On Tue, Mar 10, 2009 at 05:54:09PM -0400, James Carlson wrote: > Lily Li writes: > > So I have a question: fping cannot used by ordinary user if he/she is > > not granted needed privilege, what's the worth of integrating fping to > > solaris since we have ping already? > > I think you're asking a great question. > > We made fping a "special" utility on OpenSolaris because it has > options that allow pinging at a high data rate and over large numbers > of hosts. There are several possible issues here: > > - Maybe our earlier decision about fping was wrong,
Quite possibly. Users can just as easily connect() asynchronously as many times and so cause as many packets to be sent as fping would have, to as many hosts (fping can send packets that are much larger than TCP SYN packets, but a user interested in DoSing someone can make up for that by sending more packets). > and this utility > is _right_ to use it. But I don't think shmux should be using fping, even if the ARC made an incorrect decision re: fping being setuid-0 or in a profile granted to all users by default. > - Maybe this utility shouldn't be using fping like this and should > instead be running independent short timers for pinging each host. > (Using fping to ping them all means that you'll block as long as it > takes to discover that the last one is down.) Well, no, you could be parsing fping's output in real-time, but shmux can't finish until fping finishes -- not a problem. > - Maybe it just shouldn't do anything like ping at all, and should > use the connect() timers as we've suggested. > > My guess is the third one's correct: the use of ping here is just a > hack, and isn't right. Yes, you and I have said as much before and we're saying it again. Just async connect(3SOCKET) + poll(2)ing (or better, Solaris event ports, or libevent to be portable) with timeout. But the i-team here might not have the resources to fix shmux to do the right thing. If we agree that not allowing normal users to use fping was a mistake, then shmux could be integrated as is with a bug opened in the upstream community to have the -p option deprecated/replaced with a design that does async connect() + timeouts. That would be the pragmatic solution. > > - Checking with the source codes of shmux-1.0.2, the main purpose of > > '-p' is to check if the target is alive within a shorter timer, see the > > manpage info below. > > > > Before executing the specified /command/, *shmux* will option? > > ally ping each target to ensure that it can be reached, > > and/or run a dummy test /command/ to make sure that the tar? > > get not only is alive, but that it is possible to cleanly > > execute a command on it. Both these tests are typically > > run with a fairly short timeout to quickly dismiss > > unavailable targets rather than waiting for the standard > > (longer) network timeout. > > Right. And what if that design is wrong (for all systems that use > TCP/IP) and just plain conflicts with the security constraints for > fping (for OpenSolaris)? That design is wrong. It also conflicts with how fping was integrated, but that too was a mistakte (see above). Nico --
