l2ping(8) and -f switch

Alexander Best arundel at freebsd.org
Mon Mar 28 21:37:46 UTC 2011 

On Mon Mar 28 11, Alexander Best wrote:
> On Mon Mar 28 11, Maksim Yevmenkin wrote:
> > On Mon, Mar 28, 2011 at 12:59 PM, Alexander Best <arundel at freebsd.org> wrote:
> > > On Mon Mar 28 11, Maksim Yevmenkin wrote:
> > >> On Mon, Mar 28, 2011 at 7:04 AM, Iain Hibbert <plunky at rya-online.net> wrote:
> > >> > On Mon, 28 Mar 2011, Alexander Best wrote:
> > >> >
> > >> >> On Mon Mar 28 11, Iain Hibbert wrote:
> > >> >> > On Mon, 28 Mar 2011, Alexander Best wrote:
> > >> >> >
> > >> >> > > thus i believe making the -f switch only accessable to super-users (in
> > >> >> > > accordance with ping(8)/ping6(8)) would increase security.
> > >> >> >
> > >> >> > what stops the user from recompiling l2ping without this restriction?
> > >> >>
> > >> >> nothing. but what stops him from recompiling ping(8) or ping6(8) without the
> > >> >> restriction? still it's there.
> > >> >
> > >> > AFAIK you need superuser privileges to even send ICMP_ECHO packets, thats
> > >> > why ping is traditionally a suid program and making a new binary won't
> > >> > help normal users..  I'm guessing that l2ping doesn't have the same
> > >> > restrictions?
> > >>
> > >> Guys,
> > >>
> > >> first of all thanks for the patch.
> > >>
> > >> i think one really needs to understand what "flood" really means in
> > >> l2ping(8). "flood" ping(8) basically floods the link with icmp echo
> > >> requests without waiting for remote system to reply. yes, this is
> > >> potentially dangerous and thus its reasonable to require super-user
> > >> privileges. "flood" l2ping(8) is NOT the same. all l2ping(8) does is
> > >> "flood" mode
> > >>
> > >> 1) sends l2cap echo request
> > >> 2) waits for l2cap echo response (or timeout)
> > >> 3) repeats
> > >>
> > >> in other words, there is no delay between each l2cap echo
> > >> request-response transaction. its not really "flood". i'm not sure if
> > >> it really worth to go all the way to restricting this. however, if
> > >> people think that it should be restricted, i will not object.
> > >
> > > how about removing the term "flood" from the l2ping(2) man page, if the -f
> > > semantics can't actually be called that way?
> > 
> > that would be fine. l2ping(8) -h calls it
> > 
> > -f         No delay (sort of flood)
> > 
> > and l2ping(8) man page calls it
> > 
> > -f      ``Flood'' ping, i.e., no delay between packets.
> > 
> > it would be nice to make those consistent :) i'm not sure what the
> > best name would be though.
> 
> another possibility would be to allow l2ping -i 0 and say that the -f flag is
> an alias for that.

the following patch will implement this behavior.

> 
> > 
> > thanks,
> > max
> 
> -- 
> a13x

-- 
a13x
-------------- next part --------------
diff --git a/usr.sbin/bluetooth/l2ping/l2ping.8 b/usr.sbin/bluetooth/l2ping/l2ping.8
index 477f4ec..7ff2942 100644
--- a/usr.sbin/bluetooth/l2ping/l2ping.8
+++ b/usr.sbin/bluetooth/l2ping/l2ping.8
@@ -25,7 +25,7 @@
 .\" $Id: l2ping.8,v 1.3 2003/05/21 01:00:19 max Exp $
 .\" $FreeBSD$
 .\"
-.Dd June 14, 2002
+.Dd March 28, 2011
 .Dt L2PING 8
 .Os
 .Sh NAME
@@ -36,7 +36,7 @@
 .Op Fl fhn
 .Fl a Ar remote
 .Op Fl c Ar count
-.Op Fl i Ar delay
+.Op Fl i Ar wait
 .Op Fl S Ar source
 .Op Fl s Ar size
 .Sh DESCRIPTION
@@ -63,8 +63,8 @@ If this option is not specified,
 .Nm
 will operate until interrupted.
 .It Fl f
-.Dq Flood
-ping, i.e., no delay between packets.
+Alias for
+.Fl i Ar 0 .
 .It Fl h
 Display usage message and exit.
 .It Fl i Ar wait
@@ -109,7 +109,7 @@ Some implementations may not like large sizes and may hang or even crash.
 .Xr ng_l2cap 4 ,
 .Xr l2control 8
 .Sh AUTHORS
-.An Maksim Yevmenkin Aq m_evmenkin at yahoo.com
+.An Maksim Yevmenkin Aq emax at FreeBSD.org
 .Sh BUGS
 Could collect more statistic.
 Could check for duplicated, corrupted and lost packets.
diff --git a/usr.sbin/bluetooth/l2ping/l2ping.c b/usr.sbin/bluetooth/l2ping/l2ping.c
index d7e1b1e..b01ac7d 100644
--- a/usr.sbin/bluetooth/l2ping/l2ping.c
+++ b/usr.sbin/bluetooth/l2ping/l2ping.c
@@ -111,7 +111,7 @@ main(int argc, char *argv[])
 
 		case 'i':
 			wait = atoi(optarg);
-			if (wait <= 0)
+			if (wait < 0)
 				usage();
 			break;
 
@@ -221,7 +221,7 @@ main(int argc, char *argv[])
 			tv2msec(&b), r.result,
 			((fail == 0)? "" : strerror(errno)));
 
-		if (!flood) {
+		if (!flood && wait) {
 			/* Wait */
 			a.tv_sec = wait;
 			a.tv_usec = 0;
@@ -272,12 +272,12 @@ tv2msec(struct timeval const *tvp)
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: l2ping -a bd_addr " \
-		"[-S bd_addr -c count -i wait -n -s size -h]\n");
+	fprintf(stderr, "Usage: l2ping [-fhn] -a remote " \
+		"[-c count] [-i wait] [-S source] [-s size]\n");
 	fprintf(stderr, "Where:\n");
 	fprintf(stderr, "  -a remote  Specify remote device to ping\n");
 	fprintf(stderr, "  -c count   Number of packets to send\n");
-	fprintf(stderr, "  -f         No delay (sort of flood)\n");
+	fprintf(stderr, "  -f         Alias for -i 0\n");
 	fprintf(stderr, "  -h         Display this message\n");
 	fprintf(stderr, "  -i wait    Delay between packets (sec)\n");
 	fprintf(stderr, "  -n         Numeric output only\n");

More information about the freebsd-bluetooth mailing list