To: Felix von Leitner Subject: Re: [dnscache] problems (hanging) when lookup-cache full? In-Reply-To: Your message of "Sun, 17 Sep 2000 21:09:30 +0200." <20000917210930.A7865@codeblau.de> -------- I wrote: >> (For instance, Alan Cox thinks there is a good reason to be >> incompatible with BSD when it comes to reporting of ICMP errors on >> UDP sockets, although I think he's full of it.) To the best of my understanding: In Linux, when an ICMP error arrives such as "port unreachable" or "host unreachable" in response to a UDP operation, the error will be delivered to the last UDP socket which sent to that address, even if that socket is not connected. (By "the error will be delivered," I mean the socket is woken up wrt select() for reading and writing, and that the next operation on that socket wpill return -1 with errno set to EHOSTUNREACH or whatever. This is consistent with how errors are delivered on sockets in general.) (I don't know what happens if there is a socket connected to the address the ICMP error came from and it is not the same as the socket which last sent to that address.) Every other operating system in the world only reports such errors if the UDP socket is connected. I believe there is a /proc switch which can make Linux perform according to the BSD behavior, but I can't find it on my machine. Alan Cox believes this aberration is justified because the IETF host requirements say: 4.1.3.3 ICMP Messages UDP MUST pass to the application layer all ICMP error messages that it receives from the IP layer. Conceptually at least, this may be accomplished with an upcall to the ERROR_REPORT routine (see Section 4.2.4.1). On the other hand, this text is followed with: DISCUSSION: Note that ICMP error messages resulting from sending a UDP datagram are received asynchronously. A UDP-based application that wants to receive ICMP error messages is responsible for maintaining the state necessary to demultiplex these messages when they arrive; for example, the application may keep a pending receive operation for this purpose. The application is also responsible to avoid confusion from a delayed ICMP error message resulting from an earlier use of the same port(s). I (and most BSD networking people) think Alan Cox is full of it because: * Requiring the socket to be connected seems to be covered under "maintaining the state necessary to demultiplex these messages when they arrive." * The Linux approach does not make it possible to tell which destination an error resulted from, unless you've only been sending messages to one place. (In which case, you might as well have connected the socket.) So it's not really useful behavior.