binding ICMP to a specific IP address

[Stuart Kendrick]

hi,

i'd like to run a number of ICMP intensive scripts from a single box.
in my experience, this is problematic ... ICMP doesn't support ports
the way TCP and UDP do, so the IP stack doesn't know to which process
to return the ICMP Echo Reply ... so process A can receive a response
to a ping which process B emitted ... neither process enjoys this ...
nor does the operator.

typically, /usr/sbin/ping supports the "-I" parameter, which allows it
to bind to a specified IP address ... that way, i can configure the box
with multiple IP addresses, bind each process' /usr/sbin/ping instance
to a different IP address ... and avoid stomping on myself.

but fping doesn't support the "-I" parameter. and i really like a number
of fping's features.

argh.

ok, so i can rewrite fping in Perl ... the Net:ing module ships with
example code. and Net:ing supports a 'bind' parameter, which allows
lets me specify the source IP address for the ICMP packet. but then,
i have to run my scripts as root or at least as setuid root ... neither
of which thrills me.

Net:ing::External doesn't require root access to run, as it uses the
OS's ping binary. But ... it doesn't yet support binding to different
IP addresses (presumably, the "-I" parameter varies enough between OSes
that this is hard to support).

i think i'm stuck. i think i need more hardware -- one box per
ping-intensive app.

does anyone know of way around this?

--sk

Stuart Kendrick
FHCRC

 

[Ben Morrow]

ok, so i can rewrite fping in Perl ... the Net:ing module ships with
example code. and Net:ing supports a 'bind' parameter, which allows
lets me specify the source IP address for the ICMP packet. but then,
i have to run my scripts as root or at least as setuid root ... neither
of which thrills me.

At least on my machine, /bin/ping is setuid root. I am fairly sure it
has to be to send ICMP packets. If you are saying that you'd rather
run someone else's (peer-reviewed) code as root than write your own
(which is fair enough)...

Net:ing::External doesn't require root access to run, as it uses the
OS's ping binary. But ... it doesn't yet support binding to different
IP addresses (presumably, the "-I" parameter varies enough between OSes
that this is hard to support).

....then write your own wrapper around ping, probably based on
Net:ing::External. But fping features like round-robin pinging of
hosts until they reply will be 'nigh-on impossible to emulate:
obviously, the same applies if you use Net:ing::External.

Alternatively, you could use Net:ing's UDP- or TCP-ping feature, which
doesn't have either problem.

Ben

 

[David Efflandt]

hi,

i'd like to run a number of ICMP intensive scripts from a single box.
in my experience, this is problematic ... ICMP doesn't support ports
the way TCP and UDP do, so the IP stack doesn't know to which process
to return the ICMP Echo Reply ... so process A can receive a response
to a ping which process B emitted ... neither process enjoys this ...
nor does the operator.

You ping a specific host or IP, so unless 2 processes are pinging the
same host, this should be a non-issue whether true or not. I used Linux
ping to ping 2 hosts simultaniously from 2 xterms, and both responded
properly.

ok, so i can rewrite fping in Perl ... the Net:ing module ships with
example code. and Net:ing supports a 'bind' parameter, which allows
lets me specify the source IP address for the ICMP packet. but then,
i have to run my scripts as root or at least as setuid root ... neither
of which thrills me.

Net:ing::External doesn't require root access to run, as it uses the
OS's ping binary. But ... it doesn't yet support binding to different
IP addresses (presumably, the "-I" parameter varies enough between OSes
that this is hard to support).

i think i'm stuck. i think i need more hardware -- one box per
ping-intensive app.

The normal purpose of a bind parameter is if routing is ambiguous. Did
you ever stop to think that you could simply edit the module to suit your
desires? Just curious why you need to run that ping-intensive app. That
could be considered abuse unless you own the IPs being pinged.

 

[lostriver]

hi,

i'd like to run a number of ICMP intensive scripts from a single box.
in my experience, this is problematic ... ICMP doesn't support ports
the way TCP and UDP do, so the IP stack doesn't know to which process
to return the ICMP Echo Reply ... so process A can receive a response
to a ping which process B emitted ... neither process enjoys this ...
nor does the operator.

That should not be a problem, ICMP Pings (Echo/Echo Reply - Type 8/0, Code 0)
do have ID field and Sequence # .....

RFC 792, page 15:

The data received in the echo request message must be returned in the
echo reply message.

The identifier and sequence number may be used by the echo sender to
aid in matching the replies with the echo requests. For example, the identifier
might be used like a port in TCP or UDP to identify a session, and the sequence
number might be incremented on each echo request sent. The echoer returns these
same values in the echo reply.