Index: src/fping.c
--- src/fping.c.orig
+++ src/fping.c
@@ -456,6 +456,9 @@ int main(int argc, char** argv)
     struct sigaction act;
 #endif
 
+    if (pledge("stdio inet rpath dns id", NULL) == -1)
+        perror("pledge");
+
     /* pre-parse -h/--help, so that we also can output help information
      * without trying to open the socket, which might fail */
     prog = argv[0];
@@ -492,6 +495,10 @@ int main(int argc, char** argv)
     }
 
     optparse_init(&optparse_state, argv);
+
+    if (pledge("stdio inet rpath dns id", NULL) == -1)
+        perror("pledge");
+
     ident4 = ident6 = htons(getpid() & 0xFFFF);
     verbose_flag = 1;
     backoff_flag = 1;
@@ -840,6 +847,11 @@ int main(int argc, char** argv)
 	exit(4);
     }
 
+    if (!filename) { /* drop rpath if not reading addrs from file */
+        if (pledge("stdio inet dns", NULL) == -1)
+            perror("pledge");
+    }
+
     /* validate various option settings */
 
 #ifndef IPV6
@@ -1104,6 +1116,10 @@ int main(int argc, char** argv)
         exit(num_noaddress ? 2 : 1);
     }
 
+    /* finished with file and dns/rdns lookups */
+    if (pledge("stdio inet", NULL) == -1)
+        perror("pledge");
+
     if (src_addr_set && socket4 >= 0) {
         socket_set_src_addr_ipv4(socket4, &src_addr, (socktype4 == SOCK_DGRAM) ? &ident4 : NULL);
     }
@@ -2087,7 +2103,7 @@ int decode_icmp_ipv4(
     if (!using_sock_dgram4) {
         struct ip* ip = (struct ip*)reply_buf;
 
-#if defined(__alpha__) && __STDC__ && !defined(__GLIBC__)
+#if defined(__alpha__) && __STDC__ && !defined(__GLIBC__) && !defined(__OpenBSD__)
         /* The alpha headers are decidedly broken.
          * Using an ANSI compiler, it provides ip_vhl instead of ip_hl and
          * ip_v.  So, to get ip_hl, we mask off the bottom four bits.