Skip to content

Upstream fix for SetPrivileged

Latest
Latest
Compare
Choose a tag to compare
@isi-lincoln isi-lincoln released this 02 Oct 03:27
· 4 commits to master since this release
1.0.0
8565f8e 
patch: compare identifier for non-root access icmp

Commit d046b245 introduces a bug which causes ping to always fail.
The source of this bug is:

```
	// Check if reply from same ID
	body := m.Body.(*icmp.Echo)
	if body.ID != p.id {
		return nil
	}
```

Which due to the selection of p.id requires that SetPrivileged is
set to true.  In the case where Privileged (i.e p.network == udp)
it is left to the kernel to set the ICMP id.

https://lwn.net/Articles/443051/  Discusses the introduction of
non-setuid-less ping.  The kernel implementation for this
interface dictates using the local port, which gets mapped into
the ping_table struct.  There is no current implementation in the
go icmp library to address this problem directly.

To address this issue, I've added a `Tracker` field for `Pinger`
as well as `IcmpData` datastructure to allow for uniquely tracking
icmp requests.  The id (as with the `id` field) is not unique,
but will statistically rare for duplicates.
Assets 2
Loading