stuart@rennet.cs.wisc.edu (Stuart Friedberg) (05/10/89)
Once upon a time, someone wrote: > Could some BSD guru out there please tell me if the BSD UDP in fact > DOES notify anyone > when it gets an ICMP_UNREACH_PORT, and how? In article <363@lupine.UUCP> djm@lupine.UUCP (Dave Mackie) replied: > IP receives the ICMP message and eventually calls udp_ctlinput(). [...] > The routine in_pcbnotify() is called to find the correct pcb. [...] > If you're just using sendto(), the error message gets dropped. And now I add: It's even worse than that due to a bug in (or a misuse of) in_pcbnotify(). An error is delivered to all UDP sockets bound to the remote HOST that generated the ICMP_PORT_UNREACHABLE, no matter which remote PORT they are bound to. I once spent 15 minutes setting up by hand a network demo using UDP. Someone killed one process, and the whole thing unravelled in about 4 seconds due to this bug. Extremely frustrating! The bug was present in 4.2 and inherited by 4.3. It has probably survived so long because most people don't use UDP, those who use UDP don't bind to a remote host/port, and those who bind don't test their code. :-) Many Unix ports based on BSD networking have it; for example, its present in SunOS's 2.0 through 4.0.1. I think Mt.Xinu may have fixed it at one point in their VAX support, but I'm no longer sure. Stu Friedberg (stuart@cs.wisc.edu)
louie@TRANTOR.UMD.EDU ("Louis A. Mamakos") (05/10/89)
In fact, this same bug exists with TCP connections. If for instance, an ICMP port unreachable is returned from a host for a TCP connection (some IBM VM systems do this), all TCP connection to that remote host get ECONNREFUSED dropped into so_error in the PCB. Now, this doesn't actually abort the connection; usually the applications choke on the error returned the next time they reference the socket and close the connection. Our quick fix is to ignore port unreachable ICMP messages for all TCP connections. Why return an ICMP port unreachable message (in addition to a TCP reset segment)? I'm assured that there is a good reason, and it has something to do with a security option of some sort. louie