Re: Relayd issues with "check icmp" after upgrade to 5.2

[Andrew Klettke]

Applied the patch, compiled and installed the new version of relayd, and 
everything looks good again. Thanks much!

Thanks,
Andrew Klettke
Systems Admin
Optic Fusion

On 11/05/2012 09:20 AM, Stuart Henderson wrote:
On 2012-11-02, Andrew Klettke <aklet...@opticfusion.net> wrote:
Just upgraded to 5.2 on one of our backup firewalls, and we are having
issues with hosts that are being checked with ICMP:
This should have been fixed post-5.2, please try this diff against
/usr/src/usr.sbin/relayd and let me know how it goes.

(also at http://junkpile.org/relayd.icmp.diff)

Index: check_icmp.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/check_icmp.c,v
retrieving revision 1.31
diff -u -p -r1.31 check_icmp.c
--- check_icmp.c        9 May 2011 12:08:47 -0000       1.31
+++ check_icmp.c        5 Nov 2012 17:18:30 -0000
@@ -172,6 +172,7 @@ send_icmp(int s, short event, void *arg)
        socklen_t                slen;
        int                      i = 0, ttl, mib[4];
        size_t                   len;
+       u_int32_t                id;
  
  	if (event == EV_TIMEOUT) {
                icmp_checks_timeout(cie, HCE_ICMP_WRITE_TIMEOUT);
@@ -208,18 +209,18 @@ send_icmp(int s, short event, void *arg)
                                continue;
                        i++;
                        to = (struct sockaddr *)&host->conf.ss;
+                       id = htonl(host->conf.id);
+
                        if (cie->af == AF_INET) {
                                icp->icmp_seq = htons(i);
                                icp->icmp_cksum = 0;
-                               memcpy(icp->icmp_data, &host->conf.id,
-                                   sizeof(host->conf.id));
+                               icp->icmp_mask = id;
                                icp->icmp_cksum = in_cksum((u_short *)icp,
                                    sizeof(packet));
                        } else {
                                icp6->icmp6_seq = htons(i);
                                icp6->icmp6_cksum = 0;
-                               memcpy(packet + sizeof(*icp6), &host->conf.id,
-                                   sizeof(host->conf.id));
+                               memcpy(packet + sizeof(*icp6), &id, sizeof(id));
                                icp6->icmp6_cksum = in_cksum((u_short *)icp6,
                                    sizeof(packet));
                        }
@@ -270,7 +271,7 @@ recv_icmp(int s, short event, void *arg)
        u_int16_t                icpid;
        struct host             *host;
        ssize_t                  r;
-       objid_t                  id;
+       u_int32_t                id;
  
  	if (event == EV_TIMEOUT) {
                icmp_checks_timeout(cie, HCE_ICMP_READ_TIMEOUT);
@@ -279,6 +280,7 @@ recv_icmp(int s, short event, void *arg)
  
  	bzero(&packet, sizeof(packet));
        bzero(&ss, sizeof(ss));
+       slen = sizeof(ss);
  
  	r = recvfrom(s, packet, sizeof(packet), 0,
            (struct sockaddr *)&ss, &slen);
@@ -291,7 +293,7 @@ recv_icmp(int s, short event, void *arg)
        if (cie->af == AF_INET) {
                icp = (struct icmp *)(packet + sizeof(struct ip));
                icpid = ntohs(icp->icmp_id);
-               memcpy(&id, icp->icmp_data, sizeof(id));
+               id = icp->icmp_mask;
        } else {
                icp6 = (struct icmp6_hdr *)packet;
                icpid = ntohs(icp6->icmp6_id);
@@ -299,6 +301,7 @@ recv_icmp(int s, short event, void *arg)
        }
        if (icpid != cie->env->sc_id)
                goto retry;
+       id = ntohl(id);
        host = host_find(cie->env, id);
        if (host == NULL) {
                log_warn("%s: ping for unknown host received", __func__);