results)

I saw this sort of thing when measuring bandwidth, across lo I was
getting double as it was measuring incoming and outgoing.  The
routing will probably use lo for your own IP as well.

karl.