Ping sockets

Intro

From patch description:

This patch adds IPPROTO_ICMP socket kind.  It makes it possible to send
ICMP_ECHO messages and receive corresponding ICMP_ECHOREPLY messages
without any special privileges.  In other words, the patch makes it
possible to implement setuid-less /bin/ping.

A new ping socket is created with

    socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP)

Message identifiers (octets 4-5 of ICMP header) are interpreted as local
ports. Addresses are stored in struct sockaddr_in. No port numbers are
reserved for privileged processes, port 0 is reserved for API ("let the
kernel pick a free number"). There is no notion of remote ports, remote
port numbers provided by the user (e.g. in connect()) are ignored.

Data sent and received include ICMP headers. This is deliberate to:
1) Avoid the need to transport headers values like sequence numbers by other means
2) Make it easier to port existing programs using raw sockets.

ICMP headers given to send() are checked and sanitized. The type
must be ICMP_ECHO and the code must be zero (future extensions might relax
this, see below). The id is set to the number (local port) of the socket,
the checksum is always recomputed.

ICMP reply packets received from the network are demultiplexed according
to their id's and returned by recv() without any modifications.
IP header information and ICMP errors of those packets may be obtained
via ancillary data (IP_RECVTTL, IP_RETOPTS, and IP_RECVERR). ICMP source
quenches and redirects are reported as fake errors via the error queue
(IP_RECVERR); the next hop address for redirects is saved to ee_info (in
network order).

The existing code might be (in the unlikely case anyone needs it)
extended rather easily to handle other similar pairs of ICMP messages
(Timestamp/Reply, Information Request/Reply, Address Mask Request/Reply
etc.).

Initially this functionality was written by Pavel Kankovsky for Linux
2.4.32, but unfortunately it was never made public.

Userspace support

Userspace ping utility & patch for it:

For iputils-ss020927:

For iputils-s20101006 (as of this writing):

(the relevant patch in the latter directory is iputils-s20101006-owl-pingsock.diff).

Kernel patch

Patch for Linux 2.6.37-rc7 (should work with minor changes on other kernels with net namespace support): linux-2.6.37-rc7-ping2.diff

Patch for Linux 2.6.18 (RHEL+OVZ+Owl): linux-2.6.18-194.26.1.el5.028stab079.1-owl-pingsocket3.diff

Revision that went upstream: https://lkml.org/lkml/2011/5/13/382

people/segoon/ping.txt · Last modified: 2011/05/15 13:34 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share