1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Mike Muuss. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #if 0 36 #ifndef lint 37 static const char copyright[] = 38 "@(#) Copyright (c) 1989, 1993\n\ 39 The Regents of the University of California. All rights reserved.\n"; 40 #endif /* not lint */ 41 42 #ifndef lint 43 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; 44 #endif /* not lint */ 45 #endif 46 #include <sys/cdefs.h> 47 __FBSDID("$FreeBSD$"); 48 49 /* 50 * P I N G . C 51 * 52 * Using the Internet Control Message Protocol (ICMP) "ECHO" facility, 53 * measure round-trip-delays and packet loss across network paths. 54 * 55 * Author - 56 * Mike Muuss 57 * U. S. Army Ballistic Research Laboratory 58 * December, 1983 59 * 60 * Status - 61 * Public Domain. Distribution Unlimited. 62 * Bugs - 63 * More statistics could always be gathered. 64 * This program has to run SUID to ROOT to access the ICMP socket. 65 */ 66 67 #include <sys/param.h> /* NB: we rely on this for <sys/types.h> */ 68 #include <sys/capsicum.h> 69 #include <sys/socket.h> 70 #include <sys/sysctl.h> 71 #include <sys/time.h> 72 #include <sys/uio.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_systm.h> 76 #include <netinet/ip.h> 77 #include <netinet/ip_icmp.h> 78 #include <netinet/ip_var.h> 79 #include <arpa/inet.h> 80 81 #include <libcasper.h> 82 #include <casper/cap_dns.h> 83 84 #ifdef IPSEC 85 #include <netipsec/ipsec.h> 86 #endif /*IPSEC*/ 87 88 #include <capsicum_helpers.h> 89 #include <ctype.h> 90 #include <err.h> 91 #include <errno.h> 92 #include <math.h> 93 #include <netdb.h> 94 #include <stddef.h> 95 #include <signal.h> 96 #include <stdio.h> 97 #include <stdlib.h> 98 #include <string.h> 99 #include <sysexits.h> 100 #include <time.h> 101 #include <unistd.h> 102 103 #include "utils.h" 104 105 #define INADDR_LEN ((int)sizeof(in_addr_t)) 106 #define TIMEVAL_LEN ((int)sizeof(struct tv32)) 107 #define MASK_LEN (ICMP_MASKLEN - ICMP_MINLEN) 108 #define TS_LEN (ICMP_TSLEN - ICMP_MINLEN) 109 #define DEFDATALEN 56 /* default data length */ 110 #define FLOOD_BACKOFF 20000 /* usecs to back off if F_FLOOD mode */ 111 /* runs out of buffer space */ 112 #define MAXIPLEN (sizeof(struct ip) + MAX_IPOPTLEN) 113 #define MAXICMPLEN (ICMP_ADVLENMIN + MAX_IPOPTLEN) 114 #define MAXWAIT 10000 /* max ms to wait for response */ 115 #define MAXALARM (60 * 60) /* max seconds for alarm timeout */ 116 #define MAXTOS 255 117 118 #define A(bit) rcvd_tbl[(bit)>>3] /* identify byte in array */ 119 #define B(bit) (1 << ((bit) & 0x07)) /* identify bit in byte */ 120 #define SET(bit) (A(bit) |= B(bit)) 121 #define CLR(bit) (A(bit) &= (~B(bit))) 122 #define TST(bit) (A(bit) & B(bit)) 123 124 struct tv32 { 125 int32_t tv32_sec; 126 int32_t tv32_nsec; 127 }; 128 129 /* various options */ 130 static int options; 131 #define F_FLOOD 0x0001 132 #define F_INTERVAL 0x0002 133 #define F_NUMERIC 0x0004 134 #define F_PINGFILLED 0x0008 135 #define F_QUIET 0x0010 136 #define F_RROUTE 0x0020 137 #define F_SO_DEBUG 0x0040 138 #define F_SO_DONTROUTE 0x0080 139 #define F_VERBOSE 0x0100 140 #define F_QUIET2 0x0200 141 #define F_NOLOOP 0x0400 142 #define F_MTTL 0x0800 143 #define F_MIF 0x1000 144 #define F_AUDIBLE 0x2000 145 #ifdef IPSEC 146 #ifdef IPSEC_POLICY_IPSEC 147 #define F_POLICY 0x4000 148 #endif /*IPSEC_POLICY_IPSEC*/ 149 #endif /*IPSEC*/ 150 #define F_TTL 0x8000 151 #define F_MISSED 0x10000 152 #define F_ONCE 0x20000 153 #define F_HDRINCL 0x40000 154 #define F_MASK 0x80000 155 #define F_TIME 0x100000 156 #define F_SWEEP 0x200000 157 #define F_WAITTIME 0x400000 158 #define F_IP_VLAN_PCP 0x800000 159 160 /* 161 * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum 162 * number of received sequence numbers we can keep track of. Change 128 163 * to 8192 for complete accuracy... 164 */ 165 #define MAX_DUP_CHK (8 * 128) 166 static int mx_dup_ck = MAX_DUP_CHK; 167 static char rcvd_tbl[MAX_DUP_CHK / 8]; 168 169 static struct sockaddr_in whereto; /* who to ping */ 170 static int datalen = DEFDATALEN; 171 static int maxpayload; 172 static int ssend; /* send socket file descriptor */ 173 static int srecv; /* receive socket file descriptor */ 174 static u_char outpackhdr[IP_MAXPACKET], *outpack; 175 static char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ 176 static char BSPACE = '\b'; /* characters written for flood */ 177 static char DOT = '.'; 178 static char *hostname; 179 static char *shostname; 180 static int ident; /* process id to identify our packets */ 181 static int uid; /* cached uid for micro-optimization */ 182 static u_char icmp_type = ICMP_ECHO; 183 static u_char icmp_type_rsp = ICMP_ECHOREPLY; 184 static int phdr_len = 0; 185 static int send_len; 186 187 /* counters */ 188 static long nmissedmax; /* max value of ntransmitted - nreceived - 1 */ 189 static long npackets; /* max packets to transmit */ 190 static long nreceived; /* # of packets we got back */ 191 static long nrepeats; /* number of duplicates */ 192 static long ntransmitted; /* sequence # for outbound packets = #sent */ 193 static long snpackets; /* max packets to transmit in one sweep */ 194 static long sntransmitted; /* # of packets we sent in this sweep */ 195 static int sweepmax; /* max value of payload in sweep */ 196 static int sweepmin = 0; /* start value of payload in sweep */ 197 static int sweepincr = 1; /* payload increment in sweep */ 198 static int interval = 1000; /* interval between packets, ms */ 199 static int waittime = MAXWAIT; /* timeout for each packet */ 200 static long nrcvtimeout = 0; /* # of packets we got back after waittime */ 201 202 /* timing */ 203 static int timing; /* flag to do timing */ 204 static double tmin = 999999999.0; /* minimum round trip time */ 205 static double tmax = 0.0; /* maximum round trip time */ 206 static double tsum = 0.0; /* sum of all times, for doing average */ 207 static double tsumsq = 0.0; /* sum of all times squared, for std. dev. */ 208 209 /* nonzero if we've been told to finish up */ 210 static volatile sig_atomic_t finish_up; 211 static volatile sig_atomic_t siginfo_p; 212 213 static cap_channel_t *capdns; 214 215 static void fill(char *, char *); 216 static cap_channel_t *capdns_setup(void); 217 static void check_status(void); 218 static void finish(void) __dead2; 219 static void pinger(void); 220 static char *pr_addr(struct in_addr); 221 static char *pr_ntime(n_time); 222 static void pr_icmph(struct icmp *, struct ip *, const u_char *const); 223 static void pr_iph(struct ip *); 224 static void pr_pack(char *, ssize_t, struct sockaddr_in *, struct timespec *); 225 static void pr_retip(struct ip *, const u_char *); 226 static void status(int); 227 static void stopit(int); 228 static void usage(void) __dead2; 229 230 int 231 main(int argc, char *const *argv) 232 { 233 struct sockaddr_in from, sock_in; 234 struct in_addr ifaddr; 235 struct timespec last, intvl; 236 struct iovec iov; 237 struct msghdr msg; 238 struct sigaction si_sa; 239 size_t sz; 240 u_char *datap, packet[IP_MAXPACKET] __aligned(4); 241 const char *errstr; 242 char *ep, *source, *target, *payload; 243 struct hostent *hp; 244 #ifdef IPSEC_POLICY_IPSEC 245 char *policy_in, *policy_out; 246 #endif 247 struct sockaddr_in *to; 248 double t; 249 u_long alarmtimeout; 250 long long ltmp; 251 int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; 252 int ssend_errno, srecv_errno, tos, ttl, pcp; 253 char ctrl[CMSG_SPACE(sizeof(struct timespec))]; 254 char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; 255 #ifdef IP_OPTIONS 256 char rspace[MAX_IPOPTLEN]; /* record route space */ 257 #endif 258 unsigned char loop, mttl; 259 260 payload = source = NULL; 261 #ifdef IPSEC_POLICY_IPSEC 262 policy_in = policy_out = NULL; 263 #endif 264 cap_rights_t rights; 265 266 options |= F_NUMERIC; 267 268 /* 269 * Do the stuff that we need root priv's for *first*, and 270 * then drop our setuid bit. Save error reporting for 271 * after arg parsing. 272 * 273 * Historicaly ping was using one socket 's' for sending and for 274 * receiving. After capsicum(4) related changes we use two 275 * sockets. It was done for special ping use case - when user 276 * issue ping on multicast or broadcast address replies come 277 * from different addresses, not from the address we 278 * connect(2)'ed to, and send socket do not receive those 279 * packets. 280 */ 281 ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 282 ssend_errno = errno; 283 srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 284 srecv_errno = errno; 285 286 if (setuid(getuid()) != 0) 287 err(EX_NOPERM, "setuid() failed"); 288 uid = getuid(); 289 290 if (ssend < 0) { 291 errno = ssend_errno; 292 err(EX_OSERR, "ssend socket"); 293 } 294 295 if (srecv < 0) { 296 errno = srecv_errno; 297 err(EX_OSERR, "srecv socket"); 298 } 299 300 alarmtimeout = df = preload = tos = pcp = 0; 301 302 outpack = outpackhdr + sizeof(struct ip); 303 while ((ch = getopt(argc, argv, 304 "AaC:c:DdfG:g:Hh:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:" 305 #ifdef IPSEC 306 #ifdef IPSEC_POLICY_IPSEC 307 "P:" 308 #endif /*IPSEC_POLICY_IPSEC*/ 309 #endif /*IPSEC*/ 310 )) != -1) 311 { 312 switch(ch) { 313 case 'A': 314 options |= F_MISSED; 315 break; 316 case 'a': 317 options |= F_AUDIBLE; 318 break; 319 case 'C': 320 options |= F_IP_VLAN_PCP; 321 ltmp = strtonum(optarg, -1, 7, &errstr); 322 if (errstr != NULL) 323 errx(EX_USAGE, "invalid PCP: `%s'", optarg); 324 pcp = ltmp; 325 break; 326 case 'c': 327 ltmp = strtonum(optarg, 1, LONG_MAX, &errstr); 328 if (errstr != NULL) 329 errx(EX_USAGE, 330 "invalid count of packets to transmit: `%s'", 331 optarg); 332 npackets = (long)ltmp; 333 break; 334 case 'D': 335 options |= F_HDRINCL; 336 df = 1; 337 break; 338 case 'd': 339 options |= F_SO_DEBUG; 340 break; 341 case 'f': 342 if (uid) { 343 errno = EPERM; 344 err(EX_NOPERM, "-f flag"); 345 } 346 options |= F_FLOOD; 347 setbuf(stdout, (char *)NULL); 348 break; 349 case 'G': /* Maximum packet size for ping sweep */ 350 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 351 if (errstr != NULL) { 352 errx(EX_USAGE, "invalid packet size: `%s'", 353 optarg); 354 } 355 sweepmax = (int)ltmp; 356 if (uid != 0 && sweepmax > DEFDATALEN) { 357 errc(EX_NOPERM, EPERM, 358 "packet size too large: %d > %u", 359 sweepmax, DEFDATALEN); 360 } 361 options |= F_SWEEP; 362 break; 363 case 'g': /* Minimum packet size for ping sweep */ 364 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 365 if (errstr != NULL) { 366 errx(EX_USAGE, "invalid packet size: `%s'", 367 optarg); 368 } 369 sweepmin = (int)ltmp; 370 if (uid != 0 && sweepmin > DEFDATALEN) { 371 errc(EX_NOPERM, EPERM, 372 "packet size too large: %d > %u", 373 sweepmin, DEFDATALEN); 374 } 375 options |= F_SWEEP; 376 break; 377 case 'H': 378 options &= ~F_NUMERIC; 379 break; 380 case 'h': /* Packet size increment for ping sweep */ 381 ltmp = strtonum(optarg, 1, INT_MAX, &errstr); 382 if (errstr != NULL) { 383 errx(EX_USAGE, "invalid packet size: `%s'", 384 optarg); 385 } 386 sweepincr = (int)ltmp; 387 if (uid != 0 && sweepincr > DEFDATALEN) { 388 errc(EX_NOPERM, EPERM, 389 "packet size too large: %d > %u", 390 sweepincr, DEFDATALEN); 391 } 392 options |= F_SWEEP; 393 break; 394 case 'I': /* multicast interface */ 395 if (inet_aton(optarg, &ifaddr) == 0) 396 errx(EX_USAGE, 397 "invalid multicast interface: `%s'", 398 optarg); 399 options |= F_MIF; 400 break; 401 case 'i': /* wait between sending packets */ 402 t = strtod(optarg, &ep) * 1000.0; 403 if (*ep || ep == optarg || t > (double)INT_MAX) 404 errx(EX_USAGE, "invalid timing interval: `%s'", 405 optarg); 406 options |= F_INTERVAL; 407 interval = (int)t; 408 if (uid && interval < 1000) { 409 errno = EPERM; 410 err(EX_NOPERM, "-i interval too short"); 411 } 412 break; 413 case 'L': 414 options |= F_NOLOOP; 415 loop = 0; 416 break; 417 case 'l': 418 ltmp = strtonum(optarg, 0, INT_MAX, &errstr); 419 if (errstr != NULL) 420 errx(EX_USAGE, 421 "invalid preload value: `%s'", optarg); 422 if (uid) { 423 errno = EPERM; 424 err(EX_NOPERM, "-l flag"); 425 } 426 preload = (int)ltmp; 427 break; 428 case 'M': 429 switch(optarg[0]) { 430 case 'M': 431 case 'm': 432 options |= F_MASK; 433 break; 434 case 'T': 435 case 't': 436 options |= F_TIME; 437 break; 438 default: 439 errx(EX_USAGE, "invalid message: `%c'", optarg[0]); 440 break; 441 } 442 break; 443 case 'm': /* TTL */ 444 ltmp = strtonum(optarg, 0, MAXTTL, &errstr); 445 if (errstr != NULL) 446 errx(EX_USAGE, "invalid TTL: `%s'", optarg); 447 ttl = (int)ltmp; 448 options |= F_TTL; 449 break; 450 case 'n': 451 options |= F_NUMERIC; 452 break; 453 case 'o': 454 options |= F_ONCE; 455 break; 456 #ifdef IPSEC 457 #ifdef IPSEC_POLICY_IPSEC 458 case 'P': 459 options |= F_POLICY; 460 if (!strncmp("in", optarg, 2)) 461 policy_in = strdup(optarg); 462 else if (!strncmp("out", optarg, 3)) 463 policy_out = strdup(optarg); 464 else 465 errx(1, "invalid security policy"); 466 break; 467 #endif /*IPSEC_POLICY_IPSEC*/ 468 #endif /*IPSEC*/ 469 case 'p': /* fill buffer with user pattern */ 470 options |= F_PINGFILLED; 471 payload = optarg; 472 break; 473 case 'Q': 474 options |= F_QUIET2; 475 break; 476 case 'q': 477 options |= F_QUIET; 478 break; 479 case 'R': 480 options |= F_RROUTE; 481 break; 482 case 'r': 483 options |= F_SO_DONTROUTE; 484 break; 485 case 'S': 486 source = optarg; 487 break; 488 case 's': /* size of packet to send */ 489 ltmp = strtonum(optarg, 0, INT_MAX, &errstr); 490 if (errstr != NULL) 491 errx(EX_USAGE, "invalid packet size: `%s'", 492 optarg); 493 datalen = (int)ltmp; 494 if (uid != 0 && datalen > DEFDATALEN) { 495 errno = EPERM; 496 err(EX_NOPERM, 497 "packet size too large: %d > %u", 498 datalen, DEFDATALEN); 499 } 500 break; 501 case 'T': /* multicast TTL */ 502 ltmp = strtonum(optarg, 0, MAXTTL, &errstr); 503 if (errstr != NULL) 504 errx(EX_USAGE, "invalid multicast TTL: `%s'", 505 optarg); 506 mttl = (unsigned char)ltmp; 507 options |= F_MTTL; 508 break; 509 case 't': 510 alarmtimeout = strtoul(optarg, &ep, 0); 511 if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX)) 512 errx(EX_USAGE, "invalid timeout: `%s'", 513 optarg); 514 if (alarmtimeout > MAXALARM) 515 errx(EX_USAGE, "invalid timeout: `%s' > %d", 516 optarg, MAXALARM); 517 { 518 struct itimerval itv; 519 520 timerclear(&itv.it_interval); 521 timerclear(&itv.it_value); 522 itv.it_value.tv_sec = (time_t)alarmtimeout; 523 if (setitimer(ITIMER_REAL, &itv, NULL) != 0) 524 err(1, "setitimer"); 525 } 526 break; 527 case 'v': 528 options |= F_VERBOSE; 529 break; 530 case 'W': /* wait ms for answer */ 531 t = strtod(optarg, &ep); 532 if (*ep || ep == optarg || t > (double)INT_MAX) 533 errx(EX_USAGE, "invalid timing interval: `%s'", 534 optarg); 535 options |= F_WAITTIME; 536 waittime = (int)t; 537 break; 538 case 'z': 539 options |= F_HDRINCL; 540 ltmp = strtol(optarg, &ep, 0); 541 if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0) 542 errx(EX_USAGE, "invalid TOS: `%s'", optarg); 543 tos = ltmp; 544 break; 545 default: 546 usage(); 547 } 548 } 549 550 if (argc - optind != 1) 551 usage(); 552 target = argv[optind]; 553 554 switch (options & (F_MASK|F_TIME)) { 555 case 0: break; 556 case F_MASK: 557 icmp_type = ICMP_MASKREQ; 558 icmp_type_rsp = ICMP_MASKREPLY; 559 phdr_len = MASK_LEN; 560 if (!(options & F_QUIET)) 561 (void)printf("ICMP_MASKREQ\n"); 562 break; 563 case F_TIME: 564 icmp_type = ICMP_TSTAMP; 565 icmp_type_rsp = ICMP_TSTAMPREPLY; 566 phdr_len = TS_LEN; 567 if (!(options & F_QUIET)) 568 (void)printf("ICMP_TSTAMP\n"); 569 break; 570 default: 571 errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive."); 572 break; 573 } 574 icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len; 575 if (options & F_RROUTE) 576 icmp_len += MAX_IPOPTLEN; 577 maxpayload = IP_MAXPACKET - icmp_len; 578 if (datalen > maxpayload) 579 errx(EX_USAGE, "packet size too large: %d > %d", datalen, 580 maxpayload); 581 send_len = icmp_len + datalen; 582 datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN]; 583 if (options & F_PINGFILLED) { 584 fill((char *)datap, payload); 585 } 586 capdns = capdns_setup(); 587 if (source) { 588 bzero((char *)&sock_in, sizeof(sock_in)); 589 sock_in.sin_family = AF_INET; 590 if (inet_aton(source, &sock_in.sin_addr) != 0) { 591 shostname = source; 592 } else { 593 hp = cap_gethostbyname2(capdns, source, AF_INET); 594 if (!hp) 595 errx(EX_NOHOST, "cannot resolve %s: %s", 596 source, hstrerror(h_errno)); 597 598 sock_in.sin_len = sizeof sock_in; 599 if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) || 600 hp->h_length < 0) 601 errx(1, "gethostbyname2: illegal address"); 602 memcpy(&sock_in.sin_addr, hp->h_addr_list[0], 603 sizeof(sock_in.sin_addr)); 604 (void)strncpy(snamebuf, hp->h_name, 605 sizeof(snamebuf) - 1); 606 snamebuf[sizeof(snamebuf) - 1] = '\0'; 607 shostname = snamebuf; 608 } 609 if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == 610 -1) 611 err(1, "bind"); 612 } 613 614 bzero(&whereto, sizeof(whereto)); 615 to = &whereto; 616 to->sin_family = AF_INET; 617 to->sin_len = sizeof *to; 618 if (inet_aton(target, &to->sin_addr) != 0) { 619 hostname = target; 620 } else { 621 hp = cap_gethostbyname2(capdns, target, AF_INET); 622 if (!hp) 623 errx(EX_NOHOST, "cannot resolve %s: %s", 624 target, hstrerror(h_errno)); 625 626 if ((unsigned)hp->h_length > sizeof(to->sin_addr)) 627 errx(1, "gethostbyname2 returned an illegal address"); 628 memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr); 629 (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); 630 hnamebuf[sizeof(hnamebuf) - 1] = '\0'; 631 hostname = hnamebuf; 632 } 633 634 /* From now on we will use only reverse DNS lookups. */ 635 #ifdef WITH_CASPER 636 if (capdns != NULL) { 637 const char *types[1]; 638 639 types[0] = "ADDR2NAME"; 640 if (cap_dns_type_limit(capdns, types, 1) < 0) 641 err(1, "unable to limit access to system.dns service"); 642 } 643 #endif 644 if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) 645 err(1, "connect"); 646 647 if (options & F_FLOOD && options & F_INTERVAL) 648 errx(EX_USAGE, "-f and -i: incompatible options"); 649 650 if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 651 errx(EX_USAGE, 652 "-f flag cannot be used with multicast destination"); 653 if (options & (F_MIF | F_NOLOOP | F_MTTL) 654 && !IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 655 errx(EX_USAGE, 656 "-I, -L, -T flags cannot be used with unicast destination"); 657 658 if (datalen >= TIMEVAL_LEN) /* can we time transfer */ 659 timing = 1; 660 661 if ((options & (F_PINGFILLED | F_SWEEP)) == 0) 662 for (i = TIMEVAL_LEN; i < datalen; ++i) 663 *datap++ = i; 664 665 ident = getpid() & 0xFFFF; 666 667 hold = 1; 668 if (options & F_SO_DEBUG) { 669 (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, 670 sizeof(hold)); 671 (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, 672 sizeof(hold)); 673 } 674 if (options & F_SO_DONTROUTE) 675 (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, 676 sizeof(hold)); 677 if (options & F_IP_VLAN_PCP) { 678 (void)setsockopt(ssend, IPPROTO_IP, IP_VLAN_PCP, (char *)&pcp, 679 sizeof(pcp)); 680 } 681 #ifdef IPSEC 682 #ifdef IPSEC_POLICY_IPSEC 683 if (options & F_POLICY) { 684 char *buf; 685 if (policy_in != NULL) { 686 buf = ipsec_set_policy(policy_in, strlen(policy_in)); 687 if (buf == NULL) 688 errx(EX_CONFIG, "%s", ipsec_strerror()); 689 if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, 690 buf, ipsec_get_policylen(buf)) < 0) 691 err(EX_CONFIG, 692 "ipsec policy cannot be configured"); 693 free(buf); 694 } 695 696 if (policy_out != NULL) { 697 buf = ipsec_set_policy(policy_out, strlen(policy_out)); 698 if (buf == NULL) 699 errx(EX_CONFIG, "%s", ipsec_strerror()); 700 if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, 701 buf, ipsec_get_policylen(buf)) < 0) 702 err(EX_CONFIG, 703 "ipsec policy cannot be configured"); 704 free(buf); 705 } 706 } 707 #endif /*IPSEC_POLICY_IPSEC*/ 708 #endif /*IPSEC*/ 709 710 if (options & F_HDRINCL) { 711 struct ip ip; 712 713 memcpy(&ip, outpackhdr, sizeof(ip)); 714 if (!(options & (F_TTL | F_MTTL))) { 715 mib[0] = CTL_NET; 716 mib[1] = PF_INET; 717 mib[2] = IPPROTO_IP; 718 mib[3] = IPCTL_DEFTTL; 719 sz = sizeof(ttl); 720 if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) 721 err(1, "sysctl(net.inet.ip.ttl)"); 722 } 723 setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); 724 ip.ip_v = IPVERSION; 725 ip.ip_hl = sizeof(struct ip) >> 2; 726 ip.ip_tos = tos; 727 ip.ip_id = 0; 728 ip.ip_off = htons(df ? IP_DF : 0); 729 ip.ip_ttl = ttl; 730 ip.ip_p = IPPROTO_ICMP; 731 ip.ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; 732 ip.ip_dst = to->sin_addr; 733 memcpy(outpackhdr, &ip, sizeof(ip)); 734 } 735 736 /* 737 * Here we enter capability mode. Further down access to global 738 * namespaces (e.g filesystem) is restricted (see capsicum(4)). 739 * We must connect(2) our socket before this point. 740 */ 741 caph_cache_catpages(); 742 if (caph_enter_casper() < 0) 743 err(1, "caph_enter_casper"); 744 745 cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); 746 if (caph_rights_limit(srecv, &rights) < 0) 747 err(1, "cap_rights_limit srecv"); 748 cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); 749 if (caph_rights_limit(ssend, &rights) < 0) 750 err(1, "cap_rights_limit ssend"); 751 752 /* record route option */ 753 if (options & F_RROUTE) { 754 #ifdef IP_OPTIONS 755 bzero(rspace, sizeof(rspace)); 756 rspace[IPOPT_OPTVAL] = IPOPT_RR; 757 rspace[IPOPT_OLEN] = sizeof(rspace) - 1; 758 rspace[IPOPT_OFFSET] = IPOPT_MINOFF; 759 rspace[sizeof(rspace) - 1] = IPOPT_EOL; 760 if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, 761 sizeof(rspace)) < 0) 762 err(EX_OSERR, "setsockopt IP_OPTIONS"); 763 #else 764 errx(EX_UNAVAILABLE, 765 "record route not available in this implementation"); 766 #endif /* IP_OPTIONS */ 767 } 768 769 if (options & F_TTL) { 770 if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, 771 sizeof(ttl)) < 0) { 772 err(EX_OSERR, "setsockopt IP_TTL"); 773 } 774 } 775 if (options & F_NOLOOP) { 776 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, 777 sizeof(loop)) < 0) { 778 err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); 779 } 780 } 781 if (options & F_MTTL) { 782 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, 783 sizeof(mttl)) < 0) { 784 err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); 785 } 786 } 787 if (options & F_MIF) { 788 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, 789 sizeof(ifaddr)) < 0) { 790 err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); 791 } 792 } 793 #ifdef SO_TIMESTAMP 794 { 795 int on = 1; 796 int ts_clock = SO_TS_MONOTONIC; 797 if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, 798 sizeof(on)) < 0) 799 err(EX_OSERR, "setsockopt SO_TIMESTAMP"); 800 if (setsockopt(srecv, SOL_SOCKET, SO_TS_CLOCK, &ts_clock, 801 sizeof(ts_clock)) < 0) 802 err(EX_OSERR, "setsockopt SO_TS_CLOCK"); 803 } 804 #endif 805 if (sweepmax) { 806 if (sweepmin > sweepmax) 807 errx(EX_USAGE, 808 "Maximum packet size must be no less than the minimum packet size"); 809 810 if (sweepmax > maxpayload - TIMEVAL_LEN) 811 errx(EX_USAGE, "Invalid sweep maximum"); 812 813 if (datalen != DEFDATALEN) 814 errx(EX_USAGE, 815 "Packet size and ping sweep are mutually exclusive"); 816 817 if (npackets > 0) { 818 snpackets = npackets; 819 npackets = 0; 820 } else 821 snpackets = 1; 822 datalen = sweepmin; 823 send_len = icmp_len + sweepmin; 824 } 825 if (options & F_SWEEP && !sweepmax) 826 errx(EX_USAGE, "Maximum sweep size must be specified"); 827 828 /* 829 * When pinging the broadcast address, you can get a lot of answers. 830 * Doing something so evil is useful if you are trying to stress the 831 * ethernet, or just want to fill the arp cache to get some stuff for 832 * /etc/ethers. But beware: RFC 1122 allows hosts to ignore broadcast 833 * or multicast pings if they wish. 834 */ 835 836 /* 837 * XXX receive buffer needs undetermined space for mbuf overhead 838 * as well. 839 */ 840 hold = IP_MAXPACKET + 128; 841 (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, 842 sizeof(hold)); 843 /* CAP_SETSOCKOPT removed */ 844 cap_rights_init(&rights, CAP_RECV, CAP_EVENT); 845 if (caph_rights_limit(srecv, &rights) < 0) 846 err(1, "cap_rights_limit srecv setsockopt"); 847 if (uid == 0) 848 (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, 849 sizeof(hold)); 850 /* CAP_SETSOCKOPT removed */ 851 cap_rights_init(&rights, CAP_SEND); 852 if (caph_rights_limit(ssend, &rights) < 0) 853 err(1, "cap_rights_limit ssend setsockopt"); 854 855 if (to->sin_family == AF_INET) { 856 (void)printf("PING %s (%s)", hostname, 857 inet_ntoa(to->sin_addr)); 858 if (source) 859 (void)printf(" from %s", shostname); 860 if (sweepmax) 861 (void)printf(": (%d ... %d) data bytes\n", 862 sweepmin, sweepmax); 863 else 864 (void)printf(": %d data bytes\n", datalen); 865 866 } else { 867 if (sweepmax) 868 (void)printf("PING %s: (%d ... %d) data bytes\n", 869 hostname, sweepmin, sweepmax); 870 else 871 (void)printf("PING %s: %d data bytes\n", hostname, datalen); 872 } 873 874 /* 875 * Use sigaction() instead of signal() to get unambiguous semantics, 876 * in particular with SA_RESTART not set. 877 */ 878 879 sigemptyset(&si_sa.sa_mask); 880 si_sa.sa_flags = 0; 881 882 si_sa.sa_handler = stopit; 883 if (sigaction(SIGINT, &si_sa, 0) == -1) { 884 err(EX_OSERR, "sigaction SIGINT"); 885 } 886 887 si_sa.sa_handler = status; 888 if (sigaction(SIGINFO, &si_sa, 0) == -1) { 889 err(EX_OSERR, "sigaction"); 890 } 891 892 if (alarmtimeout > 0) { 893 si_sa.sa_handler = stopit; 894 if (sigaction(SIGALRM, &si_sa, 0) == -1) 895 err(EX_OSERR, "sigaction SIGALRM"); 896 } 897 898 bzero(&msg, sizeof(msg)); 899 msg.msg_name = (caddr_t)&from; 900 msg.msg_iov = &iov; 901 msg.msg_iovlen = 1; 902 #ifdef SO_TIMESTAMP 903 msg.msg_control = (caddr_t)ctrl; 904 msg.msg_controllen = sizeof(ctrl); 905 #endif 906 iov.iov_base = packet; 907 iov.iov_len = IP_MAXPACKET; 908 909 if (preload == 0) 910 pinger(); /* send the first ping */ 911 else { 912 if (npackets != 0 && preload > npackets) 913 preload = npackets; 914 while (preload--) /* fire off them quickies */ 915 pinger(); 916 } 917 (void)clock_gettime(CLOCK_MONOTONIC, &last); 918 919 if (options & F_FLOOD) { 920 intvl.tv_sec = 0; 921 intvl.tv_nsec = 10000000; 922 } else { 923 intvl.tv_sec = interval / 1000; 924 intvl.tv_nsec = interval % 1000 * 1000000; 925 } 926 927 almost_done = 0; 928 while (!finish_up) { 929 struct timespec now, timeout; 930 fd_set rfds; 931 int n; 932 ssize_t cc; 933 934 check_status(); 935 if ((unsigned)srecv >= FD_SETSIZE) 936 errx(EX_OSERR, "descriptor too large"); 937 FD_ZERO(&rfds); 938 FD_SET(srecv, &rfds); 939 (void)clock_gettime(CLOCK_MONOTONIC, &now); 940 timespecadd(&last, &intvl, &timeout); 941 timespecsub(&timeout, &now, &timeout); 942 if (timeout.tv_sec < 0) 943 timespecclear(&timeout); 944 n = pselect(srecv + 1, &rfds, NULL, NULL, &timeout, NULL); 945 if (n < 0) 946 continue; /* Must be EINTR. */ 947 if (n == 1) { 948 struct timespec *tv = NULL; 949 #ifdef SO_TIMESTAMP 950 struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg); 951 #endif 952 msg.msg_namelen = sizeof(from); 953 if ((cc = recvmsg(srecv, &msg, 0)) < 0) { 954 if (errno == EINTR) 955 continue; 956 warn("recvmsg"); 957 continue; 958 } 959 #ifdef SO_TIMESTAMP 960 if (cmsg != NULL && 961 cmsg->cmsg_level == SOL_SOCKET && 962 cmsg->cmsg_type == SCM_TIMESTAMP && 963 cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) { 964 /* Copy to avoid alignment problems: */ 965 memcpy(&now, CMSG_DATA(cmsg), sizeof(now)); 966 tv = &now; 967 } 968 #endif 969 if (tv == NULL) { 970 (void)clock_gettime(CLOCK_MONOTONIC, &now); 971 tv = &now; 972 } 973 pr_pack((char *)packet, cc, &from, tv); 974 if ((options & F_ONCE && nreceived) || 975 (npackets && nreceived >= npackets)) 976 break; 977 } 978 if (n == 0 || options & F_FLOOD) { 979 if (sweepmax && sntransmitted == snpackets) { 980 if (datalen + sweepincr > sweepmax) 981 break; 982 for (i = 0; i < sweepincr; i++) 983 *datap++ = i; 984 datalen += sweepincr; 985 send_len = icmp_len + datalen; 986 sntransmitted = 0; 987 } 988 if (!npackets || ntransmitted < npackets) 989 pinger(); 990 else { 991 if (almost_done) 992 break; 993 almost_done = 1; 994 intvl.tv_nsec = 0; 995 if (nreceived) { 996 intvl.tv_sec = 2 * tmax / 1000; 997 if (!intvl.tv_sec) 998 intvl.tv_sec = 1; 999 } else { 1000 intvl.tv_sec = waittime / 1000; 1001 intvl.tv_nsec = waittime % 1000 * 1000000; 1002 } 1003 } 1004 (void)clock_gettime(CLOCK_MONOTONIC, &last); 1005 if (ntransmitted - nreceived - 1 > nmissedmax) { 1006 nmissedmax = ntransmitted - nreceived - 1; 1007 if (options & F_MISSED) 1008 (void)write(STDOUT_FILENO, &BBELL, 1); 1009 } 1010 } 1011 } 1012 finish(); 1013 /* NOTREACHED */ 1014 exit(0); /* Make the compiler happy */ 1015 } 1016 1017 /* 1018 * stopit -- 1019 * Set the global bit that causes the main loop to quit. 1020 * Do NOT call finish() from here, since finish() does far too much 1021 * to be called from a signal handler. 1022 */ 1023 void 1024 stopit(int sig __unused) 1025 { 1026 1027 /* 1028 * When doing reverse DNS lookups, the finish_up flag might not 1029 * be noticed for a while. Just exit if we get a second SIGINT. 1030 */ 1031 if (!(options & F_NUMERIC) && finish_up) 1032 _exit(nreceived ? 0 : 2); 1033 finish_up = 1; 1034 } 1035 1036 /* 1037 * pinger -- 1038 * Compose and transmit an ICMP ECHO REQUEST packet. The IP packet 1039 * will be added on by the kernel. The ID field is our UNIX process ID, 1040 * and the sequence number is an ascending integer. The first TIMEVAL_LEN 1041 * bytes of the data portion are used to hold a UNIX "timespec" struct in 1042 * host byte-order, to compute the round-trip time. 1043 */ 1044 static void 1045 pinger(void) 1046 { 1047 struct timespec now; 1048 struct tv32 tv32; 1049 struct icmp icp; 1050 int cc, i; 1051 u_char *packet; 1052 1053 packet = outpack; 1054 memcpy(&icp, outpack, ICMP_MINLEN + phdr_len); 1055 icp.icmp_type = icmp_type; 1056 icp.icmp_code = 0; 1057 icp.icmp_cksum = 0; 1058 icp.icmp_seq = htons(ntransmitted); 1059 icp.icmp_id = ident; /* ID */ 1060 1061 CLR(ntransmitted % mx_dup_ck); 1062 1063 if ((options & F_TIME) || timing) { 1064 (void)clock_gettime(CLOCK_MONOTONIC, &now); 1065 /* 1066 * Truncate seconds down to 32 bits in order 1067 * to fit the timestamp within 8 bytes of the 1068 * packet. We're only concerned with 1069 * durations, not absolute times. 1070 */ 1071 tv32.tv32_sec = (uint32_t)htonl(now.tv_sec); 1072 tv32.tv32_nsec = (uint32_t)htonl(now.tv_nsec); 1073 if (options & F_TIME) 1074 icp.icmp_otime = htonl((now.tv_sec % (24*60*60)) 1075 * 1000 + now.tv_nsec / 1000000); 1076 if (timing) 1077 bcopy((void *)&tv32, 1078 (void *)&outpack[ICMP_MINLEN + phdr_len], 1079 sizeof(tv32)); 1080 } 1081 1082 memcpy(outpack, &icp, ICMP_MINLEN + phdr_len); 1083 1084 cc = ICMP_MINLEN + phdr_len + datalen; 1085 1086 /* compute ICMP checksum here */ 1087 icp.icmp_cksum = in_cksum(outpack, cc); 1088 /* Update icmp_cksum in the raw packet data buffer. */ 1089 memcpy(outpack + offsetof(struct icmp, icmp_cksum), &icp.icmp_cksum, 1090 sizeof(icp.icmp_cksum)); 1091 1092 if (options & F_HDRINCL) { 1093 struct ip ip; 1094 1095 cc += sizeof(struct ip); 1096 ip.ip_len = htons(cc); 1097 /* Update ip_len in the raw packet data buffer. */ 1098 memcpy(outpackhdr + offsetof(struct ip, ip_len), &ip.ip_len, 1099 sizeof(ip.ip_len)); 1100 ip.ip_sum = in_cksum(outpackhdr, cc); 1101 /* Update ip_sum in the raw packet data buffer. */ 1102 memcpy(outpackhdr + offsetof(struct ip, ip_sum), &ip.ip_sum, 1103 sizeof(ip.ip_sum)); 1104 packet = outpackhdr; 1105 } 1106 i = send(ssend, (char *)packet, cc, 0); 1107 if (i < 0 || i != cc) { 1108 if (i < 0) { 1109 if (options & F_FLOOD && errno == ENOBUFS) { 1110 usleep(FLOOD_BACKOFF); 1111 return; 1112 } 1113 warn("sendto"); 1114 } else { 1115 warn("%s: partial write: %d of %d bytes", 1116 hostname, i, cc); 1117 } 1118 } 1119 ntransmitted++; 1120 sntransmitted++; 1121 if (!(options & F_QUIET) && options & F_FLOOD) 1122 (void)write(STDOUT_FILENO, &DOT, 1); 1123 } 1124 1125 /* 1126 * pr_pack -- 1127 * Print out the packet, if it came from us. This logic is necessary 1128 * because ALL readers of the ICMP socket get a copy of ALL ICMP packets 1129 * which arrive ('tis only fair). This permits multiple copies of this 1130 * program to be run without having intermingled output (or statistics!). 1131 */ 1132 static void 1133 pr_pack(char *buf, ssize_t cc, struct sockaddr_in *from, struct timespec *tv) 1134 { 1135 struct in_addr ina; 1136 u_char *cp, *dp, l; 1137 struct icmp icp; 1138 struct ip ip; 1139 const u_char *icmp_data_raw; 1140 double triptime; 1141 int dupflag, hlen, i, j, recv_len; 1142 uint16_t seq; 1143 static int old_rrlen; 1144 static char old_rr[MAX_IPOPTLEN]; 1145 struct ip oip; 1146 u_char oip_header_len; 1147 struct icmp oicmp; 1148 const u_char *oicmp_raw; 1149 1150 /* 1151 * Get size of IP header of the received packet. The 1152 * information is contained in the lower four bits of the 1153 * first byte. 1154 */ 1155 memcpy(&l, buf, sizeof(l)); 1156 hlen = (l & 0x0f) << 2; 1157 memcpy(&ip, buf, hlen); 1158 1159 /* Check the IP header */ 1160 recv_len = cc; 1161 if (cc < hlen + ICMP_MINLEN) { 1162 if (options & F_VERBOSE) 1163 warn("packet too short (%zd bytes) from %s", cc, 1164 inet_ntoa(from->sin_addr)); 1165 return; 1166 } 1167 1168 #ifndef icmp_data 1169 icmp_data_raw = buf + hlen + offsetof(struct icmp, icmp_ip); 1170 #else 1171 icmp_data_raw = buf + hlen + offsetof(struct icmp, icmp_data); 1172 #endif 1173 1174 /* Now the ICMP part */ 1175 cc -= hlen; 1176 memcpy(&icp, buf + hlen, MIN((ssize_t)sizeof(icp), cc)); 1177 if (icp.icmp_type == icmp_type_rsp) { 1178 if (icp.icmp_id != ident) 1179 return; /* 'Twas not our ECHO */ 1180 ++nreceived; 1181 triptime = 0.0; 1182 if (timing) { 1183 struct timespec tv1; 1184 struct tv32 tv32; 1185 const u_char *tp; 1186 1187 tp = icmp_data_raw + phdr_len; 1188 1189 if ((size_t)(cc - ICMP_MINLEN - phdr_len) >= 1190 sizeof(tv1)) { 1191 /* Copy to avoid alignment problems: */ 1192 memcpy(&tv32, tp, sizeof(tv32)); 1193 tv1.tv_sec = ntohl(tv32.tv32_sec); 1194 tv1.tv_nsec = ntohl(tv32.tv32_nsec); 1195 timespecsub(tv, &tv1, tv); 1196 triptime = ((double)tv->tv_sec) * 1000.0 + 1197 ((double)tv->tv_nsec) / 1000000.0; 1198 tsum += triptime; 1199 tsumsq += triptime * triptime; 1200 if (triptime < tmin) 1201 tmin = triptime; 1202 if (triptime > tmax) 1203 tmax = triptime; 1204 } else 1205 timing = 0; 1206 } 1207 1208 seq = ntohs(icp.icmp_seq); 1209 1210 if (TST(seq % mx_dup_ck)) { 1211 ++nrepeats; 1212 --nreceived; 1213 dupflag = 1; 1214 } else { 1215 SET(seq % mx_dup_ck); 1216 dupflag = 0; 1217 } 1218 1219 if (options & F_QUIET) 1220 return; 1221 1222 if (options & F_WAITTIME && triptime > waittime) { 1223 ++nrcvtimeout; 1224 return; 1225 } 1226 1227 if (options & F_FLOOD) 1228 (void)write(STDOUT_FILENO, &BSPACE, 1); 1229 else { 1230 (void)printf("%zd bytes from %s: icmp_seq=%u", cc, 1231 pr_addr(from->sin_addr), seq); 1232 (void)printf(" ttl=%d", ip.ip_ttl); 1233 if (timing) 1234 (void)printf(" time=%.3f ms", triptime); 1235 if (dupflag) 1236 (void)printf(" (DUP!)"); 1237 if (options & F_AUDIBLE) 1238 (void)write(STDOUT_FILENO, &BBELL, 1); 1239 if (options & F_MASK) { 1240 /* Just prentend this cast isn't ugly */ 1241 (void)printf(" mask=%s", 1242 inet_ntoa(*(struct in_addr *)&(icp.icmp_mask))); 1243 } 1244 if (options & F_TIME) { 1245 (void)printf(" tso=%s", pr_ntime(icp.icmp_otime)); 1246 (void)printf(" tsr=%s", pr_ntime(icp.icmp_rtime)); 1247 (void)printf(" tst=%s", pr_ntime(icp.icmp_ttime)); 1248 } 1249 if (recv_len != send_len) { 1250 (void)printf( 1251 "\nwrong total length %d instead of %d", 1252 recv_len, send_len); 1253 } 1254 /* check the data */ 1255 cp = (u_char*)(buf + hlen + offsetof(struct icmp, 1256 icmp_data) + phdr_len); 1257 dp = &outpack[ICMP_MINLEN + phdr_len]; 1258 cc -= ICMP_MINLEN + phdr_len; 1259 i = 0; 1260 if (timing) { /* don't check variable timestamp */ 1261 cp += TIMEVAL_LEN; 1262 dp += TIMEVAL_LEN; 1263 cc -= TIMEVAL_LEN; 1264 i += TIMEVAL_LEN; 1265 } 1266 for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) { 1267 if (*cp != *dp) { 1268 (void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x", 1269 i, *dp, *cp); 1270 (void)printf("\ncp:"); 1271 cp = (u_char*)(buf + hlen + 1272 offsetof(struct icmp, icmp_data)); 1273 for (i = 0; i < datalen; ++i, ++cp) { 1274 if ((i % 16) == 8) 1275 (void)printf("\n\t"); 1276 (void)printf("%2x ", *cp); 1277 } 1278 (void)printf("\ndp:"); 1279 cp = &outpack[ICMP_MINLEN]; 1280 for (i = 0; i < datalen; ++i, ++cp) { 1281 if ((i % 16) == 8) 1282 (void)printf("\n\t"); 1283 (void)printf("%2x ", *cp); 1284 } 1285 break; 1286 } 1287 } 1288 } 1289 } else { 1290 /* 1291 * We've got something other than an ECHOREPLY. 1292 * See if it's a reply to something that we sent. 1293 * We can compare IP destination, protocol, 1294 * and ICMP type and ID. 1295 * 1296 * Only print all the error messages if we are running 1297 * as root to avoid leaking information not normally 1298 * available to those not running as root. 1299 */ 1300 memcpy(&oip_header_len, icmp_data_raw, sizeof(oip_header_len)); 1301 oip_header_len = (oip_header_len & 0x0f) << 2; 1302 memcpy(&oip, icmp_data_raw, oip_header_len); 1303 oicmp_raw = icmp_data_raw + oip_header_len; 1304 memcpy(&oicmp, oicmp_raw, offsetof(struct icmp, icmp_id) + 1305 sizeof(oicmp.icmp_id)); 1306 1307 if (((options & F_VERBOSE) && uid == 0) || 1308 (!(options & F_QUIET2) && 1309 (oip.ip_dst.s_addr == whereto.sin_addr.s_addr) && 1310 (oip.ip_p == IPPROTO_ICMP) && 1311 (oicmp.icmp_type == ICMP_ECHO) && 1312 (oicmp.icmp_id == ident))) { 1313 (void)printf("%zd bytes from %s: ", cc, 1314 pr_addr(from->sin_addr)); 1315 pr_icmph(&icp, &oip, oicmp_raw); 1316 } else 1317 return; 1318 } 1319 1320 /* Display any IP options */ 1321 cp = (u_char *)buf + sizeof(struct ip); 1322 1323 for (; hlen > (int)sizeof(struct ip); --hlen, ++cp) 1324 switch (*cp) { 1325 case IPOPT_EOL: 1326 hlen = 0; 1327 break; 1328 case IPOPT_LSRR: 1329 case IPOPT_SSRR: 1330 (void)printf(*cp == IPOPT_LSRR ? 1331 "\nLSRR: " : "\nSSRR: "); 1332 j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1; 1333 hlen -= 2; 1334 cp += 2; 1335 if (j >= INADDR_LEN && 1336 j <= hlen - (int)sizeof(struct ip)) { 1337 for (;;) { 1338 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1339 if (ina.s_addr == 0) 1340 (void)printf("\t0.0.0.0"); 1341 else 1342 (void)printf("\t%s", 1343 pr_addr(ina)); 1344 hlen -= INADDR_LEN; 1345 cp += INADDR_LEN - 1; 1346 j -= INADDR_LEN; 1347 if (j < INADDR_LEN) 1348 break; 1349 (void)putchar('\n'); 1350 } 1351 } else 1352 (void)printf("\t(truncated route)\n"); 1353 break; 1354 case IPOPT_RR: 1355 j = cp[IPOPT_OLEN]; /* get length */ 1356 i = cp[IPOPT_OFFSET]; /* and pointer */ 1357 hlen -= 2; 1358 cp += 2; 1359 if (i > j) 1360 i = j; 1361 i = i - IPOPT_MINOFF + 1; 1362 if (i < 0 || i > (hlen - (int)sizeof(struct ip))) { 1363 old_rrlen = 0; 1364 continue; 1365 } 1366 if (i == old_rrlen 1367 && !bcmp((char *)cp, old_rr, i) 1368 && !(options & F_FLOOD)) { 1369 (void)printf("\t(same route)"); 1370 hlen -= i; 1371 cp += i; 1372 break; 1373 } 1374 old_rrlen = i; 1375 bcopy((char *)cp, old_rr, i); 1376 (void)printf("\nRR: "); 1377 if (i >= INADDR_LEN && 1378 i <= hlen - (int)sizeof(struct ip)) { 1379 for (;;) { 1380 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1381 if (ina.s_addr == 0) 1382 (void)printf("\t0.0.0.0"); 1383 else 1384 (void)printf("\t%s", 1385 pr_addr(ina)); 1386 hlen -= INADDR_LEN; 1387 cp += INADDR_LEN - 1; 1388 i -= INADDR_LEN; 1389 if (i < INADDR_LEN) 1390 break; 1391 (void)putchar('\n'); 1392 } 1393 } else 1394 (void)printf("\t(truncated route)"); 1395 break; 1396 case IPOPT_NOP: 1397 (void)printf("\nNOP"); 1398 break; 1399 default: 1400 (void)printf("\nunknown option %x", *cp); 1401 break; 1402 } 1403 if (!(options & F_FLOOD)) { 1404 (void)putchar('\n'); 1405 (void)fflush(stdout); 1406 } 1407 } 1408 1409 /* 1410 * status -- 1411 * Print out statistics when SIGINFO is received. 1412 */ 1413 1414 static void 1415 status(int sig __unused) 1416 { 1417 1418 siginfo_p = 1; 1419 } 1420 1421 static void 1422 check_status(void) 1423 { 1424 1425 if (siginfo_p) { 1426 siginfo_p = 0; 1427 (void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)", 1428 nreceived, ntransmitted, 1429 ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0); 1430 if (nreceived && timing) 1431 (void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max", 1432 tmin, tsum / (nreceived + nrepeats), tmax); 1433 (void)fprintf(stderr, "\n"); 1434 } 1435 } 1436 1437 /* 1438 * finish -- 1439 * Print out statistics, and give up. 1440 */ 1441 static void 1442 finish(void) 1443 { 1444 1445 (void)signal(SIGINT, SIG_IGN); 1446 (void)signal(SIGALRM, SIG_IGN); 1447 (void)putchar('\n'); 1448 (void)fflush(stdout); 1449 (void)printf("--- %s ping statistics ---\n", hostname); 1450 (void)printf("%ld packets transmitted, ", ntransmitted); 1451 (void)printf("%ld packets received, ", nreceived); 1452 if (nrepeats) 1453 (void)printf("+%ld duplicates, ", nrepeats); 1454 if (ntransmitted) { 1455 if (nreceived > ntransmitted) 1456 (void)printf("-- somebody's printing up packets!"); 1457 else 1458 (void)printf("%.1f%% packet loss", 1459 ((ntransmitted - nreceived) * 100.0) / 1460 ntransmitted); 1461 } 1462 if (nrcvtimeout) 1463 (void)printf(", %ld packets out of wait time", nrcvtimeout); 1464 (void)putchar('\n'); 1465 if (nreceived && timing) { 1466 double n = nreceived + nrepeats; 1467 double avg = tsum / n; 1468 double vari = tsumsq / n - avg * avg; 1469 (void)printf( 1470 "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n", 1471 tmin, avg, tmax, sqrt(vari)); 1472 } 1473 1474 if (nreceived) 1475 exit(0); 1476 else 1477 exit(2); 1478 } 1479 1480 #ifdef notdef 1481 static char *ttab[] = { 1482 "Echo Reply", /* ip + seq + udata */ 1483 "Dest Unreachable", /* net, host, proto, port, frag, sr + IP */ 1484 "Source Quench", /* IP */ 1485 "Redirect", /* redirect type, gateway, + IP */ 1486 "Echo", 1487 "Time Exceeded", /* transit, frag reassem + IP */ 1488 "Parameter Problem", /* pointer + IP */ 1489 "Timestamp", /* id + seq + three timestamps */ 1490 "Timestamp Reply", /* " */ 1491 "Info Request", /* id + sq */ 1492 "Info Reply" /* " */ 1493 }; 1494 #endif 1495 1496 /* 1497 * pr_icmph -- 1498 * Print a descriptive string about an ICMP header. 1499 */ 1500 static void 1501 pr_icmph(struct icmp *icp, struct ip *oip, const u_char *const oicmp_raw) 1502 { 1503 1504 switch(icp->icmp_type) { 1505 case ICMP_ECHOREPLY: 1506 (void)printf("Echo Reply\n"); 1507 /* XXX ID + Seq + Data */ 1508 break; 1509 case ICMP_UNREACH: 1510 switch(icp->icmp_code) { 1511 case ICMP_UNREACH_NET: 1512 (void)printf("Destination Net Unreachable\n"); 1513 break; 1514 case ICMP_UNREACH_HOST: 1515 (void)printf("Destination Host Unreachable\n"); 1516 break; 1517 case ICMP_UNREACH_PROTOCOL: 1518 (void)printf("Destination Protocol Unreachable\n"); 1519 break; 1520 case ICMP_UNREACH_PORT: 1521 (void)printf("Destination Port Unreachable\n"); 1522 break; 1523 case ICMP_UNREACH_NEEDFRAG: 1524 (void)printf("frag needed and DF set (MTU %d)\n", 1525 ntohs(icp->icmp_nextmtu)); 1526 break; 1527 case ICMP_UNREACH_SRCFAIL: 1528 (void)printf("Source Route Failed\n"); 1529 break; 1530 case ICMP_UNREACH_FILTER_PROHIB: 1531 (void)printf("Communication prohibited by filter\n"); 1532 break; 1533 default: 1534 (void)printf("Dest Unreachable, Bad Code: %d\n", 1535 icp->icmp_code); 1536 break; 1537 } 1538 /* Print returned IP header information */ 1539 pr_retip(oip, oicmp_raw); 1540 break; 1541 case ICMP_SOURCEQUENCH: 1542 (void)printf("Source Quench\n"); 1543 pr_retip(oip, oicmp_raw); 1544 break; 1545 case ICMP_REDIRECT: 1546 switch(icp->icmp_code) { 1547 case ICMP_REDIRECT_NET: 1548 (void)printf("Redirect Network"); 1549 break; 1550 case ICMP_REDIRECT_HOST: 1551 (void)printf("Redirect Host"); 1552 break; 1553 case ICMP_REDIRECT_TOSNET: 1554 (void)printf("Redirect Type of Service and Network"); 1555 break; 1556 case ICMP_REDIRECT_TOSHOST: 1557 (void)printf("Redirect Type of Service and Host"); 1558 break; 1559 default: 1560 (void)printf("Redirect, Bad Code: %d", icp->icmp_code); 1561 break; 1562 } 1563 (void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr)); 1564 pr_retip(oip, oicmp_raw); 1565 break; 1566 case ICMP_ECHO: 1567 (void)printf("Echo Request\n"); 1568 /* XXX ID + Seq + Data */ 1569 break; 1570 case ICMP_TIMXCEED: 1571 switch(icp->icmp_code) { 1572 case ICMP_TIMXCEED_INTRANS: 1573 (void)printf("Time to live exceeded\n"); 1574 break; 1575 case ICMP_TIMXCEED_REASS: 1576 (void)printf("Frag reassembly time exceeded\n"); 1577 break; 1578 default: 1579 (void)printf("Time exceeded, Bad Code: %d\n", 1580 icp->icmp_code); 1581 break; 1582 } 1583 pr_retip(oip, oicmp_raw); 1584 break; 1585 case ICMP_PARAMPROB: 1586 (void)printf("Parameter problem: pointer = 0x%02x\n", 1587 icp->icmp_hun.ih_pptr); 1588 pr_retip(oip, oicmp_raw); 1589 break; 1590 case ICMP_TSTAMP: 1591 (void)printf("Timestamp\n"); 1592 /* XXX ID + Seq + 3 timestamps */ 1593 break; 1594 case ICMP_TSTAMPREPLY: 1595 (void)printf("Timestamp Reply\n"); 1596 /* XXX ID + Seq + 3 timestamps */ 1597 break; 1598 case ICMP_IREQ: 1599 (void)printf("Information Request\n"); 1600 /* XXX ID + Seq */ 1601 break; 1602 case ICMP_IREQREPLY: 1603 (void)printf("Information Reply\n"); 1604 /* XXX ID + Seq */ 1605 break; 1606 case ICMP_MASKREQ: 1607 (void)printf("Address Mask Request\n"); 1608 break; 1609 case ICMP_MASKREPLY: 1610 (void)printf("Address Mask Reply\n"); 1611 break; 1612 case ICMP_ROUTERADVERT: 1613 (void)printf("Router Advertisement\n"); 1614 break; 1615 case ICMP_ROUTERSOLICIT: 1616 (void)printf("Router Solicitation\n"); 1617 break; 1618 default: 1619 (void)printf("Bad ICMP type: %d\n", icp->icmp_type); 1620 } 1621 } 1622 1623 /* 1624 * pr_iph -- 1625 * Print an IP header with options. 1626 */ 1627 static void 1628 pr_iph(struct ip *ip) 1629 { 1630 struct in_addr ina; 1631 u_char *cp; 1632 int hlen; 1633 1634 hlen = ip->ip_hl << 2; 1635 cp = (u_char *)ip + 20; /* point to options */ 1636 1637 (void)printf("Vr HL TOS Len ID Flg off TTL Pro cks Src Dst\n"); 1638 (void)printf(" %1x %1x %02x %04x %04x", 1639 ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len), 1640 ntohs(ip->ip_id)); 1641 (void)printf(" %1lx %04lx", 1642 (u_long) (ntohl(ip->ip_off) & 0xe000) >> 13, 1643 (u_long) ntohl(ip->ip_off) & 0x1fff); 1644 (void)printf(" %02x %02x %04x", ip->ip_ttl, ip->ip_p, 1645 ntohs(ip->ip_sum)); 1646 memcpy(&ina, &ip->ip_src.s_addr, sizeof ina); 1647 (void)printf(" %s ", inet_ntoa(ina)); 1648 memcpy(&ina, &ip->ip_dst.s_addr, sizeof ina); 1649 (void)printf(" %s ", inet_ntoa(ina)); 1650 /* dump any option bytes */ 1651 while (hlen-- > 20) { 1652 (void)printf("%02x", *cp++); 1653 } 1654 (void)putchar('\n'); 1655 } 1656 1657 /* 1658 * pr_addr -- 1659 * Return an ascii host address as a dotted quad and optionally with 1660 * a hostname. 1661 */ 1662 static char * 1663 pr_addr(struct in_addr ina) 1664 { 1665 struct hostent *hp; 1666 static char buf[16 + 3 + MAXHOSTNAMELEN]; 1667 1668 if (options & F_NUMERIC) 1669 return inet_ntoa(ina); 1670 1671 hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); 1672 1673 if (hp == NULL) 1674 return inet_ntoa(ina); 1675 1676 (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, 1677 inet_ntoa(ina)); 1678 return(buf); 1679 } 1680 1681 /* 1682 * pr_retip -- 1683 * Dump some info on a returned (via ICMP) IP packet. 1684 */ 1685 static void 1686 pr_retip(struct ip *ip, const u_char *cp) 1687 { 1688 pr_iph(ip); 1689 1690 if (ip->ip_p == 6) 1691 (void)printf("TCP: from port %u, to port %u (decimal)\n", 1692 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1693 else if (ip->ip_p == 17) 1694 (void)printf("UDP: from port %u, to port %u (decimal)\n", 1695 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1696 } 1697 1698 static char * 1699 pr_ntime(n_time timestamp) 1700 { 1701 static char buf[11]; 1702 int hour, min, sec; 1703 1704 sec = ntohl(timestamp) / 1000; 1705 hour = sec / 60 / 60; 1706 min = (sec % (60 * 60)) / 60; 1707 sec = (sec % (60 * 60)) % 60; 1708 1709 (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec); 1710 1711 return (buf); 1712 } 1713 1714 static void 1715 fill(char *bp, char *patp) 1716 { 1717 char *cp; 1718 int pat[16]; 1719 u_int ii, jj, kk; 1720 1721 for (cp = patp; *cp; cp++) { 1722 if (!isxdigit(*cp)) 1723 errx(EX_USAGE, 1724 "patterns must be specified as hex digits"); 1725 1726 } 1727 ii = sscanf(patp, 1728 "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x", 1729 &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6], 1730 &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12], 1731 &pat[13], &pat[14], &pat[15]); 1732 1733 if (ii > 0) 1734 for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii) 1735 for (jj = 0; jj < ii; ++jj) 1736 bp[jj + kk] = pat[jj]; 1737 if (!(options & F_QUIET)) { 1738 (void)printf("PATTERN: 0x"); 1739 for (jj = 0; jj < ii; ++jj) 1740 (void)printf("%02x", bp[jj] & 0xFF); 1741 (void)printf("\n"); 1742 } 1743 } 1744 1745 static cap_channel_t * 1746 capdns_setup(void) 1747 { 1748 cap_channel_t *capcas, *capdnsloc; 1749 #ifdef WITH_CASPER 1750 const char *types[2]; 1751 int families[1]; 1752 #endif 1753 capcas = cap_init(); 1754 if (capcas == NULL) 1755 err(1, "unable to create casper process"); 1756 capdnsloc = cap_service_open(capcas, "system.dns"); 1757 /* Casper capability no longer needed. */ 1758 cap_close(capcas); 1759 if (capdnsloc == NULL) 1760 err(1, "unable to open system.dns service"); 1761 #ifdef WITH_CASPER 1762 types[0] = "NAME2ADDR"; 1763 types[1] = "ADDR2NAME"; 1764 if (cap_dns_type_limit(capdnsloc, types, 2) < 0) 1765 err(1, "unable to limit access to system.dns service"); 1766 families[0] = AF_INET; 1767 if (cap_dns_family_limit(capdnsloc, families, 1) < 0) 1768 err(1, "unable to limit access to system.dns service"); 1769 #endif 1770 return (capdnsloc); 1771 } 1772 1773 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) 1774 #define SECOPT " [-P policy]" 1775 #else 1776 #define SECOPT "" 1777 #endif 1778 static void 1779 usage(void) 1780 { 1781 1782 (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n", 1783 "usage: ping [-AaDdfHnoQqRrv] [-C pcp] [-c count] [-G sweepmaxsize] [-g sweepminsize]", 1784 " [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]", 1785 " " SECOPT " [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]", 1786 " [-W waittime] [-z tos] host", 1787 " ping [-AaDdfHLnoQqRrv] [-C pcp] [-c count] [-I iface] [-i wait] [-l preload]", 1788 " [-M mask | time] [-m ttl]" SECOPT " [-p pattern] [-S src_addr]", 1789 " [-s packetsize] [-T ttl] [-t timeout] [-W waittime]", 1790 " [-z tos] mcast-group"); 1791 exit(EX_USAGE); 1792 } 1793