Ping size limit - FreeBSD

Question

In the man page for FreeBSD ping:

 -s packetsize
         Specify the number of data bytes to be sent.  The default is 56,
         which translates into 64 ICMP data bytes when combined with the 8
         bytes of ICMP header data.  Only the super-user may specify val-
         ues more than default.  This option cannot be used with ping
         sweeps.

Does anyone know how I can let non-superusers send pings larger then 56? Can I increase the default size, or somehow allow -s to be used by non-root users? I am aware of the security implications, that this could allow users to start a ping flood, so if I can restrict this to allowing only a single (shell-less) user, all the better.

Chris S · Answer 1 · 2010-07-24T04:06:56.847

3

You can modify the source code and change the behavior. You can make the default size bigger, it's on line 98 of ping.c in /usr/src/sbin/ping/. Or you can disable this feature on line 446 by replacing the line with if (0) {. After you change it, run make install.

I have to wonder why you would need a normal user to send a large ICMP message.

edited Jul 24 '10 at 04:06

answered Jul 24 '10 at 03:57

Chris S

77,945
11
124
216

medina · Accepted Answer · 2010-07-24T11:24:29.683

2

Consider using sudo, EX:

coryj  ALL = NOPASSWD: /bin/ping

This should let user coryj run /bin/ping (caveat: using any args he likes, not just -s) without a password.

Note the security implications of this; see man pages for sudo(8) and sudoers(5).

edited Jul 24 '10 at 11:24

answered Jul 24 '10 at 04:42

medina

1,970
10
7

Accepted this, seems a little cleaner then modifying the source, though modifying the source affords a little more granular control. Both good solutions. Personally I've been convinced to rethink my original reasons for doing this and accomplish my goals a different way. – Cory J Jul 27 '10 at 19:27

Ping size limit - FreeBSD

2 Answers2