The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Test regression fixed in 4630a3252a. Add two tests that do not
use the verbose flag, so the code path in question can be reached:
1. Respond with a proper ICMP destination host unreachable packet.
2. Respond with a doctored ICMP destination host unreachable packet,
that has the ICMP Identifier field modified (+1 bit).
Reviewed by: cy
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39244
The variable oicmp, which holds the original ("quoted packet") ICMP
packet in a structured way, did not have a copy of the original ICMP
packet obtained from the raw data.
The code was accidentally removed in 20b4130314. Bring it back.
Reported by: Coverity Scan, cy
Reviewed by: cy
CID: 1506960 (UNINIT)
Fixes: 20b4130314
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39233
The function pr_pack() prints out a packet, if the IP packet contains
options, these are printed as well.
Test the functionality fixed in
70960bb86a.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38470
Ping used to provide some sort of packet sniffing capabilities, this was
in an era where hubs were used and tcpdump wasn't invented.
pr_iph() is a function that prints the IP header of the packet.
pr_retip() is essentially a wrapper function to pr_iph(), that also
displays the source and destination ports of a TCP or UDP packet.
After ef9e6dc7ee some of this
functionality was almost removed, to only display packets sent by us
(26+ years ago).
At this point, reaching this code path was only possible by doctoring
the original packet.
After 46d7b45a26 this code path can never
be reached.
Remove the code.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38475
When an ICMP packet contains an IP packet in its payload, and that
original IP packet contains options, these options were not displayed
accordingly in pr_iph().
pr_iph() is a function that prints the original "quoted packet" IP
header, with only an IP struct as an argument. The IP struct does not
contain IP options, and it is not guaranteed that the options will be
contiguous in memory to the IP struct after
d9cacf605e.
Pass the raw ICMP data along with the IP struct, in order to print the
options, if any.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38469
The sizeof(struct ip) is 20.
The sizeof(struct in_addr) is 4.
No functional change intended.
Reviewed by: asomers, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39125
In the IP header, Flags + Fragment Offset is a 16-bit field.
Use ntohs() instead of ntohl(), otherwise the Flags/Fragment Offset
values may not display correctly.
Before (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 0 0000 40 01 b6a4 192.0.2.1 192.0.2.2
After (DF set)
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 0001 2 0000 40 01 b6a4 192.0.2.1 192.0.2.2
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D38479
ping -R (F_RROUTE) will loop at ping.c:1381 until it segfaults or
the unsigned int hlen happens to be less than the size of an IP header:
slippy$ ping -R 192.168.0.101
PING 192.168.0.101 (192.168.0.101): 56 data bytes
64 bytes from 192.168.0.101: icmp_seq=0 ttl=63 time=1.081 ms
RR: 192.168.0.1
192.168.0.101
192.168.0.101
10.1.1.254
10.1.1.91
unknown option bb
unknown option 32
unknown option 6
...
unknown option 96
unknown option 2d
Segmentation fault
The reason for this is while looping through loose source routing (LSRR)
and strict source routing (SSRR), hlen will become smaller than the IP
header. It may even become negative. This should terminate the loop.
However, when hlen is unsigned, an integer underflow occurs becoming a
large number causing the loop to continue virtually forever until hlen
is either by chance smaller than the lenghth of an IP header or it
segfaults.
Reviewed by: asomers
Fixes: 46d7b45a26
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D38744
ping(8) is an old utility, which has received many changes and updates through the years.
Some of these changes may have introduced small bugs, in part due to the lack of tests.
Attempt to remedy the current situation by introducing a way to easily add tests.
Differential Revision: https://reviews.freebsd.org/D38053
ping(8) is an old utility, which has received many changes and updates through the years.
Some of these changes may have introduced small bugs, in part due to the lack of tests.
Attempt to remedy the current situation by introducing a way to easily add tests.
Differential Revision: https://reviews.freebsd.org/D38053
* Appease mandoc -T lint and igor
* Use example.com for documentation
* Update the IPv4 TTL section.
Update the IPv4 TTL section specifically for FreeBSD.
FreeBSD changed the default TTL to 64 in
5639e86bdd. NetBSD and OpenBSD still
use 255. Remove some references of extinct operating systems.
Reviewed by: gbe (manpages), asomers
MFC after: 2 weeks
Pull Request: https://github.com/freebsd/freebsd-src/pull/630
Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.
Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.
Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #77
Differential Revision: https://reviews.freebsd.org/D37195
If no IPv4-host, IPv4-mcast-group or IPv6-host is passed, it will
display the usage. The tests are passing because they are just checking
that the exit code is 1.
Fix the tests by checking the appropriate output message.
While here, change the description to match the output and add the
missing requirements.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37250
The command "ping -S dotted.quad hostname" fails on dual-stack hosts
with the confusing message "ping: invalid source address: Name does
not resolve" because IPv6 is selected in preference. If the argument
to -S is numeric (likely), select the corresponding address family,
as if -4 or -6 was specified. Add tests that either IPv4 or IPv6 can
be forced via a -S parameter.
Reviewed by: asomers
Differential Revision: https://reviews.freebsd.org/D35271
MFC after: 1 week
After this, we'll be able to ping a host and not spam the terminal, and
no flooding will have to be involved. I've been doing this under Linux
as ping -fi1 host.
Reviewed by: rpokala, Pau Amma
Differential Revision: https://reviews.freebsd.org/D34882
It does not build (and serves no purpose) if neither is true (i.e.,
building WITHOUT_INET and WITHOUT_INET6). Also add an explicit error
in ping to make this case clear.
PR: 260082
Sponsored by: The FreeBSD Foundation
ping uses a two-pass option parser. The first pass determines whether
ipv4 or ipv6 is desired, and the second parses the rest of the options.
But the first pass wrongly detects a '4' or '6' in an option's value as
a request to use ipv6 or ipv6 respectively, for example in an invocation
like "ping -c6 1.2.3.4".
Fix this confusion by including all options in the first round of
parsing, but ignoring those unrelated to ipv4/ipv6 selection.
PR: 258048
Reported by: ghuckriede@blackberry.com
Submitted by: ghuckriede@blackberry.com
MFC after: 2 weeks
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D32344
The in_cksum tests originally tried to simulate a BE environment by
swapping the byte order of the input. But that's overcomplicated, and
didn't actually work on real BE hardware. The correct testing strategy
is just to test on the native endianness, and run the tests in both BE
and LE environments.
Submitted by: Renato Riolino <renato.riolino@eldorado.org.br>
Reviewed By: asomers
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D23193
If the kernel was built without INET6, default to ICMP. Or, if it was
built without INET, default to ICMPv6.
PR: 251725
Reported by: jbeich
Reviewed by: jbeich
Tested by: jbeich
MFC with: 368045
Building without INET6 support was already possible. Now it's possible to
build ping with only INET6, or even with neither INET nor INET6.
Reported by: bz
Reviewed by: bz
MFC-With: 368045
Differential Revision: https://reviews.freebsd.org/D27394
When invoked as "ping6", ping will now attempt to use ICMPv6 for hostnames
that resolve both IPv4 and IPv6 addresses.
Reviewed by: bz, manu
MFC-With: r368045
Differential Revision: https://reviews.freebsd.org/D27384
There is now a single ping binary, which chooses to use ICMP or ICMPv4
based on the -4 and -6 options, and the format of the address.
Submitted by: Ján Sučan <sucanjan@gmail.com>
Sponsored by: Google LLC (Google Summer of Code 2019)
MFC after: Never
Differential Revision: https://reviews.freebsd.org/D21377
In order to validate the proper marking and use of a different
ethernet priority class, add the new session-specific PCP
feature to the ping/ping6 utilities.
Reviewed by: mav, bcr
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D26627
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.
Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
Leaf directories that have dependencies impacted
by options need a Makefile.depend.options file
to avoid churn in Makefile.depend
DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc
can be set in local.dirdeps-options.mk
which can add to those set in Makefile.depend.options
See share/mk/dirdeps-options.mk
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22469
ping(8) uses SO_TIMESTAMP, which attaches a timestamp to each IP datagram at
the time it's received by the kernel. Except that occasionally it doesn't.
Add a check to see whether such a timestamp was actually set before trying
to read it. This fixes segfaults that can happen when the kernel doesn't
attach a timestamp.
The bug has always existed, but prior to r351461 it manifested as an
implausible round-trip-time, not a segfault.
Reported by: pho
MFC after: 3 days
MFC-With: 351461