)]}'
{
  "log": [
    {
      "commit": "f56e03e8dc149bf0ac2888d6843584f48c8700fc",
      "tree": "071864cd821423ff1caf06d824823b533cbcab77",
      "parents": [
        "6dcae1eaee2b437536b2fe928a609f9589691ebf"
      ],
      "author": {
        "name": "Vasiliy Kulikov",
        "email": "segoon@openwall.com",
        "time": "Tue May 17 00:16:56 2011 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue May 17 14:16:58 2011 -0400"
      },
      "message": "net: ping: fix build failure\n\nIf CONFIG_PROC_SYSCTL\u003dn the building process fails:\n\n    ping.c:(.text+0x52af3): undefined reference to `inet_get_ping_group_range_net\u0027\n\nMoved inet_get_ping_group_range_net() to ping.c.\n\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c319b4d76b9e583a5d88d6bf190e079c4e43213d",
      "tree": "22fcc6f1c671908d640145c1f82e5290cd40f715",
      "parents": [
        "f20190302e3e697a166cc28ebef43058749dedda"
      ],
      "author": {
        "name": "Vasiliy Kulikov",
        "email": "segoon@openwall.com",
        "time": "Fri May 13 10:01:00 2011 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri May 13 16:08:13 2011 -0400"
      },
      "message": "net: ipv4: add IPPROTO_ICMP socket kind\n\nThis patch adds IPPROTO_ICMP socket kind.  It makes it possible to send\nICMP_ECHO messages and receive the corresponding ICMP_ECHOREPLY messages\nwithout any special privileges.  In other words, the patch makes it\npossible to implement setuid-less and CAP_NET_RAW-less /bin/ping.  In\norder not to increase the kernel\u0027s attack surface, the new functionality\nis disabled by default, but is enabled at bootup by supporting Linux\ndistributions, optionally with restriction to a group or a group range\n(see below).\n\nSimilar functionality is implemented in Mac OS X:\nhttp://www.manpagez.com/man/4/icmp/\n\nA new ping socket is created with\n\n    socket(PF_INET, SOCK_DGRAM, PROT_ICMP)\n\nMessage identifiers (octets 4-5 of ICMP header) are interpreted as local\nports. Addresses are stored in struct sockaddr_in. No port numbers are\nreserved for privileged processes, port 0 is reserved for API (\"let the\nkernel pick a free number\"). There is no notion of remote ports, remote\nport numbers provided by the user (e.g. in connect()) are ignored.\n\nData sent and received include ICMP headers. This is deliberate to:\n1) Avoid the need to transport headers values like sequence numbers by\nother means.\n2) Make it easier to port existing programs using raw sockets.\n\nICMP headers given to send() are checked and sanitized. The type must be\nICMP_ECHO and the code must be zero (future extensions might relax this,\nsee below). The id is set to the number (local port) of the socket, the\nchecksum is always recomputed.\n\nICMP reply packets received from the network are demultiplexed according\nto their id\u0027s, and are returned by recv() without any modifications.\nIP header information and ICMP errors of those packets may be obtained\nvia ancillary data (IP_RECVTTL, IP_RETOPTS, and IP_RECVERR). ICMP source\nquenches and redirects are reported as fake errors via the error queue\n(IP_RECVERR); the next hop address for redirects is saved to ee_info (in\nnetwork order).\n\nsocket(2) is restricted to the group range specified in\n\"/proc/sys/net/ipv4/ping_group_range\".  It is \"1 0\" by default, meaning\nthat nobody (not even root) may create ping sockets.  Setting it to \"100\n100\" would grant permissions to the single group (to either make\n/sbin/ping g+s and owned by this group or to grant permissions to the\n\"netadmins\" group), \"0 4294967295\" would enable it for the world, \"100\n4294967295\" would enable it for the users, but not daemons.\n\nThe existing code might be (in the unlikely case anyone needs it)\nextended rather easily to handle other similar pairs of ICMP messages\n(Timestamp/Reply, Information Request/Reply, Address Mask Request/Reply\netc.).\n\nUserspace ping util \u0026 patch for it:\nhttp://openwall.info/wiki/people/segoon/ping\n\nFor Openwall GNU/*/Linux it was the last step on the road to the\nsetuid-less distro.  A revision of this patch (for RHEL5/OpenVZ kernels)\nis in use in Owl-current, such as in the 2011/03/12 LiveCD ISOs:\nhttp://mirrors.kernel.org/openwall/Owl/current/iso/\n\nInitially this functionality was written by Pavel Kankovsky for\nLinux 2.4.32, but unfortunately it was never made public.\n\nAll ping options (-b, -p, -Q, -R, -s, -t, -T, -M, -I), are tested with\nthe patch.\n\nPATCH v3:\n    - switched to flowi4.\n    - minor changes to be consistent with raw sockets code.\n\nPATCH v2:\n    - changed ping_debug() to pr_debug().\n    - removed CONFIG_IP_PING.\n    - removed ping_seq_fops.owner field (unused for procfs).\n    - switched to proc_net_fops_create().\n    - switched to %pK in seq_printf().\n\nPATCH v1:\n    - fixed checksumming bug.\n    - CAP_NET_RAW may not create icmp sockets anymore.\n\nRFC v2:\n    - minor cleanups.\n    - introduced sysctl\u0027able group range to restrict socket(2).\n\nSigned-off-by: Vasiliy Kulikov \u003csegoon@openwall.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    }
  ]
}