On the receive socket, recvmsg() and poll()/select() is called.
Therefore, CAP_EVENT is needed in addition to CAP_RECV..
While there, check the socket for readbility before calling recvmsg().
Reviewed by: markj@
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D36878
The revision D25604 capsicumize traceroute6. For UDP the send socket was
changed from SOCK_DGRAM to SOCK_RAW and thus the UDP checksum need be
calculated by application itself other than the kernel.
outpacket is filled with zeros by line 707, thus the first round the UDP
checksum is correct. But subsequent rounds outudp->uh_sum will be left
with garbage.
PR: 255507
Reviewed by: ae, markj, tuexen
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D30042
- Always use distinct sockets for send and recv
- Limit rights on the recv socket
For ICMP6 we were using the same socket for both send and receive, and
we limited rights on the socket such that it's impossible to receive
anything.
PR: 254623
Diagnosed by: Zhenlei Huang <zlei.huang@gmail.com>
Reviewed by: oshogbo
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D29523
This with the previous patch I committed makes traceroute6/traceroute
compile fine when libcasper isn't enabled.
This complains strongly with unused variables and such when compiled
with gcc-6 on mips32.
Tested:
* compiled/run on mips32 hardware (AR9344)
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D26773
Fix some style issues as well. Leave -Wno-cast-aligned set for now, as
most of the warnings come casts of CMSG_DATA(), which does provide
sufficient alignment in practice.
Submitted by: Shubh Gupta <shubh@freebsd.org>
Sponsored by: Google (GSOC 2020)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25603
This option was imported as part of the KAME project in r62627 (in 2000).
It was turned on unconditionally in r121472 (in 2003) and has been on ever
since. The old alternative code has bitrotted. Reap the dead code.
Reported by: Ján Sučan <jansucan@gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D20938
this implicitly by encoding it in a number space.
No functional change intended.
This is done as a preparation to add support for ICMPv6 mesages
indicating a parameter problem related to the next header.
MFC after: 2 weeks
larger than or equal to 32 bytes. For smaller probe packets, keep using
SHUTDOWN-ACK chunks, possibly bundled with a PAD chunk.
Packets with INIT chunks more likely pass through firewalls. Therefore,
use them when possible.
MFC after: 1 week
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
* Ensure that the datalen always describes the length after the IPv6
header consistently, not matter which protocol us used for probes..
* Document that the default length is 20, not 12.
* Don't send inormation in probe packets which is not needed or
even checked when the responses are processed.
* Address CID 978587.
This is mainly a cleanup preparing the addition of SCTP and TCP
as possible probe packet protocols.
MFC after: 4 weeks
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
- Support for IPv6 transport for AS lookup.
- Introduce $RA_SERVER to set whois server.
- Support for 4 byte ASN.
- ANSIfy function declaration in as.c.
Tested by: IHANet folks.
own line. We made this change in traceroute(8) some time ago. This
is particularly useful when you are not resolving hostnames since ip6
addresses can be quite long, and lines wrap fairly easily in the
multi-path router case.
Discussed with: bz
MFC after: 1 month
traceroute6(8) force -w flag (wait time) to be > 1 sec. Make it
possible to use 1 sec wait time.
PR: bin/110933
Submitted by: Dmitry Marakasov
Reviewed by: freebsd-net (silence)
MFC after: 1 month
- be more picky about argument parsing - like ERANGE.
- use u_long for args, not to lose accuracy/prevent overflow.
- socklen_t audit.
- Add -I (use icmp) option.
- warn if multiple addresses are present for dest.
- no need to pass tz.
- type pedant. check -p range.
- grab hlim from sysctl.
- typo in port number setting.
Obtained from: KAME
The output format specifier for the round-trip time in ping6 should be
changed to %.3f instead of %g since %g doesn't accurately represent the
precision of the number being output. In particular, %g truncates trailing
zeroes. 0.01 ms does not mean the same thing as 0.010 ms. Although they
are numerically identical, they do not have the same precision.
PR: bin/52324, bin/52750
Submitted by: dg
MFC after: 1 week
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
-Open socket() at first and then setuid() to actual user.
-Allow ping6 preload option only for root.
Approved by: jkh
Submitted by: Neil Blakey-Milner <nbm@mithrandr.moria.org>
getipnodebyaddr().
This resolve 2 problems.
-can specify scope index(@ifname) for IPv6 link local addr
-reverse lookup for IPv6 loopback addr(::1) was strange, but fixed