From owner-freebsd-bluetooth@FreeBSD.ORG  Mon Mar 28 21:55:03 2011
Return-Path: <owner-freebsd-bluetooth@FreeBSD.ORG>
Delivered-To: freebsd-bluetooth@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 1233)
	id 4B9B11065670; Mon, 28 Mar 2011 21:55:03 +0000 (UTC)
Date: Mon, 28 Mar 2011 21:55:03 +0000
From: Alexander Best <arundel@freebsd.org>
To: Maksim Yevmenkin <maksim.yevmenkin@gmail.com>
Message-ID: <20110328215503.GA43845@freebsd.org>
References: <20110328001258.GA70156@freebsd.org>
	<alpine.NEB.2.00.1103280751410.3331@galant.ukfsn.org>
	<20110328101804.GA39095@freebsd.org>
	<alpine.NEB.2.00.1103281452520.27263@galant.ukfsn.org>
	<AANLkTikLj7QumdtPcB=wGBdyxOyHBusCzUbrtXVC+Yt1@mail.gmail.com>
	<20110328195952.GA26987@freebsd.org>
	<AANLkTin_+8dxE8Go1Bk1vdFg2-bUZ-fn3OHX1RTRmfKa@mail.gmail.com>
	<20110328203413.GB26987@freebsd.org>
	<20110328213746.GA42088@freebsd.org>
	<AANLkTi=QagnGN3cADEcXTW-j3G_pDu3KCUY09uN_KTzV@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AANLkTi=QagnGN3cADEcXTW-j3G_pDu3KCUY09uN_KTzV@mail.gmail.com>
Cc: freebsd-bluetooth@freebsd.org
Subject: Re: l2ping(8) and -f switch
X-BeenThere: freebsd-bluetooth@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Using Bluetooth in FreeBSD environments
	<freebsd-bluetooth.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bluetooth>
List-Post: <mailto:freebsd-bluetooth@freebsd.org>
List-Help: <mailto:freebsd-bluetooth-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bluetooth>, 
	<mailto:freebsd-bluetooth-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 21:55:03 -0000

On Mon Mar 28 11, Maksim Yevmenkin wrote:
> On Mon, Mar 28, 2011 at 2:37 PM, Alexander Best <arundel@freebsd.org> wrote:
> > On Mon Mar 28 11, Alexander Best wrote:
> >> On Mon Mar 28 11, Maksim Yevmenkin wrote:
> >> > On Mon, Mar 28, 2011 at 12:59 PM, Alexander Best <arundel@freebsd.org> wrote:
> >> > > On Mon Mar 28 11, Maksim Yevmenkin wrote:
> >> > >> On Mon, Mar 28, 2011 at 7:04 AM, Iain Hibbert <plunky@rya-online.net> wrote:
> >> > >> > On Mon, 28 Mar 2011, Alexander Best wrote:
> >> > >> >
> >> > >> >> On Mon Mar 28 11, Iain Hibbert wrote:
> >> > >> >> > On Mon, 28 Mar 2011, Alexander Best wrote:
> >> > >> >> >
> >> > >> >> > > thus i believe making the -f switch only accessable to super-users (in
> >> > >> >> > > accordance with ping(8)/ping6(8)) would increase security.
> >> > >> >> >
> >> > >> >> > what stops the user from recompiling l2ping without this restriction?
> >> > >> >>
> >> > >> >> nothing. but what stops him from recompiling ping(8) or ping6(8) without the
> >> > >> >> restriction? still it's there.
> >> > >> >
> >> > >> > AFAIK you need superuser privileges to even send ICMP_ECHO packets, thats
> >> > >> > why ping is traditionally a suid program and making a new binary won't
> >> > >> > help normal users..  I'm guessing that l2ping doesn't have the same
> >> > >> > restrictions?
> >> > >>
> >> > >> Guys,
> >> > >>
> >> > >> first of all thanks for the patch.
> >> > >>
> >> > >> i think one really needs to understand what "flood" really means in
> >> > >> l2ping(8). "flood" ping(8) basically floods the link with icmp echo
> >> > >> requests without waiting for remote system to reply. yes, this is
> >> > >> potentially dangerous and thus its reasonable to require super-user
> >> > >> privileges. "flood" l2ping(8) is NOT the same. all l2ping(8) does is
> >> > >> "flood" mode
> >> > >>
> >> > >> 1) sends l2cap echo request
> >> > >> 2) waits for l2cap echo response (or timeout)
> >> > >> 3) repeats
> >> > >>
> >> > >> in other words, there is no delay between each l2cap echo
> >> > >> request-response transaction. its not really "flood". i'm not sure if
> >> > >> it really worth to go all the way to restricting this. however, if
> >> > >> people think that it should be restricted, i will not object.
> >> > >
> >> > > how about removing the term "flood" from the l2ping(2) man page, if the -f
> >> > > semantics can't actually be called that way?
> >> >
> >> > that would be fine. l2ping(8) -h calls it
> >> >
> >> > -f         No delay (sort of flood)
> >> >
> >> > and l2ping(8) man page calls it
> >> >
> >> > -f      ``Flood'' ping, i.e., no delay between packets.
> >> >
> >> > it would be nice to make those consistent :) i'm not sure what the
> >> > best name would be though.
> >>
> >> another possibility would be to allow l2ping -i 0 and say that the -f flag is
> >> an alias for that.
> 
> the existing code provides exactly this behavior. perhaps just a man
> page and usage() change?

hmmm...no actually. l2ping -i 0 is not a valid parameter, since -i has to be
greater than 0. so it's not possible to simply say "-f is an alias for -i 0",
because that implies that -i 0 should work (which it doesn't).

> 
> > the following patch will implement this behavior.
> 
> if we are going to go this route then why not just get rid of the
> "flood" variable all together? just set wait to 0 (zero) if -f was
> specified. also, we should probably use strtol(3) instead of atoi(3).

i've thought of that. however that would mean l2ping -f -i 3 would set the
delay to 3 seconds and usually an -f switch implies "force". so i think the
current behavior of -f having a higher priority than any -i X option should be
kept.

> 
> thanks,
> max

-- 
a13x