[Bug 254623] traceroute6: ICMP6 no longer works due to Capsicum'ization: data too short (-1 bytes) from invalid
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 1 04:44:34 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623
--- Comment #7 from Zhenlei Huang <zlei.huang at gmail.com> ---
(In reply to Mark Johnston from comment #6)
The patch D29523 works greatly :)
I do not have a FreeBSD phabricator account, and just registered one and the
account is not approved yet. So I comment directly here.
Summary from review D29523:
> For ICMP6 we were using the same socket for both, and we limited rights
on the socket such that it's impossible to receive anything.
At first glance it seems the regression was due to no sufficient rights on
receiving socket, and I tried setting CAP_RECV on the receiving socket without
luck, I also tried disabling capsicum entirely and it behaves the same. So the
root cause is not no sufficient rights on receiving socket.
Limit rights on the recv socket is great :)
PS, man of cap_rights_limit gives an example entering capability mode before
limiting rights. I tried setting CAP_RECV on recv socket after entering
capability mode it also works greatly :-) I'm not familiar with capsicum and
it's pleasant if someone clarify this.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the freebsd-net
mailing list