Why does ping on Linux call bind()?

2 points

4 years ago

I noticed earlier that ping (mine is from iputils [0]) calls bind():

    rascul@smarts:~> strace -fe bind ping -c1 google.com > /dev/null
    bind(5, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0
    +++ exited with 0 +++

This confused me, because I didn't understand why ping needed to bind(). I understood ping to send an ICMP echo request and time the reply [1]. I wasn't sure why ping needed to act as a server for this. This appears to be Netlink related, according to the sa_family in the bind() call.

I asked about this on IRC, the #linux [2] channel on Libera [3]. Several people helped do some digging, and it looks like it might come from a getaddrinfo() call, but we weren't able to verify that. We noticed that bind() isn't called for some hosts:

    rascul@smarts:~> strace -fe bind ping -c1 kernel.org > /dev/null
    +++ exited with 0 +++

Nor is bind() called for ip addresses:

    rascul@smarts:~> strace -fe bind ping -c1 9.9.9.9 > /dev/null
    +++ exited with 0 +++

I wasn't able to test it at the time, but I was informed that ping from busybox sometimes calls bind() also.

I don't know that there's any security implications involved, but mostly I'm just curious, why does ping call bind()? It would be great if anyone was able to help shed some light on this.

[0] https://github.com/iputils/iputils/blob/master/ping/ping.c

[1] https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

[2] https://linux.chat/linux-on-libera/

[3] https://libera.chat/

3 comments