https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #3 from Zhenlei Huang <***@gmail.com> ---
The review D25604 capsicumize traceroute6, and use connect / send instead of
sendto. For ICMPV6 there may be ICMP6_DST_UNREACH type packets from
intermediate gateways, and they will not be captured by the pre-connected
socket IIUC.

Here comes the solution, let's separate the connected socket (sndsock) from
receive socket (rcvsock) as same as UDP / TCP / SCTP routines.

CC Mariusz Zaborski

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #1 from Zhenlei Huang <***@gmail.com> ---
The traceroute6.c from stable/12 works great with stable/13 kernel.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #2 from Zhenlei Huang <***@gmail.com> ---
Created attachment 223678
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=223678&action=edit
Patch for traceroute6.c

Hi rashey,
Can you please test if this patch works? Thanks :)


CC Mariusz Zaborski

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

Kubilay Kocak <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Summary|traceroute6: ICMP6 does not |traceroute6: ICMP6 no
|work anymore |longer works due to
| |Capsicum'ization: data too
| |short (-1 bytes) from
| |invalid
Status|New |Open
Severity|Affects Only Me |Affects Some People
Flags| |maintainer-feedback?(markj@
| |FreeBSD.org), mfc-stable13?
CC| |***@FreeBSD.org,
| |***@FreeBSD.org
Keywords| |needs-qa
See Also| |https://reviews.freebsd.org
| |/D25604

--- Comment #4 from Kubilay Kocak <***@FreeBSD.org> ---
^Triage: Review author doesn't appear to have an account in Bugzilla, request
feedback from one of the reviews reviewers

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

Mark Johnston <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Assignee|***@FreeBSD.org |***@FreeBSD.org

--- Comment #5 from Mark Johnston <***@FreeBSD.org> ---
Looking. The patch works for me in a simple test but I don't quite understand
why.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #6 from Mark Johnston <***@FreeBSD.org> ---
Ugh, we don't limit rights on rcvsock. Thanks for catching this. Please give
this a try: https://reviews.freebsd.org/D29523

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #7 from Zhenlei Huang <***@gmail.com> ---
(In reply to Mark Johnston from comment #6)
The patch D29523 works greatly :)

I do not have a FreeBSD phabricator account, and just registered one and the
account is not approved yet. So I comment directly here.
on the socket such that it's impossible to receive anything.

At first glance it seems the regression was due to no sufficient rights on
receiving socket, and I tried setting CAP_RECV on the receiving socket without
luck, I also tried disabling capsicum entirely and it behaves the same. So the
root cause is not no sufficient rights on receiving socket.

Limit rights on the recv socket is great :)

PS, man of cap_rights_limit gives an example entering capability mode before
limiting rights. I tried setting CAP_RECV on recv socket after entering
capability mode it also works greatly :-) I'm not familiar with capsicum and
it's pleasant if someone clarify this.

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #8 from commit-***@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=b8ae450f05e62a851f444edaf7db2506ff99aa37

commit b8ae450f05e62a851f444edaf7db2506ff99aa37
Author: Mark Johnston <***@FreeBSD.org>
AuthorDate: 2021-04-01 13:58:32 +0000
Commit: Mark Johnston <***@FreeBSD.org>
CommitDate: 2021-04-01 14:00:29 +0000

traceroute6: Fix Capsicum rights for rcvsock

- Always use distinct sockets for send and recv
- Limit rights on the recv socket

For ICMP6 we were using the same socket for both send and receive, and
we limited rights on the socket such that it's impossible to receive
anything.

PR: 254623
Diagnosed by: Zhenlei Huang <***@gmail.com>
Reviewed by: oshogbo
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29523

usr.sbin/traceroute6/traceroute6.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

Kubilay Kocak <***@FreeBSD.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|Open |In Progress
URL| |https://reviews.freebsd.org
| |/D29523
Flags|maintainer-feedback?(markj@ |maintainer-feedback+
|FreeBSD.org) |

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254623

--- Comment #9 from commit-***@FreeBSD.org ---
A commit in branch stable/13 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=d3f2c31b43b726ffbb180a42cee4b9f00c5ad5ed

commit d3f2c31b43b726ffbb180a42cee4b9f00c5ad5ed
Author: Mark Johnston <***@FreeBSD.org>
AuthorDate: 2021-04-01 13:58:32 +0000
Commit: Mark Johnston <***@FreeBSD.org>
CommitDate: 2021-04-05 13:51:56 +0000

traceroute6: Fix Capsicum rights for rcvsock

- Always use distinct sockets for send and recv
- Limit rights on the recv socket

For ICMP6 we were using the same socket for both send and receive, and
we limited rights on the socket such that it's impossible to receive
anything.

PR: 254623
Diagnosed by: Zhenlei Huang <***@gmail.com>
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D29523

(cherry picked from commit b8ae450f05e62a851f444edaf7db2506ff99aa37)

usr.sbin/traceroute6/traceroute6.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)