On 2012-11-02, Andrew Klettke <aklet...@opticfusion.net> wrote: > Just upgraded to 5.2 on one of our backup firewalls, and we are having > issues with hosts that are being checked with ICMP:
This should have been fixed post-5.2, please try this diff against /usr/src/usr.sbin/relayd and let me know how it goes. (also at http://junkpile.org/relayd.icmp.diff) Index: check_icmp.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/check_icmp.c,v retrieving revision 1.31 diff -u -p -r1.31 check_icmp.c --- check_icmp.c 9 May 2011 12:08:47 -0000 1.31 +++ check_icmp.c 5 Nov 2012 17:18:30 -0000 @@ -172,6 +172,7 @@ send_icmp(int s, short event, void *arg) socklen_t slen; int i = 0, ttl, mib[4]; size_t len; + u_int32_t id; if (event == EV_TIMEOUT) { icmp_checks_timeout(cie, HCE_ICMP_WRITE_TIMEOUT); @@ -208,18 +209,18 @@ send_icmp(int s, short event, void *arg) continue; i++; to = (struct sockaddr *)&host->conf.ss; + id = htonl(host->conf.id); + if (cie->af == AF_INET) { icp->icmp_seq = htons(i); icp->icmp_cksum = 0; - memcpy(icp->icmp_data, &host->conf.id, - sizeof(host->conf.id)); + icp->icmp_mask = id; icp->icmp_cksum = in_cksum((u_short *)icp, sizeof(packet)); } else { icp6->icmp6_seq = htons(i); icp6->icmp6_cksum = 0; - memcpy(packet + sizeof(*icp6), &host->conf.id, - sizeof(host->conf.id)); + memcpy(packet + sizeof(*icp6), &id, sizeof(id)); icp6->icmp6_cksum = in_cksum((u_short *)icp6, sizeof(packet)); } @@ -270,7 +271,7 @@ recv_icmp(int s, short event, void *arg) u_int16_t icpid; struct host *host; ssize_t r; - objid_t id; + u_int32_t id; if (event == EV_TIMEOUT) { icmp_checks_timeout(cie, HCE_ICMP_READ_TIMEOUT); @@ -279,6 +280,7 @@ recv_icmp(int s, short event, void *arg) bzero(&packet, sizeof(packet)); bzero(&ss, sizeof(ss)); + slen = sizeof(ss); r = recvfrom(s, packet, sizeof(packet), 0, (struct sockaddr *)&ss, &slen); @@ -291,7 +293,7 @@ recv_icmp(int s, short event, void *arg) if (cie->af == AF_INET) { icp = (struct icmp *)(packet + sizeof(struct ip)); icpid = ntohs(icp->icmp_id); - memcpy(&id, icp->icmp_data, sizeof(id)); + id = icp->icmp_mask; } else { icp6 = (struct icmp6_hdr *)packet; icpid = ntohs(icp6->icmp6_id); @@ -299,6 +301,7 @@ recv_icmp(int s, short event, void *arg) } if (icpid != cie->env->sc_id) goto retry; + id = ntohl(id); host = host_find(cie->env, id); if (host == NULL) { log_warn("%s: ping for unknown host received", __func__);
