Commit Graph

127 Commits

Author SHA1 Message Date
Don Lewis
eeb6394364 Check for socket creation success before calling bind().
Reported by:	Coverity
CID:		1194209
2016-05-12 05:43:54 +00:00
Maxim Konovalov
028c7845c0 o Restore some good whitespace killed in the previous commit.
Spotted by:	bjk
2016-03-18 15:44:21 +00:00
Maxim Konovalov
61273736b3 o Kill EoL whitespaces. 2016-03-18 15:07:43 +00:00
Maxim Konovalov
f7fc5c9154 o No need to resolve a mask that we get with ICMP_MASKREPLY,
pass it directly to inet_ntoa(3).
2016-03-18 15:06:50 +00:00
Gleb Smirnoff
bb7dfe5e49 Allow minimum and maximum sweep size be the same.
Submitted by:	maxim
2016-03-11 21:06:17 +00:00
Maxim Konovalov
ed5e3d7a83 o Kill EoL whitespaces. No functional changes. 2016-03-11 16:03:47 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Brooks Davis
5743dcb3c2 Remove "capability mode sandbox enabled" messages.
These messages serve little purpose and break some consumers.

PR:		199855
Differential Revision:	https://reviews.freebsd.org/D2440
Reviewed by:	rwatson
Approved by:	pjd
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2015-05-04 21:44:51 +00:00
Andrey V. Elsukov
ffc610b221 After r270929 RAW IP code assumes that all IP fields are in network
byte order. Fix ping(8) to pass an IP header with converted ip_off
and ip_len fields, when IP_HDRINCL socket option used.
2015-01-23 13:26:35 +00:00
Hiroki Sato
7e9489e0f6 WARNS=3 and style fixes. No functionality change. 2014-10-20 00:27:40 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
49133c6d52 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
Eitan Adler
1d1d4a4727 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
Xin LI
6959b14df6 Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
Ed Schouten
fafb8f11c0 Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
George V. Neville-Neil
8409aedfa6 Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
Olivier Houchard
e81f504954 Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
Dima Dorfman
aa822c3979 Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
Gleb Smirnoff
d6cd14974c Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00
Ruslan Ermilov
ee3e1c4c08 Sync usage() with SYNOPSIS. 2005-12-01 22:03:34 +00:00
Gleb Smirnoff
9ff95228e8 Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.

PR:		bin/82625
Submitted by:	Chris Hellberg <chellberg juniper.net> (with some cleanups)
2005-08-15 14:15:37 +00:00
Maxim Konovalov
13e3f0b717 o Store timestamp in network byte order.
o Remove an assumption sizeof(struct timeval) == 8 (this is not
  true on sparc64).

Reviewed by:	imp, -hackers
Obtained from:	NetBSD (rev. 1.75)
MT5 after:	1 month
2004-09-30 07:35:56 +00:00
Stefan Farfeleder
4eae39bfdf Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Ian Dowse
a8616db8fd Don't turn off the regular SIGINFO status information. The use of
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
  o The kernel info might be what you want to see
  o ^T is left non-functional if ping is killed non-cleanly
  o "ping -q foo &" gets suspended on tty output

Encouraged by:	bde
2004-04-07 18:48:11 +00:00
Ian Dowse
c8bb99e577 Certain ICMP error replies cause ping to perform a reverse DNS
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.

PR:		bin/4696
MFC after:	1 week
2004-02-08 21:59:17 +00:00
Maxim Konovalov
007fe4e38a o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
Maxim Konovalov
0fe0c0cc20 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
Maxim Konovalov
e88178dd90 o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
Maxim Konovalov
aed98a27fd Fix SIGINFO handling: do not print incorrect timing statistics
when the data for it is not available.

Founded by:	ping -s0 localhost; press ^T
2003-06-02 10:01:59 +00:00
David E. O'Brien
c69284ca08 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
Maxim Konovalov
29dccd6ae1 o Skip timestamp part when checking payload.
PR:		bin/50909
Submitted by:	Barney Wolff <barney@lab.databus.com>
2003-04-14 08:34:14 +00:00
Matthew N. Dodd
47e9b3ea64 Deal with a case where the returned packed was smaller than the
transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-04-07 12:05:50 +00:00
Matthew N. Dodd
2c56e246fa Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
2003-04-02 20:14:44 +00:00
Maxim Konovalov
33e1dc7738 IP_EVIL -> IP_EF 2003-04-02 14:52:21 +00:00
Matthew N. Dodd
09139a4537 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
Matthew N. Dodd
c67c1ce843 Default data length should be 56, not 64. 2003-03-28 00:31:51 +00:00
Matthew N. Dodd
d829c3dfee - Make -M mask and -M time exclusive.
- Correct some problems with packet construction.

  +--------+------------+----------+-------------+---------+
  |        |            |          |             |         |
  | IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
  |        |            |          |             |         |
  +--------+------------+----------+-------------+---------+
  |        |                       |                       |
  |<- IP ->|<------- ICMP -------->|<------ datalen ------>|

My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.

I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-03-24 23:48:36 +00:00
Bruce Evans
1104dd84fa Fixed an errx format error in rev.1.81. This should have been fatal
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.

Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
2003-03-24 11:26:08 +00:00
Ruslan Ermilov
120b4a9366 Demangle the usage message at the source level.
Submitted by:	bde
2003-03-14 07:59:38 +00:00
Ruslan Ermilov
1bd10ba2d9 Fix and sync SYNOPSIS and usage().
Prodded by:	bde
2003-03-11 20:12:39 +00:00
Sean Chittenden
31eac03b4b Update ping to be WARNS=2 compliant.
Reviewed by:	-audit (no objections ~1mo)
Approved by:	nectar
2003-03-05 22:42:03 +00:00
Matthew N. Dodd
eb1543c6ee Support ICMP_TSTAMP/ICMP_TSTAMPREPLY.
This alters the meaning of the '-M' flag.
2003-03-02 21:24:08 +00:00
Ruslan Ermilov
1f6a46318d Sort options. 2003-02-23 01:50:07 +00:00
Matthew N. Dodd
d074d39fef Call fill() after maxpayload has been initialized.
Reviewed by:	 maxim
2003-01-29 20:42:42 +00:00
Matthew N. Dodd
143008a1fe Send ICMP_MASKREQ packets when the '-M' option is specified. 2003-01-28 22:53:24 +00:00
Maxim Konovalov
fb7d32c7ee Better error handling for -s.
Submitted by:	bde

Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.

Reviewed by:	silence on -net
Proposed by:	bde

I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:

MFC after:      6 months
2003-01-23 13:04:42 +00:00
Maxim Konovalov
261e59bb9e style(9) sweep.
Submitted by:	bde
2003-01-23 12:56:10 +00:00
Maxim Konovalov
9bc1a9ec6c Anti-magic: s/255/MAXTTL/ 2003-01-23 12:54:11 +00:00
Maxim Konovalov
0b2f8b3f68 Implement -D (do not fragment) and -z (TOS) options.
PR:		bin/29164
Reviewed by:	silence of -net
Obtained from:	OpenBSD
2003-01-23 12:48:12 +00:00