xref: /freebsd/sbin/ping/ping.c (revision eb69d1f144a6fcc765d1b9d44a5ae8082353e70b)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Mike Muuss.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  */
34 
35 #if 0
36 #ifndef lint
37 static const char copyright[] =
38 "@(#) Copyright (c) 1989, 1993\n\
39 	The Regents of the University of California.  All rights reserved.\n";
40 #endif /* not lint */
41 
42 #ifndef lint
43 static char sccsid[] = "@(#)ping.c	8.1 (Berkeley) 6/5/93";
44 #endif /* not lint */
45 #endif
46 #include <sys/cdefs.h>
47 __FBSDID("$FreeBSD$");
48 
49 /*
50  *			P I N G . C
51  *
52  * Using the Internet Control Message Protocol (ICMP) "ECHO" facility,
53  * measure round-trip-delays and packet loss across network paths.
54  *
55  * Author -
56  *	Mike Muuss
57  *	U. S. Army Ballistic Research Laboratory
58  *	December, 1983
59  *
60  * Status -
61  *	Public Domain.  Distribution Unlimited.
62  * Bugs -
63  *	More statistics could always be gathered.
64  *	This program has to run SUID to ROOT to access the ICMP socket.
65  */
66 
67 #include <sys/param.h>		/* NB: we rely on this for <sys/types.h> */
68 #include <sys/capsicum.h>
69 #include <sys/socket.h>
70 #include <sys/sysctl.h>
71 #include <sys/time.h>
72 #include <sys/uio.h>
73 
74 #include <netinet/in.h>
75 #include <netinet/in_systm.h>
76 #include <netinet/ip.h>
77 #include <netinet/ip_icmp.h>
78 #include <netinet/ip_var.h>
79 #include <arpa/inet.h>
80 
81 #include <libcasper.h>
82 #include <casper/cap_dns.h>
83 
84 #ifdef IPSEC
85 #include <netipsec/ipsec.h>
86 #endif /*IPSEC*/
87 
88 #include <ctype.h>
89 #include <err.h>
90 #include <errno.h>
91 #include <math.h>
92 #include <netdb.h>
93 #include <signal.h>
94 #include <stdio.h>
95 #include <stdlib.h>
96 #include <string.h>
97 #include <sysexits.h>
98 #include <unistd.h>
99 
100 #define	INADDR_LEN	((int)sizeof(in_addr_t))
101 #define	TIMEVAL_LEN	((int)sizeof(struct tv32))
102 #define	MASK_LEN	(ICMP_MASKLEN - ICMP_MINLEN)
103 #define	TS_LEN		(ICMP_TSLEN - ICMP_MINLEN)
104 #define	DEFDATALEN	56		/* default data length */
105 #define	FLOOD_BACKOFF	20000		/* usecs to back off if F_FLOOD mode */
106 					/* runs out of buffer space */
107 #define	MAXIPLEN	(sizeof(struct ip) + MAX_IPOPTLEN)
108 #define	MAXICMPLEN	(ICMP_ADVLENMIN + MAX_IPOPTLEN)
109 #define	MAXWAIT		10000		/* max ms to wait for response */
110 #define	MAXALARM	(60 * 60)	/* max seconds for alarm timeout */
111 #define	MAXTOS		255
112 
113 #define	A(bit)		rcvd_tbl[(bit)>>3]	/* identify byte in array */
114 #define	B(bit)		(1 << ((bit) & 0x07))	/* identify bit in byte */
115 #define	SET(bit)	(A(bit) |= B(bit))
116 #define	CLR(bit)	(A(bit) &= (~B(bit)))
117 #define	TST(bit)	(A(bit) & B(bit))
118 
119 struct tv32 {
120 	int32_t tv32_sec;
121 	int32_t tv32_usec;
122 };
123 
124 /* various options */
125 static int options;
126 #define	F_FLOOD		0x0001
127 #define	F_INTERVAL	0x0002
128 #define	F_NUMERIC	0x0004
129 #define	F_PINGFILLED	0x0008
130 #define	F_QUIET		0x0010
131 #define	F_RROUTE	0x0020
132 #define	F_SO_DEBUG	0x0040
133 #define	F_SO_DONTROUTE	0x0080
134 #define	F_VERBOSE	0x0100
135 #define	F_QUIET2	0x0200
136 #define	F_NOLOOP	0x0400
137 #define	F_MTTL		0x0800
138 #define	F_MIF		0x1000
139 #define	F_AUDIBLE	0x2000
140 #ifdef IPSEC
141 #ifdef IPSEC_POLICY_IPSEC
142 #define F_POLICY	0x4000
143 #endif /*IPSEC_POLICY_IPSEC*/
144 #endif /*IPSEC*/
145 #define	F_TTL		0x8000
146 #define	F_MISSED	0x10000
147 #define	F_ONCE		0x20000
148 #define	F_HDRINCL	0x40000
149 #define	F_MASK		0x80000
150 #define	F_TIME		0x100000
151 #define	F_SWEEP		0x200000
152 #define	F_WAITTIME	0x400000
153 
154 /*
155  * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum
156  * number of received sequence numbers we can keep track of.  Change 128
157  * to 8192 for complete accuracy...
158  */
159 #define	MAX_DUP_CHK	(8 * 128)
160 static int mx_dup_ck = MAX_DUP_CHK;
161 static char rcvd_tbl[MAX_DUP_CHK / 8];
162 
163 static struct sockaddr_in whereto;	/* who to ping */
164 static int datalen = DEFDATALEN;
165 static int maxpayload;
166 static int ssend;		/* send socket file descriptor */
167 static int srecv;		/* receive socket file descriptor */
168 static u_char outpackhdr[IP_MAXPACKET], *outpack;
169 static char BBELL = '\a';	/* characters written for MISSED and AUDIBLE */
170 static char BSPACE = '\b';	/* characters written for flood */
171 static char DOT = '.';
172 static char *hostname;
173 static char *shostname;
174 static int ident;		/* process id to identify our packets */
175 static int uid;			/* cached uid for micro-optimization */
176 static u_char icmp_type = ICMP_ECHO;
177 static u_char icmp_type_rsp = ICMP_ECHOREPLY;
178 static int phdr_len = 0;
179 static int send_len;
180 
181 /* counters */
182 static long nmissedmax;		/* max value of ntransmitted - nreceived - 1 */
183 static long npackets;		/* max packets to transmit */
184 static long nreceived;		/* # of packets we got back */
185 static long nrepeats;		/* number of duplicates */
186 static long ntransmitted;	/* sequence # for outbound packets = #sent */
187 static long snpackets;			/* max packets to transmit in one sweep */
188 static long sntransmitted;	/* # of packets we sent in this sweep */
189 static int sweepmax;		/* max value of payload in sweep */
190 static int sweepmin = 0;	/* start value of payload in sweep */
191 static int sweepincr = 1;	/* payload increment in sweep */
192 static int interval = 1000;	/* interval between packets, ms */
193 static int waittime = MAXWAIT;	/* timeout for each packet */
194 static long nrcvtimeout = 0;	/* # of packets we got back after waittime */
195 
196 /* timing */
197 static int timing;		/* flag to do timing */
198 static double tmin = 999999999.0;	/* minimum round trip time */
199 static double tmax = 0.0;	/* maximum round trip time */
200 static double tsum = 0.0;	/* sum of all times, for doing average */
201 static double tsumsq = 0.0;	/* sum of all times squared, for std. dev. */
202 
203 /* nonzero if we've been told to finish up */
204 static volatile sig_atomic_t finish_up;
205 static volatile sig_atomic_t siginfo_p;
206 
207 static cap_channel_t *capdns;
208 
209 static void fill(char *, char *);
210 static u_short in_cksum(u_short *, int);
211 static cap_channel_t *capdns_setup(void);
212 static void check_status(void);
213 static void finish(void) __dead2;
214 static void pinger(void);
215 static char *pr_addr(struct in_addr);
216 static char *pr_ntime(n_time);
217 static void pr_icmph(struct icmp *);
218 static void pr_iph(struct ip *);
219 static void pr_pack(char *, int, struct sockaddr_in *, struct timeval *);
220 static void pr_retip(struct ip *);
221 static void status(int);
222 static void stopit(int);
223 static void tvsub(struct timeval *, const struct timeval *);
224 static void usage(void) __dead2;
225 
226 int
227 main(int argc, char *const *argv)
228 {
229 	struct sockaddr_in from, sock_in;
230 	struct in_addr ifaddr;
231 	struct timeval last, intvl;
232 	struct iovec iov;
233 	struct ip *ip;
234 	struct msghdr msg;
235 	struct sigaction si_sa;
236 	size_t sz;
237 	u_char *datap, packet[IP_MAXPACKET] __aligned(4);
238 	char *ep, *source, *target, *payload;
239 	struct hostent *hp;
240 #ifdef IPSEC_POLICY_IPSEC
241 	char *policy_in, *policy_out;
242 #endif
243 	struct sockaddr_in *to;
244 	double t;
245 	u_long alarmtimeout, ultmp;
246 	int almost_done, ch, df, hold, i, icmp_len, mib[4], preload;
247 	int ssend_errno, srecv_errno, tos, ttl;
248 	char ctrl[CMSG_SPACE(sizeof(struct timeval))];
249 	char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN];
250 #ifdef IP_OPTIONS
251 	char rspace[MAX_IPOPTLEN];	/* record route space */
252 #endif
253 	unsigned char loop, mttl;
254 
255 	payload = source = NULL;
256 #ifdef IPSEC_POLICY_IPSEC
257 	policy_in = policy_out = NULL;
258 #endif
259 	cap_rights_t rights;
260 	bool cansandbox;
261 
262 	/*
263 	 * Do the stuff that we need root priv's for *first*, and
264 	 * then drop our setuid bit.  Save error reporting for
265 	 * after arg parsing.
266 	 *
267 	 * Historicaly ping was using one socket 's' for sending and for
268 	 * receiving. After capsicum(4) related changes we use two
269 	 * sockets. It was done for special ping use case - when user
270 	 * issue ping on multicast or broadcast address replies come
271 	 * from different addresses, not from the address we
272 	 * connect(2)'ed to, and send socket do not receive those
273 	 * packets.
274 	 */
275 	ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
276 	ssend_errno = errno;
277 	srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
278 	srecv_errno = errno;
279 
280 	if (setuid(getuid()) != 0)
281 		err(EX_NOPERM, "setuid() failed");
282 	uid = getuid();
283 
284 	if (ssend < 0) {
285 		errno = ssend_errno;
286 		err(EX_OSERR, "ssend socket");
287 	}
288 
289 	if (srecv < 0) {
290 		errno = srecv_errno;
291 		err(EX_OSERR, "srecv socket");
292 	}
293 
294 	alarmtimeout = df = preload = tos = 0;
295 
296 	outpack = outpackhdr + sizeof(struct ip);
297 	while ((ch = getopt(argc, argv,
298 		"Aac:DdfG:g:h:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:"
299 #ifdef IPSEC
300 #ifdef IPSEC_POLICY_IPSEC
301 		"P:"
302 #endif /*IPSEC_POLICY_IPSEC*/
303 #endif /*IPSEC*/
304 		)) != -1)
305 	{
306 		switch(ch) {
307 		case 'A':
308 			options |= F_MISSED;
309 			break;
310 		case 'a':
311 			options |= F_AUDIBLE;
312 			break;
313 		case 'c':
314 			ultmp = strtoul(optarg, &ep, 0);
315 			if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp)
316 				errx(EX_USAGE,
317 				    "invalid count of packets to transmit: `%s'",
318 				    optarg);
319 			npackets = ultmp;
320 			break;
321 		case 'D':
322 			options |= F_HDRINCL;
323 			df = 1;
324 			break;
325 		case 'd':
326 			options |= F_SO_DEBUG;
327 			break;
328 		case 'f':
329 			if (uid) {
330 				errno = EPERM;
331 				err(EX_NOPERM, "-f flag");
332 			}
333 			options |= F_FLOOD;
334 			setbuf(stdout, (char *)NULL);
335 			break;
336 		case 'G': /* Maximum packet size for ping sweep */
337 			ultmp = strtoul(optarg, &ep, 0);
338 			if (*ep || ep == optarg)
339 				errx(EX_USAGE, "invalid packet size: `%s'",
340 				    optarg);
341 			if (uid != 0 && ultmp > DEFDATALEN) {
342 				errno = EPERM;
343 				err(EX_NOPERM,
344 				    "packet size too large: %lu > %u",
345 				    ultmp, DEFDATALEN);
346 			}
347 			options |= F_SWEEP;
348 			sweepmax = ultmp;
349 			break;
350 		case 'g': /* Minimum packet size for ping sweep */
351 			ultmp = strtoul(optarg, &ep, 0);
352 			if (*ep || ep == optarg)
353 				errx(EX_USAGE, "invalid packet size: `%s'",
354 				    optarg);
355 			if (uid != 0 && ultmp > DEFDATALEN) {
356 				errno = EPERM;
357 				err(EX_NOPERM,
358 				    "packet size too large: %lu > %u",
359 				    ultmp, DEFDATALEN);
360 			}
361 			options |= F_SWEEP;
362 			sweepmin = ultmp;
363 			break;
364 		case 'h': /* Packet size increment for ping sweep */
365 			ultmp = strtoul(optarg, &ep, 0);
366 			if (*ep || ep == optarg || ultmp < 1)
367 				errx(EX_USAGE, "invalid increment size: `%s'",
368 				    optarg);
369 			if (uid != 0 && ultmp > DEFDATALEN) {
370 				errno = EPERM;
371 				err(EX_NOPERM,
372 				    "packet size too large: %lu > %u",
373 				    ultmp, DEFDATALEN);
374 			}
375 			options |= F_SWEEP;
376 			sweepincr = ultmp;
377 			break;
378 		case 'I':		/* multicast interface */
379 			if (inet_aton(optarg, &ifaddr) == 0)
380 				errx(EX_USAGE,
381 				    "invalid multicast interface: `%s'",
382 				    optarg);
383 			options |= F_MIF;
384 			break;
385 		case 'i':		/* wait between sending packets */
386 			t = strtod(optarg, &ep) * 1000.0;
387 			if (*ep || ep == optarg || t > (double)INT_MAX)
388 				errx(EX_USAGE, "invalid timing interval: `%s'",
389 				    optarg);
390 			options |= F_INTERVAL;
391 			interval = (int)t;
392 			if (uid && interval < 1000) {
393 				errno = EPERM;
394 				err(EX_NOPERM, "-i interval too short");
395 			}
396 			break;
397 		case 'L':
398 			options |= F_NOLOOP;
399 			loop = 0;
400 			break;
401 		case 'l':
402 			ultmp = strtoul(optarg, &ep, 0);
403 			if (*ep || ep == optarg || ultmp > INT_MAX)
404 				errx(EX_USAGE,
405 				    "invalid preload value: `%s'", optarg);
406 			if (uid) {
407 				errno = EPERM;
408 				err(EX_NOPERM, "-l flag");
409 			}
410 			preload = ultmp;
411 			break;
412 		case 'M':
413 			switch(optarg[0]) {
414 			case 'M':
415 			case 'm':
416 				options |= F_MASK;
417 				break;
418 			case 'T':
419 			case 't':
420 				options |= F_TIME;
421 				break;
422 			default:
423 				errx(EX_USAGE, "invalid message: `%c'", optarg[0]);
424 				break;
425 			}
426 			break;
427 		case 'm':		/* TTL */
428 			ultmp = strtoul(optarg, &ep, 0);
429 			if (*ep || ep == optarg || ultmp > MAXTTL)
430 				errx(EX_USAGE, "invalid TTL: `%s'", optarg);
431 			ttl = ultmp;
432 			options |= F_TTL;
433 			break;
434 		case 'n':
435 			options |= F_NUMERIC;
436 			break;
437 		case 'o':
438 			options |= F_ONCE;
439 			break;
440 #ifdef IPSEC
441 #ifdef IPSEC_POLICY_IPSEC
442 		case 'P':
443 			options |= F_POLICY;
444 			if (!strncmp("in", optarg, 2))
445 				policy_in = strdup(optarg);
446 			else if (!strncmp("out", optarg, 3))
447 				policy_out = strdup(optarg);
448 			else
449 				errx(1, "invalid security policy");
450 			break;
451 #endif /*IPSEC_POLICY_IPSEC*/
452 #endif /*IPSEC*/
453 		case 'p':		/* fill buffer with user pattern */
454 			options |= F_PINGFILLED;
455 			payload = optarg;
456 			break;
457 		case 'Q':
458 			options |= F_QUIET2;
459 			break;
460 		case 'q':
461 			options |= F_QUIET;
462 			break;
463 		case 'R':
464 			options |= F_RROUTE;
465 			break;
466 		case 'r':
467 			options |= F_SO_DONTROUTE;
468 			break;
469 		case 'S':
470 			source = optarg;
471 			break;
472 		case 's':		/* size of packet to send */
473 			ultmp = strtoul(optarg, &ep, 0);
474 			if (*ep || ep == optarg)
475 				errx(EX_USAGE, "invalid packet size: `%s'",
476 				    optarg);
477 			if (uid != 0 && ultmp > DEFDATALEN) {
478 				errno = EPERM;
479 				err(EX_NOPERM,
480 				    "packet size too large: %lu > %u",
481 				    ultmp, DEFDATALEN);
482 			}
483 			datalen = ultmp;
484 			break;
485 		case 'T':		/* multicast TTL */
486 			ultmp = strtoul(optarg, &ep, 0);
487 			if (*ep || ep == optarg || ultmp > MAXTTL)
488 				errx(EX_USAGE, "invalid multicast TTL: `%s'",
489 				    optarg);
490 			mttl = ultmp;
491 			options |= F_MTTL;
492 			break;
493 		case 't':
494 			alarmtimeout = strtoul(optarg, &ep, 0);
495 			if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX))
496 				errx(EX_USAGE, "invalid timeout: `%s'",
497 				    optarg);
498 			if (alarmtimeout > MAXALARM)
499 				errx(EX_USAGE, "invalid timeout: `%s' > %d",
500 				    optarg, MAXALARM);
501 			alarm((int)alarmtimeout);
502 			break;
503 		case 'v':
504 			options |= F_VERBOSE;
505 			break;
506 		case 'W':		/* wait ms for answer */
507 			t = strtod(optarg, &ep);
508 			if (*ep || ep == optarg || t > (double)INT_MAX)
509 				errx(EX_USAGE, "invalid timing interval: `%s'",
510 				    optarg);
511 			options |= F_WAITTIME;
512 			waittime = (int)t;
513 			break;
514 		case 'z':
515 			options |= F_HDRINCL;
516 			ultmp = strtoul(optarg, &ep, 0);
517 			if (*ep || ep == optarg || ultmp > MAXTOS)
518 				errx(EX_USAGE, "invalid TOS: `%s'", optarg);
519 			tos = ultmp;
520 			break;
521 		default:
522 			usage();
523 		}
524 	}
525 
526 	if (argc - optind != 1)
527 		usage();
528 	target = argv[optind];
529 
530 	switch (options & (F_MASK|F_TIME)) {
531 	case 0: break;
532 	case F_MASK:
533 		icmp_type = ICMP_MASKREQ;
534 		icmp_type_rsp = ICMP_MASKREPLY;
535 		phdr_len = MASK_LEN;
536 		if (!(options & F_QUIET))
537 			(void)printf("ICMP_MASKREQ\n");
538 		break;
539 	case F_TIME:
540 		icmp_type = ICMP_TSTAMP;
541 		icmp_type_rsp = ICMP_TSTAMPREPLY;
542 		phdr_len = TS_LEN;
543 		if (!(options & F_QUIET))
544 			(void)printf("ICMP_TSTAMP\n");
545 		break;
546 	default:
547 		errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive.");
548 		break;
549 	}
550 	icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len;
551 	if (options & F_RROUTE)
552 		icmp_len += MAX_IPOPTLEN;
553 	maxpayload = IP_MAXPACKET - icmp_len;
554 	if (datalen > maxpayload)
555 		errx(EX_USAGE, "packet size too large: %d > %d", datalen,
556 		    maxpayload);
557 	send_len = icmp_len + datalen;
558 	datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN];
559 	if (options & F_PINGFILLED) {
560 		fill((char *)datap, payload);
561 	}
562 	capdns = capdns_setup();
563 	if (source) {
564 		bzero((char *)&sock_in, sizeof(sock_in));
565 		sock_in.sin_family = AF_INET;
566 		if (inet_aton(source, &sock_in.sin_addr) != 0) {
567 			shostname = source;
568 		} else {
569 			if (capdns != NULL)
570 				hp = cap_gethostbyname2(capdns, source,
571 				    AF_INET);
572 			else
573 				hp = gethostbyname2(source, AF_INET);
574 			if (!hp)
575 				errx(EX_NOHOST, "cannot resolve %s: %s",
576 				    source, hstrerror(h_errno));
577 
578 			sock_in.sin_len = sizeof sock_in;
579 			if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) ||
580 			    hp->h_length < 0)
581 				errx(1, "gethostbyname2: illegal address");
582 			memcpy(&sock_in.sin_addr, hp->h_addr_list[0],
583 			    sizeof(sock_in.sin_addr));
584 			(void)strncpy(snamebuf, hp->h_name,
585 			    sizeof(snamebuf) - 1);
586 			snamebuf[sizeof(snamebuf) - 1] = '\0';
587 			shostname = snamebuf;
588 		}
589 		if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) ==
590 		    -1)
591 			err(1, "bind");
592 	}
593 
594 	bzero(&whereto, sizeof(whereto));
595 	to = &whereto;
596 	to->sin_family = AF_INET;
597 	to->sin_len = sizeof *to;
598 	if (inet_aton(target, &to->sin_addr) != 0) {
599 		hostname = target;
600 	} else {
601 		if (capdns != NULL)
602 			hp = cap_gethostbyname2(capdns, target, AF_INET);
603 		else
604 			hp = gethostbyname2(target, AF_INET);
605 		if (!hp)
606 			errx(EX_NOHOST, "cannot resolve %s: %s",
607 			    target, hstrerror(h_errno));
608 
609 		if ((unsigned)hp->h_length > sizeof(to->sin_addr))
610 			errx(1, "gethostbyname2 returned an illegal address");
611 		memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr);
612 		(void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1);
613 		hnamebuf[sizeof(hnamebuf) - 1] = '\0';
614 		hostname = hnamebuf;
615 	}
616 
617 	/* From now on we will use only reverse DNS lookups. */
618 	if (capdns != NULL) {
619 		const char *types[1];
620 
621 		types[0] = "ADDR";
622 		if (cap_dns_type_limit(capdns, types, 1) < 0)
623 			err(1, "unable to limit access to system.dns service");
624 	}
625 
626 	if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0)
627 		err(1, "connect");
628 
629 	if (options & F_FLOOD && options & F_INTERVAL)
630 		errx(EX_USAGE, "-f and -i: incompatible options");
631 
632 	if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr)))
633 		errx(EX_USAGE,
634 		    "-f flag cannot be used with multicast destination");
635 	if (options & (F_MIF | F_NOLOOP | F_MTTL)
636 	    && !IN_MULTICAST(ntohl(to->sin_addr.s_addr)))
637 		errx(EX_USAGE,
638 		    "-I, -L, -T flags cannot be used with unicast destination");
639 
640 	if (datalen >= TIMEVAL_LEN)	/* can we time transfer */
641 		timing = 1;
642 
643 	if (!(options & F_PINGFILLED))
644 		for (i = TIMEVAL_LEN; i < datalen; ++i)
645 			*datap++ = i;
646 
647 	ident = getpid() & 0xFFFF;
648 
649 	hold = 1;
650 	if (options & F_SO_DEBUG) {
651 		(void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold,
652 		    sizeof(hold));
653 		(void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold,
654 		    sizeof(hold));
655 	}
656 	if (options & F_SO_DONTROUTE)
657 		(void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold,
658 		    sizeof(hold));
659 #ifdef IPSEC
660 #ifdef IPSEC_POLICY_IPSEC
661 	if (options & F_POLICY) {
662 		char *buf;
663 		if (policy_in != NULL) {
664 			buf = ipsec_set_policy(policy_in, strlen(policy_in));
665 			if (buf == NULL)
666 				errx(EX_CONFIG, "%s", ipsec_strerror());
667 			if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY,
668 					buf, ipsec_get_policylen(buf)) < 0)
669 				err(EX_CONFIG,
670 				    "ipsec policy cannot be configured");
671 			free(buf);
672 		}
673 
674 		if (policy_out != NULL) {
675 			buf = ipsec_set_policy(policy_out, strlen(policy_out));
676 			if (buf == NULL)
677 				errx(EX_CONFIG, "%s", ipsec_strerror());
678 			if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY,
679 					buf, ipsec_get_policylen(buf)) < 0)
680 				err(EX_CONFIG,
681 				    "ipsec policy cannot be configured");
682 			free(buf);
683 		}
684 	}
685 #endif /*IPSEC_POLICY_IPSEC*/
686 #endif /*IPSEC*/
687 
688 	if (options & F_HDRINCL) {
689 		ip = (struct ip*)outpackhdr;
690 		if (!(options & (F_TTL | F_MTTL))) {
691 			mib[0] = CTL_NET;
692 			mib[1] = PF_INET;
693 			mib[2] = IPPROTO_IP;
694 			mib[3] = IPCTL_DEFTTL;
695 			sz = sizeof(ttl);
696 			if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1)
697 				err(1, "sysctl(net.inet.ip.ttl)");
698 		}
699 		setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold));
700 		ip->ip_v = IPVERSION;
701 		ip->ip_hl = sizeof(struct ip) >> 2;
702 		ip->ip_tos = tos;
703 		ip->ip_id = 0;
704 		ip->ip_off = htons(df ? IP_DF : 0);
705 		ip->ip_ttl = ttl;
706 		ip->ip_p = IPPROTO_ICMP;
707 		ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY;
708 		ip->ip_dst = to->sin_addr;
709         }
710 
711 	if (options & F_NUMERIC)
712 		cansandbox = true;
713 	else if (capdns != NULL)
714 		cansandbox = CASPER_SUPPORT;
715 	else
716 		cansandbox = false;
717 
718 	/*
719 	 * Here we enter capability mode. Further down access to global
720 	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
721 	 * We must connect(2) our socket before this point.
722 	 */
723 	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
724 		err(1, "cap_enter");
725 
726 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT);
727 	if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
728 		err(1, "cap_rights_limit srecv");
729 
730 	cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT);
731 	if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
732 		err(1, "cap_rights_limit ssend");
733 
734 	/* record route option */
735 	if (options & F_RROUTE) {
736 #ifdef IP_OPTIONS
737 		bzero(rspace, sizeof(rspace));
738 		rspace[IPOPT_OPTVAL] = IPOPT_RR;
739 		rspace[IPOPT_OLEN] = sizeof(rspace) - 1;
740 		rspace[IPOPT_OFFSET] = IPOPT_MINOFF;
741 		rspace[sizeof(rspace) - 1] = IPOPT_EOL;
742 		if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace,
743 		    sizeof(rspace)) < 0)
744 			err(EX_OSERR, "setsockopt IP_OPTIONS");
745 #else
746 		errx(EX_UNAVAILABLE,
747 		    "record route not available in this implementation");
748 #endif /* IP_OPTIONS */
749 	}
750 
751 	if (options & F_TTL) {
752 		if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl,
753 		    sizeof(ttl)) < 0) {
754 			err(EX_OSERR, "setsockopt IP_TTL");
755 		}
756 	}
757 	if (options & F_NOLOOP) {
758 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop,
759 		    sizeof(loop)) < 0) {
760 			err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP");
761 		}
762 	}
763 	if (options & F_MTTL) {
764 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl,
765 		    sizeof(mttl)) < 0) {
766 			err(EX_OSERR, "setsockopt IP_MULTICAST_TTL");
767 		}
768 	}
769 	if (options & F_MIF) {
770 		if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr,
771 		    sizeof(ifaddr)) < 0) {
772 			err(EX_OSERR, "setsockopt IP_MULTICAST_IF");
773 		}
774 	}
775 #ifdef SO_TIMESTAMP
776 	{ int on = 1;
777 	if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0)
778 		err(EX_OSERR, "setsockopt SO_TIMESTAMP");
779 	}
780 #endif
781 	if (sweepmax) {
782 		if (sweepmin > sweepmax)
783 			errx(EX_USAGE, "Maximum packet size must be no less than the minimum packet size");
784 
785 		if (datalen != DEFDATALEN)
786 			errx(EX_USAGE, "Packet size and ping sweep are mutually exclusive");
787 
788 		if (npackets > 0) {
789 			snpackets = npackets;
790 			npackets = 0;
791 		} else
792 			snpackets = 1;
793 		datalen = sweepmin;
794 		send_len = icmp_len + sweepmin;
795 	}
796 	if (options & F_SWEEP && !sweepmax)
797 		errx(EX_USAGE, "Maximum sweep size must be specified");
798 
799 	/*
800 	 * When pinging the broadcast address, you can get a lot of answers.
801 	 * Doing something so evil is useful if you are trying to stress the
802 	 * ethernet, or just want to fill the arp cache to get some stuff for
803 	 * /etc/ethers.  But beware: RFC 1122 allows hosts to ignore broadcast
804 	 * or multicast pings if they wish.
805 	 */
806 
807 	/*
808 	 * XXX receive buffer needs undetermined space for mbuf overhead
809 	 * as well.
810 	 */
811 	hold = IP_MAXPACKET + 128;
812 	(void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold,
813 	    sizeof(hold));
814 	/* CAP_SETSOCKOPT removed */
815 	cap_rights_init(&rights, CAP_RECV, CAP_EVENT);
816 	if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS)
817 		err(1, "cap_rights_limit srecv setsockopt");
818 	if (uid == 0)
819 		(void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold,
820 		    sizeof(hold));
821 	/* CAP_SETSOCKOPT removed */
822 	cap_rights_init(&rights, CAP_SEND);
823 	if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS)
824 		err(1, "cap_rights_limit ssend setsockopt");
825 
826 	if (to->sin_family == AF_INET) {
827 		(void)printf("PING %s (%s)", hostname,
828 		    inet_ntoa(to->sin_addr));
829 		if (source)
830 			(void)printf(" from %s", shostname);
831 		if (sweepmax)
832 			(void)printf(": (%d ... %d) data bytes\n",
833 			    sweepmin, sweepmax);
834 		else
835 			(void)printf(": %d data bytes\n", datalen);
836 
837 	} else {
838 		if (sweepmax)
839 			(void)printf("PING %s: (%d ... %d) data bytes\n",
840 			    hostname, sweepmin, sweepmax);
841 		else
842 			(void)printf("PING %s: %d data bytes\n", hostname, datalen);
843 	}
844 
845 	/*
846 	 * Use sigaction() instead of signal() to get unambiguous semantics,
847 	 * in particular with SA_RESTART not set.
848 	 */
849 
850 	sigemptyset(&si_sa.sa_mask);
851 	si_sa.sa_flags = 0;
852 
853 	si_sa.sa_handler = stopit;
854 	if (sigaction(SIGINT, &si_sa, 0) == -1) {
855 		err(EX_OSERR, "sigaction SIGINT");
856 	}
857 
858 	si_sa.sa_handler = status;
859 	if (sigaction(SIGINFO, &si_sa, 0) == -1) {
860 		err(EX_OSERR, "sigaction");
861 	}
862 
863         if (alarmtimeout > 0) {
864 		si_sa.sa_handler = stopit;
865 		if (sigaction(SIGALRM, &si_sa, 0) == -1)
866 			err(EX_OSERR, "sigaction SIGALRM");
867         }
868 
869 	bzero(&msg, sizeof(msg));
870 	msg.msg_name = (caddr_t)&from;
871 	msg.msg_iov = &iov;
872 	msg.msg_iovlen = 1;
873 #ifdef SO_TIMESTAMP
874 	msg.msg_control = (caddr_t)ctrl;
875 #endif
876 	iov.iov_base = packet;
877 	iov.iov_len = IP_MAXPACKET;
878 
879 	if (preload == 0)
880 		pinger();		/* send the first ping */
881 	else {
882 		if (npackets != 0 && preload > npackets)
883 			preload = npackets;
884 		while (preload--)	/* fire off them quickies */
885 			pinger();
886 	}
887 	(void)gettimeofday(&last, NULL);
888 
889 	if (options & F_FLOOD) {
890 		intvl.tv_sec = 0;
891 		intvl.tv_usec = 10000;
892 	} else {
893 		intvl.tv_sec = interval / 1000;
894 		intvl.tv_usec = interval % 1000 * 1000;
895 	}
896 
897 	almost_done = 0;
898 	while (!finish_up) {
899 		struct timeval now, timeout;
900 		fd_set rfds;
901 		int cc, n;
902 
903 		check_status();
904 		if ((unsigned)srecv >= FD_SETSIZE)
905 			errx(EX_OSERR, "descriptor too large");
906 		FD_ZERO(&rfds);
907 		FD_SET(srecv, &rfds);
908 		(void)gettimeofday(&now, NULL);
909 		timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec;
910 		timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec;
911 		while (timeout.tv_usec < 0) {
912 			timeout.tv_usec += 1000000;
913 			timeout.tv_sec--;
914 		}
915 		while (timeout.tv_usec >= 1000000) {
916 			timeout.tv_usec -= 1000000;
917 			timeout.tv_sec++;
918 		}
919 		if (timeout.tv_sec < 0)
920 			timerclear(&timeout);
921 		n = select(srecv + 1, &rfds, NULL, NULL, &timeout);
922 		if (n < 0)
923 			continue;	/* Must be EINTR. */
924 		if (n == 1) {
925 			struct timeval *tv = NULL;
926 #ifdef SO_TIMESTAMP
927 			struct cmsghdr *cmsg = (struct cmsghdr *)&ctrl;
928 
929 			msg.msg_controllen = sizeof(ctrl);
930 #endif
931 			msg.msg_namelen = sizeof(from);
932 			if ((cc = recvmsg(srecv, &msg, 0)) < 0) {
933 				if (errno == EINTR)
934 					continue;
935 				warn("recvmsg");
936 				continue;
937 			}
938 #ifdef SO_TIMESTAMP
939 			if (cmsg->cmsg_level == SOL_SOCKET &&
940 			    cmsg->cmsg_type == SCM_TIMESTAMP &&
941 			    cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) {
942 				/* Copy to avoid alignment problems: */
943 				memcpy(&now, CMSG_DATA(cmsg), sizeof(now));
944 				tv = &now;
945 			}
946 #endif
947 			if (tv == NULL) {
948 				(void)gettimeofday(&now, NULL);
949 				tv = &now;
950 			}
951 			pr_pack((char *)packet, cc, &from, tv);
952 			if ((options & F_ONCE && nreceived) ||
953 			    (npackets && nreceived >= npackets))
954 				break;
955 		}
956 		if (n == 0 || options & F_FLOOD) {
957 			if (sweepmax && sntransmitted == snpackets) {
958 				for (i = 0; i < sweepincr ; ++i)
959 					*datap++ = i;
960 				datalen += sweepincr;
961 				if (datalen > sweepmax)
962 					break;
963 				send_len = icmp_len + datalen;
964 				sntransmitted = 0;
965 			}
966 			if (!npackets || ntransmitted < npackets)
967 				pinger();
968 			else {
969 				if (almost_done)
970 					break;
971 				almost_done = 1;
972 				intvl.tv_usec = 0;
973 				if (nreceived) {
974 					intvl.tv_sec = 2 * tmax / 1000;
975 					if (!intvl.tv_sec)
976 						intvl.tv_sec = 1;
977 				} else {
978 					intvl.tv_sec = waittime / 1000;
979 					intvl.tv_usec = waittime % 1000 * 1000;
980 				}
981 			}
982 			(void)gettimeofday(&last, NULL);
983 			if (ntransmitted - nreceived - 1 > nmissedmax) {
984 				nmissedmax = ntransmitted - nreceived - 1;
985 				if (options & F_MISSED)
986 					(void)write(STDOUT_FILENO, &BBELL, 1);
987 			}
988 		}
989 	}
990 	finish();
991 	/* NOTREACHED */
992 	exit(0);	/* Make the compiler happy */
993 }
994 
995 /*
996  * stopit --
997  *	Set the global bit that causes the main loop to quit.
998  * Do NOT call finish() from here, since finish() does far too much
999  * to be called from a signal handler.
1000  */
1001 void
1002 stopit(int sig __unused)
1003 {
1004 
1005 	/*
1006 	 * When doing reverse DNS lookups, the finish_up flag might not
1007 	 * be noticed for a while.  Just exit if we get a second SIGINT.
1008 	 */
1009 	if (!(options & F_NUMERIC) && finish_up)
1010 		_exit(nreceived ? 0 : 2);
1011 	finish_up = 1;
1012 }
1013 
1014 /*
1015  * pinger --
1016  *	Compose and transmit an ICMP ECHO REQUEST packet.  The IP packet
1017  * will be added on by the kernel.  The ID field is our UNIX process ID,
1018  * and the sequence number is an ascending integer.  The first TIMEVAL_LEN
1019  * bytes of the data portion are used to hold a UNIX "timeval" struct in
1020  * host byte-order, to compute the round-trip time.
1021  */
1022 static void
1023 pinger(void)
1024 {
1025 	struct timeval now;
1026 	struct tv32 tv32;
1027 	struct ip *ip;
1028 	struct icmp *icp;
1029 	int cc, i;
1030 	u_char *packet;
1031 
1032 	packet = outpack;
1033 	icp = (struct icmp *)outpack;
1034 	icp->icmp_type = icmp_type;
1035 	icp->icmp_code = 0;
1036 	icp->icmp_cksum = 0;
1037 	icp->icmp_seq = htons(ntransmitted);
1038 	icp->icmp_id = ident;			/* ID */
1039 
1040 	CLR(ntransmitted % mx_dup_ck);
1041 
1042 	if ((options & F_TIME) || timing) {
1043 		(void)gettimeofday(&now, NULL);
1044 
1045 		tv32.tv32_sec = htonl(now.tv_sec);
1046 		tv32.tv32_usec = htonl(now.tv_usec);
1047 		if (options & F_TIME)
1048 			icp->icmp_otime = htonl((now.tv_sec % (24*60*60))
1049 				* 1000 + now.tv_usec / 1000);
1050 		if (timing)
1051 			bcopy((void *)&tv32,
1052 			    (void *)&outpack[ICMP_MINLEN + phdr_len],
1053 			    sizeof(tv32));
1054 	}
1055 
1056 	cc = ICMP_MINLEN + phdr_len + datalen;
1057 
1058 	/* compute ICMP checksum here */
1059 	icp->icmp_cksum = in_cksum((u_short *)icp, cc);
1060 
1061 	if (options & F_HDRINCL) {
1062 		cc += sizeof(struct ip);
1063 		ip = (struct ip *)outpackhdr;
1064 		ip->ip_len = htons(cc);
1065 		ip->ip_sum = in_cksum((u_short *)outpackhdr, cc);
1066 		packet = outpackhdr;
1067 	}
1068 	i = send(ssend, (char *)packet, cc, 0);
1069 	if (i < 0 || i != cc)  {
1070 		if (i < 0) {
1071 			if (options & F_FLOOD && errno == ENOBUFS) {
1072 				usleep(FLOOD_BACKOFF);
1073 				return;
1074 			}
1075 			warn("sendto");
1076 		} else {
1077 			warn("%s: partial write: %d of %d bytes",
1078 			     hostname, i, cc);
1079 		}
1080 	}
1081 	ntransmitted++;
1082 	sntransmitted++;
1083 	if (!(options & F_QUIET) && options & F_FLOOD)
1084 		(void)write(STDOUT_FILENO, &DOT, 1);
1085 }
1086 
1087 /*
1088  * pr_pack --
1089  *	Print out the packet, if it came from us.  This logic is necessary
1090  * because ALL readers of the ICMP socket get a copy of ALL ICMP packets
1091  * which arrive ('tis only fair).  This permits multiple copies of this
1092  * program to be run without having intermingled output (or statistics!).
1093  */
1094 static void
1095 pr_pack(char *buf, int cc, struct sockaddr_in *from, struct timeval *tv)
1096 {
1097 	struct in_addr ina;
1098 	u_char *cp, *dp;
1099 	struct icmp *icp;
1100 	struct ip *ip;
1101 	const void *tp;
1102 	double triptime;
1103 	int dupflag, hlen, i, j, recv_len, seq;
1104 	static int old_rrlen;
1105 	static char old_rr[MAX_IPOPTLEN];
1106 
1107 	/* Check the IP header */
1108 	ip = (struct ip *)buf;
1109 	hlen = ip->ip_hl << 2;
1110 	recv_len = cc;
1111 	if (cc < hlen + ICMP_MINLEN) {
1112 		if (options & F_VERBOSE)
1113 			warn("packet too short (%d bytes) from %s", cc,
1114 			     inet_ntoa(from->sin_addr));
1115 		return;
1116 	}
1117 
1118 	/* Now the ICMP part */
1119 	cc -= hlen;
1120 	icp = (struct icmp *)(buf + hlen);
1121 	if (icp->icmp_type == icmp_type_rsp) {
1122 		if (icp->icmp_id != ident)
1123 			return;			/* 'Twas not our ECHO */
1124 		++nreceived;
1125 		triptime = 0.0;
1126 		if (timing) {
1127 			struct timeval tv1;
1128 			struct tv32 tv32;
1129 #ifndef icmp_data
1130 			tp = &icp->icmp_ip;
1131 #else
1132 			tp = icp->icmp_data;
1133 #endif
1134 			tp = (const char *)tp + phdr_len;
1135 
1136 			if ((size_t)(cc - ICMP_MINLEN - phdr_len) >=
1137 			    sizeof(tv1)) {
1138 				/* Copy to avoid alignment problems: */
1139 				memcpy(&tv32, tp, sizeof(tv32));
1140 				tv1.tv_sec = ntohl(tv32.tv32_sec);
1141 				tv1.tv_usec = ntohl(tv32.tv32_usec);
1142 				tvsub(tv, &tv1);
1143  				triptime = ((double)tv->tv_sec) * 1000.0 +
1144  				    ((double)tv->tv_usec) / 1000.0;
1145 				tsum += triptime;
1146 				tsumsq += triptime * triptime;
1147 				if (triptime < tmin)
1148 					tmin = triptime;
1149 				if (triptime > tmax)
1150 					tmax = triptime;
1151 			} else
1152 				timing = 0;
1153 		}
1154 
1155 		seq = ntohs(icp->icmp_seq);
1156 
1157 		if (TST(seq % mx_dup_ck)) {
1158 			++nrepeats;
1159 			--nreceived;
1160 			dupflag = 1;
1161 		} else {
1162 			SET(seq % mx_dup_ck);
1163 			dupflag = 0;
1164 		}
1165 
1166 		if (options & F_QUIET)
1167 			return;
1168 
1169 		if (options & F_WAITTIME && triptime > waittime) {
1170 			++nrcvtimeout;
1171 			return;
1172 		}
1173 
1174 		if (options & F_FLOOD)
1175 			(void)write(STDOUT_FILENO, &BSPACE, 1);
1176 		else {
1177 			(void)printf("%d bytes from %s: icmp_seq=%u", cc,
1178 			   inet_ntoa(*(struct in_addr *)&from->sin_addr.s_addr),
1179 			   seq);
1180 			(void)printf(" ttl=%d", ip->ip_ttl);
1181 			if (timing)
1182 				(void)printf(" time=%.3f ms", triptime);
1183 			if (dupflag)
1184 				(void)printf(" (DUP!)");
1185 			if (options & F_AUDIBLE)
1186 				(void)write(STDOUT_FILENO, &BBELL, 1);
1187 			if (options & F_MASK) {
1188 				/* Just prentend this cast isn't ugly */
1189 				(void)printf(" mask=%s",
1190 					inet_ntoa(*(struct in_addr *)&(icp->icmp_mask)));
1191 			}
1192 			if (options & F_TIME) {
1193 				(void)printf(" tso=%s", pr_ntime(icp->icmp_otime));
1194 				(void)printf(" tsr=%s", pr_ntime(icp->icmp_rtime));
1195 				(void)printf(" tst=%s", pr_ntime(icp->icmp_ttime));
1196 			}
1197 			if (recv_len != send_len) {
1198                         	(void)printf(
1199 				     "\nwrong total length %d instead of %d",
1200 				     recv_len, send_len);
1201 			}
1202 			/* check the data */
1203 			cp = (u_char*)&icp->icmp_data[phdr_len];
1204 			dp = &outpack[ICMP_MINLEN + phdr_len];
1205 			cc -= ICMP_MINLEN + phdr_len;
1206 			i = 0;
1207 			if (timing) {   /* don't check variable timestamp */
1208 				cp += TIMEVAL_LEN;
1209 				dp += TIMEVAL_LEN;
1210 				cc -= TIMEVAL_LEN;
1211 				i += TIMEVAL_LEN;
1212 			}
1213 			for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) {
1214 				if (*cp != *dp) {
1215 	(void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x",
1216 	    i, *dp, *cp);
1217 					(void)printf("\ncp:");
1218 					cp = (u_char*)&icp->icmp_data[0];
1219 					for (i = 0; i < datalen; ++i, ++cp) {
1220 						if ((i % 16) == 8)
1221 							(void)printf("\n\t");
1222 						(void)printf("%2x ", *cp);
1223 					}
1224 					(void)printf("\ndp:");
1225 					cp = &outpack[ICMP_MINLEN];
1226 					for (i = 0; i < datalen; ++i, ++cp) {
1227 						if ((i % 16) == 8)
1228 							(void)printf("\n\t");
1229 						(void)printf("%2x ", *cp);
1230 					}
1231 					break;
1232 				}
1233 			}
1234 		}
1235 	} else {
1236 		/*
1237 		 * We've got something other than an ECHOREPLY.
1238 		 * See if it's a reply to something that we sent.
1239 		 * We can compare IP destination, protocol,
1240 		 * and ICMP type and ID.
1241 		 *
1242 		 * Only print all the error messages if we are running
1243 		 * as root to avoid leaking information not normally
1244 		 * available to those not running as root.
1245 		 */
1246 #ifndef icmp_data
1247 		struct ip *oip = &icp->icmp_ip;
1248 #else
1249 		struct ip *oip = (struct ip *)icp->icmp_data;
1250 #endif
1251 		struct icmp *oicmp = (struct icmp *)(oip + 1);
1252 
1253 		if (((options & F_VERBOSE) && uid == 0) ||
1254 		    (!(options & F_QUIET2) &&
1255 		     (oip->ip_dst.s_addr == whereto.sin_addr.s_addr) &&
1256 		     (oip->ip_p == IPPROTO_ICMP) &&
1257 		     (oicmp->icmp_type == ICMP_ECHO) &&
1258 		     (oicmp->icmp_id == ident))) {
1259 		    (void)printf("%d bytes from %s: ", cc,
1260 			pr_addr(from->sin_addr));
1261 		    pr_icmph(icp);
1262 		} else
1263 		    return;
1264 	}
1265 
1266 	/* Display any IP options */
1267 	cp = (u_char *)buf + sizeof(struct ip);
1268 
1269 	for (; hlen > (int)sizeof(struct ip); --hlen, ++cp)
1270 		switch (*cp) {
1271 		case IPOPT_EOL:
1272 			hlen = 0;
1273 			break;
1274 		case IPOPT_LSRR:
1275 		case IPOPT_SSRR:
1276 			(void)printf(*cp == IPOPT_LSRR ?
1277 			    "\nLSRR: " : "\nSSRR: ");
1278 			j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1;
1279 			hlen -= 2;
1280 			cp += 2;
1281 			if (j >= INADDR_LEN &&
1282 			    j <= hlen - (int)sizeof(struct ip)) {
1283 				for (;;) {
1284 					bcopy(++cp, &ina.s_addr, INADDR_LEN);
1285 					if (ina.s_addr == 0)
1286 						(void)printf("\t0.0.0.0");
1287 					else
1288 						(void)printf("\t%s",
1289 						     pr_addr(ina));
1290 					hlen -= INADDR_LEN;
1291 					cp += INADDR_LEN - 1;
1292 					j -= INADDR_LEN;
1293 					if (j < INADDR_LEN)
1294 						break;
1295 					(void)putchar('\n');
1296 				}
1297 			} else
1298 				(void)printf("\t(truncated route)\n");
1299 			break;
1300 		case IPOPT_RR:
1301 			j = cp[IPOPT_OLEN];		/* get length */
1302 			i = cp[IPOPT_OFFSET];		/* and pointer */
1303 			hlen -= 2;
1304 			cp += 2;
1305 			if (i > j)
1306 				i = j;
1307 			i = i - IPOPT_MINOFF + 1;
1308 			if (i < 0 || i > (hlen - (int)sizeof(struct ip))) {
1309 				old_rrlen = 0;
1310 				continue;
1311 			}
1312 			if (i == old_rrlen
1313 			    && !bcmp((char *)cp, old_rr, i)
1314 			    && !(options & F_FLOOD)) {
1315 				(void)printf("\t(same route)");
1316 				hlen -= i;
1317 				cp += i;
1318 				break;
1319 			}
1320 			old_rrlen = i;
1321 			bcopy((char *)cp, old_rr, i);
1322 			(void)printf("\nRR: ");
1323 			if (i >= INADDR_LEN &&
1324 			    i <= hlen - (int)sizeof(struct ip)) {
1325 				for (;;) {
1326 					bcopy(++cp, &ina.s_addr, INADDR_LEN);
1327 					if (ina.s_addr == 0)
1328 						(void)printf("\t0.0.0.0");
1329 					else
1330 						(void)printf("\t%s",
1331 						     pr_addr(ina));
1332 					hlen -= INADDR_LEN;
1333 					cp += INADDR_LEN - 1;
1334 					i -= INADDR_LEN;
1335 					if (i < INADDR_LEN)
1336 						break;
1337 					(void)putchar('\n');
1338 				}
1339 			} else
1340 				(void)printf("\t(truncated route)");
1341 			break;
1342 		case IPOPT_NOP:
1343 			(void)printf("\nNOP");
1344 			break;
1345 		default:
1346 			(void)printf("\nunknown option %x", *cp);
1347 			break;
1348 		}
1349 	if (!(options & F_FLOOD)) {
1350 		(void)putchar('\n');
1351 		(void)fflush(stdout);
1352 	}
1353 }
1354 
1355 /*
1356  * in_cksum --
1357  *	Checksum routine for Internet Protocol family headers (C Version)
1358  */
1359 u_short
1360 in_cksum(u_short *addr, int len)
1361 {
1362 	int nleft, sum;
1363 	u_short *w;
1364 	union {
1365 		u_short	us;
1366 		u_char	uc[2];
1367 	} last;
1368 	u_short answer;
1369 
1370 	nleft = len;
1371 	sum = 0;
1372 	w = addr;
1373 
1374 	/*
1375 	 * Our algorithm is simple, using a 32 bit accumulator (sum), we add
1376 	 * sequential 16 bit words to it, and at the end, fold back all the
1377 	 * carry bits from the top 16 bits into the lower 16 bits.
1378 	 */
1379 	while (nleft > 1)  {
1380 		sum += *w++;
1381 		nleft -= 2;
1382 	}
1383 
1384 	/* mop up an odd byte, if necessary */
1385 	if (nleft == 1) {
1386 		last.uc[0] = *(u_char *)w;
1387 		last.uc[1] = 0;
1388 		sum += last.us;
1389 	}
1390 
1391 	/* add back carry outs from top 16 bits to low 16 bits */
1392 	sum = (sum >> 16) + (sum & 0xffff);	/* add hi 16 to low 16 */
1393 	sum += (sum >> 16);			/* add carry */
1394 	answer = ~sum;				/* truncate to 16 bits */
1395 	return(answer);
1396 }
1397 
1398 /*
1399  * tvsub --
1400  *	Subtract 2 timeval structs:  out = out - in.  Out is assumed to
1401  * be >= in.
1402  */
1403 static void
1404 tvsub(struct timeval *out, const struct timeval *in)
1405 {
1406 
1407 	if ((out->tv_usec -= in->tv_usec) < 0) {
1408 		--out->tv_sec;
1409 		out->tv_usec += 1000000;
1410 	}
1411 	out->tv_sec -= in->tv_sec;
1412 }
1413 
1414 /*
1415  * status --
1416  *	Print out statistics when SIGINFO is received.
1417  */
1418 
1419 static void
1420 status(int sig __unused)
1421 {
1422 
1423 	siginfo_p = 1;
1424 }
1425 
1426 static void
1427 check_status(void)
1428 {
1429 
1430 	if (siginfo_p) {
1431 		siginfo_p = 0;
1432 		(void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)",
1433 		    nreceived, ntransmitted,
1434 		    ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0);
1435 		if (nreceived && timing)
1436 			(void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max",
1437 			    tmin, tsum / (nreceived + nrepeats), tmax);
1438 		(void)fprintf(stderr, "\n");
1439 	}
1440 }
1441 
1442 /*
1443  * finish --
1444  *	Print out statistics, and give up.
1445  */
1446 static void
1447 finish(void)
1448 {
1449 
1450 	(void)signal(SIGINT, SIG_IGN);
1451 	(void)signal(SIGALRM, SIG_IGN);
1452 	(void)putchar('\n');
1453 	(void)fflush(stdout);
1454 	(void)printf("--- %s ping statistics ---\n", hostname);
1455 	(void)printf("%ld packets transmitted, ", ntransmitted);
1456 	(void)printf("%ld packets received, ", nreceived);
1457 	if (nrepeats)
1458 		(void)printf("+%ld duplicates, ", nrepeats);
1459 	if (ntransmitted) {
1460 		if (nreceived > ntransmitted)
1461 			(void)printf("-- somebody's printing up packets!");
1462 		else
1463 			(void)printf("%.1f%% packet loss",
1464 			    ((ntransmitted - nreceived) * 100.0) /
1465 			    ntransmitted);
1466 	}
1467 	if (nrcvtimeout)
1468 		(void)printf(", %ld packets out of wait time", nrcvtimeout);
1469 	(void)putchar('\n');
1470 	if (nreceived && timing) {
1471 		double n = nreceived + nrepeats;
1472 		double avg = tsum / n;
1473 		double vari = tsumsq / n - avg * avg;
1474 		(void)printf(
1475 		    "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n",
1476 		    tmin, avg, tmax, sqrt(vari));
1477 	}
1478 
1479 	if (nreceived)
1480 		exit(0);
1481 	else
1482 		exit(2);
1483 }
1484 
1485 #ifdef notdef
1486 static char *ttab[] = {
1487 	"Echo Reply",		/* ip + seq + udata */
1488 	"Dest Unreachable",	/* net, host, proto, port, frag, sr + IP */
1489 	"Source Quench",	/* IP */
1490 	"Redirect",		/* redirect type, gateway, + IP  */
1491 	"Echo",
1492 	"Time Exceeded",	/* transit, frag reassem + IP */
1493 	"Parameter Problem",	/* pointer + IP */
1494 	"Timestamp",		/* id + seq + three timestamps */
1495 	"Timestamp Reply",	/* " */
1496 	"Info Request",		/* id + sq */
1497 	"Info Reply"		/* " */
1498 };
1499 #endif
1500 
1501 /*
1502  * pr_icmph --
1503  *	Print a descriptive string about an ICMP header.
1504  */
1505 static void
1506 pr_icmph(struct icmp *icp)
1507 {
1508 
1509 	switch(icp->icmp_type) {
1510 	case ICMP_ECHOREPLY:
1511 		(void)printf("Echo Reply\n");
1512 		/* XXX ID + Seq + Data */
1513 		break;
1514 	case ICMP_UNREACH:
1515 		switch(icp->icmp_code) {
1516 		case ICMP_UNREACH_NET:
1517 			(void)printf("Destination Net Unreachable\n");
1518 			break;
1519 		case ICMP_UNREACH_HOST:
1520 			(void)printf("Destination Host Unreachable\n");
1521 			break;
1522 		case ICMP_UNREACH_PROTOCOL:
1523 			(void)printf("Destination Protocol Unreachable\n");
1524 			break;
1525 		case ICMP_UNREACH_PORT:
1526 			(void)printf("Destination Port Unreachable\n");
1527 			break;
1528 		case ICMP_UNREACH_NEEDFRAG:
1529 			(void)printf("frag needed and DF set (MTU %d)\n",
1530 					ntohs(icp->icmp_nextmtu));
1531 			break;
1532 		case ICMP_UNREACH_SRCFAIL:
1533 			(void)printf("Source Route Failed\n");
1534 			break;
1535 		case ICMP_UNREACH_FILTER_PROHIB:
1536 			(void)printf("Communication prohibited by filter\n");
1537 			break;
1538 		default:
1539 			(void)printf("Dest Unreachable, Bad Code: %d\n",
1540 			    icp->icmp_code);
1541 			break;
1542 		}
1543 		/* Print returned IP header information */
1544 #ifndef icmp_data
1545 		pr_retip(&icp->icmp_ip);
1546 #else
1547 		pr_retip((struct ip *)icp->icmp_data);
1548 #endif
1549 		break;
1550 	case ICMP_SOURCEQUENCH:
1551 		(void)printf("Source Quench\n");
1552 #ifndef icmp_data
1553 		pr_retip(&icp->icmp_ip);
1554 #else
1555 		pr_retip((struct ip *)icp->icmp_data);
1556 #endif
1557 		break;
1558 	case ICMP_REDIRECT:
1559 		switch(icp->icmp_code) {
1560 		case ICMP_REDIRECT_NET:
1561 			(void)printf("Redirect Network");
1562 			break;
1563 		case ICMP_REDIRECT_HOST:
1564 			(void)printf("Redirect Host");
1565 			break;
1566 		case ICMP_REDIRECT_TOSNET:
1567 			(void)printf("Redirect Type of Service and Network");
1568 			break;
1569 		case ICMP_REDIRECT_TOSHOST:
1570 			(void)printf("Redirect Type of Service and Host");
1571 			break;
1572 		default:
1573 			(void)printf("Redirect, Bad Code: %d", icp->icmp_code);
1574 			break;
1575 		}
1576 		(void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr));
1577 #ifndef icmp_data
1578 		pr_retip(&icp->icmp_ip);
1579 #else
1580 		pr_retip((struct ip *)icp->icmp_data);
1581 #endif
1582 		break;
1583 	case ICMP_ECHO:
1584 		(void)printf("Echo Request\n");
1585 		/* XXX ID + Seq + Data */
1586 		break;
1587 	case ICMP_TIMXCEED:
1588 		switch(icp->icmp_code) {
1589 		case ICMP_TIMXCEED_INTRANS:
1590 			(void)printf("Time to live exceeded\n");
1591 			break;
1592 		case ICMP_TIMXCEED_REASS:
1593 			(void)printf("Frag reassembly time exceeded\n");
1594 			break;
1595 		default:
1596 			(void)printf("Time exceeded, Bad Code: %d\n",
1597 			    icp->icmp_code);
1598 			break;
1599 		}
1600 #ifndef icmp_data
1601 		pr_retip(&icp->icmp_ip);
1602 #else
1603 		pr_retip((struct ip *)icp->icmp_data);
1604 #endif
1605 		break;
1606 	case ICMP_PARAMPROB:
1607 		(void)printf("Parameter problem: pointer = 0x%02x\n",
1608 		    icp->icmp_hun.ih_pptr);
1609 #ifndef icmp_data
1610 		pr_retip(&icp->icmp_ip);
1611 #else
1612 		pr_retip((struct ip *)icp->icmp_data);
1613 #endif
1614 		break;
1615 	case ICMP_TSTAMP:
1616 		(void)printf("Timestamp\n");
1617 		/* XXX ID + Seq + 3 timestamps */
1618 		break;
1619 	case ICMP_TSTAMPREPLY:
1620 		(void)printf("Timestamp Reply\n");
1621 		/* XXX ID + Seq + 3 timestamps */
1622 		break;
1623 	case ICMP_IREQ:
1624 		(void)printf("Information Request\n");
1625 		/* XXX ID + Seq */
1626 		break;
1627 	case ICMP_IREQREPLY:
1628 		(void)printf("Information Reply\n");
1629 		/* XXX ID + Seq */
1630 		break;
1631 	case ICMP_MASKREQ:
1632 		(void)printf("Address Mask Request\n");
1633 		break;
1634 	case ICMP_MASKREPLY:
1635 		(void)printf("Address Mask Reply\n");
1636 		break;
1637 	case ICMP_ROUTERADVERT:
1638 		(void)printf("Router Advertisement\n");
1639 		break;
1640 	case ICMP_ROUTERSOLICIT:
1641 		(void)printf("Router Solicitation\n");
1642 		break;
1643 	default:
1644 		(void)printf("Bad ICMP type: %d\n", icp->icmp_type);
1645 	}
1646 }
1647 
1648 /*
1649  * pr_iph --
1650  *	Print an IP header with options.
1651  */
1652 static void
1653 pr_iph(struct ip *ip)
1654 {
1655 	struct in_addr ina;
1656 	u_char *cp;
1657 	int hlen;
1658 
1659 	hlen = ip->ip_hl << 2;
1660 	cp = (u_char *)ip + 20;		/* point to options */
1661 
1662 	(void)printf("Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst\n");
1663 	(void)printf(" %1x  %1x  %02x %04x %04x",
1664 	    ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len),
1665 	    ntohs(ip->ip_id));
1666 	(void)printf("   %1lx %04lx",
1667 	    (u_long) (ntohl(ip->ip_off) & 0xe000) >> 13,
1668 	    (u_long) ntohl(ip->ip_off) & 0x1fff);
1669 	(void)printf("  %02x  %02x %04x", ip->ip_ttl, ip->ip_p,
1670 							    ntohs(ip->ip_sum));
1671 	memcpy(&ina, &ip->ip_src.s_addr, sizeof ina);
1672 	(void)printf(" %s ", inet_ntoa(ina));
1673 	memcpy(&ina, &ip->ip_dst.s_addr, sizeof ina);
1674 	(void)printf(" %s ", inet_ntoa(ina));
1675 	/* dump any option bytes */
1676 	while (hlen-- > 20) {
1677 		(void)printf("%02x", *cp++);
1678 	}
1679 	(void)putchar('\n');
1680 }
1681 
1682 /*
1683  * pr_addr --
1684  *	Return an ascii host address as a dotted quad and optionally with
1685  * a hostname.
1686  */
1687 static char *
1688 pr_addr(struct in_addr ina)
1689 {
1690 	struct hostent *hp;
1691 	static char buf[16 + 3 + MAXHOSTNAMELEN];
1692 
1693 	if (options & F_NUMERIC)
1694 		return inet_ntoa(ina);
1695 
1696 	if (capdns != NULL)
1697 		hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET);
1698 	else
1699 		hp = gethostbyaddr((char *)&ina, 4, AF_INET);
1700 
1701 	if (hp == NULL)
1702 		return inet_ntoa(ina);
1703 
1704 	(void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name,
1705 	    inet_ntoa(ina));
1706 	return(buf);
1707 }
1708 
1709 /*
1710  * pr_retip --
1711  *	Dump some info on a returned (via ICMP) IP packet.
1712  */
1713 static void
1714 pr_retip(struct ip *ip)
1715 {
1716 	u_char *cp;
1717 	int hlen;
1718 
1719 	pr_iph(ip);
1720 	hlen = ip->ip_hl << 2;
1721 	cp = (u_char *)ip + hlen;
1722 
1723 	if (ip->ip_p == 6)
1724 		(void)printf("TCP: from port %u, to port %u (decimal)\n",
1725 		    (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3)));
1726 	else if (ip->ip_p == 17)
1727 		(void)printf("UDP: from port %u, to port %u (decimal)\n",
1728 			(*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3)));
1729 }
1730 
1731 static char *
1732 pr_ntime(n_time timestamp)
1733 {
1734 	static char buf[10];
1735 	int hour, min, sec;
1736 
1737 	sec = ntohl(timestamp) / 1000;
1738 	hour = sec / 60 / 60;
1739 	min = (sec % (60 * 60)) / 60;
1740 	sec = (sec % (60 * 60)) % 60;
1741 
1742 	(void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec);
1743 
1744 	return (buf);
1745 }
1746 
1747 static void
1748 fill(char *bp, char *patp)
1749 {
1750 	char *cp;
1751 	int pat[16];
1752 	u_int ii, jj, kk;
1753 
1754 	for (cp = patp; *cp; cp++) {
1755 		if (!isxdigit(*cp))
1756 			errx(EX_USAGE,
1757 			    "patterns must be specified as hex digits");
1758 
1759 	}
1760 	ii = sscanf(patp,
1761 	    "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x",
1762 	    &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6],
1763 	    &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12],
1764 	    &pat[13], &pat[14], &pat[15]);
1765 
1766 	if (ii > 0)
1767 		for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii)
1768 			for (jj = 0; jj < ii; ++jj)
1769 				bp[jj + kk] = pat[jj];
1770 	if (!(options & F_QUIET)) {
1771 		(void)printf("PATTERN: 0x");
1772 		for (jj = 0; jj < ii; ++jj)
1773 			(void)printf("%02x", bp[jj] & 0xFF);
1774 		(void)printf("\n");
1775 	}
1776 }
1777 
1778 static cap_channel_t *
1779 capdns_setup(void)
1780 {
1781 	cap_channel_t *capcas, *capdnsloc;
1782 	const char *types[2];
1783 	int families[1];
1784 
1785 	capcas = cap_init();
1786 	if (capcas == NULL)
1787 		err(1, "unable to create casper process");
1788 	capdnsloc = cap_service_open(capcas, "system.dns");
1789 	/* Casper capability no longer needed. */
1790 	cap_close(capcas);
1791 	if (capdnsloc == NULL)
1792 		err(1, "unable to open system.dns service");
1793 	types[0] = "NAME";
1794 	types[1] = "ADDR";
1795 	if (cap_dns_type_limit(capdnsloc, types, 2) < 0)
1796 		err(1, "unable to limit access to system.dns service");
1797 	families[0] = AF_INET;
1798 	if (cap_dns_family_limit(capdnsloc, families, 1) < 0)
1799 		err(1, "unable to limit access to system.dns service");
1800 
1801 	return (capdnsloc);
1802 }
1803 
1804 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
1805 #define	SECOPT		" [-P policy]"
1806 #else
1807 #define	SECOPT		""
1808 #endif
1809 static void
1810 usage(void)
1811 {
1812 
1813 	(void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n",
1814 "usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]",
1815 "            [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]",
1816 "           " SECOPT " [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]",
1817 "            [-W waittime] [-z tos] host",
1818 "       ping [-AaDdfLnoQqRrv] [-c count] [-I iface] [-i wait] [-l preload]",
1819 "            [-M mask | time] [-m ttl]" SECOPT " [-p pattern] [-S src_addr]",
1820 "            [-s packetsize] [-T ttl] [-t timeout] [-W waittime]",
1821 "            [-z tos] mcast-group");
1822 	exit(EX_USAGE);
1823 }
1824