1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Mike Muuss. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #if 0 36 #ifndef lint 37 static const char copyright[] = 38 "@(#) Copyright (c) 1989, 1993\n\ 39 The Regents of the University of California. All rights reserved.\n"; 40 #endif /* not lint */ 41 42 #ifndef lint 43 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; 44 #endif /* not lint */ 45 #endif 46 #include <sys/cdefs.h> 47 __FBSDID("$FreeBSD$"); 48 49 /* 50 * P I N G . C 51 * 52 * Using the Internet Control Message Protocol (ICMP) "ECHO" facility, 53 * measure round-trip-delays and packet loss across network paths. 54 * 55 * Author - 56 * Mike Muuss 57 * U. S. Army Ballistic Research Laboratory 58 * December, 1983 59 * 60 * Status - 61 * Public Domain. Distribution Unlimited. 62 * Bugs - 63 * More statistics could always be gathered. 64 * This program has to run SUID to ROOT to access the ICMP socket. 65 */ 66 67 #include <sys/param.h> /* NB: we rely on this for <sys/types.h> */ 68 #include <sys/capsicum.h> 69 #include <sys/socket.h> 70 #include <sys/sysctl.h> 71 #include <sys/time.h> 72 #include <sys/uio.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_systm.h> 76 #include <netinet/ip.h> 77 #include <netinet/ip_icmp.h> 78 #include <netinet/ip_var.h> 79 #include <arpa/inet.h> 80 81 #include <libcasper.h> 82 #include <casper/cap_dns.h> 83 84 #ifdef IPSEC 85 #include <netipsec/ipsec.h> 86 #endif /*IPSEC*/ 87 88 #include <ctype.h> 89 #include <err.h> 90 #include <errno.h> 91 #include <math.h> 92 #include <netdb.h> 93 #include <signal.h> 94 #include <stdio.h> 95 #include <stdlib.h> 96 #include <string.h> 97 #include <sysexits.h> 98 #include <unistd.h> 99 100 #define INADDR_LEN ((int)sizeof(in_addr_t)) 101 #define TIMEVAL_LEN ((int)sizeof(struct tv32)) 102 #define MASK_LEN (ICMP_MASKLEN - ICMP_MINLEN) 103 #define TS_LEN (ICMP_TSLEN - ICMP_MINLEN) 104 #define DEFDATALEN 56 /* default data length */ 105 #define FLOOD_BACKOFF 20000 /* usecs to back off if F_FLOOD mode */ 106 /* runs out of buffer space */ 107 #define MAXIPLEN (sizeof(struct ip) + MAX_IPOPTLEN) 108 #define MAXICMPLEN (ICMP_ADVLENMIN + MAX_IPOPTLEN) 109 #define MAXWAIT 10000 /* max ms to wait for response */ 110 #define MAXALARM (60 * 60) /* max seconds for alarm timeout */ 111 #define MAXTOS 255 112 113 #define A(bit) rcvd_tbl[(bit)>>3] /* identify byte in array */ 114 #define B(bit) (1 << ((bit) & 0x07)) /* identify bit in byte */ 115 #define SET(bit) (A(bit) |= B(bit)) 116 #define CLR(bit) (A(bit) &= (~B(bit))) 117 #define TST(bit) (A(bit) & B(bit)) 118 119 struct tv32 { 120 int32_t tv32_sec; 121 int32_t tv32_usec; 122 }; 123 124 /* various options */ 125 static int options; 126 #define F_FLOOD 0x0001 127 #define F_INTERVAL 0x0002 128 #define F_NUMERIC 0x0004 129 #define F_PINGFILLED 0x0008 130 #define F_QUIET 0x0010 131 #define F_RROUTE 0x0020 132 #define F_SO_DEBUG 0x0040 133 #define F_SO_DONTROUTE 0x0080 134 #define F_VERBOSE 0x0100 135 #define F_QUIET2 0x0200 136 #define F_NOLOOP 0x0400 137 #define F_MTTL 0x0800 138 #define F_MIF 0x1000 139 #define F_AUDIBLE 0x2000 140 #ifdef IPSEC 141 #ifdef IPSEC_POLICY_IPSEC 142 #define F_POLICY 0x4000 143 #endif /*IPSEC_POLICY_IPSEC*/ 144 #endif /*IPSEC*/ 145 #define F_TTL 0x8000 146 #define F_MISSED 0x10000 147 #define F_ONCE 0x20000 148 #define F_HDRINCL 0x40000 149 #define F_MASK 0x80000 150 #define F_TIME 0x100000 151 #define F_SWEEP 0x200000 152 #define F_WAITTIME 0x400000 153 154 /* 155 * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum 156 * number of received sequence numbers we can keep track of. Change 128 157 * to 8192 for complete accuracy... 158 */ 159 #define MAX_DUP_CHK (8 * 128) 160 static int mx_dup_ck = MAX_DUP_CHK; 161 static char rcvd_tbl[MAX_DUP_CHK / 8]; 162 163 static struct sockaddr_in whereto; /* who to ping */ 164 static int datalen = DEFDATALEN; 165 static int maxpayload; 166 static int ssend; /* send socket file descriptor */ 167 static int srecv; /* receive socket file descriptor */ 168 static u_char outpackhdr[IP_MAXPACKET], *outpack; 169 static char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ 170 static char BSPACE = '\b'; /* characters written for flood */ 171 static char DOT = '.'; 172 static char *hostname; 173 static char *shostname; 174 static int ident; /* process id to identify our packets */ 175 static int uid; /* cached uid for micro-optimization */ 176 static u_char icmp_type = ICMP_ECHO; 177 static u_char icmp_type_rsp = ICMP_ECHOREPLY; 178 static int phdr_len = 0; 179 static int send_len; 180 181 /* counters */ 182 static long nmissedmax; /* max value of ntransmitted - nreceived - 1 */ 183 static long npackets; /* max packets to transmit */ 184 static long nreceived; /* # of packets we got back */ 185 static long nrepeats; /* number of duplicates */ 186 static long ntransmitted; /* sequence # for outbound packets = #sent */ 187 static long snpackets; /* max packets to transmit in one sweep */ 188 static long sntransmitted; /* # of packets we sent in this sweep */ 189 static int sweepmax; /* max value of payload in sweep */ 190 static int sweepmin = 0; /* start value of payload in sweep */ 191 static int sweepincr = 1; /* payload increment in sweep */ 192 static int interval = 1000; /* interval between packets, ms */ 193 static int waittime = MAXWAIT; /* timeout for each packet */ 194 static long nrcvtimeout = 0; /* # of packets we got back after waittime */ 195 196 /* timing */ 197 static int timing; /* flag to do timing */ 198 static double tmin = 999999999.0; /* minimum round trip time */ 199 static double tmax = 0.0; /* maximum round trip time */ 200 static double tsum = 0.0; /* sum of all times, for doing average */ 201 static double tsumsq = 0.0; /* sum of all times squared, for std. dev. */ 202 203 /* nonzero if we've been told to finish up */ 204 static volatile sig_atomic_t finish_up; 205 static volatile sig_atomic_t siginfo_p; 206 207 static cap_channel_t *capdns; 208 209 static void fill(char *, char *); 210 static u_short in_cksum(u_short *, int); 211 static cap_channel_t *capdns_setup(void); 212 static void check_status(void); 213 static void finish(void) __dead2; 214 static void pinger(void); 215 static char *pr_addr(struct in_addr); 216 static char *pr_ntime(n_time); 217 static void pr_icmph(struct icmp *); 218 static void pr_iph(struct ip *); 219 static void pr_pack(char *, int, struct sockaddr_in *, struct timeval *); 220 static void pr_retip(struct ip *); 221 static void status(int); 222 static void stopit(int); 223 static void tvsub(struct timeval *, const struct timeval *); 224 static void usage(void) __dead2; 225 226 int 227 main(int argc, char *const *argv) 228 { 229 struct sockaddr_in from, sock_in; 230 struct in_addr ifaddr; 231 struct timeval last, intvl; 232 struct iovec iov; 233 struct ip *ip; 234 struct msghdr msg; 235 struct sigaction si_sa; 236 size_t sz; 237 u_char *datap, packet[IP_MAXPACKET] __aligned(4); 238 char *ep, *source, *target, *payload; 239 struct hostent *hp; 240 #ifdef IPSEC_POLICY_IPSEC 241 char *policy_in, *policy_out; 242 #endif 243 struct sockaddr_in *to; 244 double t; 245 u_long alarmtimeout, ultmp; 246 int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; 247 int ssend_errno, srecv_errno, tos, ttl; 248 char ctrl[CMSG_SPACE(sizeof(struct timeval))]; 249 char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; 250 #ifdef IP_OPTIONS 251 char rspace[MAX_IPOPTLEN]; /* record route space */ 252 #endif 253 unsigned char loop, mttl; 254 255 payload = source = NULL; 256 #ifdef IPSEC_POLICY_IPSEC 257 policy_in = policy_out = NULL; 258 #endif 259 cap_rights_t rights; 260 bool cansandbox; 261 262 /* 263 * Do the stuff that we need root priv's for *first*, and 264 * then drop our setuid bit. Save error reporting for 265 * after arg parsing. 266 * 267 * Historicaly ping was using one socket 's' for sending and for 268 * receiving. After capsicum(4) related changes we use two 269 * sockets. It was done for special ping use case - when user 270 * issue ping on multicast or broadcast address replies come 271 * from different addresses, not from the address we 272 * connect(2)'ed to, and send socket do not receive those 273 * packets. 274 */ 275 ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 276 ssend_errno = errno; 277 srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 278 srecv_errno = errno; 279 280 if (setuid(getuid()) != 0) 281 err(EX_NOPERM, "setuid() failed"); 282 uid = getuid(); 283 284 if (ssend < 0) { 285 errno = ssend_errno; 286 err(EX_OSERR, "ssend socket"); 287 } 288 289 if (srecv < 0) { 290 errno = srecv_errno; 291 err(EX_OSERR, "srecv socket"); 292 } 293 294 alarmtimeout = df = preload = tos = 0; 295 296 outpack = outpackhdr + sizeof(struct ip); 297 while ((ch = getopt(argc, argv, 298 "Aac:DdfG:g:h:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:" 299 #ifdef IPSEC 300 #ifdef IPSEC_POLICY_IPSEC 301 "P:" 302 #endif /*IPSEC_POLICY_IPSEC*/ 303 #endif /*IPSEC*/ 304 )) != -1) 305 { 306 switch(ch) { 307 case 'A': 308 options |= F_MISSED; 309 break; 310 case 'a': 311 options |= F_AUDIBLE; 312 break; 313 case 'c': 314 ultmp = strtoul(optarg, &ep, 0); 315 if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp) 316 errx(EX_USAGE, 317 "invalid count of packets to transmit: `%s'", 318 optarg); 319 npackets = ultmp; 320 break; 321 case 'D': 322 options |= F_HDRINCL; 323 df = 1; 324 break; 325 case 'd': 326 options |= F_SO_DEBUG; 327 break; 328 case 'f': 329 if (uid) { 330 errno = EPERM; 331 err(EX_NOPERM, "-f flag"); 332 } 333 options |= F_FLOOD; 334 setbuf(stdout, (char *)NULL); 335 break; 336 case 'G': /* Maximum packet size for ping sweep */ 337 ultmp = strtoul(optarg, &ep, 0); 338 if (*ep || ep == optarg) 339 errx(EX_USAGE, "invalid packet size: `%s'", 340 optarg); 341 if (uid != 0 && ultmp > DEFDATALEN) { 342 errno = EPERM; 343 err(EX_NOPERM, 344 "packet size too large: %lu > %u", 345 ultmp, DEFDATALEN); 346 } 347 options |= F_SWEEP; 348 sweepmax = ultmp; 349 break; 350 case 'g': /* Minimum packet size for ping sweep */ 351 ultmp = strtoul(optarg, &ep, 0); 352 if (*ep || ep == optarg) 353 errx(EX_USAGE, "invalid packet size: `%s'", 354 optarg); 355 if (uid != 0 && ultmp > DEFDATALEN) { 356 errno = EPERM; 357 err(EX_NOPERM, 358 "packet size too large: %lu > %u", 359 ultmp, DEFDATALEN); 360 } 361 options |= F_SWEEP; 362 sweepmin = ultmp; 363 break; 364 case 'h': /* Packet size increment for ping sweep */ 365 ultmp = strtoul(optarg, &ep, 0); 366 if (*ep || ep == optarg || ultmp < 1) 367 errx(EX_USAGE, "invalid increment size: `%s'", 368 optarg); 369 if (uid != 0 && ultmp > DEFDATALEN) { 370 errno = EPERM; 371 err(EX_NOPERM, 372 "packet size too large: %lu > %u", 373 ultmp, DEFDATALEN); 374 } 375 options |= F_SWEEP; 376 sweepincr = ultmp; 377 break; 378 case 'I': /* multicast interface */ 379 if (inet_aton(optarg, &ifaddr) == 0) 380 errx(EX_USAGE, 381 "invalid multicast interface: `%s'", 382 optarg); 383 options |= F_MIF; 384 break; 385 case 'i': /* wait between sending packets */ 386 t = strtod(optarg, &ep) * 1000.0; 387 if (*ep || ep == optarg || t > (double)INT_MAX) 388 errx(EX_USAGE, "invalid timing interval: `%s'", 389 optarg); 390 options |= F_INTERVAL; 391 interval = (int)t; 392 if (uid && interval < 1000) { 393 errno = EPERM; 394 err(EX_NOPERM, "-i interval too short"); 395 } 396 break; 397 case 'L': 398 options |= F_NOLOOP; 399 loop = 0; 400 break; 401 case 'l': 402 ultmp = strtoul(optarg, &ep, 0); 403 if (*ep || ep == optarg || ultmp > INT_MAX) 404 errx(EX_USAGE, 405 "invalid preload value: `%s'", optarg); 406 if (uid) { 407 errno = EPERM; 408 err(EX_NOPERM, "-l flag"); 409 } 410 preload = ultmp; 411 break; 412 case 'M': 413 switch(optarg[0]) { 414 case 'M': 415 case 'm': 416 options |= F_MASK; 417 break; 418 case 'T': 419 case 't': 420 options |= F_TIME; 421 break; 422 default: 423 errx(EX_USAGE, "invalid message: `%c'", optarg[0]); 424 break; 425 } 426 break; 427 case 'm': /* TTL */ 428 ultmp = strtoul(optarg, &ep, 0); 429 if (*ep || ep == optarg || ultmp > MAXTTL) 430 errx(EX_USAGE, "invalid TTL: `%s'", optarg); 431 ttl = ultmp; 432 options |= F_TTL; 433 break; 434 case 'n': 435 options |= F_NUMERIC; 436 break; 437 case 'o': 438 options |= F_ONCE; 439 break; 440 #ifdef IPSEC 441 #ifdef IPSEC_POLICY_IPSEC 442 case 'P': 443 options |= F_POLICY; 444 if (!strncmp("in", optarg, 2)) 445 policy_in = strdup(optarg); 446 else if (!strncmp("out", optarg, 3)) 447 policy_out = strdup(optarg); 448 else 449 errx(1, "invalid security policy"); 450 break; 451 #endif /*IPSEC_POLICY_IPSEC*/ 452 #endif /*IPSEC*/ 453 case 'p': /* fill buffer with user pattern */ 454 options |= F_PINGFILLED; 455 payload = optarg; 456 break; 457 case 'Q': 458 options |= F_QUIET2; 459 break; 460 case 'q': 461 options |= F_QUIET; 462 break; 463 case 'R': 464 options |= F_RROUTE; 465 break; 466 case 'r': 467 options |= F_SO_DONTROUTE; 468 break; 469 case 'S': 470 source = optarg; 471 break; 472 case 's': /* size of packet to send */ 473 ultmp = strtoul(optarg, &ep, 0); 474 if (*ep || ep == optarg) 475 errx(EX_USAGE, "invalid packet size: `%s'", 476 optarg); 477 if (uid != 0 && ultmp > DEFDATALEN) { 478 errno = EPERM; 479 err(EX_NOPERM, 480 "packet size too large: %lu > %u", 481 ultmp, DEFDATALEN); 482 } 483 datalen = ultmp; 484 break; 485 case 'T': /* multicast TTL */ 486 ultmp = strtoul(optarg, &ep, 0); 487 if (*ep || ep == optarg || ultmp > MAXTTL) 488 errx(EX_USAGE, "invalid multicast TTL: `%s'", 489 optarg); 490 mttl = ultmp; 491 options |= F_MTTL; 492 break; 493 case 't': 494 alarmtimeout = strtoul(optarg, &ep, 0); 495 if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX)) 496 errx(EX_USAGE, "invalid timeout: `%s'", 497 optarg); 498 if (alarmtimeout > MAXALARM) 499 errx(EX_USAGE, "invalid timeout: `%s' > %d", 500 optarg, MAXALARM); 501 alarm((int)alarmtimeout); 502 break; 503 case 'v': 504 options |= F_VERBOSE; 505 break; 506 case 'W': /* wait ms for answer */ 507 t = strtod(optarg, &ep); 508 if (*ep || ep == optarg || t > (double)INT_MAX) 509 errx(EX_USAGE, "invalid timing interval: `%s'", 510 optarg); 511 options |= F_WAITTIME; 512 waittime = (int)t; 513 break; 514 case 'z': 515 options |= F_HDRINCL; 516 ultmp = strtoul(optarg, &ep, 0); 517 if (*ep || ep == optarg || ultmp > MAXTOS) 518 errx(EX_USAGE, "invalid TOS: `%s'", optarg); 519 tos = ultmp; 520 break; 521 default: 522 usage(); 523 } 524 } 525 526 if (argc - optind != 1) 527 usage(); 528 target = argv[optind]; 529 530 switch (options & (F_MASK|F_TIME)) { 531 case 0: break; 532 case F_MASK: 533 icmp_type = ICMP_MASKREQ; 534 icmp_type_rsp = ICMP_MASKREPLY; 535 phdr_len = MASK_LEN; 536 if (!(options & F_QUIET)) 537 (void)printf("ICMP_MASKREQ\n"); 538 break; 539 case F_TIME: 540 icmp_type = ICMP_TSTAMP; 541 icmp_type_rsp = ICMP_TSTAMPREPLY; 542 phdr_len = TS_LEN; 543 if (!(options & F_QUIET)) 544 (void)printf("ICMP_TSTAMP\n"); 545 break; 546 default: 547 errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive."); 548 break; 549 } 550 icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len; 551 if (options & F_RROUTE) 552 icmp_len += MAX_IPOPTLEN; 553 maxpayload = IP_MAXPACKET - icmp_len; 554 if (datalen > maxpayload) 555 errx(EX_USAGE, "packet size too large: %d > %d", datalen, 556 maxpayload); 557 send_len = icmp_len + datalen; 558 datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN]; 559 if (options & F_PINGFILLED) { 560 fill((char *)datap, payload); 561 } 562 capdns = capdns_setup(); 563 if (source) { 564 bzero((char *)&sock_in, sizeof(sock_in)); 565 sock_in.sin_family = AF_INET; 566 if (inet_aton(source, &sock_in.sin_addr) != 0) { 567 shostname = source; 568 } else { 569 if (capdns != NULL) 570 hp = cap_gethostbyname2(capdns, source, 571 AF_INET); 572 else 573 hp = gethostbyname2(source, AF_INET); 574 if (!hp) 575 errx(EX_NOHOST, "cannot resolve %s: %s", 576 source, hstrerror(h_errno)); 577 578 sock_in.sin_len = sizeof sock_in; 579 if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) || 580 hp->h_length < 0) 581 errx(1, "gethostbyname2: illegal address"); 582 memcpy(&sock_in.sin_addr, hp->h_addr_list[0], 583 sizeof(sock_in.sin_addr)); 584 (void)strncpy(snamebuf, hp->h_name, 585 sizeof(snamebuf) - 1); 586 snamebuf[sizeof(snamebuf) - 1] = '\0'; 587 shostname = snamebuf; 588 } 589 if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == 590 -1) 591 err(1, "bind"); 592 } 593 594 bzero(&whereto, sizeof(whereto)); 595 to = &whereto; 596 to->sin_family = AF_INET; 597 to->sin_len = sizeof *to; 598 if (inet_aton(target, &to->sin_addr) != 0) { 599 hostname = target; 600 } else { 601 if (capdns != NULL) 602 hp = cap_gethostbyname2(capdns, target, AF_INET); 603 else 604 hp = gethostbyname2(target, AF_INET); 605 if (!hp) 606 errx(EX_NOHOST, "cannot resolve %s: %s", 607 target, hstrerror(h_errno)); 608 609 if ((unsigned)hp->h_length > sizeof(to->sin_addr)) 610 errx(1, "gethostbyname2 returned an illegal address"); 611 memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr); 612 (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); 613 hnamebuf[sizeof(hnamebuf) - 1] = '\0'; 614 hostname = hnamebuf; 615 } 616 617 /* From now on we will use only reverse DNS lookups. */ 618 if (capdns != NULL) { 619 const char *types[1]; 620 621 types[0] = "ADDR"; 622 if (cap_dns_type_limit(capdns, types, 1) < 0) 623 err(1, "unable to limit access to system.dns service"); 624 } 625 626 if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) 627 err(1, "connect"); 628 629 if (options & F_FLOOD && options & F_INTERVAL) 630 errx(EX_USAGE, "-f and -i: incompatible options"); 631 632 if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 633 errx(EX_USAGE, 634 "-f flag cannot be used with multicast destination"); 635 if (options & (F_MIF | F_NOLOOP | F_MTTL) 636 && !IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 637 errx(EX_USAGE, 638 "-I, -L, -T flags cannot be used with unicast destination"); 639 640 if (datalen >= TIMEVAL_LEN) /* can we time transfer */ 641 timing = 1; 642 643 if (!(options & F_PINGFILLED)) 644 for (i = TIMEVAL_LEN; i < datalen; ++i) 645 *datap++ = i; 646 647 ident = getpid() & 0xFFFF; 648 649 hold = 1; 650 if (options & F_SO_DEBUG) { 651 (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, 652 sizeof(hold)); 653 (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, 654 sizeof(hold)); 655 } 656 if (options & F_SO_DONTROUTE) 657 (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, 658 sizeof(hold)); 659 #ifdef IPSEC 660 #ifdef IPSEC_POLICY_IPSEC 661 if (options & F_POLICY) { 662 char *buf; 663 if (policy_in != NULL) { 664 buf = ipsec_set_policy(policy_in, strlen(policy_in)); 665 if (buf == NULL) 666 errx(EX_CONFIG, "%s", ipsec_strerror()); 667 if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, 668 buf, ipsec_get_policylen(buf)) < 0) 669 err(EX_CONFIG, 670 "ipsec policy cannot be configured"); 671 free(buf); 672 } 673 674 if (policy_out != NULL) { 675 buf = ipsec_set_policy(policy_out, strlen(policy_out)); 676 if (buf == NULL) 677 errx(EX_CONFIG, "%s", ipsec_strerror()); 678 if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, 679 buf, ipsec_get_policylen(buf)) < 0) 680 err(EX_CONFIG, 681 "ipsec policy cannot be configured"); 682 free(buf); 683 } 684 } 685 #endif /*IPSEC_POLICY_IPSEC*/ 686 #endif /*IPSEC*/ 687 688 if (options & F_HDRINCL) { 689 ip = (struct ip*)outpackhdr; 690 if (!(options & (F_TTL | F_MTTL))) { 691 mib[0] = CTL_NET; 692 mib[1] = PF_INET; 693 mib[2] = IPPROTO_IP; 694 mib[3] = IPCTL_DEFTTL; 695 sz = sizeof(ttl); 696 if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) 697 err(1, "sysctl(net.inet.ip.ttl)"); 698 } 699 setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); 700 ip->ip_v = IPVERSION; 701 ip->ip_hl = sizeof(struct ip) >> 2; 702 ip->ip_tos = tos; 703 ip->ip_id = 0; 704 ip->ip_off = htons(df ? IP_DF : 0); 705 ip->ip_ttl = ttl; 706 ip->ip_p = IPPROTO_ICMP; 707 ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; 708 ip->ip_dst = to->sin_addr; 709 } 710 711 if (options & F_NUMERIC) 712 cansandbox = true; 713 else if (capdns != NULL) 714 cansandbox = CASPER_SUPPORT; 715 else 716 cansandbox = false; 717 718 /* 719 * Here we enter capability mode. Further down access to global 720 * namespaces (e.g filesystem) is restricted (see capsicum(4)). 721 * We must connect(2) our socket before this point. 722 */ 723 if (cansandbox && cap_enter() < 0 && errno != ENOSYS) 724 err(1, "cap_enter"); 725 726 cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); 727 if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) 728 err(1, "cap_rights_limit srecv"); 729 730 cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); 731 if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) 732 err(1, "cap_rights_limit ssend"); 733 734 /* record route option */ 735 if (options & F_RROUTE) { 736 #ifdef IP_OPTIONS 737 bzero(rspace, sizeof(rspace)); 738 rspace[IPOPT_OPTVAL] = IPOPT_RR; 739 rspace[IPOPT_OLEN] = sizeof(rspace) - 1; 740 rspace[IPOPT_OFFSET] = IPOPT_MINOFF; 741 rspace[sizeof(rspace) - 1] = IPOPT_EOL; 742 if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, 743 sizeof(rspace)) < 0) 744 err(EX_OSERR, "setsockopt IP_OPTIONS"); 745 #else 746 errx(EX_UNAVAILABLE, 747 "record route not available in this implementation"); 748 #endif /* IP_OPTIONS */ 749 } 750 751 if (options & F_TTL) { 752 if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, 753 sizeof(ttl)) < 0) { 754 err(EX_OSERR, "setsockopt IP_TTL"); 755 } 756 } 757 if (options & F_NOLOOP) { 758 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, 759 sizeof(loop)) < 0) { 760 err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); 761 } 762 } 763 if (options & F_MTTL) { 764 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, 765 sizeof(mttl)) < 0) { 766 err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); 767 } 768 } 769 if (options & F_MIF) { 770 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, 771 sizeof(ifaddr)) < 0) { 772 err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); 773 } 774 } 775 #ifdef SO_TIMESTAMP 776 { int on = 1; 777 if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0) 778 err(EX_OSERR, "setsockopt SO_TIMESTAMP"); 779 } 780 #endif 781 if (sweepmax) { 782 if (sweepmin > sweepmax) 783 errx(EX_USAGE, "Maximum packet size must be no less than the minimum packet size"); 784 785 if (datalen != DEFDATALEN) 786 errx(EX_USAGE, "Packet size and ping sweep are mutually exclusive"); 787 788 if (npackets > 0) { 789 snpackets = npackets; 790 npackets = 0; 791 } else 792 snpackets = 1; 793 datalen = sweepmin; 794 send_len = icmp_len + sweepmin; 795 } 796 if (options & F_SWEEP && !sweepmax) 797 errx(EX_USAGE, "Maximum sweep size must be specified"); 798 799 /* 800 * When pinging the broadcast address, you can get a lot of answers. 801 * Doing something so evil is useful if you are trying to stress the 802 * ethernet, or just want to fill the arp cache to get some stuff for 803 * /etc/ethers. But beware: RFC 1122 allows hosts to ignore broadcast 804 * or multicast pings if they wish. 805 */ 806 807 /* 808 * XXX receive buffer needs undetermined space for mbuf overhead 809 * as well. 810 */ 811 hold = IP_MAXPACKET + 128; 812 (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, 813 sizeof(hold)); 814 /* CAP_SETSOCKOPT removed */ 815 cap_rights_init(&rights, CAP_RECV, CAP_EVENT); 816 if (cap_rights_limit(srecv, &rights) < 0 && errno != ENOSYS) 817 err(1, "cap_rights_limit srecv setsockopt"); 818 if (uid == 0) 819 (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, 820 sizeof(hold)); 821 /* CAP_SETSOCKOPT removed */ 822 cap_rights_init(&rights, CAP_SEND); 823 if (cap_rights_limit(ssend, &rights) < 0 && errno != ENOSYS) 824 err(1, "cap_rights_limit ssend setsockopt"); 825 826 if (to->sin_family == AF_INET) { 827 (void)printf("PING %s (%s)", hostname, 828 inet_ntoa(to->sin_addr)); 829 if (source) 830 (void)printf(" from %s", shostname); 831 if (sweepmax) 832 (void)printf(": (%d ... %d) data bytes\n", 833 sweepmin, sweepmax); 834 else 835 (void)printf(": %d data bytes\n", datalen); 836 837 } else { 838 if (sweepmax) 839 (void)printf("PING %s: (%d ... %d) data bytes\n", 840 hostname, sweepmin, sweepmax); 841 else 842 (void)printf("PING %s: %d data bytes\n", hostname, datalen); 843 } 844 845 /* 846 * Use sigaction() instead of signal() to get unambiguous semantics, 847 * in particular with SA_RESTART not set. 848 */ 849 850 sigemptyset(&si_sa.sa_mask); 851 si_sa.sa_flags = 0; 852 853 si_sa.sa_handler = stopit; 854 if (sigaction(SIGINT, &si_sa, 0) == -1) { 855 err(EX_OSERR, "sigaction SIGINT"); 856 } 857 858 si_sa.sa_handler = status; 859 if (sigaction(SIGINFO, &si_sa, 0) == -1) { 860 err(EX_OSERR, "sigaction"); 861 } 862 863 if (alarmtimeout > 0) { 864 si_sa.sa_handler = stopit; 865 if (sigaction(SIGALRM, &si_sa, 0) == -1) 866 err(EX_OSERR, "sigaction SIGALRM"); 867 } 868 869 bzero(&msg, sizeof(msg)); 870 msg.msg_name = (caddr_t)&from; 871 msg.msg_iov = &iov; 872 msg.msg_iovlen = 1; 873 #ifdef SO_TIMESTAMP 874 msg.msg_control = (caddr_t)ctrl; 875 #endif 876 iov.iov_base = packet; 877 iov.iov_len = IP_MAXPACKET; 878 879 if (preload == 0) 880 pinger(); /* send the first ping */ 881 else { 882 if (npackets != 0 && preload > npackets) 883 preload = npackets; 884 while (preload--) /* fire off them quickies */ 885 pinger(); 886 } 887 (void)gettimeofday(&last, NULL); 888 889 if (options & F_FLOOD) { 890 intvl.tv_sec = 0; 891 intvl.tv_usec = 10000; 892 } else { 893 intvl.tv_sec = interval / 1000; 894 intvl.tv_usec = interval % 1000 * 1000; 895 } 896 897 almost_done = 0; 898 while (!finish_up) { 899 struct timeval now, timeout; 900 fd_set rfds; 901 int cc, n; 902 903 check_status(); 904 if ((unsigned)srecv >= FD_SETSIZE) 905 errx(EX_OSERR, "descriptor too large"); 906 FD_ZERO(&rfds); 907 FD_SET(srecv, &rfds); 908 (void)gettimeofday(&now, NULL); 909 timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec; 910 timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec; 911 while (timeout.tv_usec < 0) { 912 timeout.tv_usec += 1000000; 913 timeout.tv_sec--; 914 } 915 while (timeout.tv_usec >= 1000000) { 916 timeout.tv_usec -= 1000000; 917 timeout.tv_sec++; 918 } 919 if (timeout.tv_sec < 0) 920 timerclear(&timeout); 921 n = select(srecv + 1, &rfds, NULL, NULL, &timeout); 922 if (n < 0) 923 continue; /* Must be EINTR. */ 924 if (n == 1) { 925 struct timeval *tv = NULL; 926 #ifdef SO_TIMESTAMP 927 struct cmsghdr *cmsg = (struct cmsghdr *)&ctrl; 928 929 msg.msg_controllen = sizeof(ctrl); 930 #endif 931 msg.msg_namelen = sizeof(from); 932 if ((cc = recvmsg(srecv, &msg, 0)) < 0) { 933 if (errno == EINTR) 934 continue; 935 warn("recvmsg"); 936 continue; 937 } 938 #ifdef SO_TIMESTAMP 939 if (cmsg->cmsg_level == SOL_SOCKET && 940 cmsg->cmsg_type == SCM_TIMESTAMP && 941 cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) { 942 /* Copy to avoid alignment problems: */ 943 memcpy(&now, CMSG_DATA(cmsg), sizeof(now)); 944 tv = &now; 945 } 946 #endif 947 if (tv == NULL) { 948 (void)gettimeofday(&now, NULL); 949 tv = &now; 950 } 951 pr_pack((char *)packet, cc, &from, tv); 952 if ((options & F_ONCE && nreceived) || 953 (npackets && nreceived >= npackets)) 954 break; 955 } 956 if (n == 0 || options & F_FLOOD) { 957 if (sweepmax && sntransmitted == snpackets) { 958 for (i = 0; i < sweepincr ; ++i) 959 *datap++ = i; 960 datalen += sweepincr; 961 if (datalen > sweepmax) 962 break; 963 send_len = icmp_len + datalen; 964 sntransmitted = 0; 965 } 966 if (!npackets || ntransmitted < npackets) 967 pinger(); 968 else { 969 if (almost_done) 970 break; 971 almost_done = 1; 972 intvl.tv_usec = 0; 973 if (nreceived) { 974 intvl.tv_sec = 2 * tmax / 1000; 975 if (!intvl.tv_sec) 976 intvl.tv_sec = 1; 977 } else { 978 intvl.tv_sec = waittime / 1000; 979 intvl.tv_usec = waittime % 1000 * 1000; 980 } 981 } 982 (void)gettimeofday(&last, NULL); 983 if (ntransmitted - nreceived - 1 > nmissedmax) { 984 nmissedmax = ntransmitted - nreceived - 1; 985 if (options & F_MISSED) 986 (void)write(STDOUT_FILENO, &BBELL, 1); 987 } 988 } 989 } 990 finish(); 991 /* NOTREACHED */ 992 exit(0); /* Make the compiler happy */ 993 } 994 995 /* 996 * stopit -- 997 * Set the global bit that causes the main loop to quit. 998 * Do NOT call finish() from here, since finish() does far too much 999 * to be called from a signal handler. 1000 */ 1001 void 1002 stopit(int sig __unused) 1003 { 1004 1005 /* 1006 * When doing reverse DNS lookups, the finish_up flag might not 1007 * be noticed for a while. Just exit if we get a second SIGINT. 1008 */ 1009 if (!(options & F_NUMERIC) && finish_up) 1010 _exit(nreceived ? 0 : 2); 1011 finish_up = 1; 1012 } 1013 1014 /* 1015 * pinger -- 1016 * Compose and transmit an ICMP ECHO REQUEST packet. The IP packet 1017 * will be added on by the kernel. The ID field is our UNIX process ID, 1018 * and the sequence number is an ascending integer. The first TIMEVAL_LEN 1019 * bytes of the data portion are used to hold a UNIX "timeval" struct in 1020 * host byte-order, to compute the round-trip time. 1021 */ 1022 static void 1023 pinger(void) 1024 { 1025 struct timeval now; 1026 struct tv32 tv32; 1027 struct ip *ip; 1028 struct icmp *icp; 1029 int cc, i; 1030 u_char *packet; 1031 1032 packet = outpack; 1033 icp = (struct icmp *)outpack; 1034 icp->icmp_type = icmp_type; 1035 icp->icmp_code = 0; 1036 icp->icmp_cksum = 0; 1037 icp->icmp_seq = htons(ntransmitted); 1038 icp->icmp_id = ident; /* ID */ 1039 1040 CLR(ntransmitted % mx_dup_ck); 1041 1042 if ((options & F_TIME) || timing) { 1043 (void)gettimeofday(&now, NULL); 1044 1045 tv32.tv32_sec = htonl(now.tv_sec); 1046 tv32.tv32_usec = htonl(now.tv_usec); 1047 if (options & F_TIME) 1048 icp->icmp_otime = htonl((now.tv_sec % (24*60*60)) 1049 * 1000 + now.tv_usec / 1000); 1050 if (timing) 1051 bcopy((void *)&tv32, 1052 (void *)&outpack[ICMP_MINLEN + phdr_len], 1053 sizeof(tv32)); 1054 } 1055 1056 cc = ICMP_MINLEN + phdr_len + datalen; 1057 1058 /* compute ICMP checksum here */ 1059 icp->icmp_cksum = in_cksum((u_short *)icp, cc); 1060 1061 if (options & F_HDRINCL) { 1062 cc += sizeof(struct ip); 1063 ip = (struct ip *)outpackhdr; 1064 ip->ip_len = htons(cc); 1065 ip->ip_sum = in_cksum((u_short *)outpackhdr, cc); 1066 packet = outpackhdr; 1067 } 1068 i = send(ssend, (char *)packet, cc, 0); 1069 if (i < 0 || i != cc) { 1070 if (i < 0) { 1071 if (options & F_FLOOD && errno == ENOBUFS) { 1072 usleep(FLOOD_BACKOFF); 1073 return; 1074 } 1075 warn("sendto"); 1076 } else { 1077 warn("%s: partial write: %d of %d bytes", 1078 hostname, i, cc); 1079 } 1080 } 1081 ntransmitted++; 1082 sntransmitted++; 1083 if (!(options & F_QUIET) && options & F_FLOOD) 1084 (void)write(STDOUT_FILENO, &DOT, 1); 1085 } 1086 1087 /* 1088 * pr_pack -- 1089 * Print out the packet, if it came from us. This logic is necessary 1090 * because ALL readers of the ICMP socket get a copy of ALL ICMP packets 1091 * which arrive ('tis only fair). This permits multiple copies of this 1092 * program to be run without having intermingled output (or statistics!). 1093 */ 1094 static void 1095 pr_pack(char *buf, int cc, struct sockaddr_in *from, struct timeval *tv) 1096 { 1097 struct in_addr ina; 1098 u_char *cp, *dp; 1099 struct icmp *icp; 1100 struct ip *ip; 1101 const void *tp; 1102 double triptime; 1103 int dupflag, hlen, i, j, recv_len, seq; 1104 static int old_rrlen; 1105 static char old_rr[MAX_IPOPTLEN]; 1106 1107 /* Check the IP header */ 1108 ip = (struct ip *)buf; 1109 hlen = ip->ip_hl << 2; 1110 recv_len = cc; 1111 if (cc < hlen + ICMP_MINLEN) { 1112 if (options & F_VERBOSE) 1113 warn("packet too short (%d bytes) from %s", cc, 1114 inet_ntoa(from->sin_addr)); 1115 return; 1116 } 1117 1118 /* Now the ICMP part */ 1119 cc -= hlen; 1120 icp = (struct icmp *)(buf + hlen); 1121 if (icp->icmp_type == icmp_type_rsp) { 1122 if (icp->icmp_id != ident) 1123 return; /* 'Twas not our ECHO */ 1124 ++nreceived; 1125 triptime = 0.0; 1126 if (timing) { 1127 struct timeval tv1; 1128 struct tv32 tv32; 1129 #ifndef icmp_data 1130 tp = &icp->icmp_ip; 1131 #else 1132 tp = icp->icmp_data; 1133 #endif 1134 tp = (const char *)tp + phdr_len; 1135 1136 if ((size_t)(cc - ICMP_MINLEN - phdr_len) >= 1137 sizeof(tv1)) { 1138 /* Copy to avoid alignment problems: */ 1139 memcpy(&tv32, tp, sizeof(tv32)); 1140 tv1.tv_sec = ntohl(tv32.tv32_sec); 1141 tv1.tv_usec = ntohl(tv32.tv32_usec); 1142 tvsub(tv, &tv1); 1143 triptime = ((double)tv->tv_sec) * 1000.0 + 1144 ((double)tv->tv_usec) / 1000.0; 1145 tsum += triptime; 1146 tsumsq += triptime * triptime; 1147 if (triptime < tmin) 1148 tmin = triptime; 1149 if (triptime > tmax) 1150 tmax = triptime; 1151 } else 1152 timing = 0; 1153 } 1154 1155 seq = ntohs(icp->icmp_seq); 1156 1157 if (TST(seq % mx_dup_ck)) { 1158 ++nrepeats; 1159 --nreceived; 1160 dupflag = 1; 1161 } else { 1162 SET(seq % mx_dup_ck); 1163 dupflag = 0; 1164 } 1165 1166 if (options & F_QUIET) 1167 return; 1168 1169 if (options & F_WAITTIME && triptime > waittime) { 1170 ++nrcvtimeout; 1171 return; 1172 } 1173 1174 if (options & F_FLOOD) 1175 (void)write(STDOUT_FILENO, &BSPACE, 1); 1176 else { 1177 (void)printf("%d bytes from %s: icmp_seq=%u", cc, 1178 inet_ntoa(*(struct in_addr *)&from->sin_addr.s_addr), 1179 seq); 1180 (void)printf(" ttl=%d", ip->ip_ttl); 1181 if (timing) 1182 (void)printf(" time=%.3f ms", triptime); 1183 if (dupflag) 1184 (void)printf(" (DUP!)"); 1185 if (options & F_AUDIBLE) 1186 (void)write(STDOUT_FILENO, &BBELL, 1); 1187 if (options & F_MASK) { 1188 /* Just prentend this cast isn't ugly */ 1189 (void)printf(" mask=%s", 1190 inet_ntoa(*(struct in_addr *)&(icp->icmp_mask))); 1191 } 1192 if (options & F_TIME) { 1193 (void)printf(" tso=%s", pr_ntime(icp->icmp_otime)); 1194 (void)printf(" tsr=%s", pr_ntime(icp->icmp_rtime)); 1195 (void)printf(" tst=%s", pr_ntime(icp->icmp_ttime)); 1196 } 1197 if (recv_len != send_len) { 1198 (void)printf( 1199 "\nwrong total length %d instead of %d", 1200 recv_len, send_len); 1201 } 1202 /* check the data */ 1203 cp = (u_char*)&icp->icmp_data[phdr_len]; 1204 dp = &outpack[ICMP_MINLEN + phdr_len]; 1205 cc -= ICMP_MINLEN + phdr_len; 1206 i = 0; 1207 if (timing) { /* don't check variable timestamp */ 1208 cp += TIMEVAL_LEN; 1209 dp += TIMEVAL_LEN; 1210 cc -= TIMEVAL_LEN; 1211 i += TIMEVAL_LEN; 1212 } 1213 for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) { 1214 if (*cp != *dp) { 1215 (void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x", 1216 i, *dp, *cp); 1217 (void)printf("\ncp:"); 1218 cp = (u_char*)&icp->icmp_data[0]; 1219 for (i = 0; i < datalen; ++i, ++cp) { 1220 if ((i % 16) == 8) 1221 (void)printf("\n\t"); 1222 (void)printf("%2x ", *cp); 1223 } 1224 (void)printf("\ndp:"); 1225 cp = &outpack[ICMP_MINLEN]; 1226 for (i = 0; i < datalen; ++i, ++cp) { 1227 if ((i % 16) == 8) 1228 (void)printf("\n\t"); 1229 (void)printf("%2x ", *cp); 1230 } 1231 break; 1232 } 1233 } 1234 } 1235 } else { 1236 /* 1237 * We've got something other than an ECHOREPLY. 1238 * See if it's a reply to something that we sent. 1239 * We can compare IP destination, protocol, 1240 * and ICMP type and ID. 1241 * 1242 * Only print all the error messages if we are running 1243 * as root to avoid leaking information not normally 1244 * available to those not running as root. 1245 */ 1246 #ifndef icmp_data 1247 struct ip *oip = &icp->icmp_ip; 1248 #else 1249 struct ip *oip = (struct ip *)icp->icmp_data; 1250 #endif 1251 struct icmp *oicmp = (struct icmp *)(oip + 1); 1252 1253 if (((options & F_VERBOSE) && uid == 0) || 1254 (!(options & F_QUIET2) && 1255 (oip->ip_dst.s_addr == whereto.sin_addr.s_addr) && 1256 (oip->ip_p == IPPROTO_ICMP) && 1257 (oicmp->icmp_type == ICMP_ECHO) && 1258 (oicmp->icmp_id == ident))) { 1259 (void)printf("%d bytes from %s: ", cc, 1260 pr_addr(from->sin_addr)); 1261 pr_icmph(icp); 1262 } else 1263 return; 1264 } 1265 1266 /* Display any IP options */ 1267 cp = (u_char *)buf + sizeof(struct ip); 1268 1269 for (; hlen > (int)sizeof(struct ip); --hlen, ++cp) 1270 switch (*cp) { 1271 case IPOPT_EOL: 1272 hlen = 0; 1273 break; 1274 case IPOPT_LSRR: 1275 case IPOPT_SSRR: 1276 (void)printf(*cp == IPOPT_LSRR ? 1277 "\nLSRR: " : "\nSSRR: "); 1278 j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1; 1279 hlen -= 2; 1280 cp += 2; 1281 if (j >= INADDR_LEN && 1282 j <= hlen - (int)sizeof(struct ip)) { 1283 for (;;) { 1284 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1285 if (ina.s_addr == 0) 1286 (void)printf("\t0.0.0.0"); 1287 else 1288 (void)printf("\t%s", 1289 pr_addr(ina)); 1290 hlen -= INADDR_LEN; 1291 cp += INADDR_LEN - 1; 1292 j -= INADDR_LEN; 1293 if (j < INADDR_LEN) 1294 break; 1295 (void)putchar('\n'); 1296 } 1297 } else 1298 (void)printf("\t(truncated route)\n"); 1299 break; 1300 case IPOPT_RR: 1301 j = cp[IPOPT_OLEN]; /* get length */ 1302 i = cp[IPOPT_OFFSET]; /* and pointer */ 1303 hlen -= 2; 1304 cp += 2; 1305 if (i > j) 1306 i = j; 1307 i = i - IPOPT_MINOFF + 1; 1308 if (i < 0 || i > (hlen - (int)sizeof(struct ip))) { 1309 old_rrlen = 0; 1310 continue; 1311 } 1312 if (i == old_rrlen 1313 && !bcmp((char *)cp, old_rr, i) 1314 && !(options & F_FLOOD)) { 1315 (void)printf("\t(same route)"); 1316 hlen -= i; 1317 cp += i; 1318 break; 1319 } 1320 old_rrlen = i; 1321 bcopy((char *)cp, old_rr, i); 1322 (void)printf("\nRR: "); 1323 if (i >= INADDR_LEN && 1324 i <= hlen - (int)sizeof(struct ip)) { 1325 for (;;) { 1326 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1327 if (ina.s_addr == 0) 1328 (void)printf("\t0.0.0.0"); 1329 else 1330 (void)printf("\t%s", 1331 pr_addr(ina)); 1332 hlen -= INADDR_LEN; 1333 cp += INADDR_LEN - 1; 1334 i -= INADDR_LEN; 1335 if (i < INADDR_LEN) 1336 break; 1337 (void)putchar('\n'); 1338 } 1339 } else 1340 (void)printf("\t(truncated route)"); 1341 break; 1342 case IPOPT_NOP: 1343 (void)printf("\nNOP"); 1344 break; 1345 default: 1346 (void)printf("\nunknown option %x", *cp); 1347 break; 1348 } 1349 if (!(options & F_FLOOD)) { 1350 (void)putchar('\n'); 1351 (void)fflush(stdout); 1352 } 1353 } 1354 1355 /* 1356 * in_cksum -- 1357 * Checksum routine for Internet Protocol family headers (C Version) 1358 */ 1359 u_short 1360 in_cksum(u_short *addr, int len) 1361 { 1362 int nleft, sum; 1363 u_short *w; 1364 union { 1365 u_short us; 1366 u_char uc[2]; 1367 } last; 1368 u_short answer; 1369 1370 nleft = len; 1371 sum = 0; 1372 w = addr; 1373 1374 /* 1375 * Our algorithm is simple, using a 32 bit accumulator (sum), we add 1376 * sequential 16 bit words to it, and at the end, fold back all the 1377 * carry bits from the top 16 bits into the lower 16 bits. 1378 */ 1379 while (nleft > 1) { 1380 sum += *w++; 1381 nleft -= 2; 1382 } 1383 1384 /* mop up an odd byte, if necessary */ 1385 if (nleft == 1) { 1386 last.uc[0] = *(u_char *)w; 1387 last.uc[1] = 0; 1388 sum += last.us; 1389 } 1390 1391 /* add back carry outs from top 16 bits to low 16 bits */ 1392 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ 1393 sum += (sum >> 16); /* add carry */ 1394 answer = ~sum; /* truncate to 16 bits */ 1395 return(answer); 1396 } 1397 1398 /* 1399 * tvsub -- 1400 * Subtract 2 timeval structs: out = out - in. Out is assumed to 1401 * be >= in. 1402 */ 1403 static void 1404 tvsub(struct timeval *out, const struct timeval *in) 1405 { 1406 1407 if ((out->tv_usec -= in->tv_usec) < 0) { 1408 --out->tv_sec; 1409 out->tv_usec += 1000000; 1410 } 1411 out->tv_sec -= in->tv_sec; 1412 } 1413 1414 /* 1415 * status -- 1416 * Print out statistics when SIGINFO is received. 1417 */ 1418 1419 static void 1420 status(int sig __unused) 1421 { 1422 1423 siginfo_p = 1; 1424 } 1425 1426 static void 1427 check_status(void) 1428 { 1429 1430 if (siginfo_p) { 1431 siginfo_p = 0; 1432 (void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)", 1433 nreceived, ntransmitted, 1434 ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0); 1435 if (nreceived && timing) 1436 (void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max", 1437 tmin, tsum / (nreceived + nrepeats), tmax); 1438 (void)fprintf(stderr, "\n"); 1439 } 1440 } 1441 1442 /* 1443 * finish -- 1444 * Print out statistics, and give up. 1445 */ 1446 static void 1447 finish(void) 1448 { 1449 1450 (void)signal(SIGINT, SIG_IGN); 1451 (void)signal(SIGALRM, SIG_IGN); 1452 (void)putchar('\n'); 1453 (void)fflush(stdout); 1454 (void)printf("--- %s ping statistics ---\n", hostname); 1455 (void)printf("%ld packets transmitted, ", ntransmitted); 1456 (void)printf("%ld packets received, ", nreceived); 1457 if (nrepeats) 1458 (void)printf("+%ld duplicates, ", nrepeats); 1459 if (ntransmitted) { 1460 if (nreceived > ntransmitted) 1461 (void)printf("-- somebody's printing up packets!"); 1462 else 1463 (void)printf("%.1f%% packet loss", 1464 ((ntransmitted - nreceived) * 100.0) / 1465 ntransmitted); 1466 } 1467 if (nrcvtimeout) 1468 (void)printf(", %ld packets out of wait time", nrcvtimeout); 1469 (void)putchar('\n'); 1470 if (nreceived && timing) { 1471 double n = nreceived + nrepeats; 1472 double avg = tsum / n; 1473 double vari = tsumsq / n - avg * avg; 1474 (void)printf( 1475 "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n", 1476 tmin, avg, tmax, sqrt(vari)); 1477 } 1478 1479 if (nreceived) 1480 exit(0); 1481 else 1482 exit(2); 1483 } 1484 1485 #ifdef notdef 1486 static char *ttab[] = { 1487 "Echo Reply", /* ip + seq + udata */ 1488 "Dest Unreachable", /* net, host, proto, port, frag, sr + IP */ 1489 "Source Quench", /* IP */ 1490 "Redirect", /* redirect type, gateway, + IP */ 1491 "Echo", 1492 "Time Exceeded", /* transit, frag reassem + IP */ 1493 "Parameter Problem", /* pointer + IP */ 1494 "Timestamp", /* id + seq + three timestamps */ 1495 "Timestamp Reply", /* " */ 1496 "Info Request", /* id + sq */ 1497 "Info Reply" /* " */ 1498 }; 1499 #endif 1500 1501 /* 1502 * pr_icmph -- 1503 * Print a descriptive string about an ICMP header. 1504 */ 1505 static void 1506 pr_icmph(struct icmp *icp) 1507 { 1508 1509 switch(icp->icmp_type) { 1510 case ICMP_ECHOREPLY: 1511 (void)printf("Echo Reply\n"); 1512 /* XXX ID + Seq + Data */ 1513 break; 1514 case ICMP_UNREACH: 1515 switch(icp->icmp_code) { 1516 case ICMP_UNREACH_NET: 1517 (void)printf("Destination Net Unreachable\n"); 1518 break; 1519 case ICMP_UNREACH_HOST: 1520 (void)printf("Destination Host Unreachable\n"); 1521 break; 1522 case ICMP_UNREACH_PROTOCOL: 1523 (void)printf("Destination Protocol Unreachable\n"); 1524 break; 1525 case ICMP_UNREACH_PORT: 1526 (void)printf("Destination Port Unreachable\n"); 1527 break; 1528 case ICMP_UNREACH_NEEDFRAG: 1529 (void)printf("frag needed and DF set (MTU %d)\n", 1530 ntohs(icp->icmp_nextmtu)); 1531 break; 1532 case ICMP_UNREACH_SRCFAIL: 1533 (void)printf("Source Route Failed\n"); 1534 break; 1535 case ICMP_UNREACH_FILTER_PROHIB: 1536 (void)printf("Communication prohibited by filter\n"); 1537 break; 1538 default: 1539 (void)printf("Dest Unreachable, Bad Code: %d\n", 1540 icp->icmp_code); 1541 break; 1542 } 1543 /* Print returned IP header information */ 1544 #ifndef icmp_data 1545 pr_retip(&icp->icmp_ip); 1546 #else 1547 pr_retip((struct ip *)icp->icmp_data); 1548 #endif 1549 break; 1550 case ICMP_SOURCEQUENCH: 1551 (void)printf("Source Quench\n"); 1552 #ifndef icmp_data 1553 pr_retip(&icp->icmp_ip); 1554 #else 1555 pr_retip((struct ip *)icp->icmp_data); 1556 #endif 1557 break; 1558 case ICMP_REDIRECT: 1559 switch(icp->icmp_code) { 1560 case ICMP_REDIRECT_NET: 1561 (void)printf("Redirect Network"); 1562 break; 1563 case ICMP_REDIRECT_HOST: 1564 (void)printf("Redirect Host"); 1565 break; 1566 case ICMP_REDIRECT_TOSNET: 1567 (void)printf("Redirect Type of Service and Network"); 1568 break; 1569 case ICMP_REDIRECT_TOSHOST: 1570 (void)printf("Redirect Type of Service and Host"); 1571 break; 1572 default: 1573 (void)printf("Redirect, Bad Code: %d", icp->icmp_code); 1574 break; 1575 } 1576 (void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr)); 1577 #ifndef icmp_data 1578 pr_retip(&icp->icmp_ip); 1579 #else 1580 pr_retip((struct ip *)icp->icmp_data); 1581 #endif 1582 break; 1583 case ICMP_ECHO: 1584 (void)printf("Echo Request\n"); 1585 /* XXX ID + Seq + Data */ 1586 break; 1587 case ICMP_TIMXCEED: 1588 switch(icp->icmp_code) { 1589 case ICMP_TIMXCEED_INTRANS: 1590 (void)printf("Time to live exceeded\n"); 1591 break; 1592 case ICMP_TIMXCEED_REASS: 1593 (void)printf("Frag reassembly time exceeded\n"); 1594 break; 1595 default: 1596 (void)printf("Time exceeded, Bad Code: %d\n", 1597 icp->icmp_code); 1598 break; 1599 } 1600 #ifndef icmp_data 1601 pr_retip(&icp->icmp_ip); 1602 #else 1603 pr_retip((struct ip *)icp->icmp_data); 1604 #endif 1605 break; 1606 case ICMP_PARAMPROB: 1607 (void)printf("Parameter problem: pointer = 0x%02x\n", 1608 icp->icmp_hun.ih_pptr); 1609 #ifndef icmp_data 1610 pr_retip(&icp->icmp_ip); 1611 #else 1612 pr_retip((struct ip *)icp->icmp_data); 1613 #endif 1614 break; 1615 case ICMP_TSTAMP: 1616 (void)printf("Timestamp\n"); 1617 /* XXX ID + Seq + 3 timestamps */ 1618 break; 1619 case ICMP_TSTAMPREPLY: 1620 (void)printf("Timestamp Reply\n"); 1621 /* XXX ID + Seq + 3 timestamps */ 1622 break; 1623 case ICMP_IREQ: 1624 (void)printf("Information Request\n"); 1625 /* XXX ID + Seq */ 1626 break; 1627 case ICMP_IREQREPLY: 1628 (void)printf("Information Reply\n"); 1629 /* XXX ID + Seq */ 1630 break; 1631 case ICMP_MASKREQ: 1632 (void)printf("Address Mask Request\n"); 1633 break; 1634 case ICMP_MASKREPLY: 1635 (void)printf("Address Mask Reply\n"); 1636 break; 1637 case ICMP_ROUTERADVERT: 1638 (void)printf("Router Advertisement\n"); 1639 break; 1640 case ICMP_ROUTERSOLICIT: 1641 (void)printf("Router Solicitation\n"); 1642 break; 1643 default: 1644 (void)printf("Bad ICMP type: %d\n", icp->icmp_type); 1645 } 1646 } 1647 1648 /* 1649 * pr_iph -- 1650 * Print an IP header with options. 1651 */ 1652 static void 1653 pr_iph(struct ip *ip) 1654 { 1655 struct in_addr ina; 1656 u_char *cp; 1657 int hlen; 1658 1659 hlen = ip->ip_hl << 2; 1660 cp = (u_char *)ip + 20; /* point to options */ 1661 1662 (void)printf("Vr HL TOS Len ID Flg off TTL Pro cks Src Dst\n"); 1663 (void)printf(" %1x %1x %02x %04x %04x", 1664 ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len), 1665 ntohs(ip->ip_id)); 1666 (void)printf(" %1lx %04lx", 1667 (u_long) (ntohl(ip->ip_off) & 0xe000) >> 13, 1668 (u_long) ntohl(ip->ip_off) & 0x1fff); 1669 (void)printf(" %02x %02x %04x", ip->ip_ttl, ip->ip_p, 1670 ntohs(ip->ip_sum)); 1671 memcpy(&ina, &ip->ip_src.s_addr, sizeof ina); 1672 (void)printf(" %s ", inet_ntoa(ina)); 1673 memcpy(&ina, &ip->ip_dst.s_addr, sizeof ina); 1674 (void)printf(" %s ", inet_ntoa(ina)); 1675 /* dump any option bytes */ 1676 while (hlen-- > 20) { 1677 (void)printf("%02x", *cp++); 1678 } 1679 (void)putchar('\n'); 1680 } 1681 1682 /* 1683 * pr_addr -- 1684 * Return an ascii host address as a dotted quad and optionally with 1685 * a hostname. 1686 */ 1687 static char * 1688 pr_addr(struct in_addr ina) 1689 { 1690 struct hostent *hp; 1691 static char buf[16 + 3 + MAXHOSTNAMELEN]; 1692 1693 if (options & F_NUMERIC) 1694 return inet_ntoa(ina); 1695 1696 if (capdns != NULL) 1697 hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); 1698 else 1699 hp = gethostbyaddr((char *)&ina, 4, AF_INET); 1700 1701 if (hp == NULL) 1702 return inet_ntoa(ina); 1703 1704 (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, 1705 inet_ntoa(ina)); 1706 return(buf); 1707 } 1708 1709 /* 1710 * pr_retip -- 1711 * Dump some info on a returned (via ICMP) IP packet. 1712 */ 1713 static void 1714 pr_retip(struct ip *ip) 1715 { 1716 u_char *cp; 1717 int hlen; 1718 1719 pr_iph(ip); 1720 hlen = ip->ip_hl << 2; 1721 cp = (u_char *)ip + hlen; 1722 1723 if (ip->ip_p == 6) 1724 (void)printf("TCP: from port %u, to port %u (decimal)\n", 1725 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1726 else if (ip->ip_p == 17) 1727 (void)printf("UDP: from port %u, to port %u (decimal)\n", 1728 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1729 } 1730 1731 static char * 1732 pr_ntime(n_time timestamp) 1733 { 1734 static char buf[10]; 1735 int hour, min, sec; 1736 1737 sec = ntohl(timestamp) / 1000; 1738 hour = sec / 60 / 60; 1739 min = (sec % (60 * 60)) / 60; 1740 sec = (sec % (60 * 60)) % 60; 1741 1742 (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec); 1743 1744 return (buf); 1745 } 1746 1747 static void 1748 fill(char *bp, char *patp) 1749 { 1750 char *cp; 1751 int pat[16]; 1752 u_int ii, jj, kk; 1753 1754 for (cp = patp; *cp; cp++) { 1755 if (!isxdigit(*cp)) 1756 errx(EX_USAGE, 1757 "patterns must be specified as hex digits"); 1758 1759 } 1760 ii = sscanf(patp, 1761 "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x", 1762 &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6], 1763 &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12], 1764 &pat[13], &pat[14], &pat[15]); 1765 1766 if (ii > 0) 1767 for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii) 1768 for (jj = 0; jj < ii; ++jj) 1769 bp[jj + kk] = pat[jj]; 1770 if (!(options & F_QUIET)) { 1771 (void)printf("PATTERN: 0x"); 1772 for (jj = 0; jj < ii; ++jj) 1773 (void)printf("%02x", bp[jj] & 0xFF); 1774 (void)printf("\n"); 1775 } 1776 } 1777 1778 static cap_channel_t * 1779 capdns_setup(void) 1780 { 1781 cap_channel_t *capcas, *capdnsloc; 1782 const char *types[2]; 1783 int families[1]; 1784 1785 capcas = cap_init(); 1786 if (capcas == NULL) 1787 err(1, "unable to create casper process"); 1788 capdnsloc = cap_service_open(capcas, "system.dns"); 1789 /* Casper capability no longer needed. */ 1790 cap_close(capcas); 1791 if (capdnsloc == NULL) 1792 err(1, "unable to open system.dns service"); 1793 types[0] = "NAME"; 1794 types[1] = "ADDR"; 1795 if (cap_dns_type_limit(capdnsloc, types, 2) < 0) 1796 err(1, "unable to limit access to system.dns service"); 1797 families[0] = AF_INET; 1798 if (cap_dns_family_limit(capdnsloc, families, 1) < 0) 1799 err(1, "unable to limit access to system.dns service"); 1800 1801 return (capdnsloc); 1802 } 1803 1804 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) 1805 #define SECOPT " [-P policy]" 1806 #else 1807 #define SECOPT "" 1808 #endif 1809 static void 1810 usage(void) 1811 { 1812 1813 (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n", 1814 "usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]", 1815 " [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]", 1816 " " SECOPT " [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]", 1817 " [-W waittime] [-z tos] host", 1818 " ping [-AaDdfLnoQqRrv] [-c count] [-I iface] [-i wait] [-l preload]", 1819 " [-M mask | time] [-m ttl]" SECOPT " [-p pattern] [-S src_addr]", 1820 " [-s packetsize] [-T ttl] [-t timeout] [-W waittime]", 1821 " [-z tos] mcast-group"); 1822 exit(EX_USAGE); 1823 } 1824