Bug 3187

Summary: "Fancy" ping6's ICMPv6 echo requests are malformed and do not generate replies from OS X, iOS hosts
Product: Busybox Reporter: Wes Campaigne <westacular+busybox>
Component: NetworkingAssignee: unassigned
Status: RESOLVED FIXED    
Severity: normal CC: busybox-cvs, westacular+busybox
Priority: P5    
Version: 1.18.x   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Wes Campaigne 2011-02-02 05:23:00 UTC 
When ping6 is built with FEATURE_FANCY_PING set, echo requests sent to OS X and iOS based hosts do not generate replies consistently.

The problem is the value of icmp6_code: RFC 4443 specifies it as 0, and both OS X and iOS actually check that, and only send an echo reply if it was in fact 0. (Other OSes are more permissive.)

For some reason, BusyBox's sendping6 function (networking/ping.c, line ~400) has all the lines that would set a value of 0 for icmp6_code in its requests commented out. The code field and most of the rest of the packet is uninitialized memory (ie random data).

The function also doesn't actually calculate or set the checksum value for the ICMPv6 header, but it's the non-zero code field that is causing the issue with Apple OSes.

(Testing was done with BusyBox 1.18.2 on TomatoUSB, K26)
Comment 1 Denys Vlasenko 2011-02-05 02:50:07 UTC 
The fix appears to be:

 static void sendping6(int junk UNUSED_PARAM)
 {
-       struct icmp6_hdr *pkt = alloca(datalen + sizeof(struct icmp6_hdr) + 4);
+       struct icmp6_hdr *pkt = G.snd_packet;


Can you confirm that it works?
Comment 2 Denys Vlasenko 2011-02-07 14:18:41 UTC 
Fixed in git and will go into 1.18.3