sarahn
2019-10-02 21:11
reporter
|
iputils-do-not-count-icmp-redirect-errors-as-errors.patch (1,927 bytes)
From 5e2d2c9eea9f50ac518e6af258a6b2a33bf645de Mon Sep 17 00:00:00 2001
From: Sarah Newman <srn@prgmr.com>
Date: Tue, 1 Oct 2019 19:12:14 -0700
Subject: [PATCH] ping: do not count icmp redirect errors as errors
When sending a specific number of probes using a raw socket, currently
receiving an icmp redirect will cause the number of actual probes sent
to be less than the requested count, as shown by this santized nagios
debug output:
CMD: /usr/bin/ping -n -U -W 10 -c 5 example.com
Output: PING example.com (10.1.1.1) 56(84) bytes of data.
Output: From 10.2.2.2 icmp_seq=1 Redirect Host(New nexthop: 10.1.1.1)
Output: From 10.2.2.2: icmp_seq=1 Redirect Host(New nexthop: 10.1.1.1)
Output: 64 bytes from 10.1.1.1: icmp_seq=1 ttl=63 time=0.490 ms
Output: 64 bytes from 10.1.1.1: icmp_seq=2 ttl=63 time=0.613 ms
Output: 64 bytes from 10.1.1.1: icmp_seq=3 ttl=63 time=0.565 ms
Output: From 10.2.2.2 icmp_seq=4 Redirect Host(New nexthop: 10.1.1.1)
Output:
Output: --- example.com ping statistics ---
Output: 4 packets transmitted, 3 received, +2 errors, 25% packet loss,
time
3000ms
Output: rtt min/avg/max/mdev = 0.490/0.556/0.613/0.050 ms
PING CRITICAL - Packet loss = 25%, RTA = 0.56
ms|rta=0.556000ms;100.000000;500.000000;0.000000 pl=25%;2;6;0
100.000000:2% 500.000000:6%
Suppress counting icmp redirect errors as errors given that the program
should still expect to see a response.
Signed-off-by: Sarah Newman <srn@prgmr.com>
---
ping.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ping.c b/ping.c
index 070cefe..9795f09 100644
--- a/ping.c
+++ b/ping.c
@@ -914,7 +914,10 @@ int ping4_receive_error_msg(socket_st *sock)
}
net_errors++;
- nerrors++;
+ /* A redirect should not really indicate an error since we should still
+ get the response. */
+ if (e->ee_type != ICMP_REDIRECT)
+ nerrors++;
if (options & F_QUIET)
goto out;
if (options & F_FLOOD) {
--
2.17.1
|
|
|
|
Possibly fixed in the kernel by:
commit 8d65b1190ddc548b0411477f308d04f4595bac57
Author: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Date: Fri Sep 20 18:21:25 2013 +0800
net: raw: do not report ICMP redirects to user space
Redirect isn't an error condition, it should leave
the error handler without touching the socket.
Signed-off-by: Duan Jiong <duanj.fnst@cn.fujitsu.com>
Signed-off-by: David S. Miller <davem@davemloft.net> |
|
|
|
I see that the kernel patch referenced by @mchapman is not in the distro kernel but is in kernel-4.9.188 that @sarahn used to show the normal behavio(u)r.
CentOS can add the patch to the centosplus kernel (kernel-plus). To get it into the distro kernel, this needs to be reported upstream at http://bugzilla.redhat.com . Then CentOS kernel will inherit it. |
|
|
|
Thanks @mchapman and @toracat. Submitted https://bugzilla.redhat.com/show_bug.cgi?id=1758386 |
|
|
|
@sarahn
What's the current status of RHBZ 1758386 ? |
|
|
|
@toracat No updates since 2019-11-13. The last comment was them asking if they could target RHEL 7.9 and my assenting. |
|
|
|
The patch was added to the distro kernel as of EL 7.9 GA kernel. |
|
