[PATCH] ping: try SOCK_DGRAM if no root privileges

John Spencer maillist-busybox at barfooze.de
Mon Jan 6 16:03:33 UTC 2014 

i've been able to get the SOCK_DGRAM stuff to work with a little help of 
Vasily, author of the kernel patch.

see attached proof-of-concept patch.
i'm aware that it doesnt use xbind() and other busybox replacement 
funcs. getting it into a more busybox-ish shape is something i leave as 
a task for someone more familiar with the busybox internals.

note that i didn't test if the added getsockopt calls are strictly 
needed, i added them because they were in the original iputils patch.

in general the following differences exist between SOCK_RAW and 
SOCK_DGRAM handling:

1) the received packet is a raw icmp packet, not an IP one, so it lacks 
the header and is shorter.
2) the ident (myid) of the packet is sin(6)_port of the sockaddr struct
after doing a bind() and getsockname() on the dgram socket.

the patch works for both "fancy" ping(6), and "non-fancy" ping(6) (the 
latter just sends one packet and displays whether it was successful or 
not, without further info).

note that the iputils patch is not upstream yet, so if busybox merges 
it, it's the first official ping implementation that supports SOCK_DGRAM.

--JS

John Spencer wrote:
> Denys Vlasenko wrote:
>> Applied, thanks.
> 
> i just tested this new functionality, and it hangs at recv and does 
> nothing until the alarm is triggered:
> 
>  c = recv(pingsock, G.packet, sizeof(G.packet), 0);
> 
> (note: in order to test one has to echo groupid groupid > 
> /proc/sys/net/ipv4/ping_group_range as described in the kernel commit:
> 
> https://lkml.org/lkml/2011/5/13/382 )
> 
> OTOH using the iputils source tarball provided on the kernel patch 
> authors ping info page
> ( http://openwall.info/wiki/people/segoon/ping ) + the patch there, the 
> resulting ping binary successfully is able to ping as an ordinary user 
> without special privileges, as long as the groupid matches the range)
> i fixed a couple compile errors in that version of iputils and squashed 
> the needed ping code from that tarball into a single standalone 2KLOC C 
> file - see attachment.
> 
>>
>> On Tue, Nov 26, 2013 at 10:18 PM, Daniel Borca <dborca at yahoo.com> wrote:
>>> Allow non-setuid ping.
>>>
>>> Reference:
>>> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c319b4d76b9e583a5d88d6bf190e079c4e43213d 
>>>
>>>
>>> -dborca
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ping.patch
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140106/05692021/attachment.ksh>

More information about the busybox mailing list