Commit Graph

127 Commits

Author SHA1 Message Date
truckman
157633b369 Check for socket creation success before calling bind().
Reported by:	Coverity
CID:		1194209
2016-05-12 05:43:54 +00:00
maxim
578b681e58 o Restore some good whitespace killed in the previous commit.
Spotted by:	bjk
2016-03-18 15:44:21 +00:00
maxim
96ffb8bbbe o Kill EoL whitespaces. 2016-03-18 15:07:43 +00:00
maxim
2384b1d735 o No need to resolve a mask that we get with ICMP_MASKREPLY,
pass it directly to inet_ntoa(3).
2016-03-18 15:06:50 +00:00
glebius
5b04e75f25 Allow minimum and maximum sweep size be the same.
Submitted by:	maxim
2016-03-11 21:06:17 +00:00
maxim
986728b254 o Kill EoL whitespaces. No functional changes. 2016-03-11 16:03:47 +00:00
oshogbo
023f14d65b Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
brooks
fe846feb04 Remove "capability mode sandbox enabled" messages.
These messages serve little purpose and break some consumers.

PR:		199855
Differential Revision:	https://reviews.freebsd.org/D2440
Reviewed by:	rwatson
Approved by:	pjd
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2015-05-04 21:44:51 +00:00
ae
2ea9ad214b After r270929 RAW IP code assumes that all IP fields are in network
byte order. Fix ping(8) to pass an IP header with converted ip_off
and ip_len fields, when IP_HDRINCL socket option used.
2015-01-23 13:26:35 +00:00
hrs
4a3d5910e2 WARNS=3 and style fixes. No functionality change. 2014-10-20 00:27:40 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
pjd
0248f22ea4 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
eadler
4bc19b04c5 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
delphij
ca1787f8ea Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
ed
01e81eb99e Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
gnn
f5875f045c Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
cognet
fc0e827f1a Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
dd
462216939a Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
glebius
e41986c80d Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00
ru
4677f91765 Sync usage() with SYNOPSIS. 2005-12-01 22:03:34 +00:00
glebius
79e1a39bf2 Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.

PR:		bin/82625
Submitted by:	Chris Hellberg <chellberg juniper.net> (with some cleanups)
2005-08-15 14:15:37 +00:00
maxim
9fddea1399 o Store timestamp in network byte order.
o Remove an assumption sizeof(struct timeval) == 8 (this is not
  true on sparc64).

Reviewed by:	imp, -hackers
Obtained from:	NetBSD (rev. 1.75)
MT5 after:	1 month
2004-09-30 07:35:56 +00:00
stefanf
bcdeb8e73c Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
iedowse
e5237a493b Don't turn off the regular SIGINFO status information. The use of
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
  o The kernel info might be what you want to see
  o ^T is left non-functional if ping is killed non-cleanly
  o "ping -q foo &" gets suspended on tty output

Encouraged by:	bde
2004-04-07 18:48:11 +00:00
iedowse
05e08e2967 Certain ICMP error replies cause ping to perform a reverse DNS
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.

PR:		bin/4696
MFC after:	1 week
2004-02-08 21:59:17 +00:00
maxim
230bc843b2 o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
maxim
e6a55d0102 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
maxim
3fd6e6089e o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
maxim
c98e04ea6e Fix SIGINFO handling: do not print incorrect timing statistics
when the data for it is not available.

Founded by:	ping -s0 localhost; press ^T
2003-06-02 10:01:59 +00:00
obrien
19105c8312 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
maxim
da1c42b4c0 o Skip timestamp part when checking payload.
PR:		bin/50909
Submitted by:	Barney Wolff <barney@lab.databus.com>
2003-04-14 08:34:14 +00:00
mdodd
ca2109254b Deal with a case where the returned packed was smaller than the
transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-04-07 12:05:50 +00:00
mdodd
ccc6071f7e Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
2003-04-02 20:14:44 +00:00
maxim
ef610973a4 IP_EVIL -> IP_EF 2003-04-02 14:52:21 +00:00
mdodd
e72fdee732 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
mdodd
53b1373a1f Default data length should be 56, not 64. 2003-03-28 00:31:51 +00:00
mdodd
0079e3d786 - Make -M mask and -M time exclusive.
- Correct some problems with packet construction.

  +--------+------------+----------+-------------+---------+
  |        |            |          |             |         |
  | IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
  |        |            |          |             |         |
  +--------+------------+----------+-------------+---------+
  |        |                       |                       |
  |<- IP ->|<------- ICMP -------->|<------ datalen ------>|

My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.

I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-03-24 23:48:36 +00:00
bde
c398569549 Fixed an errx format error in rev.1.81. This should have been fatal
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.

Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
2003-03-24 11:26:08 +00:00
ru
86ea8af4d0 Demangle the usage message at the source level.
Submitted by:	bde
2003-03-14 07:59:38 +00:00
ru
50bb124650 Fix and sync SYNOPSIS and usage().
Prodded by:	bde
2003-03-11 20:12:39 +00:00
seanc
7fd03de4a0 Update ping to be WARNS=2 compliant.
Reviewed by:	-audit (no objections ~1mo)
Approved by:	nectar
2003-03-05 22:42:03 +00:00
mdodd
8962c4b750 Support ICMP_TSTAMP/ICMP_TSTAMPREPLY.
This alters the meaning of the '-M' flag.
2003-03-02 21:24:08 +00:00
ru
8a2a909130 Sort options. 2003-02-23 01:50:07 +00:00
mdodd
718bb6c717 Call fill() after maxpayload has been initialized.
Reviewed by:	 maxim
2003-01-29 20:42:42 +00:00
mdodd
b159341ed9 Send ICMP_MASKREQ packets when the '-M' option is specified. 2003-01-28 22:53:24 +00:00
maxim
14d7bf5dd2 Better error handling for -s.
Submitted by:	bde

Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.

Reviewed by:	silence on -net
Proposed by:	bde

I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:

MFC after:      6 months
2003-01-23 13:04:42 +00:00
maxim
08b55cf1d9 style(9) sweep.
Submitted by:	bde
2003-01-23 12:56:10 +00:00
maxim
118f887acc Anti-magic: s/255/MAXTTL/ 2003-01-23 12:54:11 +00:00
maxim
805247f240 Implement -D (do not fragment) and -z (TOS) options.
PR:		bin/29164
Reviewed by:	silence of -net
Obtained from:	OpenBSD
2003-01-23 12:48:12 +00:00