From 8481d7432ac5a8110ba846fc3119c5129731195f Mon Sep 17 00:00:00 2001 From: David Schweikert Date: Mon, 16 Jan 2017 09:12:20 +0100 Subject: [PATCH] simplify restrictions, fixes #29, #32 --- ChangeLog | 1 + ci/test-03-forbidden.pl | 34 +++++----------------------------- configure.ac | 2 +- doc/fping.pod | 18 ++++++------------ src/fping.c | 21 ++++----------------- 5 files changed, 17 insertions(+), 59 deletions(-) diff --git a/ChangeLog b/ChangeLog index e2b967a..7f9267a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ Unreleased * (feature) Support kernel-timestamping of received packets (#46) + * (feature) Simplify restrictions: only -i >= 1 and -p >= 10 are enforced now * (bugfix) Fix compatibility issue with AIX (#69, @blentzgh) * (bugfix) Fix -q not suppressing some ICMP error messages (#83) diff --git a/ci/test-03-forbidden.pl b/ci/test-03-forbidden.pl index 9b1c960..b97db65 100755 --- a/ci/test-03-forbidden.pl +++ b/ci/test-03-forbidden.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -w -use Test::Command tests => 33; +use Test::Command tests => 24; # fping -i 0 my $cmd1 = Test::Command->new(cmd => "fping -i 0 -T10 -g 127.0.0.1/29"); @@ -8,34 +8,16 @@ $cmd1->exit_is_num(1); $cmd1->stdout_is_eq(""); $cmd1->stderr_is_eq(<= 1, p >= 20, r < 20, and t >= 50 +fping: You need -i >= 1 and -p >= 10 END -# fping -p 15 -my $cmd2 = Test::Command->new(cmd => "fping -c3 -p 15 127.0.0.1"); +# fping -p 9 +my $cmd2 = Test::Command->new(cmd => "fping -c3 -p 9 127.0.0.1"); $cmd2->exit_is_num(1); $cmd2->stdout_is_eq(""); $cmd2->stderr_is_eq(<= 1, p >= 20, r < 20, and t >= 50 -END - -# fping -r 30 -my $cmd3 = Test::Command->new(cmd => "fping -r 30 127.0.0.1"); -$cmd3->exit_is_num(1); -$cmd3->stdout_is_eq(""); -$cmd3->stderr_is_eq(<= 1, p >= 20, r < 20, and t >= 50 -END - -# fping -t 40 -my $cmd4 = Test::Command->new(cmd => "fping -t 40 127.0.0.1"); -$cmd4->exit_is_num(1); -$cmd4->stdout_is_eq(""); -$cmd4->stderr_is_eq(<= 1, p >= 20, r < 20, and t >= 50 +fping: You need -i >= 1 and -p >= 10 END # fping -H 300 @@ -74,9 +56,3 @@ $cmd10->exit_is_num(1); $cmd10->stdout_is_eq(""); $cmd10->stderr_is_eq("fping: backoff factor 5.1 not valid, must be between 1.0 and 5.0\n"); -# fping -C 11000 -my $cmd11 = Test::Command->new(cmd => "fping -C 11000 127.0.0.1"); -$cmd11->exit_is_num(1); -$cmd11->stdout_is_eq(""); -$cmd11->stderr_is_eq("fping: count 11000 not valid, must be less than 10000\n"); - diff --git a/configure.ac b/configure.ac index 2633973..b6bbc49 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ dnl Process this file with autoconf to produce a configure script. dnl Minimum Autoconf version required. AC_PREREQ(2.59) -AC_INIT([fping],[3.15]) +AC_INIT([fping],[3.16-rc1]) dnl make ipv4 and ipv6 options AC_ARG_ENABLE([ipv4], diff --git a/doc/fping.pod b/doc/fping.pod index 94cbfff..d38bec2 100644 --- a/doc/fping.pod +++ b/doc/fping.pod @@ -116,7 +116,7 @@ Print usage message. =item B<-i> I The minimum amount of time (in milliseconds) between sending a ping packet -to any target (default is 25). +to any target (default is 25, minimum is 1). =item B<-l> @@ -137,7 +137,7 @@ Same as -d. =item B<-N> -Format output for netdata (-l -Q are required). See: http://my-netdata.io/ +Format output for netdata (-l -Q are required). See: L =item B<-o> @@ -152,7 +152,7 @@ Set the typ of service flag (TOS). I can be either decimal or hexadecimal In looping or counting modes (B<-l>, B<-c>, or B<-C>), this parameter sets the time in milliseconds that B waits between successive packets to -an individual target. Default is 1000. +an individual target. Default is 1000 and minimum is 10. =item B<-q> @@ -252,10 +252,8 @@ line arguments, and 4 for a system call failure. =head1 RESTRICTIONS -If certain options are used (i.e, a low value for B<-i> and B<-t>, and a high value -for B<-r>) it is possible to flood the network. This program must be installed as -setuid root in order to open up a raw socket, or must be run by root. In order -to stop mere mortals from hosing the network, normal users can't specify the following: +In order to avoid users mistakingly flooding the network, the following values +are not allowed for non-root users: =over 4 @@ -265,11 +263,7 @@ B<-i> I, where I < 1 msec =item * -B<-r> I, where I > 20 - -=item * - -B<-t> I, where n < 250 msec +B<-p> I, where I < 10 msec =back diff --git a/src/fping.c b/src/fping.c index 7084034..50991dd 100644 --- a/src/fping.c +++ b/src/fping.c @@ -133,11 +133,8 @@ extern int h_errno; #define DEFAULT_PING_DATA_SIZE 56 /* maxima and minima */ -#define MAX_COUNT 10000 #define MIN_INTERVAL 1 /* in millisec */ -#define MIN_PERHOST_INTERVAL 20 /* in millisec */ -#define MIN_TIMEOUT 50 /* in millisec */ -#define MAX_RETRY 20 +#define MIN_PERHOST_INTERVAL 10 /* in millisec */ /* response time array flags */ #define RESP_WAITING -1 @@ -617,14 +614,12 @@ int main( int argc, char **argv ) }/* IF */ if( ( interval < MIN_INTERVAL * 100 || - perhost_interval < MIN_PERHOST_INTERVAL * 100 || - retry > MAX_RETRY || - timeout < MIN_TIMEOUT * 100 ) + perhost_interval < MIN_PERHOST_INTERVAL * 100 ) && getuid() ) { fprintf( stderr, "%s: these options are too risky for mere mortals.\n", prog ); - fprintf( stderr, "%s: You need i >= %u, p >= %u, r < %u, and t >= %u\n", - prog, MIN_INTERVAL, MIN_PERHOST_INTERVAL, MAX_RETRY, MIN_TIMEOUT ); + fprintf( stderr, "%s: You need -i >= %u and -p >= %u\n", + prog, MIN_INTERVAL, MIN_PERHOST_INTERVAL ); exit(1); }/* IF */ @@ -644,14 +639,6 @@ int main( int argc, char **argv ) }/* IF */ - if( count > MAX_COUNT ) - { - fprintf( stderr, "%s: count %u not valid, must be less than %u\n", - prog, count, MAX_COUNT ); - exit(1); - - }/* IF */ - if( alive_flag || unreachable_flag ) verbose_flag = 0;