[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
ping(8) picking up another ping's echo replies
Analysis of a strange monitoring problem[*] led to the observation that
ping(8), from time to time, reports 0% packet loss for a host residing,
powered-off, in my drawer. The problem is that it only uses a 16-bit random
value to check whether an echo reply belongs to an echo request it sent.
In (my) real life, this leads to false positives every few hours.
The value put into the icmp_id field has been changed from (the lower bits of)
the PID to a pseudo-random value in ping.c 1.76, the commit message being
"do not disclose endian. henning@openbsd". My impression is that (a hash of)
the PID would be more appropriate than a pseudo-random value because it would
greatly reduce the chance of two concurrent ping's picking up their packets.
Note that the comment above pinger() still reads "The ID field is our UNIX
I can currently see three ways working around this:
1. Use a hash of the PID for icmp_id.
2. Somehow check from->sin_addr to match send_addr.sin_addr (which may become
tricky for broadcasts).
3. Ignore the ping(8) problem and teach the check_ping monitoring plugin to
return CRITICAL if it finds "sendto: host is down" in ping's stderr.
[*] Several times a day, I get flooded with Notifications about a powered-down
host that is within a Scheduled Downtime.
Main Index |
Thread Index |