Zing, basic Elixir ICMP ('ping') server using Zig NIF

This is a basic demonstration of how to write an ICMP (‘ping’) server using a NIF in about 100 lines of elixir and 100 lines of Zig.

This might be able to be deployed as a ‘real’ library. Would anyone be interested in using this? I am very happy to put more work into making this a quality release (modulo zig itself being still experimental) if people are interested, as there really isn’t a satisfactory ICMP solution in the BEAM (and the :socket library maintainers have suggested that ICMP is not going to happen)

Actually since OTP 22.3 you can use socket module to have ICMP socket. If you want to use raw socket however you will need to be superuser, but Darwin and Linux supports ICMP over dgram sockets.

To prove that it is possible:

defmodule GenICMP do
  @data <<0xdeadbeef::size(32)>>
  def ping(addr) do
    {:ok, s} = open()

    data = @data

    req_echo(s, addr, data: data)

    case recv_echo(s) do
      {:ok, %{data: ^data}} = resp -> resp
      {:ok, other} -> {:error, other}
      _ -> {:error, :invalid_resp}
    end
  end

  def open, do: :socket.open(:inet, :dgram, :icmp)

  def req_echo(socket, addr, opts \\ []) do
    data = Keyword.get(opts, :data, @data)
    id = Keyword.get(opts, :id, 0)
    seq = Keyword.get(opts, :seq, 0)

    sum = checksum(<<8, 0, 0::size(16), id, seq, data::binary>>)

    msg = <<8, 0, sum::binary, id, seq, data::binary>>

    :socket.sendto(socket, msg, %{family: :inet, port: 1, addr: addr})
  end

  def recv_echo(socket, timeout \\ 5000) do
    {:ok, data} = :socket.recv(socket, 0, [], timeout)

    <<_::size(160), pong::binary>> = data

    case pong do
      <<0, 0, _::size(16), id, seq, data::binary>> ->
        {:ok, %{
          id: id, seq: seq, data: data
        }}
      _ -> {:error, pong}
    end
  end

  defp checksum(bin), do: checksum(bin, 0)

  defp checksum(<<x::integer-size(16), rest::binary>>, sum), do: checksum(rest, sum + x)
  defp checksum(<<x>>, sum), do: checksum(<<>>, sum + x)
  defp checksum(<<>>, sum) do
    <<x::size(16), y::size(16)>> = <<sum::size(32)>>

    res = :erlang.bnot(x + y)

    <<res::big-size(16)>>
  end
end

API is simple:

GenICMP.ping({127, 0, 0, 1})

Tested on macOS, but should work on Linux as well. I am not sure about BSDs.

EDIT:

Just in case, this project seems as a good example of how to use Zigler to write Erlang NIFs, and it is great. However sending ICMP echo requests via socket is absolutely possible.

6 Likes

Lol, I tried this two months ago and support for the :icmp mode wasn’t there!! I think I was on 22.2, and I asked Peter dimitrov at codebeam and he said they weren’t going to do icmp :smiley:

1 Like

I was trying to implement gen_icmp earlier via socket and encountered that problem. So instead I created PR to the core that fixed checks for {type, proto} pairs and now it is possible to create such socket. I think that he meant that they will not implement ICMP helper function directly in OTP, but manual implementation via socket should be possible (on supporting OSes, as traditionally ICMP sockets needed to be created as raw sockets which can be created only by superuser).

Yeah. We must have been in the same place because I remember looking through the :socket nif code and scratching my head about some dead ends. However I’m not brave enough to figure out how to do full otp/erlang build to make PRs to core. Maybe I should work on that.

I think he must have misinterpreted my question. It was over the vtc after all.

Do you think your code above should be a library?

I can clean it up and make it into library later.

1 Like

Happy to help if you’d like some!

1 Like

I have implemented ICMP, but ICMPv6 is still not done, if you want then I would be glad for PR. It uses slightly different API from what You are using as I wanted something “more basic” so users could build larger functionalities on top of this.

3 Likes

From different tests I made on macOS and Linux, it looks like macOS needs us to compute the checksum for the echo request and then give us back the full IP packet of the echo reply, hence your _::size(160) to skip 20 bytes of IP header. On Linux we do not need to compute the checksum or set an id because the OS will dot it for us and we also only get the ICMP echo reply, not the full IP packet.

This is confirmed by the ping source code on MacOS. I guess the behaviour of the library regarding a socket created with socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP) is quite OS dependent.

You might want to try this: API Reference — icmp v0.1.0

I have tested my library on macOS and Linux and both works. If you look into inet_icmp.erl then you will see that there is special case for handling macOS return value.

Yes, it is. Not all OSes even allow such socket. That is why my library provides a way to use either datagram or raw sockets (datagram sockets are default).

1 Like

Yes. I was just mentioning the different behaviors without referring explicitly to your code which I read btw, even if I overlooked decode(<<4:4, IHL:4, Rest/binary>>) because I was mostly interested in gen_icmp_server.erl and its nice use of handle_continue.

Hi, could I persuade you to explain the code a little more here please?

I see the line referenced
decode(<<4:4, IHL:4, Rest/binary>>)
But I’m really not clear why that can’t match an unfortunate (or carefully constructed) ping response

Phrasing the question another way, is there a tight binary match for an IPv4 header that couldn’t match the ICMP body response (on Linux)?

I wonder why you don’t check the OS during init and then match on that? (Stash it in the state perhaps?)

Agreed that the continue handling is very neat!