RFR: JDK-8257235: [PATCH] InetAddress.isReachable: Try to use an IPPROTO_ICMP socket type before attempting RAW_SOCK

[Dalibor Topic]

On Sun, 29 Nov 2020 07:54:23 GMT, Jamie Le Tual <github.com+55101029+jamieletual at openjdk.org> wrote:

> Users have been able to send ICMP packets without the need for root privileges or the CAP_NET_RAW capability since at least kernel 3.11.
> 
> For some time now, if the kernel parameter net.ipv4.ping_group_range included the gid of a user sending an icmp packet with the IPPROTO_ICMP protocol, then the packet would>
> It's important to note that the both the checksum and ident field are overwritten by the kernel when this is done.
> 
> Newer distributions are now setting the default value of net.ipv4.ping_group_range to be open to all possible group ids (Fedora 31 and Ubuntu 20.04 for example) so it can b>
> 
> Also of note is the that this is also implemented in MacOS.
> 
> This patch proposes attempting to use IPPROTO_ICMP first, and then fall back to attempting a raw socket and ultimately failing over to tcp echo.
> This patch also alters the logic for identifying icmp reply packets, since the kernel overwrites id ident field when using the IPPROTO_ICMP protocol.
> The method is similar to that used by the ping(8) utility in the iputils package, where we compare data in the icmp_data member of the icmp struct
> to identify the packet as our response. The ping utility compares the timeval, whereas this patch proposes to compare both the timeval and the user's pid.
> 
> Please not that my OCA has been sent in and is pending.

Thank you for sending in an OCA for processing, Jamie, your account has now been verified.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1502