1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-29 12:03:03 +00:00
Commit Graph

155 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
49133c6d52 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Xin LI
6959b14df6 Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
Ed Schouten
fafb8f11c0 Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
Daniel Gerzo
7f220ecf72 - improve readability
Reviewed by:	trhodes, keramida
MFC after:	3 days
2009-01-11 22:36:45 +00:00
Daniel Gerzo
0c868e9061 - rename the RETURN VALUES section to EXIT STATUS
- not bumping a date as this is not a real content change

Approved by:	ru
MFC after:	3 days
2009-01-07 00:51:41 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Olivier Houchard
e81f504954 Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
Ruslan Ermilov
2b46c64c9c Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
Dima Dorfman
aa822c3979 Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
Gleb Smirnoff
d6cd14974c Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00
Ruslan Ermilov
ee3e1c4c08 Sync usage() with SYNOPSIS. 2005-12-01 22:03:34 +00:00
Ruslan Ermilov
4e9e907d63 -mdoc sweep. 2005-11-18 10:36:29 +00:00
Gleb Smirnoff
9ff95228e8 Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.

PR:		bin/82625
Submitted by:	Chris Hellberg <chellberg juniper.net> (with some cleanups)
2005-08-15 14:15:37 +00:00
Maxim Konovalov
13e3f0b717 o Store timestamp in network byte order.
o Remove an assumption sizeof(struct timeval) == 8 (this is not
  true on sparc64).

Reviewed by:	imp, -hackers
Obtained from:	NetBSD (rev. 1.75)
MT5 after:	1 month
2004-09-30 07:35:56 +00:00
Stefan Farfeleder
4eae39bfdf Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Ian Dowse
a8616db8fd Don't turn off the regular SIGINFO status information. The use of
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
  o The kernel info might be what you want to see
  o ^T is left non-functional if ping is killed non-cleanly
  o "ping -q foo &" gets suspended on tty output

Encouraged by:	bde
2004-04-07 18:48:11 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Ian Dowse
c8bb99e577 Certain ICMP error replies cause ping to perform a reverse DNS
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.

PR:		bin/4696
MFC after:	1 week
2004-02-08 21:59:17 +00:00
Ruslan Ermilov
fe08efe680 mdoc(7): Use the new feature of the .In macro. 2003-09-08 19:57:22 +00:00
Maxim Konovalov
007fe4e38a o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
Maxim Konovalov
0fe0c0cc20 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
Maxim Konovalov
e88178dd90 o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
Ruslan Ermilov
a70dc55680 The current recommended default time to live (TTL) for the Internet
Protocol (IP) is 64 [RFC791, RFC1122].

Prodded by:	Igor Kucherenko <kivvy@sunbay.com>
Obtained from:	http://www.iana.org/assignments/ip-parameters
2003-06-25 13:02:18 +00:00
Maxim Konovalov
aed98a27fd Fix SIGINFO handling: do not print incorrect timing statistics
when the data for it is not available.

Founded by:	ping -s0 localhost; press ^T
2003-06-02 10:01:59 +00:00
David E. O'Brien
c69284ca08 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
Maxim Konovalov
29dccd6ae1 o Skip timestamp part when checking payload.
PR:		bin/50909
Submitted by:	Barney Wolff <barney@lab.databus.com>
2003-04-14 08:34:14 +00:00
Matthew N. Dodd
47e9b3ea64 Deal with a case where the returned packed was smaller than the
transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-04-07 12:05:50 +00:00
Matthew N. Dodd
2c56e246fa Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
2003-04-02 20:14:44 +00:00
Maxim Konovalov
33e1dc7738 IP_EVIL -> IP_EF 2003-04-02 14:52:21 +00:00
Matthew N. Dodd
09139a4537 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
Matthew N. Dodd
c67c1ce843 Default data length should be 56, not 64. 2003-03-28 00:31:51 +00:00
Matthew N. Dodd
d829c3dfee - Make -M mask and -M time exclusive.
- Correct some problems with packet construction.

  +--------+------------+----------+-------------+---------+
  |        |            |          |             |         |
  | IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
  |        |            |          |             |         |
  +--------+------------+----------+-------------+---------+
  |        |                       |                       |
  |<- IP ->|<------- ICMP -------->|<------ datalen ------>|

My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.

I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-03-24 23:48:36 +00:00
Bruce Evans
1104dd84fa Fixed an errx format error in rev.1.81. This should have been fatal
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.

Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
2003-03-24 11:26:08 +00:00
Ruslan Ermilov
120b4a9366 Demangle the usage message at the source level.
Submitted by:	bde
2003-03-14 07:59:38 +00:00
Ruslan Ermilov
1bd10ba2d9 Fix and sync SYNOPSIS and usage().
Prodded by:	bde
2003-03-11 20:12:39 +00:00
Sean Chittenden
31eac03b4b Update ping to be WARNS=2 compliant.
Reviewed by:	-audit (no objections ~1mo)
Approved by:	nectar
2003-03-05 22:42:03 +00:00
Matthew N. Dodd
1fb474d8b2 Spelling, grammar fixes. 2003-03-05 21:42:23 +00:00
Matthew N. Dodd
9b085129ae Remove documentation of old '-M' flag.
Re-order.
2003-03-05 20:35:45 +00:00
Matthew N. Dodd
eb1543c6ee Support ICMP_TSTAMP/ICMP_TSTAMPREPLY.
This alters the meaning of the '-M' flag.
2003-03-02 21:24:08 +00:00
Ruslan Ermilov
1f6a46318d Sort options. 2003-02-23 01:50:07 +00:00
Matthew N. Dodd
d074d39fef Call fill() after maxpayload has been initialized.
Reviewed by:	 maxim
2003-01-29 20:42:42 +00:00
Matthew N. Dodd
143008a1fe Send ICMP_MASKREQ packets when the '-M' option is specified. 2003-01-28 22:53:24 +00:00
Maxim Konovalov
fb7d32c7ee Better error handling for -s.
Submitted by:	bde

Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.

Reviewed by:	silence on -net
Proposed by:	bde

I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:

MFC after:      6 months
2003-01-23 13:04:42 +00:00
Maxim Konovalov
261e59bb9e style(9) sweep.
Submitted by:	bde
2003-01-23 12:56:10 +00:00
Maxim Konovalov
9bc1a9ec6c Anti-magic: s/255/MAXTTL/ 2003-01-23 12:54:11 +00:00
Maxim Konovalov
0b2f8b3f68 Implement -D (do not fragment) and -z (TOS) options.
PR:		bin/29164
Reviewed by:	silence of -net
Obtained from:	OpenBSD
2003-01-23 12:48:12 +00:00
Maxim Konovalov
cb75aca7cd Print strict source routing option.
Reviewed by:	silence on -net
Proposed by:	David Wang <dsw@juniper.net>
2003-01-23 12:42:56 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00