tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ping(8) picking up another ping's echo replies

Analysis of a strange monitoring problem[*] led to the observation that 
ping(8), from time to time, reports 0% packet loss for a host residing, 
powered-off, in my drawer. The problem is that it only uses a 16-bit random 
value to check whether an echo reply belongs to an echo request it sent. 
In (my) real life, this leads to false positives every few hours.

The value put into the icmp_id field has been changed from (the lower bits of) 
the PID to a pseudo-random value in ping.c 1.76, the commit message being 
"do not disclose endian.   henning@openbsd". My impression is that (a hash of) 
the PID would be more appropriate than a pseudo-random value because it would 
greatly reduce the chance of two concurrent ping's picking up their packets.

Note that the comment above pinger() still reads "The ID field is our UNIX 
process ID".

I can currently see three ways working around this:

1. Use a hash of the PID for icmp_id.
2. Somehow check from->sin_addr to match send_addr.sin_addr (which may become 
   tricky for broadcasts).
3. Ignore the ping(8) problem and teach the check_ping monitoring plugin to 
   return CRITICAL if it finds "sendto: host is down" in ping's stderr.

[*] Several times a day, I get flooded with Notifications about a powered-down 
host that is within a Scheduled Downtime.

Home | Main Index | Thread Index | Old Index