1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Mike Muuss. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #if 0 36 #ifndef lint 37 static const char copyright[] = 38 "@(#) Copyright (c) 1989, 1993\n\ 39 The Regents of the University of California. All rights reserved.\n"; 40 #endif /* not lint */ 41 42 #ifndef lint 43 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; 44 #endif /* not lint */ 45 #endif 46 #include <sys/cdefs.h> 47 /* 48 * P I N G . C 49 * 50 * Using the Internet Control Message Protocol (ICMP) "ECHO" facility, 51 * measure round-trip-delays and packet loss across network paths. 52 * 53 * Author - 54 * Mike Muuss 55 * U. S. Army Ballistic Research Laboratory 56 * December, 1983 57 * 58 * Status - 59 * Public Domain. Distribution Unlimited. 60 * Bugs - 61 * More statistics could always be gathered. 62 * This program has to run SUID to ROOT to access the ICMP socket. 63 */ 64 65 #include <sys/param.h> /* NB: we rely on this for <sys/types.h> */ 66 #include <sys/capsicum.h> 67 #include <sys/socket.h> 68 #include <sys/sysctl.h> 69 #include <sys/time.h> 70 #include <sys/uio.h> 71 72 #include <netinet/in.h> 73 #include <netinet/in_systm.h> 74 #include <netinet/ip.h> 75 #include <netinet/ip_icmp.h> 76 #include <netinet/ip_var.h> 77 #include <arpa/inet.h> 78 79 #include <libcasper.h> 80 #include <casper/cap_dns.h> 81 82 #ifdef IPSEC 83 #include <netipsec/ipsec.h> 84 #endif /*IPSEC*/ 85 86 #include <capsicum_helpers.h> 87 #include <ctype.h> 88 #include <err.h> 89 #include <errno.h> 90 #include <netdb.h> 91 #include <stddef.h> 92 #include <signal.h> 93 #include <stdio.h> 94 #include <stdlib.h> 95 #include <string.h> 96 #include <sysexits.h> 97 #include <time.h> 98 #include <unistd.h> 99 100 #include "main.h" 101 #include "ping.h" 102 #include "utils.h" 103 104 #define INADDR_LEN ((int)sizeof(in_addr_t)) 105 #define TIMEVAL_LEN ((int)sizeof(struct tv32)) 106 #define MASK_LEN (ICMP_MASKLEN - ICMP_MINLEN) 107 #define TS_LEN (ICMP_TSLEN - ICMP_MINLEN) 108 #define DEFDATALEN 56 /* default data length */ 109 #define FLOOD_BACKOFF 20000 /* usecs to back off if F_FLOOD mode */ 110 /* runs out of buffer space */ 111 #define MAXIPLEN (sizeof(struct ip) + MAX_IPOPTLEN) 112 #define MAXICMPLEN (ICMP_ADVLENMIN + MAX_IPOPTLEN) 113 #define MAXWAIT 10000 /* max ms to wait for response */ 114 #define MAXALARM (60 * 60) /* max seconds for alarm timeout */ 115 #define MAXTOS 255 116 117 #define A(bit) rcvd_tbl[(bit)>>3] /* identify byte in array */ 118 #define B(bit) (1 << ((bit) & 0x07)) /* identify bit in byte */ 119 #define SET(bit) (A(bit) |= B(bit)) 120 #define CLR(bit) (A(bit) &= (~B(bit))) 121 #define TST(bit) (A(bit) & B(bit)) 122 123 struct tv32 { 124 int32_t tv32_sec; 125 int32_t tv32_nsec; 126 }; 127 128 /* various options */ 129 #define F_FLOOD 0x0001 130 #define F_INTERVAL 0x0002 131 #define F_PINGFILLED 0x0008 132 #define F_QUIET 0x0010 133 #define F_RROUTE 0x0020 134 #define F_SO_DEBUG 0x0040 135 #define F_SO_DONTROUTE 0x0080 136 #define F_VERBOSE 0x0100 137 #define F_QUIET2 0x0200 138 #define F_NOLOOP 0x0400 139 #define F_MTTL 0x0800 140 #define F_MIF 0x1000 141 #define F_AUDIBLE 0x2000 142 #ifdef IPSEC 143 #ifdef IPSEC_POLICY_IPSEC 144 #define F_POLICY 0x4000 145 #endif /*IPSEC_POLICY_IPSEC*/ 146 #endif /*IPSEC*/ 147 #define F_TTL 0x8000 148 #define F_MISSED 0x10000 149 #define F_ONCE 0x20000 150 #define F_HDRINCL 0x40000 151 #define F_MASK 0x80000 152 #define F_TIME 0x100000 153 #define F_SWEEP 0x200000 154 #define F_WAITTIME 0x400000 155 #define F_IP_VLAN_PCP 0x800000 156 #define F_DOT 0x1000000 157 158 /* 159 * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum 160 * number of received sequence numbers we can keep track of. Change 128 161 * to 8192 for complete accuracy... 162 */ 163 #define MAX_DUP_CHK (8 * 128) 164 static int mx_dup_ck = MAX_DUP_CHK; 165 static char rcvd_tbl[MAX_DUP_CHK / 8]; 166 167 static struct sockaddr_in whereto; /* who to ping */ 168 static int datalen = DEFDATALEN; 169 static int maxpayload; 170 static int ssend; /* send socket file descriptor */ 171 static int srecv; /* receive socket file descriptor */ 172 static u_char outpackhdr[IP_MAXPACKET], *outpack; 173 static char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ 174 static char BSPACE = '\b'; /* characters written for flood */ 175 static const char *DOT = "."; 176 static size_t DOTlen = 1; 177 static size_t DOTidx = 0; 178 static char *shostname; 179 static int ident; /* process id to identify our packets */ 180 static int uid; /* cached uid for micro-optimization */ 181 static u_char icmp_type = ICMP_ECHO; 182 static u_char icmp_type_rsp = ICMP_ECHOREPLY; 183 static int phdr_len = 0; 184 static int send_len; 185 186 /* counters */ 187 static long nmissedmax; /* max value of ntransmitted - nreceived - 1 */ 188 static long npackets; /* max packets to transmit */ 189 static long snpackets; /* max packets to transmit in one sweep */ 190 static long sntransmitted; /* # of packets we sent in this sweep */ 191 static int sweepmax; /* max value of payload in sweep */ 192 static int sweepmin = 0; /* start value of payload in sweep */ 193 static int sweepincr = 1; /* payload increment in sweep */ 194 static int interval = 1000; /* interval between packets, ms */ 195 static int waittime = MAXWAIT; /* timeout for each packet */ 196 197 static cap_channel_t *capdns; 198 199 static void fill(char *, char *); 200 static cap_channel_t *capdns_setup(void); 201 static void pinger(void); 202 static char *pr_addr(struct in_addr); 203 static char *pr_ntime(n_time); 204 static void pr_icmph(struct icmp *, struct ip *, const u_char *const); 205 static void pr_iph(struct ip *, const u_char *); 206 static void pr_pack(char *, ssize_t, struct sockaddr_in *, struct timespec *); 207 208 int 209 ping(int argc, char *const *argv) 210 { 211 struct sockaddr_in from, sock_in; 212 struct in_addr ifaddr; 213 struct timespec last, intvl; 214 struct iovec iov; 215 struct msghdr msg; 216 struct sigaction si_sa; 217 size_t sz; 218 u_char *datap, packet[IP_MAXPACKET] __aligned(4); 219 const char *errstr; 220 char *ep, *source, *target, *payload; 221 struct hostent *hp; 222 #ifdef IPSEC_POLICY_IPSEC 223 char *policy_in, *policy_out; 224 #endif 225 struct sockaddr_in *to; 226 double t; 227 u_long alarmtimeout; 228 long long ltmp; 229 int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; 230 int ssend_errno, srecv_errno, tos, ttl, pcp; 231 char ctrl[CMSG_SPACE(sizeof(struct timespec))]; 232 char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; 233 #ifdef IP_OPTIONS 234 char rspace[MAX_IPOPTLEN]; /* record route space */ 235 #endif 236 unsigned char loop, mttl; 237 238 payload = source = NULL; 239 #ifdef IPSEC_POLICY_IPSEC 240 policy_in = policy_out = NULL; 241 #endif 242 cap_rights_t rights; 243 244 /* 245 * Do the stuff that we need root priv's for *first*, and 246 * then drop our setuid bit. Save error reporting for 247 * after arg parsing. 248 * 249 * Historicaly ping was using one socket 's' for sending and for 250 * receiving. After capsicum(4) related changes we use two 251 * sockets. It was done for special ping use case - when user 252 * issue ping on multicast or broadcast address replies come 253 * from different addresses, not from the address we 254 * connect(2)'ed to, and send socket do not receive those 255 * packets. 256 */ 257 ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 258 ssend_errno = errno; 259 srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 260 srecv_errno = errno; 261 262 if (setuid(getuid()) != 0) 263 err(EX_NOPERM, "setuid() failed"); 264 uid = getuid(); 265 266 if (ssend < 0) { 267 errno = ssend_errno; 268 err(EX_OSERR, "ssend socket"); 269 } 270 271 if (srecv < 0) { 272 errno = srecv_errno; 273 err(EX_OSERR, "srecv socket"); 274 } 275 276 alarmtimeout = df = preload = tos = pcp = 0; 277 278 outpack = outpackhdr + sizeof(struct ip); 279 while ((ch = getopt(argc, argv, PING4OPTS)) != -1) { 280 switch(ch) { 281 case '.': 282 options |= F_DOT; 283 if (optarg != NULL) { 284 DOT = optarg; 285 DOTlen = strlen(optarg); 286 } 287 break; 288 case '4': 289 /* This option is processed in main(). */ 290 break; 291 case 'A': 292 options |= F_MISSED; 293 break; 294 case 'a': 295 options |= F_AUDIBLE; 296 break; 297 case 'C': 298 options |= F_IP_VLAN_PCP; 299 ltmp = strtonum(optarg, -1, 7, &errstr); 300 if (errstr != NULL) 301 errx(EX_USAGE, "invalid PCP: `%s'", optarg); 302 pcp = ltmp; 303 break; 304 case 'c': 305 ltmp = strtonum(optarg, 1, LONG_MAX, &errstr); 306 if (errstr != NULL) 307 errx(EX_USAGE, 308 "invalid count of packets to transmit: `%s'", 309 optarg); 310 npackets = (long)ltmp; 311 break; 312 case 'D': 313 options |= F_HDRINCL; 314 df = 1; 315 break; 316 case 'd': 317 options |= F_SO_DEBUG; 318 break; 319 case 'f': 320 if (uid) { 321 errno = EPERM; 322 err(EX_NOPERM, "-f flag"); 323 } 324 options |= F_FLOOD; 325 options |= F_DOT; 326 setbuf(stdout, (char *)NULL); 327 break; 328 case 'G': /* Maximum packet size for ping sweep */ 329 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 330 if (errstr != NULL) { 331 errx(EX_USAGE, "invalid packet size: `%s'", 332 optarg); 333 } 334 sweepmax = (int)ltmp; 335 if (uid != 0 && sweepmax > DEFDATALEN) { 336 errc(EX_NOPERM, EPERM, 337 "packet size too large: %d > %u", 338 sweepmax, DEFDATALEN); 339 } 340 options |= F_SWEEP; 341 break; 342 case 'g': /* Minimum packet size for ping sweep */ 343 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 344 if (errstr != NULL) { 345 errx(EX_USAGE, "invalid packet size: `%s'", 346 optarg); 347 } 348 sweepmin = (int)ltmp; 349 if (uid != 0 && sweepmin > DEFDATALEN) { 350 errc(EX_NOPERM, EPERM, 351 "packet size too large: %d > %u", 352 sweepmin, DEFDATALEN); 353 } 354 options |= F_SWEEP; 355 break; 356 case 'H': 357 options |= F_HOSTNAME; 358 break; 359 case 'h': /* Packet size increment for ping sweep */ 360 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 361 if (errstr != NULL) { 362 errx(EX_USAGE, "invalid packet size: `%s'", 363 optarg); 364 } 365 sweepincr = (int)ltmp; 366 if (uid != 0 && sweepincr > DEFDATALEN) { 367 errc(EX_NOPERM, EPERM, 368 "packet size too large: %d > %u", 369 sweepincr, DEFDATALEN); 370 } 371 options |= F_SWEEP; 372 break; 373 case 'I': /* multicast interface */ 374 if (inet_aton(optarg, &ifaddr) == 0) 375 errx(EX_USAGE, 376 "invalid multicast interface: `%s'", 377 optarg); 378 options |= F_MIF; 379 break; 380 case 'i': /* wait between sending packets */ 381 t = strtod(optarg, &ep) * 1000.0; 382 if (*ep || ep == optarg || t > (double)INT_MAX) 383 errx(EX_USAGE, "invalid timing interval: `%s'", 384 optarg); 385 options |= F_INTERVAL; 386 interval = (int)t; 387 if (uid && interval < 1000) { 388 errno = EPERM; 389 err(EX_NOPERM, "-i interval too short"); 390 } 391 break; 392 case 'L': 393 options |= F_NOLOOP; 394 loop = 0; 395 break; 396 case 'l': 397 ltmp = strtonum(optarg, 0, INT_MAX, &errstr); 398 if (errstr != NULL) 399 errx(EX_USAGE, 400 "invalid preload value: `%s'", optarg); 401 if (uid) { 402 errno = EPERM; 403 err(EX_NOPERM, "-l flag"); 404 } 405 preload = (int)ltmp; 406 break; 407 case 'M': 408 switch(optarg[0]) { 409 case 'M': 410 case 'm': 411 options |= F_MASK; 412 break; 413 case 'T': 414 case 't': 415 options |= F_TIME; 416 break; 417 default: 418 errx(EX_USAGE, "invalid message: `%c'", optarg[0]); 419 break; 420 } 421 break; 422 case 'm': /* TTL */ 423 ltmp = strtonum(optarg, 0, MAXTTL, &errstr); 424 if (errstr != NULL) 425 errx(EX_USAGE, "invalid TTL: `%s'", optarg); 426 ttl = (int)ltmp; 427 options |= F_TTL; 428 break; 429 case 'n': 430 options &= ~F_HOSTNAME; 431 break; 432 case 'o': 433 options |= F_ONCE; 434 break; 435 #ifdef IPSEC 436 #ifdef IPSEC_POLICY_IPSEC 437 case 'P': 438 options |= F_POLICY; 439 if (!strncmp("in", optarg, 2)) 440 policy_in = strdup(optarg); 441 else if (!strncmp("out", optarg, 3)) 442 policy_out = strdup(optarg); 443 else 444 errx(1, "invalid security policy"); 445 break; 446 #endif /*IPSEC_POLICY_IPSEC*/ 447 #endif /*IPSEC*/ 448 case 'p': /* fill buffer with user pattern */ 449 options |= F_PINGFILLED; 450 payload = optarg; 451 break; 452 case 'Q': 453 options |= F_QUIET2; 454 break; 455 case 'q': 456 options |= F_QUIET; 457 break; 458 case 'R': 459 options |= F_RROUTE; 460 break; 461 case 'r': 462 options |= F_SO_DONTROUTE; 463 break; 464 case 'S': 465 source = optarg; 466 break; 467 case 's': /* size of packet to send */ 468 ltmp = strtonum(optarg, 0, INT_MAX, &errstr); 469 if (errstr != NULL) 470 errx(EX_USAGE, "invalid packet size: `%s'", 471 optarg); 472 datalen = (int)ltmp; 473 if (uid != 0 && datalen > DEFDATALEN) { 474 errno = EPERM; 475 err(EX_NOPERM, 476 "packet size too large: %d > %u", 477 datalen, DEFDATALEN); 478 } 479 break; 480 case 'T': /* multicast TTL */ 481 ltmp = strtonum(optarg, 0, MAXTTL, &errstr); 482 if (errstr != NULL) 483 errx(EX_USAGE, "invalid multicast TTL: `%s'", 484 optarg); 485 mttl = (unsigned char)ltmp; 486 options |= F_MTTL; 487 break; 488 case 't': 489 alarmtimeout = strtoul(optarg, &ep, 0); 490 if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX)) 491 errx(EX_USAGE, "invalid timeout: `%s'", 492 optarg); 493 if (alarmtimeout > MAXALARM) 494 errx(EX_USAGE, "invalid timeout: `%s' > %d", 495 optarg, MAXALARM); 496 { 497 struct itimerval itv; 498 499 timerclear(&itv.it_interval); 500 timerclear(&itv.it_value); 501 itv.it_value.tv_sec = (time_t)alarmtimeout; 502 if (setitimer(ITIMER_REAL, &itv, NULL) != 0) 503 err(1, "setitimer"); 504 } 505 break; 506 case 'v': 507 options |= F_VERBOSE; 508 break; 509 case 'W': /* wait ms for answer */ 510 t = strtod(optarg, &ep); 511 if (*ep || ep == optarg || t > (double)INT_MAX) 512 errx(EX_USAGE, "invalid timing interval: `%s'", 513 optarg); 514 options |= F_WAITTIME; 515 waittime = (int)t; 516 break; 517 case 'z': 518 options |= F_HDRINCL; 519 ltmp = strtol(optarg, &ep, 0); 520 if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0) 521 errx(EX_USAGE, "invalid TOS: `%s'", optarg); 522 tos = ltmp; 523 break; 524 default: 525 usage(); 526 } 527 } 528 529 if (argc - optind != 1) 530 usage(); 531 target = argv[optind]; 532 533 switch (options & (F_MASK|F_TIME)) { 534 case 0: break; 535 case F_MASK: 536 icmp_type = ICMP_MASKREQ; 537 icmp_type_rsp = ICMP_MASKREPLY; 538 phdr_len = MASK_LEN; 539 if (!(options & F_QUIET)) 540 (void)printf("ICMP_MASKREQ\n"); 541 break; 542 case F_TIME: 543 icmp_type = ICMP_TSTAMP; 544 icmp_type_rsp = ICMP_TSTAMPREPLY; 545 phdr_len = TS_LEN; 546 if (!(options & F_QUIET)) 547 (void)printf("ICMP_TSTAMP\n"); 548 break; 549 default: 550 errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive."); 551 break; 552 } 553 icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len; 554 if (options & F_RROUTE) 555 icmp_len += MAX_IPOPTLEN; 556 maxpayload = IP_MAXPACKET - icmp_len; 557 if (datalen > maxpayload) 558 errx(EX_USAGE, "packet size too large: %d > %d", datalen, 559 maxpayload); 560 send_len = icmp_len + datalen; 561 datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN]; 562 if (options & F_PINGFILLED) { 563 fill((char *)datap, payload); 564 } 565 capdns = capdns_setup(); 566 if (source) { 567 bzero((char *)&sock_in, sizeof(sock_in)); 568 sock_in.sin_family = AF_INET; 569 if (inet_aton(source, &sock_in.sin_addr) != 0) { 570 shostname = source; 571 } else { 572 hp = cap_gethostbyname2(capdns, source, AF_INET); 573 if (!hp) 574 errx(EX_NOHOST, "cannot resolve %s: %s", 575 source, hstrerror(h_errno)); 576 577 sock_in.sin_len = sizeof sock_in; 578 if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) || 579 hp->h_length < 0) 580 errx(1, "gethostbyname2: illegal address"); 581 memcpy(&sock_in.sin_addr, hp->h_addr_list[0], 582 sizeof(sock_in.sin_addr)); 583 (void)strncpy(snamebuf, hp->h_name, 584 sizeof(snamebuf) - 1); 585 snamebuf[sizeof(snamebuf) - 1] = '\0'; 586 shostname = snamebuf; 587 } 588 if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == 589 -1) 590 err(1, "bind"); 591 } 592 593 bzero(&whereto, sizeof(whereto)); 594 to = &whereto; 595 to->sin_family = AF_INET; 596 to->sin_len = sizeof *to; 597 if (inet_aton(target, &to->sin_addr) != 0) { 598 hostname = target; 599 } else { 600 hp = cap_gethostbyname2(capdns, target, AF_INET); 601 if (!hp) 602 errx(EX_NOHOST, "cannot resolve %s: %s", 603 target, hstrerror(h_errno)); 604 605 if ((unsigned)hp->h_length > sizeof(to->sin_addr)) 606 errx(1, "gethostbyname2 returned an illegal address"); 607 memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr); 608 (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); 609 hnamebuf[sizeof(hnamebuf) - 1] = '\0'; 610 hostname = hnamebuf; 611 } 612 613 /* From now on we will use only reverse DNS lookups. */ 614 #ifdef WITH_CASPER 615 if (capdns != NULL) { 616 const char *types[1]; 617 618 types[0] = "ADDR2NAME"; 619 if (cap_dns_type_limit(capdns, types, 1) < 0) 620 err(1, "unable to limit access to system.dns service"); 621 } 622 #endif 623 if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) 624 err(1, "connect"); 625 626 if (options & F_FLOOD && options & F_INTERVAL) 627 errx(EX_USAGE, "-f and -i: incompatible options"); 628 629 if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 630 errx(EX_USAGE, 631 "-f flag cannot be used with multicast destination"); 632 if (options & (F_MIF | F_NOLOOP | F_MTTL) 633 && !IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 634 errx(EX_USAGE, 635 "-I, -L, -T flags cannot be used with unicast destination"); 636 637 if (datalen >= TIMEVAL_LEN) /* can we time transfer */ 638 timing = 1; 639 640 if ((options & (F_PINGFILLED | F_SWEEP)) == 0) 641 for (i = TIMEVAL_LEN; i < datalen; ++i) 642 *datap++ = i; 643 644 ident = getpid() & 0xFFFF; 645 646 hold = 1; 647 if (options & F_SO_DEBUG) { 648 (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, 649 sizeof(hold)); 650 (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, 651 sizeof(hold)); 652 } 653 if (options & F_SO_DONTROUTE) 654 (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, 655 sizeof(hold)); 656 if (options & F_IP_VLAN_PCP) { 657 (void)setsockopt(ssend, IPPROTO_IP, IP_VLAN_PCP, (char *)&pcp, 658 sizeof(pcp)); 659 } 660 #ifdef IPSEC 661 #ifdef IPSEC_POLICY_IPSEC 662 if (options & F_POLICY) { 663 char *buf; 664 if (policy_in != NULL) { 665 buf = ipsec_set_policy(policy_in, strlen(policy_in)); 666 if (buf == NULL) 667 errx(EX_CONFIG, "%s", ipsec_strerror()); 668 if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, 669 buf, ipsec_get_policylen(buf)) < 0) 670 err(EX_CONFIG, 671 "ipsec policy cannot be configured"); 672 free(buf); 673 } 674 675 if (policy_out != NULL) { 676 buf = ipsec_set_policy(policy_out, strlen(policy_out)); 677 if (buf == NULL) 678 errx(EX_CONFIG, "%s", ipsec_strerror()); 679 if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, 680 buf, ipsec_get_policylen(buf)) < 0) 681 err(EX_CONFIG, 682 "ipsec policy cannot be configured"); 683 free(buf); 684 } 685 } 686 #endif /*IPSEC_POLICY_IPSEC*/ 687 #endif /*IPSEC*/ 688 689 if (options & F_HDRINCL) { 690 struct ip ip; 691 692 memcpy(&ip, outpackhdr, sizeof(ip)); 693 if (!(options & (F_TTL | F_MTTL))) { 694 mib[0] = CTL_NET; 695 mib[1] = PF_INET; 696 mib[2] = IPPROTO_IP; 697 mib[3] = IPCTL_DEFTTL; 698 sz = sizeof(ttl); 699 if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) 700 err(1, "sysctl(net.inet.ip.ttl)"); 701 } 702 setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); 703 ip.ip_v = IPVERSION; 704 ip.ip_hl = sizeof(struct ip) >> 2; 705 ip.ip_tos = tos; 706 ip.ip_id = 0; 707 ip.ip_off = htons(df ? IP_DF : 0); 708 ip.ip_ttl = ttl; 709 ip.ip_p = IPPROTO_ICMP; 710 ip.ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; 711 ip.ip_dst = to->sin_addr; 712 memcpy(outpackhdr, &ip, sizeof(ip)); 713 } 714 715 /* 716 * Here we enter capability mode. Further down access to global 717 * namespaces (e.g filesystem) is restricted (see capsicum(4)). 718 * We must connect(2) our socket before this point. 719 */ 720 caph_cache_catpages(); 721 if (caph_enter_casper() < 0) 722 err(1, "caph_enter_casper"); 723 724 cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); 725 if (caph_rights_limit(srecv, &rights) < 0) 726 err(1, "cap_rights_limit srecv"); 727 cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); 728 if (caph_rights_limit(ssend, &rights) < 0) 729 err(1, "cap_rights_limit ssend"); 730 731 /* record route option */ 732 if (options & F_RROUTE) { 733 #ifdef IP_OPTIONS 734 bzero(rspace, sizeof(rspace)); 735 rspace[IPOPT_OPTVAL] = IPOPT_RR; 736 rspace[IPOPT_OLEN] = sizeof(rspace) - 1; 737 rspace[IPOPT_OFFSET] = IPOPT_MINOFF; 738 rspace[sizeof(rspace) - 1] = IPOPT_EOL; 739 if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, 740 sizeof(rspace)) < 0) 741 err(EX_OSERR, "setsockopt IP_OPTIONS"); 742 #else 743 errx(EX_UNAVAILABLE, 744 "record route not available in this implementation"); 745 #endif /* IP_OPTIONS */ 746 } 747 748 if (options & F_TTL) { 749 if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, 750 sizeof(ttl)) < 0) { 751 err(EX_OSERR, "setsockopt IP_TTL"); 752 } 753 } 754 if (options & F_NOLOOP) { 755 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, 756 sizeof(loop)) < 0) { 757 err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); 758 } 759 } 760 if (options & F_MTTL) { 761 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, 762 sizeof(mttl)) < 0) { 763 err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); 764 } 765 } 766 if (options & F_MIF) { 767 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, 768 sizeof(ifaddr)) < 0) { 769 err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); 770 } 771 } 772 #ifdef SO_TIMESTAMP 773 { 774 int on = 1; 775 int ts_clock = SO_TS_MONOTONIC; 776 if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, 777 sizeof(on)) < 0) 778 err(EX_OSERR, "setsockopt SO_TIMESTAMP"); 779 if (setsockopt(srecv, SOL_SOCKET, SO_TS_CLOCK, &ts_clock, 780 sizeof(ts_clock)) < 0) 781 err(EX_OSERR, "setsockopt SO_TS_CLOCK"); 782 } 783 #endif 784 if (sweepmax) { 785 if (sweepmin > sweepmax) 786 errx(EX_USAGE, 787 "Maximum packet size must be no less than the minimum packet size"); 788 789 if (sweepmax > maxpayload - TIMEVAL_LEN) 790 errx(EX_USAGE, "Invalid sweep maximum"); 791 792 if (datalen != DEFDATALEN) 793 errx(EX_USAGE, 794 "Packet size and ping sweep are mutually exclusive"); 795 796 if (npackets > 0) { 797 snpackets = npackets; 798 npackets = 0; 799 } else 800 snpackets = 1; 801 datalen = sweepmin; 802 send_len = icmp_len + sweepmin; 803 } 804 if (options & F_SWEEP && !sweepmax) 805 errx(EX_USAGE, "Maximum sweep size must be specified"); 806 807 /* 808 * When pinging the broadcast address, you can get a lot of answers. 809 * Doing something so evil is useful if you are trying to stress the 810 * ethernet, or just want to fill the arp cache to get some stuff for 811 * /etc/ethers. But beware: RFC 1122 allows hosts to ignore broadcast 812 * or multicast pings if they wish. 813 */ 814 815 /* 816 * XXX receive buffer needs undetermined space for mbuf overhead 817 * as well. 818 */ 819 hold = IP_MAXPACKET + 128; 820 (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, 821 sizeof(hold)); 822 /* CAP_SETSOCKOPT removed */ 823 cap_rights_init(&rights, CAP_RECV, CAP_EVENT); 824 if (caph_rights_limit(srecv, &rights) < 0) 825 err(1, "cap_rights_limit srecv setsockopt"); 826 if (uid == 0) 827 (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, 828 sizeof(hold)); 829 /* CAP_SETSOCKOPT removed */ 830 cap_rights_init(&rights, CAP_SEND); 831 if (caph_rights_limit(ssend, &rights) < 0) 832 err(1, "cap_rights_limit ssend setsockopt"); 833 834 if (to->sin_family == AF_INET) { 835 (void)printf("PING %s (%s)", hostname, 836 inet_ntoa(to->sin_addr)); 837 if (source) 838 (void)printf(" from %s", shostname); 839 if (sweepmax) 840 (void)printf(": (%d ... %d) data bytes\n", 841 sweepmin, sweepmax); 842 else 843 (void)printf(": %d data bytes\n", datalen); 844 845 } else { 846 if (sweepmax) 847 (void)printf("PING %s: (%d ... %d) data bytes\n", 848 hostname, sweepmin, sweepmax); 849 else 850 (void)printf("PING %s: %d data bytes\n", hostname, datalen); 851 } 852 853 /* 854 * Use sigaction() instead of signal() to get unambiguous semantics, 855 * in particular with SA_RESTART not set. 856 */ 857 858 sigemptyset(&si_sa.sa_mask); 859 si_sa.sa_flags = 0; 860 si_sa.sa_handler = onsignal; 861 if (sigaction(SIGINT, &si_sa, 0) == -1) 862 err(EX_OSERR, "sigaction SIGINT"); 863 seenint = 0; 864 if (sigaction(SIGINFO, &si_sa, 0) == -1) 865 err(EX_OSERR, "sigaction SIGINFO"); 866 seeninfo = 0; 867 if (alarmtimeout > 0) { 868 if (sigaction(SIGALRM, &si_sa, 0) == -1) 869 err(EX_OSERR, "sigaction SIGALRM"); 870 } 871 872 bzero(&msg, sizeof(msg)); 873 msg.msg_name = (caddr_t)&from; 874 msg.msg_iov = &iov; 875 msg.msg_iovlen = 1; 876 #ifdef SO_TIMESTAMP 877 msg.msg_control = (caddr_t)ctrl; 878 msg.msg_controllen = sizeof(ctrl); 879 #endif 880 iov.iov_base = packet; 881 iov.iov_len = IP_MAXPACKET; 882 883 if (preload == 0) 884 pinger(); /* send the first ping */ 885 else { 886 if (npackets != 0 && preload > npackets) 887 preload = npackets; 888 while (preload--) /* fire off them quickies */ 889 pinger(); 890 } 891 (void)clock_gettime(CLOCK_MONOTONIC, &last); 892 893 if (options & F_FLOOD) { 894 intvl.tv_sec = 0; 895 intvl.tv_nsec = 10000000; 896 } else { 897 intvl.tv_sec = interval / 1000; 898 intvl.tv_nsec = interval % 1000 * 1000000; 899 } 900 901 almost_done = 0; 902 while (seenint == 0) { 903 struct timespec now, timeout; 904 fd_set rfds; 905 int n; 906 ssize_t cc; 907 908 /* signal handling */ 909 if (seeninfo) { 910 pr_summary(stderr); 911 seeninfo = 0; 912 continue; 913 } 914 if ((unsigned)srecv >= FD_SETSIZE) 915 errx(EX_OSERR, "descriptor too large"); 916 FD_ZERO(&rfds); 917 FD_SET(srecv, &rfds); 918 (void)clock_gettime(CLOCK_MONOTONIC, &now); 919 timespecadd(&last, &intvl, &timeout); 920 timespecsub(&timeout, &now, &timeout); 921 if (timeout.tv_sec < 0) 922 timespecclear(&timeout); 923 924 n = pselect(srecv + 1, &rfds, NULL, NULL, &timeout, NULL); 925 if (n < 0) 926 continue; /* EINTR */ 927 if (n == 1) { 928 struct timespec *tv = NULL; 929 #ifdef SO_TIMESTAMP 930 struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); 931 #endif 932 msg.msg_namelen = sizeof(from); 933 if ((cc = recvmsg(srecv, &msg, 0)) < 0) { 934 if (errno == EINTR) 935 continue; 936 warn("recvmsg"); 937 continue; 938 } 939 /* If we have a 0 byte read from recvfrom continue */ 940 if (cc == 0) 941 continue; 942 #ifdef SO_TIMESTAMP 943 if (cmsg != NULL && 944 cmsg->cmsg_level == SOL_SOCKET && 945 cmsg->cmsg_type == SCM_TIMESTAMP && 946 cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) { 947 /* Copy to avoid alignment problems: */ 948 memcpy(&now, CMSG_DATA(cmsg), sizeof(now)); 949 tv = &now; 950 } 951 #endif 952 if (tv == NULL) { 953 (void)clock_gettime(CLOCK_MONOTONIC, &now); 954 tv = &now; 955 } 956 pr_pack((char *)packet, cc, &from, tv); 957 if ((options & F_ONCE && nreceived) || 958 (npackets && nreceived >= npackets)) 959 break; 960 } 961 if (n == 0 || (options & F_FLOOD)) { 962 if (sweepmax && sntransmitted == snpackets) { 963 if (datalen + sweepincr > sweepmax) 964 break; 965 for (i = 0; i < sweepincr; i++) 966 *datap++ = i; 967 datalen += sweepincr; 968 send_len = icmp_len + datalen; 969 sntransmitted = 0; 970 } 971 if (!npackets || ntransmitted < npackets) 972 pinger(); 973 else { 974 if (almost_done) 975 break; 976 almost_done = 1; 977 /* 978 * If we're not transmitting any more packets, 979 * change the timer to wait two round-trip times 980 * if we've received any packets or (waittime) 981 * milliseconds if we haven't. 982 */ 983 intvl.tv_nsec = 0; 984 if (nreceived) { 985 intvl.tv_sec = 2 * tmax / 1000; 986 if (intvl.tv_sec == 0) 987 intvl.tv_sec = 1; 988 } else { 989 intvl.tv_sec = waittime / 1000; 990 intvl.tv_nsec = 991 waittime % 1000 * 1000000; 992 } 993 } 994 (void)clock_gettime(CLOCK_MONOTONIC, &last); 995 if (ntransmitted - nreceived - 1 > nmissedmax) { 996 nmissedmax = ntransmitted - nreceived - 1; 997 if (options & F_MISSED) 998 (void)write(STDOUT_FILENO, &BBELL, 1); 999 } 1000 } 1001 } 1002 pr_summary(stdout); 1003 1004 exit(nreceived ? 0 : 2); 1005 } 1006 1007 /* 1008 * pinger -- 1009 * Compose and transmit an ICMP ECHO REQUEST packet. The IP packet 1010 * will be added on by the kernel. The ID field is our UNIX process ID, 1011 * and the sequence number is an ascending integer. The first TIMEVAL_LEN 1012 * bytes of the data portion are used to hold a UNIX "timespec" struct in 1013 * host byte-order, to compute the round-trip time. 1014 */ 1015 static void 1016 pinger(void) 1017 { 1018 struct timespec now; 1019 struct tv32 tv32; 1020 struct icmp icp; 1021 int cc, i; 1022 u_char *packet; 1023 1024 packet = outpack; 1025 memcpy(&icp, outpack, ICMP_MINLEN + phdr_len); 1026 icp.icmp_type = icmp_type; 1027 icp.icmp_code = 0; 1028 icp.icmp_cksum = 0; 1029 icp.icmp_seq = htons(ntransmitted); 1030 icp.icmp_id = ident; /* ID */ 1031 1032 CLR(ntransmitted % mx_dup_ck); 1033 1034 if ((options & F_TIME) || timing) { 1035 (void)clock_gettime(CLOCK_MONOTONIC, &now); 1036 /* 1037 * Truncate seconds down to 32 bits in order 1038 * to fit the timestamp within 8 bytes of the 1039 * packet. We're only concerned with 1040 * durations, not absolute times. 1041 */ 1042 tv32.tv32_sec = (uint32_t)htonl(now.tv_sec); 1043 tv32.tv32_nsec = (uint32_t)htonl(now.tv_nsec); 1044 if (options & F_TIME) 1045 icp.icmp_otime = htonl((now.tv_sec % (24*60*60)) 1046 * 1000 + now.tv_nsec / 1000000); 1047 if (timing) 1048 bcopy((void *)&tv32, 1049 (void *)&outpack[ICMP_MINLEN + phdr_len], 1050 sizeof(tv32)); 1051 } 1052 1053 memcpy(outpack, &icp, ICMP_MINLEN + phdr_len); 1054 1055 cc = ICMP_MINLEN + phdr_len + datalen; 1056 1057 /* compute ICMP checksum here */ 1058 icp.icmp_cksum = in_cksum(outpack, cc); 1059 /* Update icmp_cksum in the raw packet data buffer. */ 1060 memcpy(outpack + offsetof(struct icmp, icmp_cksum), &icp.icmp_cksum, 1061 sizeof(icp.icmp_cksum)); 1062 1063 if (options & F_HDRINCL) { 1064 struct ip ip; 1065 1066 cc += sizeof(struct ip); 1067 ip.ip_len = htons(cc); 1068 /* Update ip_len in the raw packet data buffer. */ 1069 memcpy(outpackhdr + offsetof(struct ip, ip_len), &ip.ip_len, 1070 sizeof(ip.ip_len)); 1071 ip.ip_sum = in_cksum(outpackhdr, cc); 1072 /* Update ip_sum in the raw packet data buffer. */ 1073 memcpy(outpackhdr + offsetof(struct ip, ip_sum), &ip.ip_sum, 1074 sizeof(ip.ip_sum)); 1075 packet = outpackhdr; 1076 } 1077 i = send(ssend, (char *)packet, cc, 0); 1078 if (i < 0 || i != cc) { 1079 if (i < 0) { 1080 if (options & F_FLOOD && errno == ENOBUFS) { 1081 usleep(FLOOD_BACKOFF); 1082 return; 1083 } 1084 warn("sendto"); 1085 } else { 1086 warn("%s: partial write: %d of %d bytes", 1087 hostname, i, cc); 1088 } 1089 } 1090 ntransmitted++; 1091 sntransmitted++; 1092 if (!(options & F_QUIET) && options & F_DOT) 1093 (void)write(STDOUT_FILENO, &DOT[DOTidx++ % DOTlen], 1); 1094 } 1095 1096 /* 1097 * pr_pack -- 1098 * Print out the packet, if it came from us. This logic is necessary 1099 * because ALL readers of the ICMP socket get a copy of ALL ICMP packets 1100 * which arrive ('tis only fair). This permits multiple copies of this 1101 * program to be run without having intermingled output (or statistics!). 1102 */ 1103 static void 1104 pr_pack(char *buf, ssize_t cc, struct sockaddr_in *from, struct timespec *tv) 1105 { 1106 struct in_addr ina; 1107 u_char *cp, *dp, l; 1108 struct icmp icp; 1109 struct ip ip; 1110 const u_char *icmp_data_raw; 1111 ssize_t icmp_data_raw_len; 1112 double triptime; 1113 int dupflag, i, j, recv_len; 1114 int8_t hlen; 1115 uint16_t seq; 1116 static int old_rrlen; 1117 static char old_rr[MAX_IPOPTLEN]; 1118 struct ip oip; 1119 u_char oip_header_len; 1120 struct icmp oicmp; 1121 const u_char *oicmp_raw; 1122 1123 /* 1124 * Get size of IP header of the received packet. 1125 * The header length is contained in the lower four bits of the first 1126 * byte and represents the number of 4 byte octets the header takes up. 1127 * 1128 * The IHL minimum value is 5 (20 bytes) and its maximum value is 15 1129 * (60 bytes). 1130 */ 1131 memcpy(&l, buf, sizeof(l)); 1132 hlen = (l & 0x0f) << 2; 1133 1134 /* Reject IP packets with a short header */ 1135 if (hlen < (int8_t) sizeof(struct ip)) { 1136 if (options & F_VERBOSE) 1137 warn("IHL too short (%d bytes) from %s", hlen, 1138 inet_ntoa(from->sin_addr)); 1139 return; 1140 } 1141 1142 memcpy(&ip, buf, sizeof(struct ip)); 1143 1144 /* Check packet has enough data to carry a valid ICMP header */ 1145 recv_len = cc; 1146 if (cc < hlen + ICMP_MINLEN) { 1147 if (options & F_VERBOSE) 1148 warn("packet too short (%zd bytes) from %s", cc, 1149 inet_ntoa(from->sin_addr)); 1150 return; 1151 } 1152 1153 icmp_data_raw_len = cc - (hlen + offsetof(struct icmp, icmp_data)); 1154 icmp_data_raw = buf + hlen + offsetof(struct icmp, icmp_data); 1155 1156 /* Now the ICMP part */ 1157 cc -= hlen; 1158 memcpy(&icp, buf + hlen, MIN((ssize_t)sizeof(icp), cc)); 1159 if (icp.icmp_type == icmp_type_rsp) { 1160 if (icp.icmp_id != ident) 1161 return; /* 'Twas not our ECHO */ 1162 ++nreceived; 1163 triptime = 0.0; 1164 if (timing) { 1165 struct timespec tv1; 1166 struct tv32 tv32; 1167 const u_char *tp; 1168 1169 tp = icmp_data_raw + phdr_len; 1170 1171 if ((size_t)(cc - ICMP_MINLEN - phdr_len) >= 1172 sizeof(tv1)) { 1173 /* Copy to avoid alignment problems: */ 1174 memcpy(&tv32, tp, sizeof(tv32)); 1175 tv1.tv_sec = ntohl(tv32.tv32_sec); 1176 tv1.tv_nsec = ntohl(tv32.tv32_nsec); 1177 timespecsub(tv, &tv1, tv); 1178 triptime = ((double)tv->tv_sec) * 1000.0 + 1179 ((double)tv->tv_nsec) / 1000000.0; 1180 if (triptime < 0) { 1181 warnx("time of day goes back (%.3f ms)," 1182 " clamping time to 0", 1183 triptime); 1184 triptime = 0; 1185 } 1186 tsum += triptime; 1187 tsumsq += triptime * triptime; 1188 if (triptime < tmin) 1189 tmin = triptime; 1190 if (triptime > tmax) 1191 tmax = triptime; 1192 } else 1193 timing = 0; 1194 } 1195 1196 seq = ntohs(icp.icmp_seq); 1197 1198 if (TST(seq % mx_dup_ck)) { 1199 ++nrepeats; 1200 --nreceived; 1201 dupflag = 1; 1202 } else { 1203 SET(seq % mx_dup_ck); 1204 dupflag = 0; 1205 } 1206 1207 if (options & F_QUIET) 1208 return; 1209 1210 if (options & F_WAITTIME && triptime > waittime) { 1211 ++nrcvtimeout; 1212 return; 1213 } 1214 1215 if (options & F_DOT) 1216 (void)write(STDOUT_FILENO, &BSPACE, 1); 1217 else { 1218 (void)printf("%zd bytes from %s: icmp_seq=%u", cc, 1219 pr_addr(from->sin_addr), seq); 1220 (void)printf(" ttl=%d", ip.ip_ttl); 1221 if (timing) 1222 (void)printf(" time=%.3f ms", triptime); 1223 if (dupflag) 1224 (void)printf(" (DUP!)"); 1225 if (options & F_AUDIBLE) 1226 (void)write(STDOUT_FILENO, &BBELL, 1); 1227 if (options & F_MASK) { 1228 /* Just prentend this cast isn't ugly */ 1229 (void)printf(" mask=%s", 1230 inet_ntoa(*(struct in_addr *)&(icp.icmp_mask))); 1231 } 1232 if (options & F_TIME) { 1233 (void)printf(" tso=%s", pr_ntime(icp.icmp_otime)); 1234 (void)printf(" tsr=%s", pr_ntime(icp.icmp_rtime)); 1235 (void)printf(" tst=%s", pr_ntime(icp.icmp_ttime)); 1236 } 1237 if (recv_len != send_len) { 1238 (void)printf( 1239 "\nwrong total length %d instead of %d", 1240 recv_len, send_len); 1241 } 1242 /* check the data */ 1243 cp = (u_char*)(buf + hlen + offsetof(struct icmp, 1244 icmp_data) + phdr_len); 1245 dp = &outpack[ICMP_MINLEN + phdr_len]; 1246 cc -= ICMP_MINLEN + phdr_len; 1247 i = 0; 1248 if (timing) { /* don't check variable timestamp */ 1249 cp += TIMEVAL_LEN; 1250 dp += TIMEVAL_LEN; 1251 cc -= TIMEVAL_LEN; 1252 i += TIMEVAL_LEN; 1253 } 1254 for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) { 1255 if (*cp != *dp) { 1256 (void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x", 1257 i, *dp, *cp); 1258 (void)printf("\ncp:"); 1259 cp = (u_char*)(buf + hlen + 1260 offsetof(struct icmp, icmp_data)); 1261 for (i = 0; i < datalen; ++i, ++cp) { 1262 if ((i % 16) == 8) 1263 (void)printf("\n\t"); 1264 (void)printf(" %2x", *cp); 1265 } 1266 (void)printf("\ndp:"); 1267 cp = &outpack[ICMP_MINLEN]; 1268 for (i = 0; i < datalen; ++i, ++cp) { 1269 if ((i % 16) == 8) 1270 (void)printf("\n\t"); 1271 (void)printf(" %2x", *cp); 1272 } 1273 break; 1274 } 1275 } 1276 } 1277 } else { 1278 /* 1279 * We've got something other than an ECHOREPLY. 1280 * See if it's a reply to something that we sent. 1281 * We can compare IP destination, protocol, 1282 * and ICMP type and ID. 1283 * 1284 * Only print all the error messages if we are running 1285 * as root to avoid leaking information not normally 1286 * available to those not running as root. 1287 */ 1288 1289 /* 1290 * If we don't have enough bytes for a quoted IP header and an 1291 * ICMP header then stop. 1292 */ 1293 if (icmp_data_raw_len < 1294 (ssize_t)(sizeof(struct ip) + sizeof(struct icmp))) { 1295 if (options & F_VERBOSE) 1296 warnx("quoted data too short (%zd bytes) from %s", 1297 icmp_data_raw_len, inet_ntoa(from->sin_addr)); 1298 return; 1299 } 1300 1301 memcpy(&oip_header_len, icmp_data_raw, sizeof(oip_header_len)); 1302 oip_header_len = (oip_header_len & 0x0f) << 2; 1303 1304 /* Reject IP packets with a short header */ 1305 if (oip_header_len < sizeof(struct ip)) { 1306 if (options & F_VERBOSE) 1307 warnx("inner IHL too short (%d bytes) from %s", 1308 oip_header_len, inet_ntoa(from->sin_addr)); 1309 return; 1310 } 1311 1312 /* 1313 * Check against the actual IHL length, to protect against 1314 * quoated packets carrying IP options. 1315 */ 1316 if (icmp_data_raw_len < 1317 (ssize_t)(oip_header_len + sizeof(struct icmp))) { 1318 if (options & F_VERBOSE) 1319 warnx("inner packet too short (%zd bytes) from %s", 1320 icmp_data_raw_len, inet_ntoa(from->sin_addr)); 1321 return; 1322 } 1323 1324 memcpy(&oip, icmp_data_raw, sizeof(struct ip)); 1325 oicmp_raw = icmp_data_raw + oip_header_len; 1326 memcpy(&oicmp, oicmp_raw, sizeof(struct icmp)); 1327 1328 if (((options & F_VERBOSE) && uid == 0) || 1329 (!(options & F_QUIET2) && 1330 (oip.ip_dst.s_addr == whereto.sin_addr.s_addr) && 1331 (oip.ip_p == IPPROTO_ICMP) && 1332 (oicmp.icmp_type == ICMP_ECHO) && 1333 (oicmp.icmp_id == ident))) { 1334 (void)printf("%zd bytes from %s: ", cc, 1335 pr_addr(from->sin_addr)); 1336 pr_icmph(&icp, &oip, icmp_data_raw); 1337 } else 1338 return; 1339 } 1340 1341 /* Display any IP options */ 1342 cp = (u_char *)buf + sizeof(struct ip); 1343 1344 for (; hlen > (int)sizeof(struct ip); --hlen, ++cp) 1345 switch (*cp) { 1346 case IPOPT_EOL: 1347 hlen = 0; 1348 break; 1349 case IPOPT_LSRR: 1350 case IPOPT_SSRR: 1351 (void)printf(*cp == IPOPT_LSRR ? 1352 "\nLSRR: " : "\nSSRR: "); 1353 j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1; 1354 hlen -= 2; 1355 cp += 2; 1356 if (j >= INADDR_LEN && 1357 j <= hlen - (int)sizeof(struct ip)) { 1358 for (;;) { 1359 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1360 if (ina.s_addr == 0) 1361 (void)printf("\t0.0.0.0"); 1362 else 1363 (void)printf("\t%s", 1364 pr_addr(ina)); 1365 hlen -= INADDR_LEN; 1366 cp += INADDR_LEN - 1; 1367 j -= INADDR_LEN; 1368 if (j < INADDR_LEN) 1369 break; 1370 (void)putchar('\n'); 1371 } 1372 } else 1373 (void)printf("\t(truncated route)"); 1374 break; 1375 case IPOPT_RR: 1376 j = cp[IPOPT_OLEN]; /* get length */ 1377 i = cp[IPOPT_OFFSET]; /* and pointer */ 1378 hlen -= 2; 1379 cp += 2; 1380 if (i > j) 1381 i = j; 1382 i = i - IPOPT_MINOFF + 1; 1383 if (i < 0 || i > (hlen - (int)sizeof(struct ip))) { 1384 old_rrlen = 0; 1385 continue; 1386 } 1387 if (i == old_rrlen 1388 && !bcmp((char *)cp, old_rr, i) 1389 && !(options & F_DOT)) { 1390 (void)printf("\t(same route)"); 1391 hlen -= i; 1392 cp += i; 1393 break; 1394 } 1395 old_rrlen = i; 1396 bcopy((char *)cp, old_rr, i); 1397 (void)printf("\nRR: "); 1398 if (i >= INADDR_LEN && 1399 i <= hlen - (int)sizeof(struct ip)) { 1400 for (;;) { 1401 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1402 if (ina.s_addr == 0) 1403 (void)printf("\t0.0.0.0"); 1404 else 1405 (void)printf("\t%s", 1406 pr_addr(ina)); 1407 hlen -= INADDR_LEN; 1408 cp += INADDR_LEN - 1; 1409 i -= INADDR_LEN; 1410 if (i < INADDR_LEN) 1411 break; 1412 (void)putchar('\n'); 1413 } 1414 } else 1415 (void)printf("\t(truncated route)"); 1416 break; 1417 case IPOPT_NOP: 1418 (void)printf("\nNOP"); 1419 break; 1420 default: 1421 (void)printf("\nunknown option %x", *cp); 1422 break; 1423 } 1424 if (!(options & F_DOT)) { 1425 (void)putchar('\n'); 1426 (void)fflush(stdout); 1427 } 1428 } 1429 1430 /* 1431 * pr_icmph -- 1432 * Print a descriptive string about an ICMP header. 1433 */ 1434 static void 1435 pr_icmph(struct icmp *icp, struct ip *oip, const u_char *const oicmp_raw) 1436 { 1437 1438 switch(icp->icmp_type) { 1439 case ICMP_ECHOREPLY: 1440 (void)printf("Echo Reply\n"); 1441 /* XXX ID + Seq + Data */ 1442 break; 1443 case ICMP_UNREACH: 1444 switch(icp->icmp_code) { 1445 case ICMP_UNREACH_NET: 1446 (void)printf("Destination Net Unreachable\n"); 1447 break; 1448 case ICMP_UNREACH_HOST: 1449 (void)printf("Destination Host Unreachable\n"); 1450 break; 1451 case ICMP_UNREACH_PROTOCOL: 1452 (void)printf("Destination Protocol Unreachable\n"); 1453 break; 1454 case ICMP_UNREACH_PORT: 1455 (void)printf("Destination Port Unreachable\n"); 1456 break; 1457 case ICMP_UNREACH_NEEDFRAG: 1458 (void)printf("frag needed and DF set (MTU %d)\n", 1459 ntohs(icp->icmp_nextmtu)); 1460 break; 1461 case ICMP_UNREACH_SRCFAIL: 1462 (void)printf("Source Route Failed\n"); 1463 break; 1464 case ICMP_UNREACH_FILTER_PROHIB: 1465 (void)printf("Communication prohibited by filter\n"); 1466 break; 1467 default: 1468 (void)printf("Dest Unreachable, Bad Code: %d\n", 1469 icp->icmp_code); 1470 break; 1471 } 1472 /* Print returned IP header information */ 1473 pr_iph(oip, oicmp_raw); 1474 break; 1475 case ICMP_SOURCEQUENCH: 1476 (void)printf("Source Quench\n"); 1477 pr_iph(oip, oicmp_raw); 1478 break; 1479 case ICMP_REDIRECT: 1480 switch(icp->icmp_code) { 1481 case ICMP_REDIRECT_NET: 1482 (void)printf("Redirect Network"); 1483 break; 1484 case ICMP_REDIRECT_HOST: 1485 (void)printf("Redirect Host"); 1486 break; 1487 case ICMP_REDIRECT_TOSNET: 1488 (void)printf("Redirect Type of Service and Network"); 1489 break; 1490 case ICMP_REDIRECT_TOSHOST: 1491 (void)printf("Redirect Type of Service and Host"); 1492 break; 1493 default: 1494 (void)printf("Redirect, Bad Code: %d", icp->icmp_code); 1495 break; 1496 } 1497 (void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr)); 1498 pr_iph(oip, oicmp_raw); 1499 break; 1500 case ICMP_ECHO: 1501 (void)printf("Echo Request\n"); 1502 /* XXX ID + Seq + Data */ 1503 break; 1504 case ICMP_TIMXCEED: 1505 switch(icp->icmp_code) { 1506 case ICMP_TIMXCEED_INTRANS: 1507 (void)printf("Time to live exceeded\n"); 1508 break; 1509 case ICMP_TIMXCEED_REASS: 1510 (void)printf("Frag reassembly time exceeded\n"); 1511 break; 1512 default: 1513 (void)printf("Time exceeded, Bad Code: %d\n", 1514 icp->icmp_code); 1515 break; 1516 } 1517 pr_iph(oip, oicmp_raw); 1518 break; 1519 case ICMP_PARAMPROB: 1520 (void)printf("Parameter problem: pointer = 0x%02x\n", 1521 icp->icmp_hun.ih_pptr); 1522 pr_iph(oip, oicmp_raw); 1523 break; 1524 case ICMP_TSTAMP: 1525 (void)printf("Timestamp\n"); 1526 /* XXX ID + Seq + 3 timestamps */ 1527 break; 1528 case ICMP_TSTAMPREPLY: 1529 (void)printf("Timestamp Reply\n"); 1530 /* XXX ID + Seq + 3 timestamps */ 1531 break; 1532 case ICMP_IREQ: 1533 (void)printf("Information Request\n"); 1534 /* XXX ID + Seq */ 1535 break; 1536 case ICMP_IREQREPLY: 1537 (void)printf("Information Reply\n"); 1538 /* XXX ID + Seq */ 1539 break; 1540 case ICMP_MASKREQ: 1541 (void)printf("Address Mask Request\n"); 1542 break; 1543 case ICMP_MASKREPLY: 1544 (void)printf("Address Mask Reply\n"); 1545 break; 1546 case ICMP_ROUTERADVERT: 1547 (void)printf("Router Advertisement\n"); 1548 break; 1549 case ICMP_ROUTERSOLICIT: 1550 (void)printf("Router Solicitation\n"); 1551 break; 1552 default: 1553 (void)printf("Bad ICMP type: %d\n", icp->icmp_type); 1554 } 1555 } 1556 1557 /* 1558 * pr_iph -- 1559 * Print an IP header with options. 1560 */ 1561 static void 1562 pr_iph(struct ip *ip, const u_char *cp) 1563 { 1564 struct in_addr dst_ina, src_ina; 1565 int hlen; 1566 1567 hlen = ip->ip_hl << 2; 1568 cp = cp + sizeof(struct ip); /* point to options */ 1569 1570 memcpy(&src_ina, &ip->ip_src.s_addr, sizeof(src_ina)); 1571 memcpy(&dst_ina, &ip->ip_dst.s_addr, sizeof(dst_ina)); 1572 1573 (void)printf("Vr HL TOS Len ID Flg off TTL Pro cks %*s %*s", 1574 (int)strlen(inet_ntoa(src_ina)), "Src", 1575 (int)strlen(inet_ntoa(dst_ina)), "Dst"); 1576 if (hlen > (int)sizeof(struct ip)) 1577 (void)printf(" Opts"); 1578 (void)putchar('\n'); 1579 (void)printf(" %1x %1x %02x %04x %04x", 1580 ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len), 1581 ntohs(ip->ip_id)); 1582 (void)printf(" %1x %04x", 1583 (ntohs(ip->ip_off) & 0xe000) >> 13, 1584 ntohs(ip->ip_off) & 0x1fff); 1585 (void)printf(" %02x %02x %04x", ip->ip_ttl, ip->ip_p, 1586 ntohs(ip->ip_sum)); 1587 (void)printf(" %s", inet_ntoa(src_ina)); 1588 (void)printf(" %s", inet_ntoa(dst_ina)); 1589 /* dump any option bytes */ 1590 if (hlen > (int)sizeof(struct ip)) { 1591 (void)printf(" "); 1592 while (hlen-- > (int)sizeof(struct ip)) { 1593 (void)printf("%02x", *cp++); 1594 } 1595 } 1596 (void)putchar('\n'); 1597 } 1598 1599 /* 1600 * pr_addr -- 1601 * Return an ascii host address as a dotted quad and optionally with 1602 * a hostname. 1603 */ 1604 static char * 1605 pr_addr(struct in_addr ina) 1606 { 1607 struct hostent *hp; 1608 static char buf[16 + 3 + MAXHOSTNAMELEN]; 1609 1610 if (!(options & F_HOSTNAME)) 1611 return inet_ntoa(ina); 1612 1613 hp = cap_gethostbyaddr(capdns, (char *)&ina, sizeof(ina), AF_INET); 1614 1615 if (hp == NULL) 1616 return inet_ntoa(ina); 1617 1618 (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, 1619 inet_ntoa(ina)); 1620 return(buf); 1621 } 1622 1623 static char * 1624 pr_ntime(n_time timestamp) 1625 { 1626 static char buf[11]; 1627 int hour, min, sec; 1628 1629 sec = ntohl(timestamp) / 1000; 1630 hour = sec / 60 / 60; 1631 min = (sec % (60 * 60)) / 60; 1632 sec = (sec % (60 * 60)) % 60; 1633 1634 (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec); 1635 1636 return (buf); 1637 } 1638 1639 static void 1640 fill(char *bp, char *patp) 1641 { 1642 char *cp; 1643 int pat[16]; 1644 u_int ii, jj, kk; 1645 1646 for (cp = patp; *cp; cp++) { 1647 if (!isxdigit(*cp)) 1648 errx(EX_USAGE, 1649 "patterns must be specified as hex digits"); 1650 1651 } 1652 ii = sscanf(patp, 1653 "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x", 1654 &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6], 1655 &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12], 1656 &pat[13], &pat[14], &pat[15]); 1657 1658 if (ii > 0) 1659 for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii) 1660 for (jj = 0; jj < ii; ++jj) 1661 bp[jj + kk] = pat[jj]; 1662 if (!(options & F_QUIET)) { 1663 (void)printf("PATTERN: 0x"); 1664 for (jj = 0; jj < ii; ++jj) 1665 (void)printf("%02x", bp[jj] & 0xFF); 1666 (void)printf("\n"); 1667 } 1668 } 1669 1670 static cap_channel_t * 1671 capdns_setup(void) 1672 { 1673 cap_channel_t *capcas, *capdnsloc; 1674 #ifdef WITH_CASPER 1675 const char *types[2]; 1676 int families[1]; 1677 #endif 1678 capcas = cap_init(); 1679 if (capcas == NULL) 1680 err(1, "unable to create casper process"); 1681 capdnsloc = cap_service_open(capcas, "system.dns"); 1682 /* Casper capability no longer needed. */ 1683 cap_close(capcas); 1684 if (capdnsloc == NULL) 1685 err(1, "unable to open system.dns service"); 1686 #ifdef WITH_CASPER 1687 types[0] = "NAME2ADDR"; 1688 types[1] = "ADDR2NAME"; 1689 if (cap_dns_type_limit(capdnsloc, types, 2) < 0) 1690 err(1, "unable to limit access to system.dns service"); 1691 families[0] = AF_INET; 1692 if (cap_dns_family_limit(capdnsloc, families, 1) < 0) 1693 err(1, "unable to limit access to system.dns service"); 1694 #endif 1695 return (capdnsloc); 1696 } 1697