1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Commit Graph

116 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
49133c6d52 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Xin LI
6959b14df6 Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
Ed Schouten
fafb8f11c0 Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Olivier Houchard
e81f504954 Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
Dima Dorfman
aa822c3979 Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
Gleb Smirnoff
d6cd14974c Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00
Ruslan Ermilov
ee3e1c4c08 Sync usage() with SYNOPSIS. 2005-12-01 22:03:34 +00:00
Gleb Smirnoff
9ff95228e8 Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.

PR:		bin/82625
Submitted by:	Chris Hellberg <chellberg juniper.net> (with some cleanups)
2005-08-15 14:15:37 +00:00
Maxim Konovalov
13e3f0b717 o Store timestamp in network byte order.
o Remove an assumption sizeof(struct timeval) == 8 (this is not
  true on sparc64).

Reviewed by:	imp, -hackers
Obtained from:	NetBSD (rev. 1.75)
MT5 after:	1 month
2004-09-30 07:35:56 +00:00
Stefan Farfeleder
4eae39bfdf Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Ian Dowse
a8616db8fd Don't turn off the regular SIGINFO status information. The use of
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
  o The kernel info might be what you want to see
  o ^T is left non-functional if ping is killed non-cleanly
  o "ping -q foo &" gets suspended on tty output

Encouraged by:	bde
2004-04-07 18:48:11 +00:00
Ian Dowse
c8bb99e577 Certain ICMP error replies cause ping to perform a reverse DNS
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.

PR:		bin/4696
MFC after:	1 week
2004-02-08 21:59:17 +00:00
Maxim Konovalov
007fe4e38a o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
Maxim Konovalov
0fe0c0cc20 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
Maxim Konovalov
e88178dd90 o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
Maxim Konovalov
aed98a27fd Fix SIGINFO handling: do not print incorrect timing statistics
when the data for it is not available.

Founded by:	ping -s0 localhost; press ^T
2003-06-02 10:01:59 +00:00
David E. O'Brien
c69284ca08 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
Maxim Konovalov
29dccd6ae1 o Skip timestamp part when checking payload.
PR:		bin/50909
Submitted by:	Barney Wolff <barney@lab.databus.com>
2003-04-14 08:34:14 +00:00
Matthew N. Dodd
47e9b3ea64 Deal with a case where the returned packed was smaller than the
transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-04-07 12:05:50 +00:00
Matthew N. Dodd
2c56e246fa Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
2003-04-02 20:14:44 +00:00
Maxim Konovalov
33e1dc7738 IP_EVIL -> IP_EF 2003-04-02 14:52:21 +00:00
Matthew N. Dodd
09139a4537 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
Matthew N. Dodd
c67c1ce843 Default data length should be 56, not 64. 2003-03-28 00:31:51 +00:00
Matthew N. Dodd
d829c3dfee - Make -M mask and -M time exclusive.
- Correct some problems with packet construction.

  +--------+------------+----------+-------------+---------+
  |        |            |          |             |         |
  | IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
  |        |            |          |             |         |
  +--------+------------+----------+-------------+---------+
  |        |                       |                       |
  |<- IP ->|<------- ICMP -------->|<------ datalen ------>|

My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.

I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-03-24 23:48:36 +00:00
Bruce Evans
1104dd84fa Fixed an errx format error in rev.1.81. This should have been fatal
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.

Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
2003-03-24 11:26:08 +00:00
Ruslan Ermilov
120b4a9366 Demangle the usage message at the source level.
Submitted by:	bde
2003-03-14 07:59:38 +00:00
Ruslan Ermilov
1bd10ba2d9 Fix and sync SYNOPSIS and usage().
Prodded by:	bde
2003-03-11 20:12:39 +00:00
Sean Chittenden
31eac03b4b Update ping to be WARNS=2 compliant.
Reviewed by:	-audit (no objections ~1mo)
Approved by:	nectar
2003-03-05 22:42:03 +00:00
Matthew N. Dodd
eb1543c6ee Support ICMP_TSTAMP/ICMP_TSTAMPREPLY.
This alters the meaning of the '-M' flag.
2003-03-02 21:24:08 +00:00
Ruslan Ermilov
1f6a46318d Sort options. 2003-02-23 01:50:07 +00:00
Matthew N. Dodd
d074d39fef Call fill() after maxpayload has been initialized.
Reviewed by:	 maxim
2003-01-29 20:42:42 +00:00
Matthew N. Dodd
143008a1fe Send ICMP_MASKREQ packets when the '-M' option is specified. 2003-01-28 22:53:24 +00:00
Maxim Konovalov
fb7d32c7ee Better error handling for -s.
Submitted by:	bde

Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.

Reviewed by:	silence on -net
Proposed by:	bde

I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:

MFC after:      6 months
2003-01-23 13:04:42 +00:00
Maxim Konovalov
261e59bb9e style(9) sweep.
Submitted by:	bde
2003-01-23 12:56:10 +00:00
Maxim Konovalov
9bc1a9ec6c Anti-magic: s/255/MAXTTL/ 2003-01-23 12:54:11 +00:00
Maxim Konovalov
0b2f8b3f68 Implement -D (do not fragment) and -z (TOS) options.
PR:		bin/29164
Reviewed by:	silence of -net
Obtained from:	OpenBSD
2003-01-23 12:48:12 +00:00
Maxim Konovalov
cb75aca7cd Print strict source routing option.
Reviewed by:	silence on -net
Proposed by:	David Wang <dsw@juniper.net>
2003-01-23 12:42:56 +00:00
Maxim Konovalov
3c721ab3c9 Fix LSRR option length check: it has to be less or equal remained header's
length minus sizeof(struct ip).

MFC after:	1 week
2002-10-21 11:43:46 +00:00
Dima Dorfman
8025c44b00 Add an -o option to exit after receiving one reply. This can be used
to test whether a link is live.

PR:		38573
Submitted by:	David Taylor <davidt@yadt.co.uk>
Obtained from:	NetBSD
2002-10-02 03:24:27 +00:00
Peter Wemm
9b2196460d Commit "unrelated style fixes" part of Bruce's patch (regarding
bcopy/memcpy) seperately.

Submitted by:  bde
2002-09-11 18:16:40 +00:00
Peter Wemm
9d2b0ab82a Modify previous commit to solve the real problem that made gcc think
the timestamp was aligned.  ie: Use a void * instead of struct timeval *
which gcc assumes will be aligned.  Go back to memcpy().

Submitted by: bde
2002-09-11 18:12:29 +00:00
Jacques Vidrine
7e5bbd6847 In reference to previous commit: use err(3).
Noticed by:	bde
2002-09-09 18:51:59 +00:00
Jacques Vidrine
ef9d72e14c Check for FD_SET overrun. 2002-09-09 15:58:08 +00:00
Ian Dowse
9c1b8868dc Add the -A flag to the usage line.
Submitted by:	Yutaka KAWASE <yutaka@mailhost.net>
MFC after:	3 days
2002-08-27 08:09:37 +00:00
Peter Wemm
11bad678c6 Fix the broken "avoid unaligned data" fix. The problem is that the builtin
gcc memcpy "knows" about types that are supposed to be actually already
aligned and triggers alignment errors doing the memcpy itself.
"Fix" this by changing it to a bcopy().  In this case, we had:
  struct timeval *tp;
  struct timeval tv1;
  memcpy(&tv1,tp,sizeof(tv1));
.. and since gcc *knows* that a pointer to a timeval is longword aligned
and that tv1 is longword aligned, then it can use an inline that assumes
alignment.  The following works too:
  cp = (char *)tp;
  memcpy(&tv1,cp,sizeof(tv1));
Simply casting (char *)tp  for the memcpy doesn't work. :-(
This affected different 64 bit platforms in different ways and depends
a lot on gcc as well.  I've seen this on alpha and ia64 at least, although
alpha isn't doing it right now.
2002-08-10 03:00:55 +00:00
Maxim Konovalov
4fba6582cb o Change almost all magic numbers to the appropriate constants.
o Fix zero payloading, unbreak ping -s 0.
o Increase socket recieve buffer, ping -s 65467 is working now.

Submitted by:	anti-magic sweep based on kris's patch
Reviewed by:	bde, silence on -audit
MFC after:	2 months
2002-07-05 11:52:54 +00:00
Maxim Konovalov
301207dffe More strict ip options parsing.
Reviewed by:	bde (style), silence on -audit
MFC after:	2 months
2002-07-05 11:47:33 +00:00