xref: /freebsd/sbin/ping/ping.c (revision 61ba55bcf70f2340f9c943c9571113b3fd8eda69)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Mike Muuss.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #if 0
36 #ifndef lint
37 static const char copyright[] =
38 "@(#) Copyright (c) 1989, 1993\n\
39 	The Regents of the University of California.  All rights reserved.\n";
40 #endif /* not lint */
41 
42 #ifndef lint
43 static char sccsid[] = "@(#)ping.c	8.1 (Berkeley) 6/5/93";
44 #endif /* not lint */
45 #endif
46 #include <sys/cdefs.h>
47 /*
48  *			P I N G . C
49  *
50  * Using the Internet Control Message Protocol (ICMP) "ECHO" facility,
51  * measure round-trip-delays and packet loss across network paths.
52  *
53  * Author -
54  *	Mike Muuss
55  *	U. S. Army Ballistic Research Laboratory
56  *	December, 1983
57  *
58  * Status -
59  *	Public Domain.  Distribution Unlimited.
60  * Bugs -
61  *	More statistics could always be gathered.
62  *	This program has to run SUID to ROOT to access the ICMP socket.
63  */
64 
65 #include <sys/param.h>		/* NB: we rely on this for <sys/types.h> */
66 #include <sys/capsicum.h>
67 #include <sys/socket.h>
68 #include <sys/sysctl.h>
69 #include <sys/time.h>
70 #include <sys/uio.h>
71 
72 #include <netinet/in.h>
73 #include <netinet/in_systm.h>
74 #include <netinet/ip.h>
75 #include <netinet/ip_icmp.h>
76 #include <netinet/ip_var.h>
77 #include <arpa/inet.h>
78 
79 #include <libcasper.h>
80 #include <casper/cap_dns.h>
81 
82 #ifdef IPSEC
83 #include <netipsec/ipsec.h>
84 #endif /*IPSEC*/
85 
86 #include <capsicum_helpers.h>
87 #include <ctype.h>
88 #include <err.h>
89 #include <errno.h>
90 #include <math.h>
91 #include <netdb.h>
92 #include <stddef.h>
93 #include <signal.h>
94 #include <stdio.h>
95 #include <stdlib.h>
96 #include <string.h>
97 #include <sysexits.h>
98 #include <time.h>
99 #include <unistd.h>
100 
101 #include "main.h"
102 #include "ping.h"
103 #include "utils.h"
104 
105 #define	INADDR_LEN	((int)sizeof(in_addr_t))
106 #define	TIMEVAL_LEN	((int)sizeof(struct tv32))
107 #define	MASK_LEN	(ICMP_MASKLEN - ICMP_MINLEN)
108 #define	TS_LEN		(ICMP_TSLEN - ICMP_MINLEN)
109 #define	DEFDATALEN	56		/* default data length */
110 #define	FLOOD_BACKOFF	20000		/* usecs to back off if F_FLOOD mode */
111 					/* runs out of buffer space */
112 #define	MAXIPLEN	(sizeof(struct ip) + MAX_IPOPTLEN)
113 #define	MAXICMPLEN	(ICMP_ADVLENMIN + MAX_IPOPTLEN)
114 #define	MAXWAIT		10000		/* max ms to wait for response */
115 #define	MAXALARM	(60 * 60)	/* max seconds for alarm timeout */
116 #define	MAXTOS		255
117 
118 #define	A(bit)		rcvd_tbl[(bit)>>3]	/* identify byte in array */
119 #define	B(bit)		(1 << ((bit) & 0x07))	/* identify bit in byte */
120 #define	SET(bit)	(A(bit) |= B(bit))
121 #define	CLR(bit)	(A(bit) &= (~B(bit)))
122 #define	TST(bit)	(A(bit) & B(bit))
123 
124 struct tv32 {
125 	int32_t tv32_sec;
126 	int32_t tv32_nsec;
127 };
128 
129 /* various options */
130 static int options;
131 #define	F_FLOOD		0x0001
132 #define	F_INTERVAL	0x0002
133 #define	F_NUMERIC	0x0004
134 #define	F_PINGFILLED	0x0008
135 #define	F_QUIET		0x0010
136 #define	F_RROUTE	0x0020
137 #define	F_SO_DEBUG	0x0040
138 #define	F_SO_DONTROUTE	0x0080
139 #define	F_VERBOSE	0x0100
140 #define	F_QUIET2	0x0200
141 #define	F_NOLOOP	0x0400
142 #define	F_MTTL		0x0800
143 #define	F_MIF		0x1000
144 #define	F_AUDIBLE	0x2000
145 #ifdef IPSEC
146 #ifdef IPSEC_POLICY_IPSEC
147 #define F_POLICY	0x4000
148 #endif /*IPSEC_POLICY_IPSEC*/
149 #endif /*IPSEC*/
150 #define	F_TTL		0x8000
151 #define	F_MISSED	0x10000
152 #define	F_ONCE		0x20000
153 #define	F_HDRINCL	0x40000
154 #define	F_MASK		0x80000
155 #define	F_TIME		0x100000
156 #define	F_SWEEP		0x200000
157 #define	F_WAITTIME	0x400000
158 #define	F_IP_VLAN_PCP	0x800000
159 #define	F_DOT		0x1000000
160 
161 /*
162  * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum
163  * number of received sequence numbers we can keep track of.  Change 128
164  * to 8192 for complete accuracy...
165  */
166 #define	MAX_DUP_CHK	(8 * 128)
167 static int mx_dup_ck = MAX_DUP_CHK;
168 static char rcvd_tbl[MAX_DUP_CHK / 8];
169 
170 static struct sockaddr_in whereto;	/* who to ping */
171 static int datalen = DEFDATALEN;
172 static int maxpayload;
173 static int ssend;		/* send socket file descriptor */
174 static int srecv;		/* receive socket file descriptor */
175 static u_char outpackhdr[IP_MAXPACKET], *outpack;
176 static char BBELL = '\a';	/* characters written for MISSED and AUDIBLE */
177 static char BSPACE = '\b';	/* characters written for flood */
178 static const char *DOT = ".";
179 static size_t DOTlen = 1;
180 static size_t DOTidx = 0;
181 static char *hostname;
182 static char *shostname;
183 static int ident;		/* process id to identify our packets */
184 static int uid;			/* cached uid for micro-optimization */
185 static u_char icmp_type = ICMP_ECHO;
186 static u_char icmp_type_rsp = ICMP_ECHOREPLY;
187 static int phdr_len = 0;
188 static int send_len;
189 
190 /* counters */
191 static long nmissedmax;		/* max value of ntransmitted - nreceived - 1 */
192 static long npackets;		/* max packets to transmit */
193 static long nreceived;		/* # of packets we got back */
194 static long nrepeats;		/* number of duplicates */
195 static long ntransmitted;	/* sequence # for outbound packets = #sent */
196 static long snpackets;			/* max packets to transmit in one sweep */
197 static long sntransmitted;	/* # of packets we sent in this sweep */
198 static int sweepmax;		/* max value of payload in sweep */
199 static int sweepmin = 0;	/* start value of payload in sweep */
200 static int sweepincr = 1;	/* payload increment in sweep */
201 static int interval = 1000;	/* interval between packets, ms */
202 static int waittime = MAXWAIT;	/* timeout for each packet */
203 static long nrcvtimeout = 0;	/* # of packets we got back after waittime */
204 
205 /* timing */
206 static int timing;		/* flag to do timing */
207 static double tmin = 999999999.0;	/* minimum round trip time */
208 static double tmax = 0.0;	/* maximum round trip time */
209 static double tsum = 0.0;	/* sum of all times, for doing average */
210 static double tsumsq = 0.0;	/* sum of all times squared, for std. dev. */
211 
212 /* nonzero if we've been told to finish up */
213 static volatile sig_atomic_t finish_up;
214 static volatile sig_atomic_t siginfo_p;
215 
216 static cap_channel_t *capdns;
217 
218 static void fill(char *, char *);
219 static cap_channel_t *capdns_setup(void);
220 static void check_status(void);
221 static void finish(void) __dead2;
222 static void pinger(void);
223 static char *pr_addr(struct in_addr);
224 static char *pr_ntime(n_time);
225 static void pr_icmph(struct icmp *, struct ip *, const u_char *const);
226 static void pr_iph(struct ip *, const u_char *);
227 static void pr_pack(char *, ssize_t, struct sockaddr_in *, struct timespec *);
228 static void status(int);
229 static void stopit(int);
230 
231 int
232 ping(int argc, char *const *argv)
233 {
234 	struct sockaddr_in from, sock_in;
235 	struct in_addr ifaddr;
236 	struct timespec last, intvl;
237 	struct iovec iov;
238 	struct msghdr msg;
239 	struct sigaction si_sa;
240 	size_t sz;
241 	u_char *datap, packet[IP_MAXPACKET] __aligned(4);
242 	const char *errstr;
243 	char *ep, *source, *target, *payload;
244 	struct hostent *hp;
245 #ifdef IPSEC_POLICY_IPSEC
246 	char *policy_in, *policy_out;
247 #endif
248 	struct sockaddr_in *to;
249 	double t;
250 	u_long alarmtimeout;
251 	long long ltmp;
252 	int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
253 	int ssend_errno, srecv_errno, tos, ttl, pcp;
254 	char ctrl[CMSG_SPACE(sizeof(struct timespec))];
255 	char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN];
256 #ifdef IP_OPTIONS
257 	char rspace[MAX_IPOPTLEN];	/* record route space */
258 #endif
259 	unsigned char loop, mttl;
260 
261 	payload = source = NULL;
262 #ifdef IPSEC_POLICY_IPSEC
263 	policy_in = policy_out = NULL;
264 #endif
265 	cap_rights_t rights;
266 
267 	options |= F_NUMERIC;
268 
269 	/*
270 	 * Do the stuff that we need root priv's for *first*, and
271 	 * then drop our setuid bit.  Save error reporting for
272 	 * after arg parsing.
273 	 *
274 	 * Historicaly ping was using one socket 's' for sending and for
275 	 * receiving. After capsicum(4) related changes we use two
276 	 * sockets. It was done for special ping use case - when user
277 	 * issue ping on multicast or broadcast address replies come
278 	 * from different addresses, not from the address we
279 	 * connect(2)'ed to, and send socket do not receive those
280 	 * packets.
281 	 */
282 	ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
283 	ssend_errno = errno;
284 	srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
285 	srecv_errno = errno;
286 
287 	if (setuid(getuid()) != 0)
288 		err(EX_NOPERM, "setuid() failed");
289 	uid = getuid();
290 
291 	if (ssend < 0) {
292 		errno = ssend_errno;
293 		err(EX_OSERR, "ssend socket");
294 	}
295 
296 	if (srecv < 0) {
297 		errno = srecv_errno;
298 		err(EX_OSERR, "srecv socket");
299 	}
300 
301 	alarmtimeout = df = preload = tos = pcp = 0;
302 
303 	outpack = outpackhdr + sizeof(struct ip);
304 	while ((ch = getopt(argc, argv, PING4OPTS)) != -1) {
305 		switch(ch) {
306 		case '.':
307 			options |= F_DOT;
308 			if (optarg != NULL) {
309 				DOT = optarg;
310 				DOTlen = strlen(optarg);
311 			}
312 			break;
313 		case '4':
314 			/* This option is processed in main(). */
315 			break;
316 		case 'A':
317 			options |= F_MISSED;
318 			break;
319 		case 'a':
320 			options |= F_AUDIBLE;
321 			break;
322 		case 'C':
323 			options |= F_IP_VLAN_PCP;
324 			ltmp = strtonum(optarg, -1, 7, &errstr);
325 			if (errstr != NULL)
326 				errx(EX_USAGE, "invalid PCP: `%s'", optarg);
327 			pcp = ltmp;
328 			break;
329 		case 'c':
330 			ltmp = strtonum(optarg, 1, LONG_MAX, &errstr);
331 			if (errstr != NULL)
332 				errx(EX_USAGE,
333 				    "invalid count of packets to transmit: `%s'",
334 				    optarg);
335 			npackets = (long)ltmp;
336 			break;
337 		case 'D':
338 			options |= F_HDRINCL;
339 			df = 1;
340 			break;
341 		case 'd':
342 			options |= F_SO_DEBUG;
343 			break;
344 		case 'f':
345 			if (uid) {
346 				errno = EPERM;
347 				err(EX_NOPERM, "-f flag");
348 			}
349 			options |= F_FLOOD;
350 			options |= F_DOT;
351 			setbuf(stdout, (char *)NULL);
352 			break;
353 		case 'G': /* Maximum packet size for ping sweep */
354 			ltmp = strtonum(optarg, 1, INT_MAX, &errstr);
355 			if (errstr != NULL) {
356 				errx(EX_USAGE, "invalid packet size: `%s'",
357 				    optarg);
358 			}
359 			sweepmax = (int)ltmp;
360 			if (uid != 0 && sweepmax > DEFDATALEN) {
361 				errc(EX_NOPERM, EPERM,
362 				    "packet size too large: %d > %u",
363 				    sweepmax, DEFDATALEN);
364 			}
365 			options |= F_SWEEP;
366 			break;
367 		case 'g': /* Minimum packet size for ping sweep */
368 			ltmp = strtonum(optarg, 1, INT_MAX, &errstr);
369 			if (errstr != NULL) {
370 				errx(EX_USAGE, "invalid packet size: `%s'",
371 				    optarg);
372 			}
373 			sweepmin = (int)ltmp;
374 			if (uid != 0 && sweepmin > DEFDATALEN) {
375 				errc(EX_NOPERM, EPERM,
376 				    "packet size too large: %d > %u",
377 				    sweepmin, DEFDATALEN);
378 			}
379 			options |= F_SWEEP;
380 			break;
381 		case 'H':
382 			options &= ~F_NUMERIC;
383 			break;
384 		case 'h': /* Packet size increment for ping sweep */
385 			ltmp = strtonum(optarg, 1, INT_MAX, &errstr);
386 			if (errstr != NULL) {
387 				errx(EX_USAGE, "invalid packet size: `%s'",
388 				    optarg);
389 			}
390 			sweepincr = (int)ltmp;
391 			if (uid != 0 && sweepincr > DEFDATALEN) {
392 				errc(EX_NOPERM, EPERM,
393 				    "packet size too large: %d > %u",
394 				    sweepincr, DEFDATALEN);
395 			}
396 			options |= F_SWEEP;
397 			break;
398 		case 'I':		/* multicast interface */
399 			if (inet_aton(optarg, &ifaddr) == 0)
400 				errx(EX_USAGE,
401 				    "invalid multicast interface: `%s'",
402 				    optarg);
403 			options |= F_MIF;
404 			break;
405 		case 'i':		/* wait between sending packets */
406 			t = strtod(optarg, &ep) * 1000.0;
407 			if (*ep || ep == optarg || t > (double)INT_MAX)
408 				errx(EX_USAGE, "invalid timing interval: `%s'",
409 				    optarg);
410 			options |= F_INTERVAL;
411 			interval = (int)t;
412 			if (uid && interval < 1000) {
413 				errno = EPERM;
414 				err(EX_NOPERM, "-i interval too short");
415 			}
416 			break;
417 		case 'L':
418 			options |= F_NOLOOP;
419 			loop = 0;
420 			break;
421 		case 'l':
422 			ltmp = strtonum(optarg, 0, INT_MAX, &errstr);
423 			if (errstr != NULL)
424 				errx(EX_USAGE,
425 				    "invalid preload value: `%s'", optarg);
426 			if (uid) {
427 				errno = EPERM;
428 				err(EX_NOPERM, "-l flag");
429 			}
430 			preload = (int)ltmp;
431 			break;
432 		case 'M':
433 			switch(optarg[0]) {
434 			case 'M':
435 			case 'm':
436 				options |= F_MASK;
437 				break;
438 			case 'T':
439 			case 't':
440 				options |= F_TIME;
441 				break;
442 			default:
443 				errx(EX_USAGE, "invalid message: `%c'", optarg[0]);
444 				break;
445 			}
446 			break;
447 		case 'm':		/* TTL */
448 			ltmp = strtonum(optarg, 0, MAXTTL, &errstr);
449 			if (errstr != NULL)
450 				errx(EX_USAGE, "invalid TTL: `%s'", optarg);
451 			ttl = (int)ltmp;
452 			options |= F_TTL;
453 			break;
454 		case 'n':
455 			options |= F_NUMERIC;
456 			break;
457 		case 'o':
458 			options |= F_ONCE;
459 			break;
460 #ifdef IPSEC
461 #ifdef IPSEC_POLICY_IPSEC
462 		case 'P':
463 			options |= F_POLICY;
464 			if (!strncmp("in", optarg, 2))
465 				policy_in = strdup(optarg);
466 			else if (!strncmp("out", optarg, 3))
467 				policy_out = strdup(optarg);
468 			else
469 				errx(1, "invalid security policy");
470 			break;
471 #endif /*IPSEC_POLICY_IPSEC*/
472 #endif /*IPSEC*/
473 		case 'p':		/* fill buffer with user pattern */
474 			options |= F_PINGFILLED;
475 			payload = optarg;
476 			break;
477 		case 'Q':
478 			options |= F_QUIET2;
479 			break;
480 		case 'q':
481 			options |= F_QUIET;
482 			break;
483 		case 'R':
484 			options |= F_RROUTE;
485 			break;
486 		case 'r':
487 			options |= F_SO_DONTROUTE;
488 			break;
489 		case 'S':
490 			source = optarg;
491 			break;
492 		case 's':		/* size of packet to send */
493 			ltmp = strtonum(optarg, 0, INT_MAX, &errstr);
494 			if (errstr != NULL)
495 				errx(EX_USAGE, "invalid packet size: `%s'",
496 				    optarg);
497 			datalen = (int)ltmp;
498 			if (uid != 0 && datalen > DEFDATALEN) {
499 				errno = EPERM;
500 				err(EX_NOPERM,
501 				    "packet size too large: %d > %u",
502 				    datalen, DEFDATALEN);
503 			}
504 			break;
505 		case 'T':		/* multicast TTL */
506 			ltmp = strtonum(optarg, 0, MAXTTL, &errstr);
507 			if (errstr != NULL)
508 				errx(EX_USAGE, "invalid multicast TTL: `%s'",
509 				    optarg);
510 			mttl = (unsigned char)ltmp;
511 			options |= F_MTTL;
512 			break;
513 		case 't':
514 			alarmtimeout = strtoul(optarg, &ep, 0);
515 			if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX))
516 				errx(EX_USAGE, "invalid timeout: `%s'",
517 				    optarg);
518 			if (alarmtimeout > MAXALARM)
519 				errx(EX_USAGE, "invalid timeout: `%s' > %d",
520 				    optarg, MAXALARM);
521 			{
522 				struct itimerval itv;
523 
524 				timerclear(&itv.it_interval);
525 				timerclear(&itv.it_value);
526 				itv.it_value.tv_sec = (time_t)alarmtimeout;
527 				if (setitimer(ITIMER_REAL, &itv, NULL) != 0)
528 					err(1, "setitimer");
529 			}
530 			break;
531 		case 'v':
532 			options |= F_VERBOSE;
533 			break;
534 		case 'W':		/* wait ms for answer */
535 			t = strtod(optarg, &ep);
536 			if (*ep || ep == optarg || t > (double)INT_MAX)
537 				errx(EX_USAGE, "invalid timing interval: `%s'",
538 				    optarg);
539 			options |= F_WAITTIME;
540 			waittime = (int)t;
541 			break;
542 		case 'z':
543 			options |= F_HDRINCL;
544 			ltmp = strtol(optarg, &ep, 0);
545 			if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0)
546 				errx(EX_USAGE, "invalid TOS: `%s'", optarg);
547 			tos = ltmp;
548 			break;
549 		default:
550 			usage();
551 		}
552 	}
553 
554 	if (argc - optind != 1)
555 		usage();
556 	target = argv[optind];
557 
558 	switch (options & (F_MASK|F_TIME)) {
559 	case 0: break;
560 	case F_MASK:
561 		icmp_type = ICMP_MASKREQ;
562 		icmp_type_rsp = ICMP_MASKREPLY;
563 		phdr_len = MASK_LEN;
564 		if (!(options & F_QUIET))
565 			(void)printf("ICMP_MASKREQ\n");
566 		break;
567 	case F_TIME:
568 		icmp_type = ICMP_TSTAMP;
569 		icmp_type_rsp = ICMP_TSTAMPREPLY;
570 		phdr_len = TS_LEN;
571 		if (!(options & F_QUIET))
572 			(void)printf("ICMP_TSTAMP\n");
573 		break;
574 	default:
575 		errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive.");
576 		break;
577 	}
578 	icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len;
579 	if (options & F_RROUTE)
580 		icmp_len += MAX_IPOPTLEN;
581 	maxpayload = IP_MAXPACKET - icmp_len;
582 	if (datalen > maxpayload)
583 		errx(EX_USAGE, "packet size too large: %d > %d", datalen,
584 		    maxpayload);
585 	send_len = icmp_len + datalen;
586 	datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN];
587 	if (options & F_PINGFILLED) {
588 		fill((char *)datap, payload);
589 	}
590 	capdns = capdns_setup();
591 	if (source) {
592 		bzero((char *)&sock_in, sizeof(sock_in));
593 		sock_in.sin_family = AF_INET;
594 		if (inet_aton(source, &sock_in.sin_addr) != 0) {
595 			shostname = source;
596 		} else {
597 			hp = cap_gethostbyname2(capdns, source, AF_INET);
598 			if (!hp)
599 				errx(EX_NOHOST, "cannot resolve %s: %s",
600 				    source, hstrerror(h_errno));
601 
602 			sock_in.sin_len = sizeof sock_in;
603 			if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) ||
604 			    hp->h_length < 0)
605 				errx(1, "gethostbyname2: illegal address");
606 			memcpy(&sock_in.sin_addr, hp->h_addr_list[0],
607 			    sizeof(sock_in.sin_addr));
608 			(void)strncpy(snamebuf, hp->h_name,
609 			    sizeof(snamebuf) - 1);
610 			snamebuf[sizeof(snamebuf) - 1] = '\0';
611 			shostname = snamebuf;
612 		}
613 		if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) ==
614 		    -1)
615 			err(1, "bind");
616 	}
617 
618 	bzero(&whereto, sizeof(whereto));
619 	to = &whereto;
620 	to->sin_family = AF_INET;
621 	to->sin_len = sizeof *to;
622 	if (inet_aton(target, &to->sin_addr) != 0) {
623 		hostname = target;
624 	} else {
625 		hp = cap_gethostbyname2(capdns, target, AF_INET);
626 		if (!hp)
627 			errx(EX_NOHOST, "cannot resolve %s: %s",
628 			    target, hstrerror(h_errno));
629 
630 		if ((unsigned)hp->h_length > sizeof(to->sin_addr))
631 			errx(1, "gethostbyname2 returned an illegal address");
632 		memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr);
633 		(void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1);
634 		hnamebuf[sizeof(hnamebuf) - 1] = '\0';
635 		hostname = hnamebuf;
636 	}
637 
638 	/* From now on we will use only reverse DNS lookups. */
639 #ifdef WITH_CASPER
640 	if (capdns != NULL) {
641 		const char *types[1];
642 
643 		types[0] = "ADDR2NAME";
644 		if (cap_dns_type_limit(capdns, types, 1) < 0)
645 			err(1, "unable to limit access to system.dns service");
646 	}
647 #endif
648 	if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0)
649 		err(1, "connect");
650 
651 	if (options & F_FLOOD && options & F_INTERVAL)
652 		errx(EX_USAGE, "-f and -i: incompatible options");
653 
654 	if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr)))
655 		errx(EX_USAGE,
656 		    "-f flag cannot be used with multicast destination");
657 	if (options & (F_MIF | F_NOLOOP | F_MTTL)
658 	    && !IN_MULTICAST(ntohl(to->sin_addr.s_addr)))
659 		errx(EX_USAGE,
660 		    "-I, -L, -T flags cannot be used with unicast destination");
661 
662 	if (datalen >= TIMEVAL_LEN)	/* can we time transfer */
663 		timing = 1;
664 
665 	if ((options & (F_PINGFILLED | F_SWEEP)) == 0)
666 		for (i = TIMEVAL_LEN; i < datalen; ++i)
667 			*datap++ = i;
668 
669 	ident = getpid() & 0xFFFF;
670 
671 	hold = 1;
672 	if (options & F_SO_DEBUG) {
673 		(void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold,
674 		    sizeof(hold));
675 		(void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold,
676 		    sizeof(hold));
677 	}
678 	if (options & F_SO_DONTROUTE)
679 		(void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold,
680 		    sizeof(hold));
681 	if (options & F_IP_VLAN_PCP) {
682 		(void)setsockopt(ssend, IPPROTO_IP, IP_VLAN_PCP, (char *)&pcp,
683 		    sizeof(pcp));
684 	}
685 #ifdef IPSEC
686 #ifdef IPSEC_POLICY_IPSEC
687 	if (options & F_POLICY) {
688 		char *buf;
689 		if (policy_in != NULL) {
690 			buf = ipsec_set_policy(policy_in, strlen(policy_in));
691 			if (buf == NULL)
692 				errx(EX_CONFIG, "%s", ipsec_strerror());
693 			if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY,
694 					buf, ipsec_get_policylen(buf)) < 0)
695 				err(EX_CONFIG,
696 				    "ipsec policy cannot be configured");
697 			free(buf);
698 		}
699 
700 		if (policy_out != NULL) {
701 			buf = ipsec_set_policy(policy_out, strlen(policy_out));
702 			if (buf == NULL)
703 				errx(EX_CONFIG, "%s", ipsec_strerror());
704 			if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY,
705 					buf, ipsec_get_policylen(buf)) < 0)
706 				err(EX_CONFIG,
707 				    "ipsec policy cannot be configured");
708 			free(buf);
709 		}
710 	}
711 #endif /*IPSEC_POLICY_IPSEC*/
712 #endif /*IPSEC*/
713 
714 	if (options & F_HDRINCL) {
715 		struct ip ip;
716 
717 		memcpy(&ip, outpackhdr, sizeof(ip));
718 		if (!(options & (F_TTL | F_MTTL))) {
719 			mib[0] = CTL_NET;
720 			mib[1] = PF_INET;
721 			mib[2] = IPPROTO_IP;
722 			mib[3] = IPCTL_DEFTTL;
723 			sz = sizeof(ttl);
724 			if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1)
725 				err(1, "sysctl(net.inet.ip.ttl)");
726 		}
727 		setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold));
728 		ip.ip_v = IPVERSION;
729 		ip.ip_hl = sizeof(struct ip) >> 2;
730 		ip.ip_tos = tos;
731 		ip.ip_id = 0;
732 		ip.ip_off = htons(df ? IP_DF : 0);
733 		ip.ip_ttl = ttl;
734 		ip.ip_p = IPPROTO_ICMP;
735 		ip.ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY;
736 		ip.ip_dst = to->sin_addr;
737 		memcpy(outpackhdr, &ip, sizeof(ip));
738         }
739 
740 	/*
741 	 * Here we enter capability mode. Further down access to global
742 	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
743 	 * We must connect(2) our socket before this point.
744 	 */
745 	caph_cache_catpages();
746 	if (caph_enter_casper() < 0)
747 		err(1, "caph_enter_casper");
748 
749 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT);
750 	if (caph_rights_limit(srecv, &rights) < 0)
751 		err(1, "cap_rights_limit srecv");
752 	cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
753 	if (caph_rights_limit(ssend, &rights) < 0)
754 		err(1, "cap_rights_limit ssend");
755 
756 	/* record route option */
757 	if (options & F_RROUTE) {
758 #ifdef IP_OPTIONS
759 		bzero(rspace, sizeof(rspace));
760 		rspace[IPOPT_OPTVAL] = IPOPT_RR;
761 		rspace[IPOPT_OLEN] = sizeof(rspace) - 1;
762 		rspace[IPOPT_OFFSET] = IPOPT_MINOFF;
763 		rspace[sizeof(rspace) - 1] = IPOPT_EOL;
764 		if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace,
765 		    sizeof(rspace)) < 0)
766 			err(EX_OSERR, "setsockopt IP_OPTIONS");
767 #else
768 		errx(EX_UNAVAILABLE,
769 		    "record route not available in this implementation");
770 #endif /* IP_OPTIONS */
771 	}
772 
773 	if (options & F_TTL) {
774 		if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl,
775 		    sizeof(ttl)) < 0) {
776 			err(EX_OSERR, "setsockopt IP_TTL");
777 		}
778 	}
779 	if (options & F_NOLOOP) {
780 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
781 		    sizeof(loop)) < 0) {
782 			err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP");
783 		}
784 	}
785 	if (options & F_MTTL) {
786 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl,
787 		    sizeof(mttl)) < 0) {
788 			err(EX_OSERR, "setsockopt IP_MULTICAST_TTL");
789 		}
790 	}
791 	if (options & F_MIF) {
792 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr,
793 		    sizeof(ifaddr)) < 0) {
794 			err(EX_OSERR, "setsockopt IP_MULTICAST_IF");
795 		}
796 	}
797 #ifdef SO_TIMESTAMP
798 	{
799 		int on = 1;
800 		int ts_clock = SO_TS_MONOTONIC;
801 		if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on,
802 		    sizeof(on)) < 0)
803 			err(EX_OSERR, "setsockopt SO_TIMESTAMP");
804 		if (setsockopt(srecv, SOL_SOCKET, SO_TS_CLOCK, &ts_clock,
805 		    sizeof(ts_clock)) < 0)
806 			err(EX_OSERR, "setsockopt SO_TS_CLOCK");
807 	}
808 #endif
809 	if (sweepmax) {
810 		if (sweepmin > sweepmax)
811 			errx(EX_USAGE,
812 	    "Maximum packet size must be no less than the minimum packet size");
813 
814 		if (sweepmax > maxpayload - TIMEVAL_LEN)
815 			errx(EX_USAGE, "Invalid sweep maximum");
816 
817 		if (datalen != DEFDATALEN)
818 			errx(EX_USAGE,
819 		    "Packet size and ping sweep are mutually exclusive");
820 
821 		if (npackets > 0) {
822 			snpackets = npackets;
823 			npackets = 0;
824 		} else
825 			snpackets = 1;
826 		datalen = sweepmin;
827 		send_len = icmp_len + sweepmin;
828 	}
829 	if (options & F_SWEEP && !sweepmax)
830 		errx(EX_USAGE, "Maximum sweep size must be specified");
831 
832 	/*
833 	 * When pinging the broadcast address, you can get a lot of answers.
834 	 * Doing something so evil is useful if you are trying to stress the
835 	 * ethernet, or just want to fill the arp cache to get some stuff for
836 	 * /etc/ethers.  But beware: RFC 1122 allows hosts to ignore broadcast
837 	 * or multicast pings if they wish.
838 	 */
839 
840 	/*
841 	 * XXX receive buffer needs undetermined space for mbuf overhead
842 	 * as well.
843 	 */
844 	hold = IP_MAXPACKET + 128;
845 	(void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold,
846 	    sizeof(hold));
847 	/* CAP_SETSOCKOPT removed */
848 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT);
849 	if (caph_rights_limit(srecv, &rights) < 0)
850 		err(1, "cap_rights_limit srecv setsockopt");
851 	if (uid == 0)
852 		(void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
853 		    sizeof(hold));
854 	/* CAP_SETSOCKOPT removed */
855 	cap_rights_init(&rights, CAP_SEND);
856 	if (caph_rights_limit(ssend, &rights) < 0)
857 		err(1, "cap_rights_limit ssend setsockopt");
858 
859 	if (to->sin_family == AF_INET) {
860 		(void)printf("PING %s (%s)", hostname,
861 		    inet_ntoa(to->sin_addr));
862 		if (source)
863 			(void)printf(" from %s", shostname);
864 		if (sweepmax)
865 			(void)printf(": (%d ... %d) data bytes\n",
866 			    sweepmin, sweepmax);
867 		else
868 			(void)printf(": %d data bytes\n", datalen);
869 
870 	} else {
871 		if (sweepmax)
872 			(void)printf("PING %s: (%d ... %d) data bytes\n",
873 			    hostname, sweepmin, sweepmax);
874 		else
875 			(void)printf("PING %s: %d data bytes\n", hostname, datalen);
876 	}
877 
878 	/*
879 	 * Use sigaction() instead of signal() to get unambiguous semantics,
880 	 * in particular with SA_RESTART not set.
881 	 */
882 
883 	sigemptyset(&si_sa.sa_mask);
884 	si_sa.sa_flags = 0;
885 
886 	si_sa.sa_handler = stopit;
887 	if (sigaction(SIGINT, &si_sa, 0) == -1) {
888 		err(EX_OSERR, "sigaction SIGINT");
889 	}
890 
891 	si_sa.sa_handler = status;
892 	if (sigaction(SIGINFO, &si_sa, 0) == -1) {
893 		err(EX_OSERR, "sigaction");
894 	}
895 
896         if (alarmtimeout > 0) {
897 		si_sa.sa_handler = stopit;
898 		if (sigaction(SIGALRM, &si_sa, 0) == -1)
899 			err(EX_OSERR, "sigaction SIGALRM");
900         }
901 
902 	bzero(&msg, sizeof(msg));
903 	msg.msg_name = (caddr_t)&from;
904 	msg.msg_iov = &iov;
905 	msg.msg_iovlen = 1;
906 #ifdef SO_TIMESTAMP
907 	msg.msg_control = (caddr_t)ctrl;
908 	msg.msg_controllen = sizeof(ctrl);
909 #endif
910 	iov.iov_base = packet;
911 	iov.iov_len = IP_MAXPACKET;
912 
913 	if (preload == 0)
914 		pinger();		/* send the first ping */
915 	else {
916 		if (npackets != 0 && preload > npackets)
917 			preload = npackets;
918 		while (preload--)	/* fire off them quickies */
919 			pinger();
920 	}
921 	(void)clock_gettime(CLOCK_MONOTONIC, &last);
922 
923 	if (options & F_FLOOD) {
924 		intvl.tv_sec = 0;
925 		intvl.tv_nsec = 10000000;
926 	} else {
927 		intvl.tv_sec = interval / 1000;
928 		intvl.tv_nsec = interval % 1000 * 1000000;
929 	}
930 
931 	almost_done = 0;
932 	while (!finish_up) {
933 		struct timespec now, timeout;
934 		fd_set rfds;
935 		int n;
936 		ssize_t cc;
937 
938 		check_status();
939 		if ((unsigned)srecv >= FD_SETSIZE)
940 			errx(EX_OSERR, "descriptor too large");
941 		FD_ZERO(&rfds);
942 		FD_SET(srecv, &rfds);
943 		(void)clock_gettime(CLOCK_MONOTONIC, &now);
944 		timespecadd(&last, &intvl, &timeout);
945 		timespecsub(&timeout, &now, &timeout);
946 		if (timeout.tv_sec < 0)
947 			timespecclear(&timeout);
948 		n = pselect(srecv + 1, &rfds, NULL, NULL, &timeout, NULL);
949 		if (n < 0)
950 			continue;	/* Must be EINTR. */
951 		if (n == 1) {
952 			struct timespec *tv = NULL;
953 #ifdef SO_TIMESTAMP
954 			struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
955 #endif
956 			msg.msg_namelen = sizeof(from);
957 			if ((cc = recvmsg(srecv, &msg, 0)) < 0) {
958 				if (errno == EINTR)
959 					continue;
960 				warn("recvmsg");
961 				continue;
962 			}
963 			/* If we have a 0 byte read from recvfrom continue */
964 			if (cc == 0)
965 				continue;
966 #ifdef SO_TIMESTAMP
967 			if (cmsg != NULL &&
968 			    cmsg->cmsg_level == SOL_SOCKET &&
969 			    cmsg->cmsg_type == SCM_TIMESTAMP &&
970 			    cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) {
971 				/* Copy to avoid alignment problems: */
972 				memcpy(&now, CMSG_DATA(cmsg), sizeof(now));
973 				tv = &now;
974 			}
975 #endif
976 			if (tv == NULL) {
977 				(void)clock_gettime(CLOCK_MONOTONIC, &now);
978 				tv = &now;
979 			}
980 			pr_pack((char *)packet, cc, &from, tv);
981 			if ((options & F_ONCE && nreceived) ||
982 			    (npackets && nreceived >= npackets))
983 				break;
984 		}
985 		if (n == 0 || options & F_FLOOD) {
986 			if (sweepmax && sntransmitted == snpackets) {
987 				if (datalen + sweepincr > sweepmax)
988 					break;
989 				for (i = 0; i < sweepincr; i++)
990 					*datap++ = i;
991 				datalen += sweepincr;
992 				send_len = icmp_len + datalen;
993 				sntransmitted = 0;
994 			}
995 			if (!npackets || ntransmitted < npackets)
996 				pinger();
997 			else {
998 				if (almost_done)
999 					break;
1000 				almost_done = 1;
1001 				intvl.tv_nsec = 0;
1002 				if (nreceived) {
1003 					intvl.tv_sec = 2 * tmax / 1000;
1004 					if (!intvl.tv_sec)
1005 						intvl.tv_sec = 1;
1006 				} else {
1007 					intvl.tv_sec = waittime / 1000;
1008 					intvl.tv_nsec = waittime % 1000 * 1000000;
1009 				}
1010 			}
1011 			(void)clock_gettime(CLOCK_MONOTONIC, &last);
1012 			if (ntransmitted - nreceived - 1 > nmissedmax) {
1013 				nmissedmax = ntransmitted - nreceived - 1;
1014 				if (options & F_MISSED)
1015 					(void)write(STDOUT_FILENO, &BBELL, 1);
1016 			}
1017 		}
1018 	}
1019 	finish();
1020 	/* NOTREACHED */
1021 	exit(0);	/* Make the compiler happy */
1022 }
1023 
1024 /*
1025  * stopit --
1026  *	Set the global bit that causes the main loop to quit.
1027  * Do NOT call finish() from here, since finish() does far too much
1028  * to be called from a signal handler.
1029  */
1030 void
1031 stopit(int sig __unused)
1032 {
1033 
1034 	/*
1035 	 * When doing reverse DNS lookups, the finish_up flag might not
1036 	 * be noticed for a while.  Just exit if we get a second SIGINT.
1037 	 */
1038 	if (!(options & F_NUMERIC) && finish_up)
1039 		_exit(nreceived ? 0 : 2);
1040 	finish_up = 1;
1041 }
1042 
1043 /*
1044  * pinger --
1045  *	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
1046  * will be added on by the kernel.  The ID field is our UNIX process ID,
1047  * and the sequence number is an ascending integer.  The first TIMEVAL_LEN
1048  * bytes of the data portion are used to hold a UNIX "timespec" struct in
1049  * host byte-order, to compute the round-trip time.
1050  */
1051 static void
1052 pinger(void)
1053 {
1054 	struct timespec now;
1055 	struct tv32 tv32;
1056 	struct icmp icp;
1057 	int cc, i;
1058 	u_char *packet;
1059 
1060 	packet = outpack;
1061 	memcpy(&icp, outpack, ICMP_MINLEN + phdr_len);
1062 	icp.icmp_type = icmp_type;
1063 	icp.icmp_code = 0;
1064 	icp.icmp_cksum = 0;
1065 	icp.icmp_seq = htons(ntransmitted);
1066 	icp.icmp_id = ident;			/* ID */
1067 
1068 	CLR(ntransmitted % mx_dup_ck);
1069 
1070 	if ((options & F_TIME) || timing) {
1071 		(void)clock_gettime(CLOCK_MONOTONIC, &now);
1072 		/*
1073 		 * Truncate seconds down to 32 bits in order
1074 		 * to fit the timestamp within 8 bytes of the
1075 		 * packet. We're only concerned with
1076 		 * durations, not absolute times.
1077 		 */
1078 		tv32.tv32_sec = (uint32_t)htonl(now.tv_sec);
1079 		tv32.tv32_nsec = (uint32_t)htonl(now.tv_nsec);
1080 		if (options & F_TIME)
1081 			icp.icmp_otime = htonl((now.tv_sec % (24*60*60))
1082 				* 1000 + now.tv_nsec / 1000000);
1083 		if (timing)
1084 			bcopy((void *)&tv32,
1085 			    (void *)&outpack[ICMP_MINLEN + phdr_len],
1086 			    sizeof(tv32));
1087 	}
1088 
1089 	memcpy(outpack, &icp, ICMP_MINLEN + phdr_len);
1090 
1091 	cc = ICMP_MINLEN + phdr_len + datalen;
1092 
1093 	/* compute ICMP checksum here */
1094 	icp.icmp_cksum = in_cksum(outpack, cc);
1095 	/* Update icmp_cksum in the raw packet data buffer. */
1096 	memcpy(outpack + offsetof(struct icmp, icmp_cksum), &icp.icmp_cksum,
1097 	    sizeof(icp.icmp_cksum));
1098 
1099 	if (options & F_HDRINCL) {
1100 		struct ip ip;
1101 
1102 		cc += sizeof(struct ip);
1103 		ip.ip_len = htons(cc);
1104 		/* Update ip_len in the raw packet data buffer. */
1105 		memcpy(outpackhdr + offsetof(struct ip, ip_len), &ip.ip_len,
1106 		    sizeof(ip.ip_len));
1107 		ip.ip_sum = in_cksum(outpackhdr, cc);
1108 		/* Update ip_sum in the raw packet data buffer. */
1109 		memcpy(outpackhdr + offsetof(struct ip, ip_sum), &ip.ip_sum,
1110 		    sizeof(ip.ip_sum));
1111 		packet = outpackhdr;
1112 	}
1113 	i = send(ssend, (char *)packet, cc, 0);
1114 	if (i < 0 || i != cc)  {
1115 		if (i < 0) {
1116 			if (options & F_FLOOD && errno == ENOBUFS) {
1117 				usleep(FLOOD_BACKOFF);
1118 				return;
1119 			}
1120 			warn("sendto");
1121 		} else {
1122 			warn("%s: partial write: %d of %d bytes",
1123 			     hostname, i, cc);
1124 		}
1125 	}
1126 	ntransmitted++;
1127 	sntransmitted++;
1128 	if (!(options & F_QUIET) && options & F_DOT)
1129 		(void)write(STDOUT_FILENO, &DOT[DOTidx++ % DOTlen], 1);
1130 }
1131 
1132 /*
1133  * pr_pack --
1134  *	Print out the packet, if it came from us.  This logic is necessary
1135  * because ALL readers of the ICMP socket get a copy of ALL ICMP packets
1136  * which arrive ('tis only fair).  This permits multiple copies of this
1137  * program to be run without having intermingled output (or statistics!).
1138  */
1139 static void
1140 pr_pack(char *buf, ssize_t cc, struct sockaddr_in *from, struct timespec *tv)
1141 {
1142 	struct in_addr ina;
1143 	u_char *cp, *dp, l;
1144 	struct icmp icp;
1145 	struct ip ip;
1146 	const u_char *icmp_data_raw;
1147 	ssize_t icmp_data_raw_len;
1148 	double triptime;
1149 	int dupflag, i, j, recv_len;
1150 	int8_t hlen;
1151 	uint16_t seq;
1152 	static int old_rrlen;
1153 	static char old_rr[MAX_IPOPTLEN];
1154 	struct ip oip;
1155 	u_char oip_header_len;
1156 	struct icmp oicmp;
1157 	const u_char *oicmp_raw;
1158 
1159 	/*
1160 	 * Get size of IP header of the received packet.
1161 	 * The header length is contained in the lower four bits of the first
1162 	 * byte and represents the number of 4 byte octets the header takes up.
1163 	 *
1164 	 * The IHL minimum value is 5 (20 bytes) and its maximum value is 15
1165 	 * (60 bytes).
1166 	 */
1167 	memcpy(&l, buf, sizeof(l));
1168 	hlen = (l & 0x0f) << 2;
1169 
1170 	/* Reject IP packets with a short header */
1171 	if (hlen < (int8_t) sizeof(struct ip)) {
1172 		if (options & F_VERBOSE)
1173 			warn("IHL too short (%d bytes) from %s", hlen,
1174 			     inet_ntoa(from->sin_addr));
1175 		return;
1176 	}
1177 
1178 	memcpy(&ip, buf, sizeof(struct ip));
1179 
1180 	/* Check packet has enough data to carry a valid ICMP header */
1181 	recv_len = cc;
1182 	if (cc < hlen + ICMP_MINLEN) {
1183 		if (options & F_VERBOSE)
1184 			warn("packet too short (%zd bytes) from %s", cc,
1185 			     inet_ntoa(from->sin_addr));
1186 		return;
1187 	}
1188 
1189 	icmp_data_raw_len = cc - (hlen + offsetof(struct icmp, icmp_data));
1190 	icmp_data_raw = buf + hlen + offsetof(struct icmp, icmp_data);
1191 
1192 	/* Now the ICMP part */
1193 	cc -= hlen;
1194 	memcpy(&icp, buf + hlen, MIN((ssize_t)sizeof(icp), cc));
1195 	if (icp.icmp_type == icmp_type_rsp) {
1196 		if (icp.icmp_id != ident)
1197 			return;			/* 'Twas not our ECHO */
1198 		++nreceived;
1199 		triptime = 0.0;
1200 		if (timing) {
1201 			struct timespec tv1;
1202 			struct tv32 tv32;
1203 			const u_char *tp;
1204 
1205 			tp = icmp_data_raw + phdr_len;
1206 
1207 			if ((size_t)(cc - ICMP_MINLEN - phdr_len) >=
1208 			    sizeof(tv1)) {
1209 				/* Copy to avoid alignment problems: */
1210 				memcpy(&tv32, tp, sizeof(tv32));
1211 				tv1.tv_sec = ntohl(tv32.tv32_sec);
1212 				tv1.tv_nsec = ntohl(tv32.tv32_nsec);
1213 				timespecsub(tv, &tv1, tv);
1214 				triptime = ((double)tv->tv_sec) * 1000.0 +
1215 				    ((double)tv->tv_nsec) / 1000000.0;
1216 				if (triptime < 0) {
1217 					warnx("time of day goes back (%.3f ms),"
1218 					    " clamping time to 0",
1219 					    triptime);
1220 					triptime = 0;
1221 				}
1222 				tsum += triptime;
1223 				tsumsq += triptime * triptime;
1224 				if (triptime < tmin)
1225 					tmin = triptime;
1226 				if (triptime > tmax)
1227 					tmax = triptime;
1228 			} else
1229 				timing = 0;
1230 		}
1231 
1232 		seq = ntohs(icp.icmp_seq);
1233 
1234 		if (TST(seq % mx_dup_ck)) {
1235 			++nrepeats;
1236 			--nreceived;
1237 			dupflag = 1;
1238 		} else {
1239 			SET(seq % mx_dup_ck);
1240 			dupflag = 0;
1241 		}
1242 
1243 		if (options & F_QUIET)
1244 			return;
1245 
1246 		if (options & F_WAITTIME && triptime > waittime) {
1247 			++nrcvtimeout;
1248 			return;
1249 		}
1250 
1251 		if (options & F_DOT)
1252 			(void)write(STDOUT_FILENO, &BSPACE, 1);
1253 		else {
1254 			(void)printf("%zd bytes from %s: icmp_seq=%u", cc,
1255 			    pr_addr(from->sin_addr), seq);
1256 			(void)printf(" ttl=%d", ip.ip_ttl);
1257 			if (timing)
1258 				(void)printf(" time=%.3f ms", triptime);
1259 			if (dupflag)
1260 				(void)printf(" (DUP!)");
1261 			if (options & F_AUDIBLE)
1262 				(void)write(STDOUT_FILENO, &BBELL, 1);
1263 			if (options & F_MASK) {
1264 				/* Just prentend this cast isn't ugly */
1265 				(void)printf(" mask=%s",
1266 					inet_ntoa(*(struct in_addr *)&(icp.icmp_mask)));
1267 			}
1268 			if (options & F_TIME) {
1269 				(void)printf(" tso=%s", pr_ntime(icp.icmp_otime));
1270 				(void)printf(" tsr=%s", pr_ntime(icp.icmp_rtime));
1271 				(void)printf(" tst=%s", pr_ntime(icp.icmp_ttime));
1272 			}
1273 			if (recv_len != send_len) {
1274                         	(void)printf(
1275 				     "\nwrong total length %d instead of %d",
1276 				     recv_len, send_len);
1277 			}
1278 			/* check the data */
1279 			cp = (u_char*)(buf + hlen + offsetof(struct icmp,
1280 				icmp_data) + phdr_len);
1281 			dp = &outpack[ICMP_MINLEN + phdr_len];
1282 			cc -= ICMP_MINLEN + phdr_len;
1283 			i = 0;
1284 			if (timing) {   /* don't check variable timestamp */
1285 				cp += TIMEVAL_LEN;
1286 				dp += TIMEVAL_LEN;
1287 				cc -= TIMEVAL_LEN;
1288 				i += TIMEVAL_LEN;
1289 			}
1290 			for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) {
1291 				if (*cp != *dp) {
1292 	(void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x",
1293 	    i, *dp, *cp);
1294 					(void)printf("\ncp:");
1295 					cp = (u_char*)(buf + hlen +
1296 					    offsetof(struct icmp, icmp_data));
1297 					for (i = 0; i < datalen; ++i, ++cp) {
1298 						if ((i % 16) == 8)
1299 							(void)printf("\n\t");
1300 						(void)printf("%2x ", *cp);
1301 					}
1302 					(void)printf("\ndp:");
1303 					cp = &outpack[ICMP_MINLEN];
1304 					for (i = 0; i < datalen; ++i, ++cp) {
1305 						if ((i % 16) == 8)
1306 							(void)printf("\n\t");
1307 						(void)printf("%2x ", *cp);
1308 					}
1309 					break;
1310 				}
1311 			}
1312 		}
1313 	} else {
1314 		/*
1315 		 * We've got something other than an ECHOREPLY.
1316 		 * See if it's a reply to something that we sent.
1317 		 * We can compare IP destination, protocol,
1318 		 * and ICMP type and ID.
1319 		 *
1320 		 * Only print all the error messages if we are running
1321 		 * as root to avoid leaking information not normally
1322 		 * available to those not running as root.
1323 		 */
1324 
1325 		/*
1326 		 * If we don't have enough bytes for a quoted IP header and an
1327 		 * ICMP header then stop.
1328 		 */
1329 		if (icmp_data_raw_len <
1330 				(ssize_t)(sizeof(struct ip) + sizeof(struct icmp))) {
1331 			if (options & F_VERBOSE)
1332 				warnx("quoted data too short (%zd bytes) from %s",
1333 					icmp_data_raw_len, inet_ntoa(from->sin_addr));
1334 			return;
1335 		}
1336 
1337 		memcpy(&oip_header_len, icmp_data_raw, sizeof(oip_header_len));
1338 		oip_header_len = (oip_header_len & 0x0f) << 2;
1339 
1340 		/* Reject IP packets with a short header */
1341 		if (oip_header_len < sizeof(struct ip)) {
1342 			if (options & F_VERBOSE)
1343 				warnx("inner IHL too short (%d bytes) from %s",
1344 					oip_header_len, inet_ntoa(from->sin_addr));
1345 			return;
1346 		}
1347 
1348 		/*
1349 		 * Check against the actual IHL length, to protect against
1350 		 * quoated packets carrying IP options.
1351 		 */
1352 		if (icmp_data_raw_len <
1353 				(ssize_t)(oip_header_len + sizeof(struct icmp))) {
1354 			if (options & F_VERBOSE)
1355 				warnx("inner packet too short (%zd bytes) from %s",
1356 				     icmp_data_raw_len, inet_ntoa(from->sin_addr));
1357 			return;
1358 		}
1359 
1360 		memcpy(&oip, icmp_data_raw, sizeof(struct ip));
1361 		oicmp_raw = icmp_data_raw + oip_header_len;
1362 		memcpy(&oicmp, oicmp_raw, sizeof(struct icmp));
1363 
1364 		if (((options & F_VERBOSE) && uid == 0) ||
1365 		    (!(options & F_QUIET2) &&
1366 		     (oip.ip_dst.s_addr == whereto.sin_addr.s_addr) &&
1367 		     (oip.ip_p == IPPROTO_ICMP) &&
1368 		     (oicmp.icmp_type == ICMP_ECHO) &&
1369 		     (oicmp.icmp_id == ident))) {
1370 		    (void)printf("%zd bytes from %s: ", cc,
1371 			pr_addr(from->sin_addr));
1372 		    pr_icmph(&icp, &oip, icmp_data_raw);
1373 		} else
1374 		    return;
1375 	}
1376 
1377 	/* Display any IP options */
1378 	cp = (u_char *)buf + sizeof(struct ip);
1379 
1380 	for (; hlen > (int)sizeof(struct ip); --hlen, ++cp)
1381 		switch (*cp) {
1382 		case IPOPT_EOL:
1383 			hlen = 0;
1384 			break;
1385 		case IPOPT_LSRR:
1386 		case IPOPT_SSRR:
1387 			(void)printf(*cp == IPOPT_LSRR ?
1388 			    "\nLSRR: " : "\nSSRR: ");
1389 			j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1;
1390 			hlen -= 2;
1391 			cp += 2;
1392 			if (j >= INADDR_LEN &&
1393 			    j <= hlen - (int)sizeof(struct ip)) {
1394 				for (;;) {
1395 					bcopy(++cp, &ina.s_addr, INADDR_LEN);
1396 					if (ina.s_addr == 0)
1397 						(void)printf("\t0.0.0.0");
1398 					else
1399 						(void)printf("\t%s",
1400 						     pr_addr(ina));
1401 					hlen -= INADDR_LEN;
1402 					cp += INADDR_LEN - 1;
1403 					j -= INADDR_LEN;
1404 					if (j < INADDR_LEN)
1405 						break;
1406 					(void)putchar('\n');
1407 				}
1408 			} else
1409 				(void)printf("\t(truncated route)\n");
1410 			break;
1411 		case IPOPT_RR:
1412 			j = cp[IPOPT_OLEN];		/* get length */
1413 			i = cp[IPOPT_OFFSET];		/* and pointer */
1414 			hlen -= 2;
1415 			cp += 2;
1416 			if (i > j)
1417 				i = j;
1418 			i = i - IPOPT_MINOFF + 1;
1419 			if (i < 0 || i > (hlen - (int)sizeof(struct ip))) {
1420 				old_rrlen = 0;
1421 				continue;
1422 			}
1423 			if (i == old_rrlen
1424 			    && !bcmp((char *)cp, old_rr, i)
1425 			    && !(options & F_DOT)) {
1426 				(void)printf("\t(same route)");
1427 				hlen -= i;
1428 				cp += i;
1429 				break;
1430 			}
1431 			old_rrlen = i;
1432 			bcopy((char *)cp, old_rr, i);
1433 			(void)printf("\nRR: ");
1434 			if (i >= INADDR_LEN &&
1435 			    i <= hlen - (int)sizeof(struct ip)) {
1436 				for (;;) {
1437 					bcopy(++cp, &ina.s_addr, INADDR_LEN);
1438 					if (ina.s_addr == 0)
1439 						(void)printf("\t0.0.0.0");
1440 					else
1441 						(void)printf("\t%s",
1442 						     pr_addr(ina));
1443 					hlen -= INADDR_LEN;
1444 					cp += INADDR_LEN - 1;
1445 					i -= INADDR_LEN;
1446 					if (i < INADDR_LEN)
1447 						break;
1448 					(void)putchar('\n');
1449 				}
1450 			} else
1451 				(void)printf("\t(truncated route)");
1452 			break;
1453 		case IPOPT_NOP:
1454 			(void)printf("\nNOP");
1455 			break;
1456 		default:
1457 			(void)printf("\nunknown option %x", *cp);
1458 			break;
1459 		}
1460 	if (!(options & F_DOT)) {
1461 		(void)putchar('\n');
1462 		(void)fflush(stdout);
1463 	}
1464 }
1465 
1466 /*
1467  * status --
1468  *	Print out statistics when SIGINFO is received.
1469  */
1470 
1471 static void
1472 status(int sig __unused)
1473 {
1474 
1475 	siginfo_p = 1;
1476 }
1477 
1478 static void
1479 check_status(void)
1480 {
1481 
1482 	if (siginfo_p) {
1483 		siginfo_p = 0;
1484 		(void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)",
1485 		    nreceived, ntransmitted,
1486 		    ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0);
1487 		if (nreceived && timing)
1488 			(void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max",
1489 			    tmin, tsum / (nreceived + nrepeats), tmax);
1490 		(void)fprintf(stderr, "\n");
1491 	}
1492 }
1493 
1494 /*
1495  * finish --
1496  *	Print out statistics, and give up.
1497  */
1498 static void
1499 finish(void)
1500 {
1501 
1502 	(void)signal(SIGINT, SIG_IGN);
1503 	(void)signal(SIGALRM, SIG_IGN);
1504 	(void)putchar('\n');
1505 	(void)fflush(stdout);
1506 	(void)printf("--- %s ping statistics ---\n", hostname);
1507 	(void)printf("%ld packets transmitted, ", ntransmitted);
1508 	(void)printf("%ld packets received, ", nreceived);
1509 	if (nrepeats)
1510 		(void)printf("+%ld duplicates, ", nrepeats);
1511 	if (ntransmitted) {
1512 		if (nreceived > ntransmitted)
1513 			(void)printf("-- somebody's printing up packets!");
1514 		else
1515 			(void)printf("%.1f%% packet loss",
1516 			    ((ntransmitted - nreceived) * 100.0) /
1517 			    ntransmitted);
1518 	}
1519 	if (nrcvtimeout)
1520 		(void)printf(", %ld packets out of wait time", nrcvtimeout);
1521 	(void)putchar('\n');
1522 	if (nreceived && timing) {
1523 		double n = nreceived + nrepeats;
1524 		double avg = tsum / n;
1525 		double vari = tsumsq / n - avg * avg;
1526 		(void)printf(
1527 		    "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n",
1528 		    tmin, avg, tmax, sqrt(vari));
1529 	}
1530 
1531 	if (nreceived)
1532 		exit(0);
1533 	else
1534 		exit(2);
1535 }
1536 
1537 /*
1538  * pr_icmph --
1539  *	Print a descriptive string about an ICMP header.
1540  */
1541 static void
1542 pr_icmph(struct icmp *icp, struct ip *oip, const u_char *const oicmp_raw)
1543 {
1544 
1545 	switch(icp->icmp_type) {
1546 	case ICMP_ECHOREPLY:
1547 		(void)printf("Echo Reply\n");
1548 		/* XXX ID + Seq + Data */
1549 		break;
1550 	case ICMP_UNREACH:
1551 		switch(icp->icmp_code) {
1552 		case ICMP_UNREACH_NET:
1553 			(void)printf("Destination Net Unreachable\n");
1554 			break;
1555 		case ICMP_UNREACH_HOST:
1556 			(void)printf("Destination Host Unreachable\n");
1557 			break;
1558 		case ICMP_UNREACH_PROTOCOL:
1559 			(void)printf("Destination Protocol Unreachable\n");
1560 			break;
1561 		case ICMP_UNREACH_PORT:
1562 			(void)printf("Destination Port Unreachable\n");
1563 			break;
1564 		case ICMP_UNREACH_NEEDFRAG:
1565 			(void)printf("frag needed and DF set (MTU %d)\n",
1566 					ntohs(icp->icmp_nextmtu));
1567 			break;
1568 		case ICMP_UNREACH_SRCFAIL:
1569 			(void)printf("Source Route Failed\n");
1570 			break;
1571 		case ICMP_UNREACH_FILTER_PROHIB:
1572 			(void)printf("Communication prohibited by filter\n");
1573 			break;
1574 		default:
1575 			(void)printf("Dest Unreachable, Bad Code: %d\n",
1576 			    icp->icmp_code);
1577 			break;
1578 		}
1579 		/* Print returned IP header information */
1580 		pr_iph(oip, oicmp_raw);
1581 		break;
1582 	case ICMP_SOURCEQUENCH:
1583 		(void)printf("Source Quench\n");
1584 		pr_iph(oip, oicmp_raw);
1585 		break;
1586 	case ICMP_REDIRECT:
1587 		switch(icp->icmp_code) {
1588 		case ICMP_REDIRECT_NET:
1589 			(void)printf("Redirect Network");
1590 			break;
1591 		case ICMP_REDIRECT_HOST:
1592 			(void)printf("Redirect Host");
1593 			break;
1594 		case ICMP_REDIRECT_TOSNET:
1595 			(void)printf("Redirect Type of Service and Network");
1596 			break;
1597 		case ICMP_REDIRECT_TOSHOST:
1598 			(void)printf("Redirect Type of Service and Host");
1599 			break;
1600 		default:
1601 			(void)printf("Redirect, Bad Code: %d", icp->icmp_code);
1602 			break;
1603 		}
1604 		(void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr));
1605 		pr_iph(oip, oicmp_raw);
1606 		break;
1607 	case ICMP_ECHO:
1608 		(void)printf("Echo Request\n");
1609 		/* XXX ID + Seq + Data */
1610 		break;
1611 	case ICMP_TIMXCEED:
1612 		switch(icp->icmp_code) {
1613 		case ICMP_TIMXCEED_INTRANS:
1614 			(void)printf("Time to live exceeded\n");
1615 			break;
1616 		case ICMP_TIMXCEED_REASS:
1617 			(void)printf("Frag reassembly time exceeded\n");
1618 			break;
1619 		default:
1620 			(void)printf("Time exceeded, Bad Code: %d\n",
1621 			    icp->icmp_code);
1622 			break;
1623 		}
1624 		pr_iph(oip, oicmp_raw);
1625 		break;
1626 	case ICMP_PARAMPROB:
1627 		(void)printf("Parameter problem: pointer = 0x%02x\n",
1628 		    icp->icmp_hun.ih_pptr);
1629 		pr_iph(oip, oicmp_raw);
1630 		break;
1631 	case ICMP_TSTAMP:
1632 		(void)printf("Timestamp\n");
1633 		/* XXX ID + Seq + 3 timestamps */
1634 		break;
1635 	case ICMP_TSTAMPREPLY:
1636 		(void)printf("Timestamp Reply\n");
1637 		/* XXX ID + Seq + 3 timestamps */
1638 		break;
1639 	case ICMP_IREQ:
1640 		(void)printf("Information Request\n");
1641 		/* XXX ID + Seq */
1642 		break;
1643 	case ICMP_IREQREPLY:
1644 		(void)printf("Information Reply\n");
1645 		/* XXX ID + Seq */
1646 		break;
1647 	case ICMP_MASKREQ:
1648 		(void)printf("Address Mask Request\n");
1649 		break;
1650 	case ICMP_MASKREPLY:
1651 		(void)printf("Address Mask Reply\n");
1652 		break;
1653 	case ICMP_ROUTERADVERT:
1654 		(void)printf("Router Advertisement\n");
1655 		break;
1656 	case ICMP_ROUTERSOLICIT:
1657 		(void)printf("Router Solicitation\n");
1658 		break;
1659 	default:
1660 		(void)printf("Bad ICMP type: %d\n", icp->icmp_type);
1661 	}
1662 }
1663 
1664 /*
1665  * pr_iph --
1666  *	Print an IP header with options.
1667  */
1668 static void
1669 pr_iph(struct ip *ip, const u_char *cp)
1670 {
1671 	struct in_addr ina;
1672 	int hlen;
1673 
1674 	hlen = ip->ip_hl << 2;
1675 	cp = cp + sizeof(struct ip);		/* point to options */
1676 
1677 	(void)printf("Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst\n");
1678 	(void)printf(" %1x  %1x  %02x %04x %04x",
1679 	    ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len),
1680 	    ntohs(ip->ip_id));
1681 	(void)printf("   %1x %04x",
1682 	    (ntohs(ip->ip_off) & 0xe000) >> 13,
1683 	    ntohs(ip->ip_off) & 0x1fff);
1684 	(void)printf("  %02x  %02x %04x", ip->ip_ttl, ip->ip_p,
1685 							    ntohs(ip->ip_sum));
1686 	memcpy(&ina, &ip->ip_src.s_addr, sizeof ina);
1687 	(void)printf(" %s ", inet_ntoa(ina));
1688 	memcpy(&ina, &ip->ip_dst.s_addr, sizeof ina);
1689 	(void)printf(" %s ", inet_ntoa(ina));
1690 	/* dump any option bytes */
1691 	while (hlen-- > (int)sizeof(struct ip)) {
1692 		(void)printf("%02x", *cp++);
1693 	}
1694 	(void)putchar('\n');
1695 }
1696 
1697 /*
1698  * pr_addr --
1699  *	Return an ascii host address as a dotted quad and optionally with
1700  * a hostname.
1701  */
1702 static char *
1703 pr_addr(struct in_addr ina)
1704 {
1705 	struct hostent *hp;
1706 	static char buf[16 + 3 + MAXHOSTNAMELEN];
1707 
1708 	if (options & F_NUMERIC)
1709 		return inet_ntoa(ina);
1710 
1711 	hp = cap_gethostbyaddr(capdns, (char *)&ina, sizeof(ina), AF_INET);
1712 
1713 	if (hp == NULL)
1714 		return inet_ntoa(ina);
1715 
1716 	(void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
1717 	    inet_ntoa(ina));
1718 	return(buf);
1719 }
1720 
1721 static char *
1722 pr_ntime(n_time timestamp)
1723 {
1724 	static char buf[11];
1725 	int hour, min, sec;
1726 
1727 	sec = ntohl(timestamp) / 1000;
1728 	hour = sec / 60 / 60;
1729 	min = (sec % (60 * 60)) / 60;
1730 	sec = (sec % (60 * 60)) % 60;
1731 
1732 	(void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec);
1733 
1734 	return (buf);
1735 }
1736 
1737 static void
1738 fill(char *bp, char *patp)
1739 {
1740 	char *cp;
1741 	int pat[16];
1742 	u_int ii, jj, kk;
1743 
1744 	for (cp = patp; *cp; cp++) {
1745 		if (!isxdigit(*cp))
1746 			errx(EX_USAGE,
1747 			    "patterns must be specified as hex digits");
1748 
1749 	}
1750 	ii = sscanf(patp,
1751 	    "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
1752 	    &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6],
1753 	    &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12],
1754 	    &pat[13], &pat[14], &pat[15]);
1755 
1756 	if (ii > 0)
1757 		for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii)
1758 			for (jj = 0; jj < ii; ++jj)
1759 				bp[jj + kk] = pat[jj];
1760 	if (!(options & F_QUIET)) {
1761 		(void)printf("PATTERN: 0x");
1762 		for (jj = 0; jj < ii; ++jj)
1763 			(void)printf("%02x", bp[jj] & 0xFF);
1764 		(void)printf("\n");
1765 	}
1766 }
1767 
1768 static cap_channel_t *
1769 capdns_setup(void)
1770 {
1771 	cap_channel_t *capcas, *capdnsloc;
1772 #ifdef WITH_CASPER
1773 	const char *types[2];
1774 	int families[1];
1775 #endif
1776 	capcas = cap_init();
1777 	if (capcas == NULL)
1778 		err(1, "unable to create casper process");
1779 	capdnsloc = cap_service_open(capcas, "system.dns");
1780 	/* Casper capability no longer needed. */
1781 	cap_close(capcas);
1782 	if (capdnsloc == NULL)
1783 		err(1, "unable to open system.dns service");
1784 #ifdef WITH_CASPER
1785 	types[0] = "NAME2ADDR";
1786 	types[1] = "ADDR2NAME";
1787 	if (cap_dns_type_limit(capdnsloc, types, 2) < 0)
1788 		err(1, "unable to limit access to system.dns service");
1789 	families[0] = AF_INET;
1790 	if (cap_dns_family_limit(capdnsloc, families, 1) < 0)
1791 		err(1, "unable to limit access to system.dns service");
1792 #endif
1793 	return (capdnsloc);
1794 }
1795