===============================================================================
        linux pingd 0.5   (c) 1998, route|daemon9 <route@infonexus.com>
===============================================================================


New in version 0.5.1 (5.5.98)
------------------
- Bugfix: Oops.  With that last fix, I broke localhost ICMP_ECHO processing.
  All better now.

New in version 0.5 (4.23.98)
------------------
- Bugfix: With a smallish packetsize and the ICMP_HOST_UNREACH option set, the
  program would spin out of control in an infinite loop while each packet it
  sends generates an error packet (pingd and syslogd would eat up tremendous
  amounts of CPU time and memory).  Thanks to krill@plus618.com for the
  initial discovery.

New in version 0.4 (2.22.98)
------------------
- Added a compile option to skew the RTT times.  Use this to thoroughly confuse
  ping cliental

- Added a manpage

New in version 0.3 (2.16.98)
------------------
- Bugfix in the reflect routine (correctly swaps IP addresses now).

- Compile-time option to verify the ICMP header checksum.

- Wraping is now a compile-time option.

- Option to send ICMP_HOST_UNREACH's back to the sender if the packet in
  question is too large or too small.


You need:
---------
The libnet package:  http://www.infonexus.com/~daemon9/Projects/libnet.tar.gz
The libwrap package: ftp://ftp.win.tue.nl/pub/security/tcp_wrappers.tar.gz

Build and install both libs, following the included instructions.

The included kernel patch was written against 2.0.33 but should work against
most recent kernels.

Thanks to asriel for the idea and impetus.  His 44BSD version can be found at:
http://www.enteract.com/~tqbf/goodies.html#pingd


Installation:
-------------
1. make all             (Builds the program and diffs your kernel against
                         the included patch, rebuilding the kernel is now
                         neccessary.  You can optionally make `pingd` and
                         `make patch` individually.)
2. ./pingd -d1          (Test the daemon by pinging your machine.  You will
                         now want to edit you /etc/hosts.{allow,deny} ala TCP
                         wrappers.)
3. make install         (Installs the program in /usr/sbin/ and adds it to 
                         /etc/rc.d/rc.local.  Installs the manpage.)


Wrapper Configuration:
----------------------
Wrapping works the same as if you wrapping a TCP service.  Read the relevant
man pages for more info (hosts_access(5)).

Sample /etc/hosts.deny:

# Deny all ICMP_ECHO packets from these sites
ping : fuckface.moron.com, suckity.suck.com


Empirical Data:
---------------
This is slower then doing it in the kernel.  Especially on localhost.  How
about that.  Remotely, with -DWRAP, -DLOG, and -DVERIFY_CHECKSUM the RTT's are
about .9 - 1.1 ms longer with a concise /etc/hosts.{allow,deny}.  The price
you pay for a more secure implementation (with none of the options on, the
RTT's are about equivalent to normal kernel-based ICMP_ECHO reflector).  

All of the following hosts are on the same 10MB network, with approximately
the same speed NICs.


Normal test:
------------

    The daemon

shattered:~/Projects/Current/Pingd# ./pingd -u1 -d1
Max packetsize of 1004 bytes
64 byte ICMP_ECHO from 192.168.2.9
ICMP_ECHOREPLY sent
64 byte ICMP_ECHO from 192.168.2.9
ICMP_ECHOREPLY sent
64 byte ICMP_ECHO from 192.168.2.9
ICMP_ECHOREPLY sent
64 byte ICMP_ECHO from 192.168.2.9
ICMP_ECHOREPLY sent
64 byte ICMP_ECHO from 192.168.2.9
ICMP_ECHOREPLY sent


    The client (On OpenBSD 2.2):

torment:~> /sbin/ping -v 192.168.2.5
PING 192.168.2.5 (192.168.2.5): 56 data bytes
64 bytes from 192.168.2.5: icmp_seq=0 ttl=255 time=2.111 ms
64 bytes from 192.168.2.5: icmp_seq=1 ttl=255 time=1.584 ms
64 bytes from 192.168.2.5: icmp_seq=2 ttl=255 time=1.537 ms
64 bytes from 192.168.2.5: icmp_seq=3 ttl=255 time=1.537 ms
64 bytes from 192.168.2.5: icmp_seq=4 ttl=255 time=1.537 ms
--- 192.168.2.5 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 1.537/1.661/2.111 ms


    The log:

Feb 16 02:19:09 shattered pingd: started: 4804
Feb 16 02:19:12 shattered pingd: ICMP_ECHO allowed by wrapper 
  (64 bytes from 192.168.2.9)
Feb 16 02:19:16 shattered last message repeated 4 times



Stress Test:
------------

    The daemon:

shattered:~/Projects/Current/Pingd# ./pingd -u1


    The client (on Linux 2.0.33):

resentment:~# ping -f 192.168.2.5
PING 192.168.2.5 (192.168.2.5): 56 data bytes
....
--- 192.168.2.5 ping statistics ---
22313 packets transmitted, 22309 packets received, 0% packet loss
round-trip min/avg/max = 1.0/2.3/67.9 ms          


    The log:

Feb 16 02:09:20 shattered pingd: ICMP_ECHO allowed by wrapper 
  (64 bytes from 192.168.2.5)
Feb 16 02:09:38 shattered last message repeated 22312 times


Unreachable test:
-----------------

    The daemon:

shattered:~/Projects/Current/Pingd# ./pingd -u1 -d1 -s30
Max packetsize of 10 bytes
bad packet size (64 bytes from 192.168.2.10)
ICMP_DEST_UNREACH sent
bad packet size (64 bytes from 192.168.2.10)
ICMP_DEST_UNREACH sent
bad packet size (64 bytes from 192.168.2.10)
ICMP_DEST_UNREACH sent


    The client (on Solaris 2.6):

downtrodden:~> ping 192.168.2.5
ICMP Host Unreachable from gateway 192.168.2.5
 for icmp from downtrodden (192.168.2.10) to 192.168.2.5
ICMP Host Unreachable from gateway 192.168.2.5
 for icmp from downtrodden (192.168.2.10) to 192.168.2.5
ICMP Host Unreachable from gateway 192.168.2.5
 for icmp from downtrodden (192.168.2.10) to 192.168.2.5


    The log:

Feb 16 01:58:51 shattered pingd: started: 4778
Feb 16 01:58:52 shattered pingd: bad packet size (64 bytes from 192.168.2.10)
Feb 16 01:58:56 shattered last message repeated 2 times
                                                      

EOF
