Withdrawn: JDK-8257235: [PATCH] InetAddress.isReachable: Try to use an IPPROTO_ICMP socket type before attempting RAW_SOCK

duke duke at openjdk.java.net
Wed May 19 16:28:44 UTC 2021

On Sun, 29 Nov 2020 07:54:23 GMT, Jamie Le Tual <github.com+55101029+jamieletual at openjdk.org> wrote:

> Users have been able to send ICMP packets without the need for root privileges or the CAP_NET_RAW capability since at least kernel 3.11.
> For some time now, if the kernel parameter net.ipv4.ping_group_range included the gid of a user sending an icmp packet with the IPPROTO_ICMP protocol, then the packet would>
> It's important to note that the both the checksum and ident field are overwritten by the kernel when this is done.
> Newer distributions are now setting the default value of net.ipv4.ping_group_range to be open to all possible group ids (Fedora 31 and Ubuntu 20.04 for example) so it can b>
> Also of note is the that this is also implemented in MacOS.
> This patch proposes attempting to use IPPROTO_ICMP first, and then fall back to attempting a raw socket and ultimately failing over to tcp echo.
> This patch also alters the logic for identifying icmp reply packets, since the kernel overwrites id ident field when using the IPPROTO_ICMP protocol.
> The method is similar to that used by the ping(8) utility in the iputils package, where we compare data in the icmp_data member of the icmp struct
> to identify the packet as our response. The ping utility compares the timeval, whereas this patch proposes to compare both the timeval and the user's pid.

This pull request has been closed without being integrated.


PR: https://git.openjdk.java.net/jdk/pull/1502

More information about the net-dev mailing list