118 Commits

Author SHA1 Message Date
hrs
4a3d5910e2 WARNS=3 and style fixes. No functionality change. 2014-10-20 00:27:40 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
pjd
0248f22ea4 Protect ping(8) using Capsicum and Casper. This is protection against malicious
network packets that we parse and not against local users trying to gain root
access through ping's set-uid bit - this is handled by dropping privileges very
early in ping.

Submitted by:	Mikhail <mp@lenta.ru>
2014-02-04 21:43:53 +00:00
eadler
4bc19b04c5 Check the return error of set[ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.  Custom
security modules, or future implementations of the setuid and setgid
may fail.

PR:		bin/172289
PR:		bin/172290
PR:		bin/172291
Submittud by:	Erik Cederstrand <erik@cederstrand.dk>
Discussed by:	freebsd-security
Approved by:	cperciva
MFC after:	1 week
2012-10-22 03:31:22 +00:00
delphij
ca1787f8ea Use timeclear() instead of home grown version.
MFC after:	2 weeks
2012-07-02 02:38:27 +00:00
ed
01e81eb99e Small style fixes:
- ANSIfy prototypes.
- Remove unneeded whitespace.
- Add const keyword to function where it can be used.
2010-06-20 12:52:33 +00:00
gnn
f5875f045c Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.

Submitted by:    bz
Approved by:    re
2007-07-01 12:08:08 +00:00
cognet
fc0e827f1a Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.
2007-05-21 14:38:45 +00:00
dd
462216939a Print packet loss figures with one decimal place. ping6 already does
this, and OpenBSD and NetBSD pings do it too. This is primarily useful
for comparing low levels of packet loss.
2006-08-14 07:54:17 +00:00
glebius
e41986c80d Add a new feature to ping(8) - possibility to specify maximum
wait time for a packet. This allows to:

 - Count number of packets received before and after specified
   time.
 - Shorten time of execution of 'ping -c 1' scripts.

Submitted by:	Lytochkin Boris <lytboris gmail.com>
2006-04-05 12:30:42 +00:00
ru
4677f91765 Sync usage() with SYNOPSIS. 2005-12-01 22:03:34 +00:00
glebius
79e1a39bf2 Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.

PR:		bin/82625
Submitted by:	Chris Hellberg <chellberg juniper.net> (with some cleanups)
2005-08-15 14:15:37 +00:00
maxim
9fddea1399 o Store timestamp in network byte order.
o Remove an assumption sizeof(struct timeval) == 8 (this is not
  true on sparc64).

Reviewed by:	imp, -hackers
Obtained from:	NetBSD (rev. 1.75)
MT5 after:	1 month
2004-09-30 07:35:56 +00:00
stefanf
bcdeb8e73c Avoid using void pointers in additive expressions.
PR:		56653
2004-08-14 17:46:10 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
iedowse
e5237a493b Don't turn off the regular SIGINFO status information. The use of
the NOKERNINFO flag only marginally de-clutters the output and
has a number of unwanted side effects:
  o The kernel info might be what you want to see
  o ^T is left non-functional if ping is killed non-cleanly
  o "ping -q foo &" gets suspended on tty output

Encouraged by:	bde
2004-04-07 18:48:11 +00:00
iedowse
05e08e2967 Certain ICMP error replies cause ping to perform a reverse DNS
lookup on an IP address from the packet (such as the IP that sent
a TTL exceeded error). If the DNS lookup takes a long time, ^C will
appear to be ineffective since the SIGINT handler just sets a flag
and returns. Work around this by exiting immediately on receipt of
a second SIGINT when DNS lookups are enabled.

PR:		bin/4696
MFC after:	1 week
2004-02-08 21:59:17 +00:00
maxim
230bc843b2 o Rename local variables, do not shadow global declarations. 2003-07-14 12:43:48 +00:00
maxim
e6a55d0102 o Kill MINICMPLEN, there is ICMP_MINLEN already. 2003-07-14 12:42:47 +00:00
maxim
3fd6e6089e o Be ready to get a reply with length up to IP_MAXPACKET.
o Warn when recieved packet length is not equal to length of the
packet we sent out. Idea from NetBSD.
o Fit the dump of packet with wrong data to 80 columns (from NetBSD).

Comments from:	bde
2003-07-14 12:37:03 +00:00
maxim
c98e04ea6e Fix SIGINFO handling: do not print incorrect timing statistics
when the data for it is not available.

Founded by:	ping -s0 localhost; press ^T
2003-06-02 10:01:59 +00:00
obrien
19105c8312 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
maxim
da1c42b4c0 o Skip timestamp part when checking payload.
PR:		bin/50909
Submitted by:	Barney Wolff <barney@lab.databus.com>
2003-04-14 08:34:14 +00:00
mdodd
ca2109254b Deal with a case where the returned packed was smaller than the
transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-04-07 12:05:50 +00:00
mdodd
ccc6071f7e Back out support for RFC3514.
RFC3514 poses an unacceptale risk to compliant systems.
2003-04-02 20:14:44 +00:00
maxim
ef610973a4 IP_EVIL -> IP_EF 2003-04-02 14:52:21 +00:00
mdodd
e72fdee732 Implement support for RFC 3514 (The Security Flag in the IPv4 Header).
(See: ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt)

This fulfills the host requirements for userland support by
way of the setsockopt() IP_EVIL_INTENT message.

There are three sysctl tunables provided to govern system behavior.

	net.inet.ip.rfc3514:

		Enables support for rfc3514.  As this is an
		Informational RFC and support is not yet widespread
		this option is disabled by default.

	net.inet.ip.hear_no_evil

		 If set the host will discard all received evil packets.

	net.inet.ip.speak_no_evil

		If set the host will discard all transmitted evil packets.

The IP statistics counter 'ips_evil' (available via 'netstat') provides
information on the number of 'evil' packets recieved.

For reference, the '-E' option to 'ping' has been provided to demonstrate
and test the implementation.
2003-04-01 08:21:44 +00:00
mdodd
53b1373a1f Default data length should be 56, not 64. 2003-03-28 00:31:51 +00:00
mdodd
0079e3d786 - Make -M mask and -M time exclusive.
- Correct some problems with packet construction.

  +--------+------------+----------+-------------+---------+
  |        |            |          |             |         |
  | IP Hdr | MINICMPLEN | phdr_len | TIMEVAL_LEN | payload |
  |        |            |          |             |         |
  +--------+------------+----------+-------------+---------+
  |        |                       |                       |
  |<- IP ->|<------- ICMP -------->|<------ datalen ------>|

My previous changes tried to mess around with 'datalen' instead of
modifying 'phdr_len'.

I'm including this nice ASCII diagram (from Maxim) to further clarify things
in CVS history.

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
2003-03-24 23:48:36 +00:00
bde
c398569549 Fixed an errx format error in rev.1.81. This should have been fatal
when WARNS was increased recently, but __printf0like() has been
temporarily disabled for 8 months.

Fixed related style bugs (disordered declaraction and silly type for
maxpayload -- assume 16-bit ints like the rest of ping.c).
2003-03-24 11:26:08 +00:00
ru
86ea8af4d0 Demangle the usage message at the source level.
Submitted by:	bde
2003-03-14 07:59:38 +00:00
ru
50bb124650 Fix and sync SYNOPSIS and usage().
Prodded by:	bde
2003-03-11 20:12:39 +00:00
seanc
7fd03de4a0 Update ping to be WARNS=2 compliant.
Reviewed by:	-audit (no objections ~1mo)
Approved by:	nectar
2003-03-05 22:42:03 +00:00
mdodd
8962c4b750 Support ICMP_TSTAMP/ICMP_TSTAMPREPLY.
This alters the meaning of the '-M' flag.
2003-03-02 21:24:08 +00:00
ru
8a2a909130 Sort options. 2003-02-23 01:50:07 +00:00
mdodd
718bb6c717 Call fill() after maxpayload has been initialized.
Reviewed by:	 maxim
2003-01-29 20:42:42 +00:00
mdodd
b159341ed9 Send ICMP_MASKREQ packets when the '-M' option is specified. 2003-01-28 22:53:24 +00:00
maxim
14d7bf5dd2 Better error handling for -s.
Submitted by:	bde

Do not constantify maximum payload size. It is 65467 with -R
(record route), and 65507 without it.

Reviewed by:	silence on -net
Proposed by:	bde

I am going to MFC rev.1.77 - 1.81 ping.c and rev.1.39 and 1.40 ping.8:

MFC after:      6 months
2003-01-23 13:04:42 +00:00
maxim
08b55cf1d9 style(9) sweep.
Submitted by:	bde
2003-01-23 12:56:10 +00:00
maxim
118f887acc Anti-magic: s/255/MAXTTL/ 2003-01-23 12:54:11 +00:00
maxim
805247f240 Implement -D (do not fragment) and -z (TOS) options.
PR:		bin/29164
Reviewed by:	silence of -net
Obtained from:	OpenBSD
2003-01-23 12:48:12 +00:00
maxim
e83d9a9d7b Print strict source routing option.
Reviewed by:	silence on -net
Proposed by:	David Wang <dsw@juniper.net>
2003-01-23 12:42:56 +00:00
maxim
d997104201 Fix LSRR option length check: it has to be less or equal remained header's
length minus sizeof(struct ip).

MFC after:	1 week
2002-10-21 11:43:46 +00:00
dd
e49b56bfca Add an -o option to exit after receiving one reply. This can be used
to test whether a link is live.

PR:		38573
Submitted by:	David Taylor <davidt@yadt.co.uk>
Obtained from:	NetBSD
2002-10-02 03:24:27 +00:00
peter
13786391ba Commit "unrelated style fixes" part of Bruce's patch (regarding
bcopy/memcpy) seperately.

Submitted by:  bde
2002-09-11 18:16:40 +00:00
peter
117de6ded0 Modify previous commit to solve the real problem that made gcc think
the timestamp was aligned.  ie: Use a void * instead of struct timeval *
which gcc assumes will be aligned.  Go back to memcpy().

Submitted by: bde
2002-09-11 18:12:29 +00:00
nectar
8a8d92cece In reference to previous commit: use err(3).
Noticed by:	bde
2002-09-09 18:51:59 +00:00
nectar
4f70a78fd0 Check for FD_SET overrun. 2002-09-09 15:58:08 +00:00
iedowse
b2179b4b1a Add the -A flag to the usage line.
Submitted by:	Yutaka KAWASE <yutaka@mailhost.net>
MFC after:	3 days
2002-08-27 08:09:37 +00:00
peter
097002081e Fix the broken "avoid unaligned data" fix. The problem is that the builtin
gcc memcpy "knows" about types that are supposed to be actually already
aligned and triggers alignment errors doing the memcpy itself.
"Fix" this by changing it to a bcopy().  In this case, we had:
  struct timeval *tp;
  struct timeval tv1;
  memcpy(&tv1,tp,sizeof(tv1));
.. and since gcc *knows* that a pointer to a timeval is longword aligned
and that tv1 is longword aligned, then it can use an inline that assumes
alignment.  The following works too:
  cp = (char *)tp;
  memcpy(&tv1,cp,sizeof(tv1));
Simply casting (char *)tp  for the memcpy doesn't work. :-(
This affected different 64 bit platforms in different ways and depends
a lot on gcc as well.  I've seen this on alpha and ia64 at least, although
alpha isn't doing it right now.
2002-08-10 03:00:55 +00:00