2) I disagree with all of your points. But I think there are enough complexities here "we" should avoid letting it delay other enhancements.

If you don't want non-privileged users to be able to run `ping`, then take it away from them. The reason ping is set-UID is so that non-privileged users can use it and the reason it is an executable and not a library that is that way is because all Unixes have set-UID binaries while many don't have set-UID libraries.

If a user has a trojan `ping` in their $PATH, then that is problem even without a Perl module involved. Just find "ping" in $ENV{PATH} and use it if they request that kind of ping.

A module is the perfect place to collect the heuristics needed to interpret the output of `ping` on different systems. There are already modules that do this for other commands such as `ps`. It makes sense to me to have a Net::Ping::External (since it will get a bit complex) and just have Net::Ping know how to use that module. Perl is very good at heuristics so I don't think this will be a huge problem.

3) As mentioned, this would just use the best method available and wouldn't have to time out multiple times. I'd also make it the default "protocol" so "just doing a ping" usually works without the script writer having to worry about "am I being run as root?", "what operating system is this", etc. Again, a module is a good place to collect these decisions.

4) Non-blocking connect doesn't work under Win32, BTW. The SO_RCVTIMEO sounds interesting. I have my doubts that it works for connect [just based on the name] which is all that we need it for, but it certainly sounds worth looking into. I find it interesting that even Perl's Socket modules use alarm to timeout connect (even when they use other methods for timing out other calls).

5) Well, I wouldn't choose fork for this. For UDP and ICMP you can create a single socket, send out a bunch of packets and see what comes back. For TCP, on systems where non-blocking connect works, you can create a bunch of sockets, start connects on each and use select to wait to see what happens. That is the kind of stuff that makes sense to encapsulate in a module.

Your point (2) I agree with... I propose the creation of a new module, Net::Ping::External, to handle the use of the system's ping command. Net::Ping will know how to use the module, through a new protocol called "external", and the "auto" protocol of Net::Ping will skip the "external" protocol if Net::Ping::External is not installed on the system or if Net::Ping::External can't find a suitable ping command. If we could get documentation on what various systems' ping commands return on success/failure, that would be the easiest way to parse the results... otherwise, we'll probably need to use regexes and the like to parse results on a system-by-system basis.

(3) Yes, you are correct in your interpretation of what I want to do with the "auto" protocol.

(4) I just found out the hard way that non-blocking connect doesn't work under Win systems. Why is that? Setting SO_RCVTIMEO and/or SO_SNDTIMEO doesn't work, under any OS, AFAIK because no data is actually being sent or received. If the Socket modules use alarm() to implement timeouts, do these timeouts work on non-alarm()-supporting systems (i.e. Windows)? Does anybody have any further ideas on how I can get a TCP ping to timeout on WinXX systems? My only thought at this time is to use Win32::CreateProcess or fork() to spawn a child, and kill it if it's not returned by the time the timeout has passed.

(5) select() does make perfect sense in this situation. I still think that this is functionality I would rather pull into another new module, Net::Ping::Parallel, instead of adding feature-bloat to the current module.

This has generated a lot of discussion; I'm wondering if I shouldn't create a Sourceforge account for this project such that there is a central place to store the various advantages/drawbacks to each of the proposed enhancements, and a CVS account so that people can view the current progress (and any interested perlers can contribute code.) Once the code has been mostly "fixed", I'll post it to the code section here for further review. I think the sourceforge page should probably be posted to comp.lang.perl.modules or comp.lang.perl.misc (I frequent neither newsgroup so I don't know offhand which would be most appropriate).

2) BTW, I'd just bundle Net::Ping::External in with Net::Ping so they are installed together (though making Net::Ping robust in the face of no Net::Ping::External is still a good idea).

4) As I mention in Net::Ping, the mini series, non-blocking connect not working is simply a bug in WinSock (both 1 and 2). You can use the non-standard Async* APIs to do non-blocking "connect" under Win32, but using Win32::CreateProcess is going to be a lot less work so that is the way I would go for Win32. Switching from alarm to non-blocking connect makes sense for Unixy systems. And no, the Perl Socket modules don't support connect timeouts under Win32 (they detect that alarm is not supported and silently disable the timeout for connect).

5) Yes, I like the idea of Net::Ping::Parallel but suspect that the code and API will be so similar between Net::Ping and Net::Ping::Parallel, that it makes sense to have them rather tightly interconnected. For example, it might work to teach Net::Ping to support an asynchronous API that Net::Ping::Parallel uses. In the end, whether these are independant modules, interconnected modules, two module that use a third, lower-level module, or even just two name spaces handled by a single module depends on the grimy details when you get to implementing them.

        - tye (but my friends call me "Tye")

In most cases the firewall will respond from its own IP address, however in the case of so-called "Layer 2 firewalls" or devices that are actually Ethernet bridges with proxy support for various protocols, the response may *appear* to have come from the host when in reality it came from another device on the network.

Having the module track whether the response was an active "connection refused" vs. just getting nothing back would be okay, but only the human being with the network map in front of them can determine if the response could have come from the host itself.

Nate

There are several techniques for using TCP to determine the status of a host.

Advanced methods (see nmap and hping) require inspection of TCP headers and handshaking. Net::Ping relies on connect() only. I believe a revamp (maybe with Net::RawIP) would definitely be a good thing.

The vast majority of firewall configurations I've run into won't return "connection refused" (actually I've never seen a firewall do that, but I'll take your word for it that some do). It is also possible to configure some filewalls so that they respond to pings (whether or not the device is up -- and I've actually seen this happen). So #1 makes as much sense as pinging does in my book.

        - tye (but my friends call me "Tye")

1. No response needed. ;)

2. Perhaps the user would specify, through a method, which command-line to run as the system ping utility. Future pings that needed the "system" mode would run the appropriate program. I do agree that just arbitrarily allowing any user to merely call `ping` without thinking about it first is up for trouble. The point regarding not attempting to circumvent ICMP restrictions is taken.

3.Perhaps I was unclear here. Only one attempt to ping the remote computer would be used. What I'm intending here is to first try doing a normal ICMP ping; if the system disallows ICMP, we fallback to TCP or the system's ping command. I agree that perhaps this functionality should not be built directly into Net::Ping, but a new Net::Ping::Extras module (insert a better name here if you like) that extends Net::Ping with more functionality (AKA code bloat).

4. alarm() is already used in the current Net::Ping code. I'd be attempting to remove the current usage of alarm() from the module. So I'm assuming you'd be okay with this change?

5. I agree this functionality constitutes code bloat, too, and I agree that it probably shouldn't be stuck in Net::Ping. It is something I would want to add to a new module (i.e. Net::Ping::Extras). The point of the $num_forks option is to only use as many forks as the user desires -- I don't see any need to fork off 20 processes, unless your script were trying to repeatedly ping a thousand hosts.

What do you think of this newly-modified proposal?

Lessgo:
1. Check.
2. I'm not sure building this functionality into this important module is worthwhile at all since the string returned from `ping` is completely arbitrary, system-dependent, and variable even during the lifetime of a system. That's bad news. Having to parse such a string from the module would be difficult if not impossible to anticipate. I don't really see a benefit of including this in a module since the user is free to call `ping` at anytime anyway and know the system specifics beforehand.

   Example:

   • Here's the ping output from a Solaris server:

     % ping www.agentm.com
     www.agentm.com  : #####
     
     www.agentm.com  :   5/5   succ. = 100.00%
     [download]

   • And the more familiar Linux-brand generic ping:

     PING worf4.agentm.com (208.185.131.199): 56 octets data
     64 octets from 208.185.131.199: icmp_seq=0 ttl=244 time=216.6 ms
     64 octets from 208.185.131.199: icmp_seq=1 ttl=244 time=216.1 ms
     64 octets from 208.185.131.199: icmp_seq=2 ttl=244 time=247.6 ms
     64 octets from 208.185.131.199: icmp_seq=3 ttl=244 time=235.3 ms
     
     --- worf4.agentm.com ping statistics ---
     4 packets transmitted, 4 packets received, 0% packet loss
     round-trip min/avg/max = 216.1/228.9/247.6 ms
     [download]

   The output is completely arbitrary and impossible to anticipate. (Note that agentm.com does not belong to me as it should! Copyright stealing bastards!)

3. alarm was a poor choice to start off with. The options I mention above are far better suited for the task. History: alarm is a very old function (much older than select) and was used for similar tasks as here. It is now best to avoid this function altogether. I can't even think of a use of it in a modern threaded system.
4. Again, if the user wants to do this, he can easily cough up a for loop to fork off ping requests, even using the module. I'd say, more than not, modules are looked towards for "good programming style", especially for beginning users. Including this would constitute teaching bad, yet functional, programming style. Honestly, again, I don't see the benefit to including this in an important module as this one. But, if you see the need to do this, perhaps name it Net::Ping::Parallel and warn about its use profusely. If you specify a number of forks less than the number of hosts to ping, you will be using some fairly heavy-duty IPC, putting reliance on yet another module and more system resources. I would definitely AT LEAST keep such code away from the standard Net::Ping. Feel free to msg me if you need additional clarification. Good luck!



AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.