In order to create vnet jails, atf_python needs root privileges.
However, once the vnet is created, its privileges inside the vnet can be
demoted, as these tests should not require root in order to pass.
Reviewed by: markj
Approved by: emaste (mentor)
Fixes: 4efaf43c6f ("ping: Require root user for pytests")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42175
Declare some regex patterns as a raw string by prepending `r`.
Reviewed by: markj
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D42174
Align some of pinger() defaults with Scapy to facilitate debugging when
printing packets.
No functional change intended.
Reviewed by: emaste, kp
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D47159
Scapy now only accepts known options with IPOption(), so our unknown
option must be passed raw.
While here, prefer the named options for EOL and NOP.
Reviewed by: emaste, kp
Approved by: emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D47160
The value of MAXPAYLOAD in the re-applied commit is not right. Back
this out until it's had a proper review.
This reverts commit b88df1e893.
Requested by: maxim, glebius
The ping tests were originally broken by an unrelated isue that
is now fixed ( 2926c25942 ).
THanks to kp@ for fixing the test and Jose Luis Duran for pinting it out.
This reverts commit 7bc0cb91a2.
Scapy 2.6.0 now appears to parse the IPOption during construction, and it then
gets confused at a single-byte option. IP Options typically contain at least a 1
byte type and 1 byte length. Avoid this by just returning the raw bytes, rather
than an IPOption object.
MFC after: 1 week
Reviewed by: Jose Luis Duran <jlduran@gmail.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47151
Only super-user could specify a packet size larger than the default 56 bytes.
This restriction was added by Matt Dillon in 1998 during the BEST days [0].
This restriction doesn't exist in ping IPV6 or on NetBSD, OpenBSD and Linux.
UMS [1] uses this feature to estimate the client's bandwidth to optimize the
streaming experience.
[0] DFGit 526f06b278
[1] UMS: https://github.com/UniversalMediaServer/UniversalMediaServer
Obtained from: DragonFlyBSD
Differential Revision: https://reviews.freebsd.org/D45774
A missing else caused the correct resolver hint (AF_INET) to be
overwritten with AF_UNSPEC when the kernel supports IPv4 but not
IPv6.
MFC after: 3 days
PR: 277592
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D44304
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals. These copyright strings are present in the comments and
are largely from CSRG's attempt at adding their copyright to every
binary file (which modern interpretations of the license doesn't
require).
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
Traditionally, ping returned exit code EX_NOHOST if a DNS lookup failed.
That is still the case for the legacy code in the new merged ping, but
not for IPv6 targets, nor when a DNS lookup is performed in order to
determine which version of the tool to invoke.
While here, also make sure that the error message is consistent.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42159
atf_python may use vnet jails for creating an isolated test environment.
Mark these tests that require root user privileges.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Very early on, the Src/Dst IP addresses were printed in hex notation
(%08x), which will always be 8-characters wide. It was later changed to
use a dot-decimal notation. Depending on the IP address length, the Src
and Dst headers may require a different padding. Use the source and
destination IP lengths as padding for the headers.
Also, print an Opts (options) header, if there are options present. It
has been abbreviated to Opts to match the length of the previous Data
header, removed in ef9e6dc7ee.
Print the header info such that no trailing spaces are produced. As
some git workflows may automatically trim them, and make the tests fail
(see 25b86f8559).
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2␣
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2
And with options:
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst Opts
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39561
When an echo reply packet is received, the data is compared with the
sent data. When a wrong byte is detected the command displays a report
with the differences.
The first row (the first 8-bytes of data after the ICMP header) should
include the time stamp (if data is at least 8-bytes), this value is not
taken into consideration for the comparison. The remaining rows
represent the data (padded pattern) received/sent, with each byte being
compared for differences.
Print the space before (not after), to add an extra space after cp:/dp:
for better readability when the first time stamp octet is not
zero-padded, and to remove trailing spaces in the output.
Before:
cp:99 0 0 c 1 5 c 0␣
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd␣
...
After:
cp: 99 0 0 c 1 5 c 0
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd
...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39492
This is a first step towards a unification/simplification of ping/ping6
(internally). The end goal is to produce a standardized user-facing
output.
Before (ping6):
PING6(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping6 statistics ---
round-trip min/avg/max/std-dev = 0.068/0.118/0.168/0.050 ms
After (ping6):
PING(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping statistics ---
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
This has the nice side-effect of adding units to SIGINFO's statistics,
as printing numbers without units may not be of much help. Also
mentions the fact that these times are round-trip.
Before (ping/ping6 SIGINFO):
2/2 packets received (100.0%) 0.068 min / 0.118 avg / 0.168 max
After (ping/ping6 SIGINFO):
--- <ipv4/ipv6 address> ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
In the case of a SIGINFO, the output will be printed to stderr, for both
ping and ping6.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39126
Commit 46d7b45a26 introduced these code
paths. Test and document them.
- Add inner packet too short test
- Add inner IHL too short test
- Add quoted data too short test
- Add IHL too short test
- Add max inner packet IHL without payload test
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D38528
Avoid calculating the square root of negative zero, which can easily
happen on certain architectures when calculating the population standard
deviation with a sample size of one, e.g., 0.01 - (0.1 * 0.1) =
-0.000000.
Avoid returning a NaN by capping the minimum possible variance value to
zero (positive).
In the future, maybe skip reporting statistics at all for a single
sample.
Reported by: Jenkins
Reviewed by: asomers
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D42114
* Interrupt the option loop as soon as we have an indication of which
protocol is intended.
* If we end up having to perform a DNS lookup, loop over the entire
result looking for either IPv4 or IPv6 addresses.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: rscheff, kevans, allanjude
Differential Revision: https://reviews.freebsd.org/D42137
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Test regression fixed in 4630a3252a. Add two tests that do not
use the verbose flag, so the code path in question can be reached:
1. Respond with a proper ICMP destination host unreachable packet.
2. Respond with a doctored ICMP destination host unreachable packet,
that has the ICMP Identifier field modified (+1 bit).
Reviewed by: cy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39244
The variable oicmp, which holds the original ("quoted packet") ICMP
packet in a structured way, did not have a copy of the original ICMP
packet obtained from the raw data.
The code was accidentally removed in 20b4130314. Bring it back.
Reported by: Coverity Scan, cy
Reviewed by: cy
CID: 1506960 (UNINIT)
Fixes: 20b4130314
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39233
The function pr_pack() prints out a packet, if the IP packet contains
options, these are printed as well.
Test the functionality fixed in
70960bb86a.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38470
Ping used to provide some sort of packet sniffing capabilities, this was
in an era where hubs were used and tcpdump wasn't invented.
pr_iph() is a function that prints the IP header of the packet.
pr_retip() is essentially a wrapper function to pr_iph(), that also
displays the source and destination ports of a TCP or UDP packet.
After ef9e6dc7ee some of this
functionality was almost removed, to only display packets sent by us
(26+ years ago).
At this point, reaching this code path was only possible by doctoring
the original packet.
After 46d7b45a26 this code path can never
be reached.
Remove the code.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38475
When an ICMP packet contains an IP packet in its payload, and that
original IP packet contains options, these options were not displayed
accordingly in pr_iph().
pr_iph() is a function that prints the original "quoted packet" IP
header, with only an IP struct as an argument. The IP struct does not
contain IP options, and it is not guaranteed that the options will be
contiguous in memory to the IP struct after
d9cacf605e.
Pass the raw ICMP data along with the IP struct, in order to print the
options, if any.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38469
The sizeof(struct ip) is 20.
The sizeof(struct in_addr) is 4.
No functional change intended.
Reviewed by: asomers, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39125
In the IP header, Flags + Fragment Offset is a 16-bit field.
Use ntohs() instead of ntohl(), otherwise the Flags/Fragment Offset
values may not display correctly.
Before (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 0 0000 40 01 b6a4 192.0.2.1 192.0.2.2
After (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 2 0000 40 01 b6a4 192.0.2.1 192.0.2.2
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38479
ping -R (F_RROUTE) will loop at ping.c:1381 until it segfaults or
the unsigned int hlen happens to be less than the size of an IP header:
slippy$ ping -R 192.168.0.101
PING 192.168.0.101 (192.168.0.101): 56 data bytes
64 bytes from 192.168.0.101: icmp_seq=0 ttl=63 time=1.081 ms
RR: 192.168.0.1
192.168.0.101
192.168.0.101
10.1.1.254
10.1.1.91
unknown option bb
unknown option 32
unknown option 6
...
unknown option 96
unknown option 2d
Segmentation fault
The reason for this is while looping through loose source routing (LSRR)
and strict source routing (SSRR), hlen will become smaller than the IP
header. It may even become negative. This should terminate the loop.
However, when hlen is unsigned, an integer underflow occurs becoming a
large number causing the loop to continue virtually forever until hlen
is either by chance smaller than the lenghth of an IP header or it
segfaults.
Reviewed by: asomers
Fixes: 46d7b45a26
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38744
