icmp and raw sockets on linux

[Jamie Le Tual]

I'm new to the list and although I have skimmed through the archive and the
open bugs to look at discussions about icmp echo for non root users in
linux, I didn't see this solution.

We are all aware that you need to have root privileges in order to use raw
sockets.
It recently came to my attention however that my copy of ping isn't setuid
root which made me wonder how the iputils maintainer managed to send an
icmp packet as a non root user.
Turns out it's surprisingly trivial, they use SOCKET_DGRAM instead of
SOCKET_RAW and the body of the datagram is an icmp structure. Now, being as
it's not a raw socket, we can't control the contents of the ident portion
of the icmp header, it gets overwritten by the kernel (the sequence is
untouched by the kernel however).

Now, since the kernel sets the ident field "en passant" I know of no way to
know what that value was set to which means correlating and identifying the
echo reply needs to do something other than use the ident field. What I
tried was to put the user PID in the data structure right after the
timestamp, and use that for comparison when we get an icmp reply.

It all seems to check out (at least on my machine,) the icmp packets look
good in wireshark, so the first thing I'm wondering is what the catch must
be, because this seems like a simple solution and I'm wondering why it was
never done like this.

I realize that there is a process to have submit patches, and I have no
problem with that but I really had to ask the question here first to see if
there was something I was overlooking.

I can provide a patch file if anyone wants to take a look, it's about six
small changes in Inet4AddressImpl.c

Cheers,
Jamie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/net-dev/attachments/20201127/db9305e8/attachment.htm>