small ICMP echo reply from different address than being checked causes issue

Issue #488 resolved
Howard Finer
created an issue

this is seen for monit 5.4 and also monit 5.19 In trying to use the ICMP type echo / ICMP ping functionality. We are using the ping functionality to check accessibility of another machine. If there happens to be another set of machines on the network that are using an ICMP ping of a size smaller than what monit uses, monit sees the ping reply and complains about the reply being too small. For example:

[EDT Jun 27 13:58:51] error    : ICMP echo response for 169.254.99.1 1/1 failed -- received 40 bytes, expected at least 48 bytes

The response in this case is meant for a different address, yet it causes a failure for my check condition. The monit code should not treat the small reply as being a failure when it is not for the desired address. The address check should be performed before the size check.

Comments (9)

  1. Tildeslash repo owner

    The data which broke the response were not ICMP ping, but probably some other message type ... the minimum length expected by monit is just "sizeof(struct ip) + sizeof(struct icmp)" for ICMPv4 or sizeof(struct icmp6_hdr) for ICMPv6.

    Will fix.

  2. Howard Finer reporter

    is there a date yet for when monit 5.21 will be released? we are past the 1-2 month maintenance release period and are looking to plan when we will have it available

  3. Tildeslash repo owner

    The disk IO monitoring is finished, we're now in the testing phase + walking through bitbucket issues (small fixes in progress). If you need to use the latest code base, you can always get the development snapshot from bitbucket:

    wget https://bitbucket.org/tildeslash/monit/get/master.tar.gz
    tar -xzf master.tar.gz
    cd tildeslash*
    ./bootstrap
    ./configure
    make
    
  4. Log in to comment