Hello, Good find Jamie,
The change for this is from 2010, so it should be in all recent Linux kernels (not sure if this means no fallback is needed - maybe keep the tcp fallback) https://lwn.net/Articles/420800/ BTW the article also,mentions there is a way to do this in MacOS also. Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: net-dev <net-dev-r...@openjdk.java.net> im Auftrag von Jamie Le Tual <jamie.let...@gmail.com> Gesendet: Samstag, November 28, 2020 3:43 AM An: net-dev@openjdk.java.net Betreff: icmp and raw sockets on linux I'm new to the list and although I have skimmed through the archive and the open bugs to look at discussions about icmp echo for non root users in linux, I didn't see this solution. We are all aware that you need to have root privileges in order to use raw sockets. It recently came to my attention however that my copy of ping isn't setuid root which made me wonder how the iputils maintainer managed to send an icmp packet as a non root user. Turns out it's surprisingly trivial, they use SOCKET_DGRAM instead of SOCKET_RAW and the body of the datagram is an icmp structure. Now, being as it's not a raw socket, we can't control the contents of the ident portion of the icmp header, it gets overwritten by the kernel (the sequence is untouched by the kernel however). Now, since the kernel sets the ident field "en passant" I know of no way to know what that value was set to which means correlating and identifying the echo reply needs to do something other than use the ident field. What I tried was to put the user PID in the data structure right after the timestamp, and use that for comparison when we get an icmp reply. It all seems to check out (at least on my machine,) the icmp packets look good in wireshark, so the first thing I'm wondering is what the catch must be, because this seems like a simple solution and I'm wondering why it was never done like this. I realize that there is a process to have submit patches, and I have no problem with that but I really had to ask the question here first to see if there was something I was overlooking. I can provide a patch file if anyone wants to take a look, it's about six small changes in Inet4AddressImpl.c Cheers, Jamie
