HardenedBSD/sbin/ping/ping.8
Mark Johnston eaab882600 Revert "Reapply "sbin/ping: allow normal users to specify larger packets""
The value of MAXPAYLOAD in the re-applied commit is not right.  Back
this out until it's had a proper review.

This reverts commit b88df1e893.

Requested by:	maxim, glebius
2024-10-20 15:52:28 +00:00

829 lines
22 KiB
Groff

.\" Copyright (c) 1985, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd September 15, 2023
.Dt PING 8
.Os
.Sh NAME
.Nm ping
.Nd send
ICMP
or
ICMPv6 ECHO_REQUEST
packets to network hosts
.Sh SYNOPSIS
.Nm
.Op Fl 4AaDdfHnoQqRrv
.Op Fl .\& Ns Ar chars
.Op Fl C Ar pcp
.Op Fl c Ar count
.Op Fl G Ar sweepmaxsize
.Op Fl g Ar sweepminsize
.Op Fl h Ar sweepincrsize
.Op Fl i Ar wait
.Op Fl l Ar preload
.Op Fl M Cm mask | time
.Op Fl m Ar ttl
.Op Fl P Ar policy
.Op Fl p Ar pattern
.Op Fl S Ar src_addr
.Op Fl s Ar packetsize
.Op Fl t Ar timeout
.Op Fl W Ar waittime
.Op Fl z Ar tos
.Ar IPv4-host
.Nm
.Op Fl 4AaDdfHLnoQqRrv
.Op Fl .\& Ns Ar chars
.Op Fl C Ar pcp
.Op Fl c Ar count
.Op Fl I Ar iface
.Op Fl i Ar wait
.Op Fl l Ar preload
.Op Fl M Cm mask | time
.Op Fl m Ar ttl
.Op Fl P Ar policy
.Op Fl p Ar pattern
.Op Fl S Ar src_addr
.Op Fl s Ar packetsize
.Op Fl T Ar ttl
.Op Fl t Ar timeout
.Op Fl W Ar waittime
.Op Fl z Ar tos
.Ar IPv4-mcast-group
.Nm
.Op Fl 6AaDdEfHNnOoquvYyZ
.Op Fl .\& Ns Ar chars
.Op Fl b Ar bufsiz
.Op Fl C Ar pcp
.Op Fl c Ar count
.Op Fl e Ar gateway
.Op Fl I Ar interface
.Op Fl i Ar wait
.Op Fl k Ar addrtype
.Op Fl l Ar preload
.Op Fl m Ar hoplimit
.Op Fl P Ar policy
.Op Fl p Ar pattern
.Op Fl S Ar sourceaddr
.Op Fl s Ar packetsize
.Op Fl t Ar timeout
.Op Fl W Ar waittime
.Op Ar IPv6-hops ...
.Ar IPv6-host
.Sh DESCRIPTION
The
.Nm
utility invoked with an IPv4 target
.Ar ( IPv4-host
or
.Ar IPv4-mcast-group )
uses the
ICMP
.No protocol Ap s mandatory
ECHO_REQUEST
datagram to elicit an
ICMP ECHO_RESPONSE
from a host or gateway.
ECHO_REQUEST
datagrams
.Pq Dq pings
have an IP and
ICMP
header, followed by a
.Dq struct timeval
and then an arbitrary number of
.Dq pad
bytes used to fill out the packet.
.Pp
When invoked with an IPv6 target
.Ar ( IPv6-host ) ,
it uses the
ICMPv6
protocol's mandatory
ICMP6_ECHO_REQUEST
datagram to elicit an
ICMP6_ECHO_REPLY.
ICMP6_ECHO_REQUEST
datagrams have an IPv6 header and
ICMPv6
header formatted as documented in RFC 2463.
.Pp
When invoked with a hostname, the version to which the target is resolved first
is used.
In that case, the options and arguments used must be valid for the specific IP
version, otherwise
.Nm
exits with an error.
If the target is resolved to both IPv4 and IPv6, the specific IP version can be
requested by
.Fl 4
or
.Fl 6
options, respectively.
For backwards-compatibility, ICMPv6 can also be selected by invoking the binary
as
.Nm ping6 .
.Ss Options common to both IPv4 and IPv6 targets
.Bl -tag -width indent
.It Fl .\& Ns Ar chars
By default, for every
ECHO_REQUEST
sent, a period
.Dq .\&
is printed, while for every
ECHO_REPLY
received, a backspace is printed.
This option takes an optional string argument listing characters
that will be printed one by one in the provided order
instead of the default period.
.Pp
Example usage:
.Bd -literal -offset indent
ping -.0123456789 freebsd.org
.Ed
.It Fl A
Audible.
Output a bell
(ASCII
0x07)
character when no packet is received before the next packet
is transmitted.
To cater for round-trip times that are longer than the interval
between transmissions, further missing packets cause a bell only
if the maximum number of unreceived packets has increased.
.It Fl a
Audible.
Include a bell
(ASCII
0x07)
character in the output when any packet is received.
.It Fl C Ar pcp
Add an 802.1p Ethernet Priority Code Point when sending a packet.
0..7 uses that specific PCP, -1 uses the interface default PCP (or none).
.It Fl c Ar count
Stop after sending
(and receiving)
.Ar count
ECHO_RESPONSE
packets.
If this option is not specified,
.Nm
will operate until interrupted.
.Pp
For an IPv4 target, if this option is specified in conjunction with ping sweeps,
each sweep will consist of
.Ar count
packets.
.It Fl D
Disable fragmentation.
.It Fl d
Set the
.Dv SO_DEBUG
option on the socket being used.
.It Fl f
Flood ping.
Outputs packets as fast as they come back or one hundred times per second,
whichever is more.
Implies
.Fl .\&
to print a period for every
ECHO_REQUEST
sent and a backspace for every
ECHO_REPLY
received.
This provides a rapid display of how many packets are being dropped.
Only the super-user may use this option.
.Bf -emphasis
This can be very hard on a network and should be used with caution.
.Ef
.It Fl H
Hostname output.
Try to do a reverse DNS lookup when displaying addresses.
This is the opposite of the
.Fl n
option.
.It Fl I Ar iface
For an IPv4 target,
.Ar iface
is an IP address indentifying an interface from which the packets will be sent.
This flag applies only if the ping target is a multicast address.
.Pp
For an IPv6 target,
.Ar iface
is a name of an interface (e.g., `em0') from which the packets will be sent.
This flag applies if the ping target is a multicast address, or
link-local/site-local unicast address.
.It Fl i Ar wait
Wait
.Ar wait
seconds
.Em between sending each packet .
The default is to wait for one second between each packet.
The wait time may be fractional, but only the super-user may specify
values less than 1 second.
This option is incompatible with the
.Fl f
option.
.It Fl l Ar preload
If
.Ar preload
is specified,
.Nm
sends that many packets as fast as possible before falling into its normal
mode of behavior.
Only the super-user may use this option.
.It Fl m Ar ttl
For an IPv4 target, set the IP Time To Live for outgoing packets.
If not specified, the kernel uses the value of the
.Va net.inet.ip.ttl
MIB variable.
.Pp
For an IPv6 target, set the IPv6 hoplimit.
.It Fl n
Numeric output only.
No attempt will be made to lookup symbolic names for host addresses.
This is the opposite of
.Fl H ,
and it is the default behavior.
.It Fl o
Exit successfully after receiving one reply packet.
.It Fl P Ar policy
.Ar policy
specifies IPsec policy for the ping session.
For details please refer to
.Xr ipsec 4
and
.Xr ipsec_set_policy 3 .
.It Fl p Ar pattern
You may specify up to 16
.Dq pad
bytes to fill out the packet you send.
This is useful for diagnosing data-dependent problems in a network.
For example,
.Dq Li \-p ff
will cause the sent packet to be filled with all
ones.
.It Fl q
Quiet output.
Nothing is displayed except the summary lines at startup time and
when finished.
.It Fl S Ar src_addr
Use the following IP address as the source address in outgoing packets.
On hosts with more than one IP address, this option can be used to
force the source address to be something other than the IP address
of the interface the probe packet is sent on.
.Pp
For IPv4, if the IP address is not one of this machine's interface
addresses, an error is returned and nothing is sent.
.Pp
For IPv6, the source address must be one of the unicast addresses of
the sending node, and must be numeric.
.It Fl s Ar packetsize
Specify the number of data bytes to be sent.
The default is 56, which translates into 64
ICMP
data bytes when combined
with the 8 bytes of
ICMP
header data.
.Pp
For IPv4, only the super-user may specify values more than default.
This option cannot be used with ping sweeps.
.Pp
For IPv6, you may need to specify
.Fl b
as well to extend socket buffer size.
.It Fl t Ar timeout
Specify a timeout, in seconds, before ping exits regardless of how
many packets have been received.
.It Fl v
Verbose output.
ICMP
packets other than
ECHO_RESPONSE
that are received are listed.
.It Fl W Ar waittime
Time in milliseconds to wait for a reply for each packet sent.
If a reply arrives later, the packet is not printed as replied, but
considered as replied when calculating statistics.
.El
.Ss Options only for IPv4 targets
.Bl -tag -width indent
.It Fl 4
Use IPv4 regardless of how the target is resolved.
.It Fl G Ar sweepmaxsize
Specify the maximum size of
ICMP
payload when sending sweeping pings.
This option is required for ping sweeps.
.It Fl g Ar sweepminsize
Specify the size of
ICMP
payload to start with when sending sweeping pings.
The default value is 0.
.It Fl h Ar sweepincrsize
Specify the number of bytes to increment the size of
ICMP
payload after
each sweep when sending sweeping pings.
The default value is 1.
.It Fl L
Suppress loopback of multicast packets.
This flag only applies if the ping destination is a multicast address.
.It Fl M Cm mask | time
Use
.Dv ICMP_MASKREQ
or
.Dv ICMP_TSTAMP
instead of
.Dv ICMP_ECHO .
For
.Cm mask ,
print the netmask of the remote machine.
Set the
.Va net.inet.icmp.maskrepl
MIB variable to enable
.Dv ICMP_MASKREPLY
and
.Va net.inet.icmp.maskfake
if you want to override the netmask in the response.
For
.Cm time ,
print the origination, reception and transmission timestamps.
Set the
.Va net.inet.icmp.tstamprepl
MIB variable to enable or disable
.Dv ICMP_TSTAMPREPLY .
.It Fl Q
Somewhat quiet output.
.No Don Ap t
display ICMP error messages that are in response to our query messages.
Originally, the
.Fl v
flag was required to display such errors, but
.Fl v
displays all ICMP error messages.
On a busy machine, this output can be overbearing.
Without the
.Fl Q
flag,
.Nm
prints out any ICMP error messages caused by its own ECHO_REQUEST
messages.
.It Fl R
Record route.
Includes the
RECORD_ROUTE
option in the
ECHO_REQUEST
packet and displays
the route buffer on returned packets.
Note that the IP header is only large enough for nine such routes;
the
.Xr traceroute 8
command is usually better at determining the route packets take to a
particular destination.
If more routes come back than should, such as due to an illegal spoofed
packet, ping will print the route list and then truncate it at the correct
spot.
Many hosts ignore or discard the
RECORD_ROUTE
option.
.It Fl r
Bypass the normal routing tables and send directly to a host on an attached
network.
If the host is not on a directly-attached network, an error is returned.
This option can be used to ping a local host through an interface
that has no route through it
(e.g., after the interface was dropped by
.Xr routed 8 ) .
.It Fl T Ar ttl
Set the IP Time To Live for multicasted packets.
This flag only applies if the ping destination is a multicast address.
.It Fl z Ar tos
Use the specified type of service.
.It Ar IPv4-host
hostname or IPv4 address of the final destination node.
.It Ar IPv4-mcast-group
IPv4 multicast address of the final destination nodes.
.El
.Ss Options only for IPv6 targets
.Bl -tag -width indent
.It Fl 6
Use IPv6 regardless of how the target is resolved.
.It Fl b Ar bufsiz
Set socket buffer size.
.It Fl e Ar gateway
Specifies to use
.Ar gateway
as the next hop to the destination.
The gateway must be a neighbor of the sending node.
.It Fl k Ar addrtype
Generate ICMPv6 Node Information Node Addresses query, rather than echo-request.
.Ar addrtype
must be a string constructed of the following characters.
.Bl -tag -width Ds -compact
.It Ic a
requests unicast addresses from all of the responder's interfaces.
If the character is omitted,
only those addresses which belong to the interface which has the
responder's address are requests.
.It Ic c
requests responder's IPv4-compatible and IPv4-mapped addresses.
.It Ic g
requests responder's global-scope addresses.
.It Ic s
requests responder's site-local addresses.
.It Ic l
requests responder's link-local addresses.
.It Ic A
requests responder's anycast addresses.
Without this character, the responder will return unicast addresses only.
With this character, the responder will return anycast addresses only.
Note that the specification does not specify how to get responder's
anycast addresses.
This is an experimental option.
.El
.It Fl N
Probe node information multicast group address
.Pq Li ff02::2:ffxx:xxxx .
.Ar host
must be string hostname of the target
(must not be a numeric IPv6 address).
Node information multicast group will be computed based on given
.Ar host ,
and will be used as the final destination.
Since node information multicast group is a link-local multicast group,
outgoing interface needs to be specified by
.Fl I
option.
.Pp
When specified twice, the address
.Pq Li ff02::2:xxxx:xxxx
is used instead.
The former is in RFC 4620, the latter is in an old Internet Draft
draft-ietf-ipngwg-icmp-name-lookup.
Note that KAME-derived implementations including
.Fx
use the latter.
.It Fl O
Generate ICMPv6 Node Information supported query types query,
rather than echo-request.
.Fl s
has no effect if
.Fl O
is specified.
.It Fl u
By default,
.Nm
asks the kernel to fragment packets to fit into the minimum IPv6 MTU.
The
.Fl u
option
will suppress the behavior in the following two levels:
when the option is specified once, the behavior will be disabled for
unicast packets.
When the option is more than once, it will be disabled for both
unicast and multicast packets.
.It Fl Y
Same as
.Fl y ,
but with old packet format based on 03 draft.
This option is present for backward compatibility.
.Fl s
has no effect if
.Fl y
is specified.
.It Fl y
Generate ICMPv6 Node Information DNS Name query, rather than echo-request.
.Fl s
has no effect if
.Fl y
is specified.
.It Ar IPv6-hops
IPv6 addresses for intermediate nodes,
which will be put into type 0 routing header.
.It Ar IPv6-host
IPv6 address of the final destination node.
.El
.Ss Experimental options only for IPv6 target
.Bl -tag -width indent
.It Fl E
Enables transport-mode IPsec encapsulated security payload.
.It Fl Z
Enables transport-mode IPsec authentication header.
.El
.Pp
When using
.Nm
for fault isolation, it should first be run on the local host, to verify
that the local network interface is up and running.
Then, hosts and gateways further and further away should be
.Dq pinged .
Round-trip times and packet loss statistics are computed.
If duplicate packets are received, they are not included in the packet
loss calculation, although the round trip time of these packets is used
in calculating the round-trip time statistics.
When the specified number of packets have been sent
(and received)
or if the program is terminated with a
.Dv SIGINT ,
a brief summary is displayed, showing the number of packets sent and
received, and the minimum, mean, maximum, and standard deviation of
the round-trip times.
.Pp
If
.Nm
receives a
.Dv SIGINFO
(see the
.Cm status
argument for
.Xr stty 1 )
signal, the current number of packets sent and received, and the
minimum, mean, maximum, and standard deviation of the round-trip times
will be written to the standard output.
.Pp
This program is intended for use in network testing, measurement and
management.
Because of the load it can impose on the network, it is unwise to use
.Nm
during normal operations or from automated scripts.
.Sh ICMP PACKET DETAILS
An IP header without options is 20 bytes.
An
ICMP
ECHO_REQUEST
packet contains an additional 8 bytes worth of
ICMP
header followed by an arbitrary amount of data.
When a
.Ar packetsize
is given, this indicated the size of this extra piece of data
(the default is 56).
Thus the amount of data received inside of an IP packet of type
ICMP
ECHO_REPLY
will always be 8 bytes more than the requested data space
(the
ICMP
header).
.Pp
If the data space is at least eight bytes large,
.Nm
uses the first eight bytes of this space to include a timestamp which
it uses in the computation of round trip times.
If less than eight bytes of pad are specified, no round trip times are
given.
.Sh DUPLICATE AND DAMAGED PACKETS
The
.Nm
utility will report duplicate and damaged packets.
Duplicate packets should never occur when pinging a unicast address,
and seem to be caused by
inappropriate link-level retransmissions.
Duplicates may occur in many situations and are rarely
(if ever)
a good sign, although the presence of low levels of duplicates may not
always be cause for alarm.
Duplicates are expected when pinging a broadcast or multicast address,
since they are not really duplicates but replies from different hosts
to the same request.
.Pp
Damaged packets are obviously serious cause for alarm and often
indicate broken hardware somewhere in the
.Nm
packet's path (in the network or in the hosts).
.Sh TRYING DIFFERENT DATA PATTERNS
The
(inter)network
layer should never treat packets differently depending on the data
contained in the data portion.
Unfortunately, data-dependent problems have been known to sneak into
networks and remain undetected for long periods of time.
In many cases the particular pattern that will have problems is something
that does not have sufficient
.Dq transitions ,
such as all ones or all zeros, or a pattern right at the edge, such as
almost all zeros.
It is not
necessarily enough to specify a data pattern of all zeros (for example)
on the command line because the pattern that is of interest is
at the data link level, and the relationship between what you type and
what the controllers transmit can be complicated.
.Pp
This means that if you have a data-dependent problem you will probably
have to do a lot of testing to find it.
If you are lucky, you may manage to find a file that either
cannot
be sent across your network or that takes much longer to transfer than
other similar length files.
You can then examine this file for repeated patterns that you can test
using the
.Fl p
option of
.Nm .
.Sh IPv4 TTL DETAILS
The
TTL
value of an IP packet represents the maximum number of IP routers
that the packet can go through before being thrown away.
In current practice you can expect each router in the Internet to decrement
the
TTL
field by exactly one.
.Pp
The
TCP/IP
specification recommends setting the
TTL
field for
IP
packets to 64.
.Pp
The maximum possible value of this field is 255, and some
.Ux
systems set
the
TTL
field of
ICMP ECHO_REQUEST
packets to 255.
This is why you will find you can
.Dq ping
some hosts, but not reach them with
.Xr telnet 1
or
.Xr ftp 1 .
.Pp
In normal operation
.Nm
prints the ttl value from the packet it receives.
When a remote system receives a ping packet, it can do one of three things
with the
TTL
field in its response:
.Bl -bullet
.It
Not change it; this is what
.Bx
systems did before the
.Bx 4.3 tahoe
release.
In this case the
TTL
value in the received packet will be 255 minus the
number of routers in the round-trip path.
.It
Set it to 64; this is what current
.Fx
systems do.
In this case the
TTL
value in the received packet will be 64 minus the
number of routers in the path
.Em from
the remote system
.Em to
the
.Nm Ns Em ing
host.
.It
Set it to some other value.
Some machines use the same value for
ICMP
packets that they use for
TCP
packets, for example either 30 or 60.
Others may use completely wild values.
.El
.Sh EXIT STATUS
The
.Nm
utility exits with one of the following values:
.Bl -tag -width indent
.It 0
At least one response was heard from the specified
.Ar host .
.It 2
The transmission was successful but no responses were received.
.It any other value
An error occurred.
.El
.Sh EXAMPLES
The following will send ICMPv6 echo request to
.Li dst.example.com .
.Bd -literal -offset indent
ping -6 -n dst.example.com
.Ed
.Pp
The following will probe hostnames for all nodes on the network link attached to
.Li wi0
interface.
The address
.Li ff02::1
is named the link-local all-node multicast address, and the packet would
reach every node on the network link.
.Bd -literal -offset indent
ping -6 -y ff02::1%wi0
.Ed
.Pp
The following will probe addresses assigned to the destination node,
.Li dst.example.com .
.Bd -literal -offset indent
ping -6 -k agl dst.example.com
.Ed
.Sh SEE ALSO
.Xr netstat 1 ,
.Xr icmp 4 ,
.Xr icmp6 4 ,
.Xr inet6 4 ,
.Xr ip6 4 ,
.Xr ifconfig 8 ,
.Xr routed 8 ,
.Xr traceroute 8 ,
.Xr traceroute6 8
.Rs
.%A A. Conta
.%A S. Deering
.%T "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification"
.%N RFC 2463
.%D December 1998
.Re
.Rs
.%A Matt Crawford
.%T "IPv6 Node Information Queries"
.%N draft-ietf-ipngwg-icmp-name-lookups-09.txt
.%D May 2002
.%O work in progress material
.Re
.Sh HISTORY
The
.Nm
utility appeared in
.Bx 4.3 .
The
.Nm ping6
utility with IPv6 support first appeared in the WIDE Hydrangea IPv6
protocol stack kit.
.Pp
IPv6 and IPsec support based on the KAME Project
.Pq Pa https://www.kame.net/
stack was initially integrated into
.Fx 4.0 .
.Pp
The
.Nm ping6
utility was merged to
.Nm
in Google Summer of Code 2019.
.Sh AUTHORS
The original
.Nm
utility was written by
.An Mike Muuss
while at the US Army Ballistics
Research Laboratory.
.Sh BUGS
Many Hosts and Gateways ignore the IPv4
RECORD_ROUTE
option.
.Pp
The maximum IP header length is too small for options like
RECORD_ROUTE
to be completely useful.
.No There Ap s
not much that can be done about this, however.
.Pp
Flood pinging is not recommended in general, and flood pinging the
broadcast address should only be done under very controlled conditions.
.Pp
The
.Fl v
option is not worth much on busy hosts.