1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1989, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software contributed to Berkeley by 8 * Mike Muuss. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 */ 34 35 #if 0 36 #ifndef lint 37 static const char copyright[] = 38 "@(#) Copyright (c) 1989, 1993\n\ 39 The Regents of the University of California. All rights reserved.\n"; 40 #endif /* not lint */ 41 42 #ifndef lint 43 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; 44 #endif /* not lint */ 45 #endif 46 #include <sys/cdefs.h> 47 __FBSDID("$FreeBSD$"); 48 49 /* 50 * P I N G . C 51 * 52 * Using the Internet Control Message Protocol (ICMP) "ECHO" facility, 53 * measure round-trip-delays and packet loss across network paths. 54 * 55 * Author - 56 * Mike Muuss 57 * U. S. Army Ballistic Research Laboratory 58 * December, 1983 59 * 60 * Status - 61 * Public Domain. Distribution Unlimited. 62 * Bugs - 63 * More statistics could always be gathered. 64 * This program has to run SUID to ROOT to access the ICMP socket. 65 */ 66 67 #include <sys/param.h> /* NB: we rely on this for <sys/types.h> */ 68 #include <sys/capsicum.h> 69 #include <sys/socket.h> 70 #include <sys/sysctl.h> 71 #include <sys/time.h> 72 #include <sys/uio.h> 73 74 #include <netinet/in.h> 75 #include <netinet/in_systm.h> 76 #include <netinet/ip.h> 77 #include <netinet/ip_icmp.h> 78 #include <netinet/ip_var.h> 79 #include <arpa/inet.h> 80 81 #include <libcasper.h> 82 #include <casper/cap_dns.h> 83 84 #ifdef IPSEC 85 #include <netipsec/ipsec.h> 86 #endif /*IPSEC*/ 87 88 #include <capsicum_helpers.h> 89 #include <ctype.h> 90 #include <err.h> 91 #include <errno.h> 92 #include <math.h> 93 #include <netdb.h> 94 #include <signal.h> 95 #include <stdio.h> 96 #include <stdlib.h> 97 #include <string.h> 98 #include <sysexits.h> 99 #include <unistd.h> 100 101 #define INADDR_LEN ((int)sizeof(in_addr_t)) 102 #define TIMEVAL_LEN ((int)sizeof(struct tv32)) 103 #define MASK_LEN (ICMP_MASKLEN - ICMP_MINLEN) 104 #define TS_LEN (ICMP_TSLEN - ICMP_MINLEN) 105 #define DEFDATALEN 56 /* default data length */ 106 #define FLOOD_BACKOFF 20000 /* usecs to back off if F_FLOOD mode */ 107 /* runs out of buffer space */ 108 #define MAXIPLEN (sizeof(struct ip) + MAX_IPOPTLEN) 109 #define MAXICMPLEN (ICMP_ADVLENMIN + MAX_IPOPTLEN) 110 #define MAXWAIT 10000 /* max ms to wait for response */ 111 #define MAXALARM (60 * 60) /* max seconds for alarm timeout */ 112 #define MAXTOS 255 113 114 #define A(bit) rcvd_tbl[(bit)>>3] /* identify byte in array */ 115 #define B(bit) (1 << ((bit) & 0x07)) /* identify bit in byte */ 116 #define SET(bit) (A(bit) |= B(bit)) 117 #define CLR(bit) (A(bit) &= (~B(bit))) 118 #define TST(bit) (A(bit) & B(bit)) 119 120 struct tv32 { 121 int32_t tv32_sec; 122 int32_t tv32_usec; 123 }; 124 125 /* various options */ 126 static int options; 127 #define F_FLOOD 0x0001 128 #define F_INTERVAL 0x0002 129 #define F_NUMERIC 0x0004 130 #define F_PINGFILLED 0x0008 131 #define F_QUIET 0x0010 132 #define F_RROUTE 0x0020 133 #define F_SO_DEBUG 0x0040 134 #define F_SO_DONTROUTE 0x0080 135 #define F_VERBOSE 0x0100 136 #define F_QUIET2 0x0200 137 #define F_NOLOOP 0x0400 138 #define F_MTTL 0x0800 139 #define F_MIF 0x1000 140 #define F_AUDIBLE 0x2000 141 #ifdef IPSEC 142 #ifdef IPSEC_POLICY_IPSEC 143 #define F_POLICY 0x4000 144 #endif /*IPSEC_POLICY_IPSEC*/ 145 #endif /*IPSEC*/ 146 #define F_TTL 0x8000 147 #define F_MISSED 0x10000 148 #define F_ONCE 0x20000 149 #define F_HDRINCL 0x40000 150 #define F_MASK 0x80000 151 #define F_TIME 0x100000 152 #define F_SWEEP 0x200000 153 #define F_WAITTIME 0x400000 154 155 /* 156 * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum 157 * number of received sequence numbers we can keep track of. Change 128 158 * to 8192 for complete accuracy... 159 */ 160 #define MAX_DUP_CHK (8 * 128) 161 static int mx_dup_ck = MAX_DUP_CHK; 162 static char rcvd_tbl[MAX_DUP_CHK / 8]; 163 164 static struct sockaddr_in whereto; /* who to ping */ 165 static int datalen = DEFDATALEN; 166 static int maxpayload; 167 static int ssend; /* send socket file descriptor */ 168 static int srecv; /* receive socket file descriptor */ 169 static u_char outpackhdr[IP_MAXPACKET], *outpack; 170 static char BBELL = '\a'; /* characters written for MISSED and AUDIBLE */ 171 static char BSPACE = '\b'; /* characters written for flood */ 172 static char DOT = '.'; 173 static char *hostname; 174 static char *shostname; 175 static int ident; /* process id to identify our packets */ 176 static int uid; /* cached uid for micro-optimization */ 177 static u_char icmp_type = ICMP_ECHO; 178 static u_char icmp_type_rsp = ICMP_ECHOREPLY; 179 static int phdr_len = 0; 180 static int send_len; 181 182 /* counters */ 183 static long nmissedmax; /* max value of ntransmitted - nreceived - 1 */ 184 static long npackets; /* max packets to transmit */ 185 static long nreceived; /* # of packets we got back */ 186 static long nrepeats; /* number of duplicates */ 187 static long ntransmitted; /* sequence # for outbound packets = #sent */ 188 static long snpackets; /* max packets to transmit in one sweep */ 189 static long sntransmitted; /* # of packets we sent in this sweep */ 190 static int sweepmax; /* max value of payload in sweep */ 191 static int sweepmin = 0; /* start value of payload in sweep */ 192 static int sweepincr = 1; /* payload increment in sweep */ 193 static int interval = 1000; /* interval between packets, ms */ 194 static int waittime = MAXWAIT; /* timeout for each packet */ 195 static long nrcvtimeout = 0; /* # of packets we got back after waittime */ 196 197 /* timing */ 198 static int timing; /* flag to do timing */ 199 static double tmin = 999999999.0; /* minimum round trip time */ 200 static double tmax = 0.0; /* maximum round trip time */ 201 static double tsum = 0.0; /* sum of all times, for doing average */ 202 static double tsumsq = 0.0; /* sum of all times squared, for std. dev. */ 203 204 /* nonzero if we've been told to finish up */ 205 static volatile sig_atomic_t finish_up; 206 static volatile sig_atomic_t siginfo_p; 207 208 static cap_channel_t *capdns; 209 210 static void fill(char *, char *); 211 static u_short in_cksum(u_short *, int); 212 static cap_channel_t *capdns_setup(void); 213 static void check_status(void); 214 static void finish(void) __dead2; 215 static void pinger(void); 216 static char *pr_addr(struct in_addr); 217 static char *pr_ntime(n_time); 218 static void pr_icmph(struct icmp *); 219 static void pr_iph(struct ip *); 220 static void pr_pack(char *, int, struct sockaddr_in *, struct timeval *); 221 static void pr_retip(struct ip *); 222 static void status(int); 223 static void stopit(int); 224 static void tvsub(struct timeval *, const struct timeval *); 225 static void usage(void) __dead2; 226 227 int 228 main(int argc, char *const *argv) 229 { 230 struct sockaddr_in from, sock_in; 231 struct in_addr ifaddr; 232 struct timeval last, intvl; 233 struct iovec iov; 234 struct ip *ip; 235 struct msghdr msg; 236 struct sigaction si_sa; 237 size_t sz; 238 u_char *datap, packet[IP_MAXPACKET] __aligned(4); 239 char *ep, *source, *target, *payload; 240 struct hostent *hp; 241 #ifdef IPSEC_POLICY_IPSEC 242 char *policy_in, *policy_out; 243 #endif 244 struct sockaddr_in *to; 245 double t; 246 u_long alarmtimeout; 247 long ltmp; 248 int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; 249 int ssend_errno, srecv_errno, tos, ttl; 250 char ctrl[CMSG_SPACE(sizeof(struct timeval))]; 251 char hnamebuf[MAXHOSTNAMELEN], snamebuf[MAXHOSTNAMELEN]; 252 #ifdef IP_OPTIONS 253 char rspace[MAX_IPOPTLEN]; /* record route space */ 254 #endif 255 unsigned char loop, mttl; 256 257 payload = source = NULL; 258 #ifdef IPSEC_POLICY_IPSEC 259 policy_in = policy_out = NULL; 260 #endif 261 cap_rights_t rights; 262 263 /* 264 * Do the stuff that we need root priv's for *first*, and 265 * then drop our setuid bit. Save error reporting for 266 * after arg parsing. 267 * 268 * Historicaly ping was using one socket 's' for sending and for 269 * receiving. After capsicum(4) related changes we use two 270 * sockets. It was done for special ping use case - when user 271 * issue ping on multicast or broadcast address replies come 272 * from different addresses, not from the address we 273 * connect(2)'ed to, and send socket do not receive those 274 * packets. 275 */ 276 ssend = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 277 ssend_errno = errno; 278 srecv = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); 279 srecv_errno = errno; 280 281 if (setuid(getuid()) != 0) 282 err(EX_NOPERM, "setuid() failed"); 283 uid = getuid(); 284 285 if (ssend < 0) { 286 errno = ssend_errno; 287 err(EX_OSERR, "ssend socket"); 288 } 289 290 if (srecv < 0) { 291 errno = srecv_errno; 292 err(EX_OSERR, "srecv socket"); 293 } 294 295 alarmtimeout = df = preload = tos = 0; 296 297 outpack = outpackhdr + sizeof(struct ip); 298 while ((ch = getopt(argc, argv, 299 "Aac:DdfG:g:h:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:" 300 #ifdef IPSEC 301 #ifdef IPSEC_POLICY_IPSEC 302 "P:" 303 #endif /*IPSEC_POLICY_IPSEC*/ 304 #endif /*IPSEC*/ 305 )) != -1) 306 { 307 switch(ch) { 308 case 'A': 309 options |= F_MISSED; 310 break; 311 case 'a': 312 options |= F_AUDIBLE; 313 break; 314 case 'c': 315 ltmp = strtol(optarg, &ep, 0); 316 if (*ep || ep == optarg || ltmp <= 0) 317 errx(EX_USAGE, 318 "invalid count of packets to transmit: `%s'", 319 optarg); 320 npackets = ltmp; 321 break; 322 case 'D': 323 options |= F_HDRINCL; 324 df = 1; 325 break; 326 case 'd': 327 options |= F_SO_DEBUG; 328 break; 329 case 'f': 330 if (uid) { 331 errno = EPERM; 332 err(EX_NOPERM, "-f flag"); 333 } 334 options |= F_FLOOD; 335 setbuf(stdout, (char *)NULL); 336 break; 337 case 'G': /* Maximum packet size for ping sweep */ 338 ltmp = strtol(optarg, &ep, 0); 339 if (*ep || ep == optarg || ltmp <= 0) 340 errx(EX_USAGE, "invalid packet size: `%s'", 341 optarg); 342 if (uid != 0 && ltmp > DEFDATALEN) { 343 errno = EPERM; 344 err(EX_NOPERM, 345 "packet size too large: %ld > %u", 346 ltmp, DEFDATALEN); 347 } 348 options |= F_SWEEP; 349 sweepmax = ltmp; 350 break; 351 case 'g': /* Minimum packet size for ping sweep */ 352 ltmp = strtol(optarg, &ep, 0); 353 if (*ep || ep == optarg || ltmp <= 0) 354 errx(EX_USAGE, "invalid packet size: `%s'", 355 optarg); 356 if (uid != 0 && ltmp > DEFDATALEN) { 357 errno = EPERM; 358 err(EX_NOPERM, 359 "packet size too large: %ld > %u", 360 ltmp, DEFDATALEN); 361 } 362 options |= F_SWEEP; 363 sweepmin = ltmp; 364 break; 365 case 'h': /* Packet size increment for ping sweep */ 366 ltmp = strtol(optarg, &ep, 0); 367 if (*ep || ep == optarg || ltmp < 1) 368 errx(EX_USAGE, "invalid increment size: `%s'", 369 optarg); 370 if (uid != 0 && ltmp > DEFDATALEN) { 371 errno = EPERM; 372 err(EX_NOPERM, 373 "packet size too large: %ld > %u", 374 ltmp, DEFDATALEN); 375 } 376 options |= F_SWEEP; 377 sweepincr = ltmp; 378 break; 379 case 'I': /* multicast interface */ 380 if (inet_aton(optarg, &ifaddr) == 0) 381 errx(EX_USAGE, 382 "invalid multicast interface: `%s'", 383 optarg); 384 options |= F_MIF; 385 break; 386 case 'i': /* wait between sending packets */ 387 t = strtod(optarg, &ep) * 1000.0; 388 if (*ep || ep == optarg || t > (double)INT_MAX) 389 errx(EX_USAGE, "invalid timing interval: `%s'", 390 optarg); 391 options |= F_INTERVAL; 392 interval = (int)t; 393 if (uid && interval < 1000) { 394 errno = EPERM; 395 err(EX_NOPERM, "-i interval too short"); 396 } 397 break; 398 case 'L': 399 options |= F_NOLOOP; 400 loop = 0; 401 break; 402 case 'l': 403 ltmp = strtol(optarg, &ep, 0); 404 if (*ep || ep == optarg || ltmp > INT_MAX || ltmp < 0) 405 errx(EX_USAGE, 406 "invalid preload value: `%s'", optarg); 407 if (uid) { 408 errno = EPERM; 409 err(EX_NOPERM, "-l flag"); 410 } 411 preload = ltmp; 412 break; 413 case 'M': 414 switch(optarg[0]) { 415 case 'M': 416 case 'm': 417 options |= F_MASK; 418 break; 419 case 'T': 420 case 't': 421 options |= F_TIME; 422 break; 423 default: 424 errx(EX_USAGE, "invalid message: `%c'", optarg[0]); 425 break; 426 } 427 break; 428 case 'm': /* TTL */ 429 ltmp = strtol(optarg, &ep, 0); 430 if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) 431 errx(EX_USAGE, "invalid TTL: `%s'", optarg); 432 ttl = ltmp; 433 options |= F_TTL; 434 break; 435 case 'n': 436 options |= F_NUMERIC; 437 break; 438 case 'o': 439 options |= F_ONCE; 440 break; 441 #ifdef IPSEC 442 #ifdef IPSEC_POLICY_IPSEC 443 case 'P': 444 options |= F_POLICY; 445 if (!strncmp("in", optarg, 2)) 446 policy_in = strdup(optarg); 447 else if (!strncmp("out", optarg, 3)) 448 policy_out = strdup(optarg); 449 else 450 errx(1, "invalid security policy"); 451 break; 452 #endif /*IPSEC_POLICY_IPSEC*/ 453 #endif /*IPSEC*/ 454 case 'p': /* fill buffer with user pattern */ 455 options |= F_PINGFILLED; 456 payload = optarg; 457 break; 458 case 'Q': 459 options |= F_QUIET2; 460 break; 461 case 'q': 462 options |= F_QUIET; 463 break; 464 case 'R': 465 options |= F_RROUTE; 466 break; 467 case 'r': 468 options |= F_SO_DONTROUTE; 469 break; 470 case 'S': 471 source = optarg; 472 break; 473 case 's': /* size of packet to send */ 474 ltmp = strtol(optarg, &ep, 0); 475 if (*ep || ep == optarg || ltmp < 0) 476 errx(EX_USAGE, "invalid packet size: `%s'", 477 optarg); 478 if (uid != 0 && ltmp > DEFDATALEN) { 479 errno = EPERM; 480 err(EX_NOPERM, 481 "packet size too large: %ld > %u", 482 ltmp, DEFDATALEN); 483 } 484 datalen = ltmp; 485 break; 486 case 'T': /* multicast TTL */ 487 ltmp = strtol(optarg, &ep, 0); 488 if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) 489 errx(EX_USAGE, "invalid multicast TTL: `%s'", 490 optarg); 491 mttl = ltmp; 492 options |= F_MTTL; 493 break; 494 case 't': 495 alarmtimeout = strtoul(optarg, &ep, 0); 496 if ((alarmtimeout < 1) || (alarmtimeout == ULONG_MAX)) 497 errx(EX_USAGE, "invalid timeout: `%s'", 498 optarg); 499 if (alarmtimeout > MAXALARM) 500 errx(EX_USAGE, "invalid timeout: `%s' > %d", 501 optarg, MAXALARM); 502 alarm((int)alarmtimeout); 503 break; 504 case 'v': 505 options |= F_VERBOSE; 506 break; 507 case 'W': /* wait ms for answer */ 508 t = strtod(optarg, &ep); 509 if (*ep || ep == optarg || t > (double)INT_MAX) 510 errx(EX_USAGE, "invalid timing interval: `%s'", 511 optarg); 512 options |= F_WAITTIME; 513 waittime = (int)t; 514 break; 515 case 'z': 516 options |= F_HDRINCL; 517 ltmp = strtol(optarg, &ep, 0); 518 if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0) 519 errx(EX_USAGE, "invalid TOS: `%s'", optarg); 520 tos = ltmp; 521 break; 522 default: 523 usage(); 524 } 525 } 526 527 if (argc - optind != 1) 528 usage(); 529 target = argv[optind]; 530 531 switch (options & (F_MASK|F_TIME)) { 532 case 0: break; 533 case F_MASK: 534 icmp_type = ICMP_MASKREQ; 535 icmp_type_rsp = ICMP_MASKREPLY; 536 phdr_len = MASK_LEN; 537 if (!(options & F_QUIET)) 538 (void)printf("ICMP_MASKREQ\n"); 539 break; 540 case F_TIME: 541 icmp_type = ICMP_TSTAMP; 542 icmp_type_rsp = ICMP_TSTAMPREPLY; 543 phdr_len = TS_LEN; 544 if (!(options & F_QUIET)) 545 (void)printf("ICMP_TSTAMP\n"); 546 break; 547 default: 548 errx(EX_USAGE, "ICMP_TSTAMP and ICMP_MASKREQ are exclusive."); 549 break; 550 } 551 icmp_len = sizeof(struct ip) + ICMP_MINLEN + phdr_len; 552 if (options & F_RROUTE) 553 icmp_len += MAX_IPOPTLEN; 554 maxpayload = IP_MAXPACKET - icmp_len; 555 if (datalen > maxpayload) 556 errx(EX_USAGE, "packet size too large: %d > %d", datalen, 557 maxpayload); 558 send_len = icmp_len + datalen; 559 datap = &outpack[ICMP_MINLEN + phdr_len + TIMEVAL_LEN]; 560 if (options & F_PINGFILLED) { 561 fill((char *)datap, payload); 562 } 563 capdns = capdns_setup(); 564 if (source) { 565 bzero((char *)&sock_in, sizeof(sock_in)); 566 sock_in.sin_family = AF_INET; 567 if (inet_aton(source, &sock_in.sin_addr) != 0) { 568 shostname = source; 569 } else { 570 hp = cap_gethostbyname2(capdns, source, AF_INET); 571 if (!hp) 572 errx(EX_NOHOST, "cannot resolve %s: %s", 573 source, hstrerror(h_errno)); 574 575 sock_in.sin_len = sizeof sock_in; 576 if ((unsigned)hp->h_length > sizeof(sock_in.sin_addr) || 577 hp->h_length < 0) 578 errx(1, "gethostbyname2: illegal address"); 579 memcpy(&sock_in.sin_addr, hp->h_addr_list[0], 580 sizeof(sock_in.sin_addr)); 581 (void)strncpy(snamebuf, hp->h_name, 582 sizeof(snamebuf) - 1); 583 snamebuf[sizeof(snamebuf) - 1] = '\0'; 584 shostname = snamebuf; 585 } 586 if (bind(ssend, (struct sockaddr *)&sock_in, sizeof sock_in) == 587 -1) 588 err(1, "bind"); 589 } 590 591 bzero(&whereto, sizeof(whereto)); 592 to = &whereto; 593 to->sin_family = AF_INET; 594 to->sin_len = sizeof *to; 595 if (inet_aton(target, &to->sin_addr) != 0) { 596 hostname = target; 597 } else { 598 hp = cap_gethostbyname2(capdns, target, AF_INET); 599 if (!hp) 600 errx(EX_NOHOST, "cannot resolve %s: %s", 601 target, hstrerror(h_errno)); 602 603 if ((unsigned)hp->h_length > sizeof(to->sin_addr)) 604 errx(1, "gethostbyname2 returned an illegal address"); 605 memcpy(&to->sin_addr, hp->h_addr_list[0], sizeof to->sin_addr); 606 (void)strncpy(hnamebuf, hp->h_name, sizeof(hnamebuf) - 1); 607 hnamebuf[sizeof(hnamebuf) - 1] = '\0'; 608 hostname = hnamebuf; 609 } 610 611 /* From now on we will use only reverse DNS lookups. */ 612 if (capdns != NULL) { 613 const char *types[1]; 614 615 types[0] = "ADDR2NAME"; 616 if (cap_dns_type_limit(capdns, types, 1) < 0) 617 err(1, "unable to limit access to system.dns service"); 618 } 619 620 if (connect(ssend, (struct sockaddr *)&whereto, sizeof(whereto)) != 0) 621 err(1, "connect"); 622 623 if (options & F_FLOOD && options & F_INTERVAL) 624 errx(EX_USAGE, "-f and -i: incompatible options"); 625 626 if (options & F_FLOOD && IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 627 errx(EX_USAGE, 628 "-f flag cannot be used with multicast destination"); 629 if (options & (F_MIF | F_NOLOOP | F_MTTL) 630 && !IN_MULTICAST(ntohl(to->sin_addr.s_addr))) 631 errx(EX_USAGE, 632 "-I, -L, -T flags cannot be used with unicast destination"); 633 634 if (datalen >= TIMEVAL_LEN) /* can we time transfer */ 635 timing = 1; 636 637 if (!(options & F_PINGFILLED)) 638 for (i = TIMEVAL_LEN; i < datalen; ++i) 639 *datap++ = i; 640 641 ident = getpid() & 0xFFFF; 642 643 hold = 1; 644 if (options & F_SO_DEBUG) { 645 (void)setsockopt(ssend, SOL_SOCKET, SO_DEBUG, (char *)&hold, 646 sizeof(hold)); 647 (void)setsockopt(srecv, SOL_SOCKET, SO_DEBUG, (char *)&hold, 648 sizeof(hold)); 649 } 650 if (options & F_SO_DONTROUTE) 651 (void)setsockopt(ssend, SOL_SOCKET, SO_DONTROUTE, (char *)&hold, 652 sizeof(hold)); 653 #ifdef IPSEC 654 #ifdef IPSEC_POLICY_IPSEC 655 if (options & F_POLICY) { 656 char *buf; 657 if (policy_in != NULL) { 658 buf = ipsec_set_policy(policy_in, strlen(policy_in)); 659 if (buf == NULL) 660 errx(EX_CONFIG, "%s", ipsec_strerror()); 661 if (setsockopt(srecv, IPPROTO_IP, IP_IPSEC_POLICY, 662 buf, ipsec_get_policylen(buf)) < 0) 663 err(EX_CONFIG, 664 "ipsec policy cannot be configured"); 665 free(buf); 666 } 667 668 if (policy_out != NULL) { 669 buf = ipsec_set_policy(policy_out, strlen(policy_out)); 670 if (buf == NULL) 671 errx(EX_CONFIG, "%s", ipsec_strerror()); 672 if (setsockopt(ssend, IPPROTO_IP, IP_IPSEC_POLICY, 673 buf, ipsec_get_policylen(buf)) < 0) 674 err(EX_CONFIG, 675 "ipsec policy cannot be configured"); 676 free(buf); 677 } 678 } 679 #endif /*IPSEC_POLICY_IPSEC*/ 680 #endif /*IPSEC*/ 681 682 if (options & F_HDRINCL) { 683 ip = (struct ip*)outpackhdr; 684 if (!(options & (F_TTL | F_MTTL))) { 685 mib[0] = CTL_NET; 686 mib[1] = PF_INET; 687 mib[2] = IPPROTO_IP; 688 mib[3] = IPCTL_DEFTTL; 689 sz = sizeof(ttl); 690 if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) 691 err(1, "sysctl(net.inet.ip.ttl)"); 692 } 693 setsockopt(ssend, IPPROTO_IP, IP_HDRINCL, &hold, sizeof(hold)); 694 ip->ip_v = IPVERSION; 695 ip->ip_hl = sizeof(struct ip) >> 2; 696 ip->ip_tos = tos; 697 ip->ip_id = 0; 698 ip->ip_off = htons(df ? IP_DF : 0); 699 ip->ip_ttl = ttl; 700 ip->ip_p = IPPROTO_ICMP; 701 ip->ip_src.s_addr = source ? sock_in.sin_addr.s_addr : INADDR_ANY; 702 ip->ip_dst = to->sin_addr; 703 } 704 705 /* 706 * Here we enter capability mode. Further down access to global 707 * namespaces (e.g filesystem) is restricted (see capsicum(4)). 708 * We must connect(2) our socket before this point. 709 */ 710 caph_cache_catpages(); 711 if (caph_enter_casper() < 0) 712 err(1, "cap_enter"); 713 714 cap_rights_init(&rights, CAP_RECV, CAP_EVENT, CAP_SETSOCKOPT); 715 if (caph_rights_limit(srecv, &rights) < 0) 716 err(1, "cap_rights_limit srecv"); 717 cap_rights_init(&rights, CAP_SEND, CAP_SETSOCKOPT); 718 if (caph_rights_limit(ssend, &rights) < 0) 719 err(1, "cap_rights_limit ssend"); 720 721 /* record route option */ 722 if (options & F_RROUTE) { 723 #ifdef IP_OPTIONS 724 bzero(rspace, sizeof(rspace)); 725 rspace[IPOPT_OPTVAL] = IPOPT_RR; 726 rspace[IPOPT_OLEN] = sizeof(rspace) - 1; 727 rspace[IPOPT_OFFSET] = IPOPT_MINOFF; 728 rspace[sizeof(rspace) - 1] = IPOPT_EOL; 729 if (setsockopt(ssend, IPPROTO_IP, IP_OPTIONS, rspace, 730 sizeof(rspace)) < 0) 731 err(EX_OSERR, "setsockopt IP_OPTIONS"); 732 #else 733 errx(EX_UNAVAILABLE, 734 "record route not available in this implementation"); 735 #endif /* IP_OPTIONS */ 736 } 737 738 if (options & F_TTL) { 739 if (setsockopt(ssend, IPPROTO_IP, IP_TTL, &ttl, 740 sizeof(ttl)) < 0) { 741 err(EX_OSERR, "setsockopt IP_TTL"); 742 } 743 } 744 if (options & F_NOLOOP) { 745 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, 746 sizeof(loop)) < 0) { 747 err(EX_OSERR, "setsockopt IP_MULTICAST_LOOP"); 748 } 749 } 750 if (options & F_MTTL) { 751 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_TTL, &mttl, 752 sizeof(mttl)) < 0) { 753 err(EX_OSERR, "setsockopt IP_MULTICAST_TTL"); 754 } 755 } 756 if (options & F_MIF) { 757 if (setsockopt(ssend, IPPROTO_IP, IP_MULTICAST_IF, &ifaddr, 758 sizeof(ifaddr)) < 0) { 759 err(EX_OSERR, "setsockopt IP_MULTICAST_IF"); 760 } 761 } 762 #ifdef SO_TIMESTAMP 763 { int on = 1; 764 if (setsockopt(srecv, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on)) < 0) 765 err(EX_OSERR, "setsockopt SO_TIMESTAMP"); 766 } 767 #endif 768 if (sweepmax) { 769 if (sweepmin > sweepmax) 770 errx(EX_USAGE, "Maximum packet size must be no less than the minimum packet size"); 771 772 if (datalen != DEFDATALEN) 773 errx(EX_USAGE, "Packet size and ping sweep are mutually exclusive"); 774 775 if (npackets > 0) { 776 snpackets = npackets; 777 npackets = 0; 778 } else 779 snpackets = 1; 780 datalen = sweepmin; 781 send_len = icmp_len + sweepmin; 782 } 783 if (options & F_SWEEP && !sweepmax) 784 errx(EX_USAGE, "Maximum sweep size must be specified"); 785 786 /* 787 * When pinging the broadcast address, you can get a lot of answers. 788 * Doing something so evil is useful if you are trying to stress the 789 * ethernet, or just want to fill the arp cache to get some stuff for 790 * /etc/ethers. But beware: RFC 1122 allows hosts to ignore broadcast 791 * or multicast pings if they wish. 792 */ 793 794 /* 795 * XXX receive buffer needs undetermined space for mbuf overhead 796 * as well. 797 */ 798 hold = IP_MAXPACKET + 128; 799 (void)setsockopt(srecv, SOL_SOCKET, SO_RCVBUF, (char *)&hold, 800 sizeof(hold)); 801 /* CAP_SETSOCKOPT removed */ 802 cap_rights_init(&rights, CAP_RECV, CAP_EVENT); 803 if (caph_rights_limit(srecv, &rights) < 0) 804 err(1, "cap_rights_limit srecv setsockopt"); 805 if (uid == 0) 806 (void)setsockopt(ssend, SOL_SOCKET, SO_SNDBUF, (char *)&hold, 807 sizeof(hold)); 808 /* CAP_SETSOCKOPT removed */ 809 cap_rights_init(&rights, CAP_SEND); 810 if (caph_rights_limit(ssend, &rights) < 0) 811 err(1, "cap_rights_limit ssend setsockopt"); 812 813 if (to->sin_family == AF_INET) { 814 (void)printf("PING %s (%s)", hostname, 815 inet_ntoa(to->sin_addr)); 816 if (source) 817 (void)printf(" from %s", shostname); 818 if (sweepmax) 819 (void)printf(": (%d ... %d) data bytes\n", 820 sweepmin, sweepmax); 821 else 822 (void)printf(": %d data bytes\n", datalen); 823 824 } else { 825 if (sweepmax) 826 (void)printf("PING %s: (%d ... %d) data bytes\n", 827 hostname, sweepmin, sweepmax); 828 else 829 (void)printf("PING %s: %d data bytes\n", hostname, datalen); 830 } 831 832 /* 833 * Use sigaction() instead of signal() to get unambiguous semantics, 834 * in particular with SA_RESTART not set. 835 */ 836 837 sigemptyset(&si_sa.sa_mask); 838 si_sa.sa_flags = 0; 839 840 si_sa.sa_handler = stopit; 841 if (sigaction(SIGINT, &si_sa, 0) == -1) { 842 err(EX_OSERR, "sigaction SIGINT"); 843 } 844 845 si_sa.sa_handler = status; 846 if (sigaction(SIGINFO, &si_sa, 0) == -1) { 847 err(EX_OSERR, "sigaction"); 848 } 849 850 if (alarmtimeout > 0) { 851 si_sa.sa_handler = stopit; 852 if (sigaction(SIGALRM, &si_sa, 0) == -1) 853 err(EX_OSERR, "sigaction SIGALRM"); 854 } 855 856 bzero(&msg, sizeof(msg)); 857 msg.msg_name = (caddr_t)&from; 858 msg.msg_iov = &iov; 859 msg.msg_iovlen = 1; 860 #ifdef SO_TIMESTAMP 861 msg.msg_control = (caddr_t)ctrl; 862 #endif 863 iov.iov_base = packet; 864 iov.iov_len = IP_MAXPACKET; 865 866 if (preload == 0) 867 pinger(); /* send the first ping */ 868 else { 869 if (npackets != 0 && preload > npackets) 870 preload = npackets; 871 while (preload--) /* fire off them quickies */ 872 pinger(); 873 } 874 (void)gettimeofday(&last, NULL); 875 876 if (options & F_FLOOD) { 877 intvl.tv_sec = 0; 878 intvl.tv_usec = 10000; 879 } else { 880 intvl.tv_sec = interval / 1000; 881 intvl.tv_usec = interval % 1000 * 1000; 882 } 883 884 almost_done = 0; 885 while (!finish_up) { 886 struct timeval now, timeout; 887 fd_set rfds; 888 int cc, n; 889 890 check_status(); 891 if ((unsigned)srecv >= FD_SETSIZE) 892 errx(EX_OSERR, "descriptor too large"); 893 FD_ZERO(&rfds); 894 FD_SET(srecv, &rfds); 895 (void)gettimeofday(&now, NULL); 896 timeout.tv_sec = last.tv_sec + intvl.tv_sec - now.tv_sec; 897 timeout.tv_usec = last.tv_usec + intvl.tv_usec - now.tv_usec; 898 while (timeout.tv_usec < 0) { 899 timeout.tv_usec += 1000000; 900 timeout.tv_sec--; 901 } 902 while (timeout.tv_usec >= 1000000) { 903 timeout.tv_usec -= 1000000; 904 timeout.tv_sec++; 905 } 906 if (timeout.tv_sec < 0) 907 timerclear(&timeout); 908 n = select(srecv + 1, &rfds, NULL, NULL, &timeout); 909 if (n < 0) 910 continue; /* Must be EINTR. */ 911 if (n == 1) { 912 struct timeval *tv = NULL; 913 #ifdef SO_TIMESTAMP 914 struct cmsghdr *cmsg = (struct cmsghdr *)&ctrl; 915 916 msg.msg_controllen = sizeof(ctrl); 917 #endif 918 msg.msg_namelen = sizeof(from); 919 if ((cc = recvmsg(srecv, &msg, 0)) < 0) { 920 if (errno == EINTR) 921 continue; 922 warn("recvmsg"); 923 continue; 924 } 925 #ifdef SO_TIMESTAMP 926 if (cmsg->cmsg_level == SOL_SOCKET && 927 cmsg->cmsg_type == SCM_TIMESTAMP && 928 cmsg->cmsg_len == CMSG_LEN(sizeof *tv)) { 929 /* Copy to avoid alignment problems: */ 930 memcpy(&now, CMSG_DATA(cmsg), sizeof(now)); 931 tv = &now; 932 } 933 #endif 934 if (tv == NULL) { 935 (void)gettimeofday(&now, NULL); 936 tv = &now; 937 } 938 pr_pack((char *)packet, cc, &from, tv); 939 if ((options & F_ONCE && nreceived) || 940 (npackets && nreceived >= npackets)) 941 break; 942 } 943 if (n == 0 || options & F_FLOOD) { 944 if (sweepmax && sntransmitted == snpackets) { 945 for (i = 0; i < sweepincr ; ++i) 946 *datap++ = i; 947 datalen += sweepincr; 948 if (datalen > sweepmax) 949 break; 950 send_len = icmp_len + datalen; 951 sntransmitted = 0; 952 } 953 if (!npackets || ntransmitted < npackets) 954 pinger(); 955 else { 956 if (almost_done) 957 break; 958 almost_done = 1; 959 intvl.tv_usec = 0; 960 if (nreceived) { 961 intvl.tv_sec = 2 * tmax / 1000; 962 if (!intvl.tv_sec) 963 intvl.tv_sec = 1; 964 } else { 965 intvl.tv_sec = waittime / 1000; 966 intvl.tv_usec = waittime % 1000 * 1000; 967 } 968 } 969 (void)gettimeofday(&last, NULL); 970 if (ntransmitted - nreceived - 1 > nmissedmax) { 971 nmissedmax = ntransmitted - nreceived - 1; 972 if (options & F_MISSED) 973 (void)write(STDOUT_FILENO, &BBELL, 1); 974 } 975 } 976 } 977 finish(); 978 /* NOTREACHED */ 979 exit(0); /* Make the compiler happy */ 980 } 981 982 /* 983 * stopit -- 984 * Set the global bit that causes the main loop to quit. 985 * Do NOT call finish() from here, since finish() does far too much 986 * to be called from a signal handler. 987 */ 988 void 989 stopit(int sig __unused) 990 { 991 992 /* 993 * When doing reverse DNS lookups, the finish_up flag might not 994 * be noticed for a while. Just exit if we get a second SIGINT. 995 */ 996 if (!(options & F_NUMERIC) && finish_up) 997 _exit(nreceived ? 0 : 2); 998 finish_up = 1; 999 } 1000 1001 /* 1002 * pinger -- 1003 * Compose and transmit an ICMP ECHO REQUEST packet. The IP packet 1004 * will be added on by the kernel. The ID field is our UNIX process ID, 1005 * and the sequence number is an ascending integer. The first TIMEVAL_LEN 1006 * bytes of the data portion are used to hold a UNIX "timeval" struct in 1007 * host byte-order, to compute the round-trip time. 1008 */ 1009 static void 1010 pinger(void) 1011 { 1012 struct timeval now; 1013 struct tv32 tv32; 1014 struct ip *ip; 1015 struct icmp *icp; 1016 int cc, i; 1017 u_char *packet; 1018 1019 packet = outpack; 1020 icp = (struct icmp *)outpack; 1021 icp->icmp_type = icmp_type; 1022 icp->icmp_code = 0; 1023 icp->icmp_cksum = 0; 1024 icp->icmp_seq = htons(ntransmitted); 1025 icp->icmp_id = ident; /* ID */ 1026 1027 CLR(ntransmitted % mx_dup_ck); 1028 1029 if ((options & F_TIME) || timing) { 1030 (void)gettimeofday(&now, NULL); 1031 1032 tv32.tv32_sec = htonl(now.tv_sec); 1033 tv32.tv32_usec = htonl(now.tv_usec); 1034 if (options & F_TIME) 1035 icp->icmp_otime = htonl((now.tv_sec % (24*60*60)) 1036 * 1000 + now.tv_usec / 1000); 1037 if (timing) 1038 bcopy((void *)&tv32, 1039 (void *)&outpack[ICMP_MINLEN + phdr_len], 1040 sizeof(tv32)); 1041 } 1042 1043 cc = ICMP_MINLEN + phdr_len + datalen; 1044 1045 /* compute ICMP checksum here */ 1046 icp->icmp_cksum = in_cksum((u_short *)icp, cc); 1047 1048 if (options & F_HDRINCL) { 1049 cc += sizeof(struct ip); 1050 ip = (struct ip *)outpackhdr; 1051 ip->ip_len = htons(cc); 1052 ip->ip_sum = in_cksum((u_short *)outpackhdr, cc); 1053 packet = outpackhdr; 1054 } 1055 i = send(ssend, (char *)packet, cc, 0); 1056 if (i < 0 || i != cc) { 1057 if (i < 0) { 1058 if (options & F_FLOOD && errno == ENOBUFS) { 1059 usleep(FLOOD_BACKOFF); 1060 return; 1061 } 1062 warn("sendto"); 1063 } else { 1064 warn("%s: partial write: %d of %d bytes", 1065 hostname, i, cc); 1066 } 1067 } 1068 ntransmitted++; 1069 sntransmitted++; 1070 if (!(options & F_QUIET) && options & F_FLOOD) 1071 (void)write(STDOUT_FILENO, &DOT, 1); 1072 } 1073 1074 /* 1075 * pr_pack -- 1076 * Print out the packet, if it came from us. This logic is necessary 1077 * because ALL readers of the ICMP socket get a copy of ALL ICMP packets 1078 * which arrive ('tis only fair). This permits multiple copies of this 1079 * program to be run without having intermingled output (or statistics!). 1080 */ 1081 static void 1082 pr_pack(char *buf, int cc, struct sockaddr_in *from, struct timeval *tv) 1083 { 1084 struct in_addr ina; 1085 u_char *cp, *dp; 1086 struct icmp *icp; 1087 struct ip *ip; 1088 const void *tp; 1089 double triptime; 1090 int dupflag, hlen, i, j, recv_len, seq; 1091 static int old_rrlen; 1092 static char old_rr[MAX_IPOPTLEN]; 1093 1094 /* Check the IP header */ 1095 ip = (struct ip *)buf; 1096 hlen = ip->ip_hl << 2; 1097 recv_len = cc; 1098 if (cc < hlen + ICMP_MINLEN) { 1099 if (options & F_VERBOSE) 1100 warn("packet too short (%d bytes) from %s", cc, 1101 inet_ntoa(from->sin_addr)); 1102 return; 1103 } 1104 1105 /* Now the ICMP part */ 1106 cc -= hlen; 1107 icp = (struct icmp *)(buf + hlen); 1108 if (icp->icmp_type == icmp_type_rsp) { 1109 if (icp->icmp_id != ident) 1110 return; /* 'Twas not our ECHO */ 1111 ++nreceived; 1112 triptime = 0.0; 1113 if (timing) { 1114 struct timeval tv1; 1115 struct tv32 tv32; 1116 #ifndef icmp_data 1117 tp = &icp->icmp_ip; 1118 #else 1119 tp = icp->icmp_data; 1120 #endif 1121 tp = (const char *)tp + phdr_len; 1122 1123 if ((size_t)(cc - ICMP_MINLEN - phdr_len) >= 1124 sizeof(tv1)) { 1125 /* Copy to avoid alignment problems: */ 1126 memcpy(&tv32, tp, sizeof(tv32)); 1127 tv1.tv_sec = ntohl(tv32.tv32_sec); 1128 tv1.tv_usec = ntohl(tv32.tv32_usec); 1129 tvsub(tv, &tv1); 1130 triptime = ((double)tv->tv_sec) * 1000.0 + 1131 ((double)tv->tv_usec) / 1000.0; 1132 tsum += triptime; 1133 tsumsq += triptime * triptime; 1134 if (triptime < tmin) 1135 tmin = triptime; 1136 if (triptime > tmax) 1137 tmax = triptime; 1138 } else 1139 timing = 0; 1140 } 1141 1142 seq = ntohs(icp->icmp_seq); 1143 1144 if (TST(seq % mx_dup_ck)) { 1145 ++nrepeats; 1146 --nreceived; 1147 dupflag = 1; 1148 } else { 1149 SET(seq % mx_dup_ck); 1150 dupflag = 0; 1151 } 1152 1153 if (options & F_QUIET) 1154 return; 1155 1156 if (options & F_WAITTIME && triptime > waittime) { 1157 ++nrcvtimeout; 1158 return; 1159 } 1160 1161 if (options & F_FLOOD) 1162 (void)write(STDOUT_FILENO, &BSPACE, 1); 1163 else { 1164 (void)printf("%d bytes from %s: icmp_seq=%u", cc, 1165 inet_ntoa(*(struct in_addr *)&from->sin_addr.s_addr), 1166 seq); 1167 (void)printf(" ttl=%d", ip->ip_ttl); 1168 if (timing) 1169 (void)printf(" time=%.3f ms", triptime); 1170 if (dupflag) 1171 (void)printf(" (DUP!)"); 1172 if (options & F_AUDIBLE) 1173 (void)write(STDOUT_FILENO, &BBELL, 1); 1174 if (options & F_MASK) { 1175 /* Just prentend this cast isn't ugly */ 1176 (void)printf(" mask=%s", 1177 inet_ntoa(*(struct in_addr *)&(icp->icmp_mask))); 1178 } 1179 if (options & F_TIME) { 1180 (void)printf(" tso=%s", pr_ntime(icp->icmp_otime)); 1181 (void)printf(" tsr=%s", pr_ntime(icp->icmp_rtime)); 1182 (void)printf(" tst=%s", pr_ntime(icp->icmp_ttime)); 1183 } 1184 if (recv_len != send_len) { 1185 (void)printf( 1186 "\nwrong total length %d instead of %d", 1187 recv_len, send_len); 1188 } 1189 /* check the data */ 1190 cp = (u_char*)&icp->icmp_data[phdr_len]; 1191 dp = &outpack[ICMP_MINLEN + phdr_len]; 1192 cc -= ICMP_MINLEN + phdr_len; 1193 i = 0; 1194 if (timing) { /* don't check variable timestamp */ 1195 cp += TIMEVAL_LEN; 1196 dp += TIMEVAL_LEN; 1197 cc -= TIMEVAL_LEN; 1198 i += TIMEVAL_LEN; 1199 } 1200 for (; i < datalen && cc > 0; ++i, ++cp, ++dp, --cc) { 1201 if (*cp != *dp) { 1202 (void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x", 1203 i, *dp, *cp); 1204 (void)printf("\ncp:"); 1205 cp = (u_char*)&icp->icmp_data[0]; 1206 for (i = 0; i < datalen; ++i, ++cp) { 1207 if ((i % 16) == 8) 1208 (void)printf("\n\t"); 1209 (void)printf("%2x ", *cp); 1210 } 1211 (void)printf("\ndp:"); 1212 cp = &outpack[ICMP_MINLEN]; 1213 for (i = 0; i < datalen; ++i, ++cp) { 1214 if ((i % 16) == 8) 1215 (void)printf("\n\t"); 1216 (void)printf("%2x ", *cp); 1217 } 1218 break; 1219 } 1220 } 1221 } 1222 } else { 1223 /* 1224 * We've got something other than an ECHOREPLY. 1225 * See if it's a reply to something that we sent. 1226 * We can compare IP destination, protocol, 1227 * and ICMP type and ID. 1228 * 1229 * Only print all the error messages if we are running 1230 * as root to avoid leaking information not normally 1231 * available to those not running as root. 1232 */ 1233 #ifndef icmp_data 1234 struct ip *oip = &icp->icmp_ip; 1235 #else 1236 struct ip *oip = (struct ip *)icp->icmp_data; 1237 #endif 1238 struct icmp *oicmp = (struct icmp *)(oip + 1); 1239 1240 if (((options & F_VERBOSE) && uid == 0) || 1241 (!(options & F_QUIET2) && 1242 (oip->ip_dst.s_addr == whereto.sin_addr.s_addr) && 1243 (oip->ip_p == IPPROTO_ICMP) && 1244 (oicmp->icmp_type == ICMP_ECHO) && 1245 (oicmp->icmp_id == ident))) { 1246 (void)printf("%d bytes from %s: ", cc, 1247 pr_addr(from->sin_addr)); 1248 pr_icmph(icp); 1249 } else 1250 return; 1251 } 1252 1253 /* Display any IP options */ 1254 cp = (u_char *)buf + sizeof(struct ip); 1255 1256 for (; hlen > (int)sizeof(struct ip); --hlen, ++cp) 1257 switch (*cp) { 1258 case IPOPT_EOL: 1259 hlen = 0; 1260 break; 1261 case IPOPT_LSRR: 1262 case IPOPT_SSRR: 1263 (void)printf(*cp == IPOPT_LSRR ? 1264 "\nLSRR: " : "\nSSRR: "); 1265 j = cp[IPOPT_OLEN] - IPOPT_MINOFF + 1; 1266 hlen -= 2; 1267 cp += 2; 1268 if (j >= INADDR_LEN && 1269 j <= hlen - (int)sizeof(struct ip)) { 1270 for (;;) { 1271 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1272 if (ina.s_addr == 0) 1273 (void)printf("\t0.0.0.0"); 1274 else 1275 (void)printf("\t%s", 1276 pr_addr(ina)); 1277 hlen -= INADDR_LEN; 1278 cp += INADDR_LEN - 1; 1279 j -= INADDR_LEN; 1280 if (j < INADDR_LEN) 1281 break; 1282 (void)putchar('\n'); 1283 } 1284 } else 1285 (void)printf("\t(truncated route)\n"); 1286 break; 1287 case IPOPT_RR: 1288 j = cp[IPOPT_OLEN]; /* get length */ 1289 i = cp[IPOPT_OFFSET]; /* and pointer */ 1290 hlen -= 2; 1291 cp += 2; 1292 if (i > j) 1293 i = j; 1294 i = i - IPOPT_MINOFF + 1; 1295 if (i < 0 || i > (hlen - (int)sizeof(struct ip))) { 1296 old_rrlen = 0; 1297 continue; 1298 } 1299 if (i == old_rrlen 1300 && !bcmp((char *)cp, old_rr, i) 1301 && !(options & F_FLOOD)) { 1302 (void)printf("\t(same route)"); 1303 hlen -= i; 1304 cp += i; 1305 break; 1306 } 1307 old_rrlen = i; 1308 bcopy((char *)cp, old_rr, i); 1309 (void)printf("\nRR: "); 1310 if (i >= INADDR_LEN && 1311 i <= hlen - (int)sizeof(struct ip)) { 1312 for (;;) { 1313 bcopy(++cp, &ina.s_addr, INADDR_LEN); 1314 if (ina.s_addr == 0) 1315 (void)printf("\t0.0.0.0"); 1316 else 1317 (void)printf("\t%s", 1318 pr_addr(ina)); 1319 hlen -= INADDR_LEN; 1320 cp += INADDR_LEN - 1; 1321 i -= INADDR_LEN; 1322 if (i < INADDR_LEN) 1323 break; 1324 (void)putchar('\n'); 1325 } 1326 } else 1327 (void)printf("\t(truncated route)"); 1328 break; 1329 case IPOPT_NOP: 1330 (void)printf("\nNOP"); 1331 break; 1332 default: 1333 (void)printf("\nunknown option %x", *cp); 1334 break; 1335 } 1336 if (!(options & F_FLOOD)) { 1337 (void)putchar('\n'); 1338 (void)fflush(stdout); 1339 } 1340 } 1341 1342 /* 1343 * in_cksum -- 1344 * Checksum routine for Internet Protocol family headers (C Version) 1345 */ 1346 u_short 1347 in_cksum(u_short *addr, int len) 1348 { 1349 int nleft, sum; 1350 u_short *w; 1351 union { 1352 u_short us; 1353 u_char uc[2]; 1354 } last; 1355 u_short answer; 1356 1357 nleft = len; 1358 sum = 0; 1359 w = addr; 1360 1361 /* 1362 * Our algorithm is simple, using a 32 bit accumulator (sum), we add 1363 * sequential 16 bit words to it, and at the end, fold back all the 1364 * carry bits from the top 16 bits into the lower 16 bits. 1365 */ 1366 while (nleft > 1) { 1367 sum += *w++; 1368 nleft -= 2; 1369 } 1370 1371 /* mop up an odd byte, if necessary */ 1372 if (nleft == 1) { 1373 last.uc[0] = *(u_char *)w; 1374 last.uc[1] = 0; 1375 sum += last.us; 1376 } 1377 1378 /* add back carry outs from top 16 bits to low 16 bits */ 1379 sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ 1380 sum += (sum >> 16); /* add carry */ 1381 answer = ~sum; /* truncate to 16 bits */ 1382 return(answer); 1383 } 1384 1385 /* 1386 * tvsub -- 1387 * Subtract 2 timeval structs: out = out - in. Out is assumed to 1388 * be >= in. 1389 */ 1390 static void 1391 tvsub(struct timeval *out, const struct timeval *in) 1392 { 1393 1394 if ((out->tv_usec -= in->tv_usec) < 0) { 1395 --out->tv_sec; 1396 out->tv_usec += 1000000; 1397 } 1398 out->tv_sec -= in->tv_sec; 1399 } 1400 1401 /* 1402 * status -- 1403 * Print out statistics when SIGINFO is received. 1404 */ 1405 1406 static void 1407 status(int sig __unused) 1408 { 1409 1410 siginfo_p = 1; 1411 } 1412 1413 static void 1414 check_status(void) 1415 { 1416 1417 if (siginfo_p) { 1418 siginfo_p = 0; 1419 (void)fprintf(stderr, "\r%ld/%ld packets received (%.1f%%)", 1420 nreceived, ntransmitted, 1421 ntransmitted ? nreceived * 100.0 / ntransmitted : 0.0); 1422 if (nreceived && timing) 1423 (void)fprintf(stderr, " %.3f min / %.3f avg / %.3f max", 1424 tmin, tsum / (nreceived + nrepeats), tmax); 1425 (void)fprintf(stderr, "\n"); 1426 } 1427 } 1428 1429 /* 1430 * finish -- 1431 * Print out statistics, and give up. 1432 */ 1433 static void 1434 finish(void) 1435 { 1436 1437 (void)signal(SIGINT, SIG_IGN); 1438 (void)signal(SIGALRM, SIG_IGN); 1439 (void)putchar('\n'); 1440 (void)fflush(stdout); 1441 (void)printf("--- %s ping statistics ---\n", hostname); 1442 (void)printf("%ld packets transmitted, ", ntransmitted); 1443 (void)printf("%ld packets received, ", nreceived); 1444 if (nrepeats) 1445 (void)printf("+%ld duplicates, ", nrepeats); 1446 if (ntransmitted) { 1447 if (nreceived > ntransmitted) 1448 (void)printf("-- somebody's printing up packets!"); 1449 else 1450 (void)printf("%.1f%% packet loss", 1451 ((ntransmitted - nreceived) * 100.0) / 1452 ntransmitted); 1453 } 1454 if (nrcvtimeout) 1455 (void)printf(", %ld packets out of wait time", nrcvtimeout); 1456 (void)putchar('\n'); 1457 if (nreceived && timing) { 1458 double n = nreceived + nrepeats; 1459 double avg = tsum / n; 1460 double vari = tsumsq / n - avg * avg; 1461 (void)printf( 1462 "round-trip min/avg/max/stddev = %.3f/%.3f/%.3f/%.3f ms\n", 1463 tmin, avg, tmax, sqrt(vari)); 1464 } 1465 1466 if (nreceived) 1467 exit(0); 1468 else 1469 exit(2); 1470 } 1471 1472 #ifdef notdef 1473 static char *ttab[] = { 1474 "Echo Reply", /* ip + seq + udata */ 1475 "Dest Unreachable", /* net, host, proto, port, frag, sr + IP */ 1476 "Source Quench", /* IP */ 1477 "Redirect", /* redirect type, gateway, + IP */ 1478 "Echo", 1479 "Time Exceeded", /* transit, frag reassem + IP */ 1480 "Parameter Problem", /* pointer + IP */ 1481 "Timestamp", /* id + seq + three timestamps */ 1482 "Timestamp Reply", /* " */ 1483 "Info Request", /* id + sq */ 1484 "Info Reply" /* " */ 1485 }; 1486 #endif 1487 1488 /* 1489 * pr_icmph -- 1490 * Print a descriptive string about an ICMP header. 1491 */ 1492 static void 1493 pr_icmph(struct icmp *icp) 1494 { 1495 1496 switch(icp->icmp_type) { 1497 case ICMP_ECHOREPLY: 1498 (void)printf("Echo Reply\n"); 1499 /* XXX ID + Seq + Data */ 1500 break; 1501 case ICMP_UNREACH: 1502 switch(icp->icmp_code) { 1503 case ICMP_UNREACH_NET: 1504 (void)printf("Destination Net Unreachable\n"); 1505 break; 1506 case ICMP_UNREACH_HOST: 1507 (void)printf("Destination Host Unreachable\n"); 1508 break; 1509 case ICMP_UNREACH_PROTOCOL: 1510 (void)printf("Destination Protocol Unreachable\n"); 1511 break; 1512 case ICMP_UNREACH_PORT: 1513 (void)printf("Destination Port Unreachable\n"); 1514 break; 1515 case ICMP_UNREACH_NEEDFRAG: 1516 (void)printf("frag needed and DF set (MTU %d)\n", 1517 ntohs(icp->icmp_nextmtu)); 1518 break; 1519 case ICMP_UNREACH_SRCFAIL: 1520 (void)printf("Source Route Failed\n"); 1521 break; 1522 case ICMP_UNREACH_FILTER_PROHIB: 1523 (void)printf("Communication prohibited by filter\n"); 1524 break; 1525 default: 1526 (void)printf("Dest Unreachable, Bad Code: %d\n", 1527 icp->icmp_code); 1528 break; 1529 } 1530 /* Print returned IP header information */ 1531 #ifndef icmp_data 1532 pr_retip(&icp->icmp_ip); 1533 #else 1534 pr_retip((struct ip *)icp->icmp_data); 1535 #endif 1536 break; 1537 case ICMP_SOURCEQUENCH: 1538 (void)printf("Source Quench\n"); 1539 #ifndef icmp_data 1540 pr_retip(&icp->icmp_ip); 1541 #else 1542 pr_retip((struct ip *)icp->icmp_data); 1543 #endif 1544 break; 1545 case ICMP_REDIRECT: 1546 switch(icp->icmp_code) { 1547 case ICMP_REDIRECT_NET: 1548 (void)printf("Redirect Network"); 1549 break; 1550 case ICMP_REDIRECT_HOST: 1551 (void)printf("Redirect Host"); 1552 break; 1553 case ICMP_REDIRECT_TOSNET: 1554 (void)printf("Redirect Type of Service and Network"); 1555 break; 1556 case ICMP_REDIRECT_TOSHOST: 1557 (void)printf("Redirect Type of Service and Host"); 1558 break; 1559 default: 1560 (void)printf("Redirect, Bad Code: %d", icp->icmp_code); 1561 break; 1562 } 1563 (void)printf("(New addr: %s)\n", inet_ntoa(icp->icmp_gwaddr)); 1564 #ifndef icmp_data 1565 pr_retip(&icp->icmp_ip); 1566 #else 1567 pr_retip((struct ip *)icp->icmp_data); 1568 #endif 1569 break; 1570 case ICMP_ECHO: 1571 (void)printf("Echo Request\n"); 1572 /* XXX ID + Seq + Data */ 1573 break; 1574 case ICMP_TIMXCEED: 1575 switch(icp->icmp_code) { 1576 case ICMP_TIMXCEED_INTRANS: 1577 (void)printf("Time to live exceeded\n"); 1578 break; 1579 case ICMP_TIMXCEED_REASS: 1580 (void)printf("Frag reassembly time exceeded\n"); 1581 break; 1582 default: 1583 (void)printf("Time exceeded, Bad Code: %d\n", 1584 icp->icmp_code); 1585 break; 1586 } 1587 #ifndef icmp_data 1588 pr_retip(&icp->icmp_ip); 1589 #else 1590 pr_retip((struct ip *)icp->icmp_data); 1591 #endif 1592 break; 1593 case ICMP_PARAMPROB: 1594 (void)printf("Parameter problem: pointer = 0x%02x\n", 1595 icp->icmp_hun.ih_pptr); 1596 #ifndef icmp_data 1597 pr_retip(&icp->icmp_ip); 1598 #else 1599 pr_retip((struct ip *)icp->icmp_data); 1600 #endif 1601 break; 1602 case ICMP_TSTAMP: 1603 (void)printf("Timestamp\n"); 1604 /* XXX ID + Seq + 3 timestamps */ 1605 break; 1606 case ICMP_TSTAMPREPLY: 1607 (void)printf("Timestamp Reply\n"); 1608 /* XXX ID + Seq + 3 timestamps */ 1609 break; 1610 case ICMP_IREQ: 1611 (void)printf("Information Request\n"); 1612 /* XXX ID + Seq */ 1613 break; 1614 case ICMP_IREQREPLY: 1615 (void)printf("Information Reply\n"); 1616 /* XXX ID + Seq */ 1617 break; 1618 case ICMP_MASKREQ: 1619 (void)printf("Address Mask Request\n"); 1620 break; 1621 case ICMP_MASKREPLY: 1622 (void)printf("Address Mask Reply\n"); 1623 break; 1624 case ICMP_ROUTERADVERT: 1625 (void)printf("Router Advertisement\n"); 1626 break; 1627 case ICMP_ROUTERSOLICIT: 1628 (void)printf("Router Solicitation\n"); 1629 break; 1630 default: 1631 (void)printf("Bad ICMP type: %d\n", icp->icmp_type); 1632 } 1633 } 1634 1635 /* 1636 * pr_iph -- 1637 * Print an IP header with options. 1638 */ 1639 static void 1640 pr_iph(struct ip *ip) 1641 { 1642 struct in_addr ina; 1643 u_char *cp; 1644 int hlen; 1645 1646 hlen = ip->ip_hl << 2; 1647 cp = (u_char *)ip + 20; /* point to options */ 1648 1649 (void)printf("Vr HL TOS Len ID Flg off TTL Pro cks Src Dst\n"); 1650 (void)printf(" %1x %1x %02x %04x %04x", 1651 ip->ip_v, ip->ip_hl, ip->ip_tos, ntohs(ip->ip_len), 1652 ntohs(ip->ip_id)); 1653 (void)printf(" %1lx %04lx", 1654 (u_long) (ntohl(ip->ip_off) & 0xe000) >> 13, 1655 (u_long) ntohl(ip->ip_off) & 0x1fff); 1656 (void)printf(" %02x %02x %04x", ip->ip_ttl, ip->ip_p, 1657 ntohs(ip->ip_sum)); 1658 memcpy(&ina, &ip->ip_src.s_addr, sizeof ina); 1659 (void)printf(" %s ", inet_ntoa(ina)); 1660 memcpy(&ina, &ip->ip_dst.s_addr, sizeof ina); 1661 (void)printf(" %s ", inet_ntoa(ina)); 1662 /* dump any option bytes */ 1663 while (hlen-- > 20) { 1664 (void)printf("%02x", *cp++); 1665 } 1666 (void)putchar('\n'); 1667 } 1668 1669 /* 1670 * pr_addr -- 1671 * Return an ascii host address as a dotted quad and optionally with 1672 * a hostname. 1673 */ 1674 static char * 1675 pr_addr(struct in_addr ina) 1676 { 1677 struct hostent *hp; 1678 static char buf[16 + 3 + MAXHOSTNAMELEN]; 1679 1680 if (options & F_NUMERIC) 1681 return inet_ntoa(ina); 1682 1683 hp = cap_gethostbyaddr(capdns, (char *)&ina, 4, AF_INET); 1684 1685 if (hp == NULL) 1686 return inet_ntoa(ina); 1687 1688 (void)snprintf(buf, sizeof(buf), "%s (%s)", hp->h_name, 1689 inet_ntoa(ina)); 1690 return(buf); 1691 } 1692 1693 /* 1694 * pr_retip -- 1695 * Dump some info on a returned (via ICMP) IP packet. 1696 */ 1697 static void 1698 pr_retip(struct ip *ip) 1699 { 1700 u_char *cp; 1701 int hlen; 1702 1703 pr_iph(ip); 1704 hlen = ip->ip_hl << 2; 1705 cp = (u_char *)ip + hlen; 1706 1707 if (ip->ip_p == 6) 1708 (void)printf("TCP: from port %u, to port %u (decimal)\n", 1709 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1710 else if (ip->ip_p == 17) 1711 (void)printf("UDP: from port %u, to port %u (decimal)\n", 1712 (*cp * 256 + *(cp + 1)), (*(cp + 2) * 256 + *(cp + 3))); 1713 } 1714 1715 static char * 1716 pr_ntime(n_time timestamp) 1717 { 1718 static char buf[10]; 1719 int hour, min, sec; 1720 1721 sec = ntohl(timestamp) / 1000; 1722 hour = sec / 60 / 60; 1723 min = (sec % (60 * 60)) / 60; 1724 sec = (sec % (60 * 60)) % 60; 1725 1726 (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d", hour, min, sec); 1727 1728 return (buf); 1729 } 1730 1731 static void 1732 fill(char *bp, char *patp) 1733 { 1734 char *cp; 1735 int pat[16]; 1736 u_int ii, jj, kk; 1737 1738 for (cp = patp; *cp; cp++) { 1739 if (!isxdigit(*cp)) 1740 errx(EX_USAGE, 1741 "patterns must be specified as hex digits"); 1742 1743 } 1744 ii = sscanf(patp, 1745 "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x", 1746 &pat[0], &pat[1], &pat[2], &pat[3], &pat[4], &pat[5], &pat[6], 1747 &pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12], 1748 &pat[13], &pat[14], &pat[15]); 1749 1750 if (ii > 0) 1751 for (kk = 0; kk <= maxpayload - (TIMEVAL_LEN + ii); kk += ii) 1752 for (jj = 0; jj < ii; ++jj) 1753 bp[jj + kk] = pat[jj]; 1754 if (!(options & F_QUIET)) { 1755 (void)printf("PATTERN: 0x"); 1756 for (jj = 0; jj < ii; ++jj) 1757 (void)printf("%02x", bp[jj] & 0xFF); 1758 (void)printf("\n"); 1759 } 1760 } 1761 1762 static cap_channel_t * 1763 capdns_setup(void) 1764 { 1765 cap_channel_t *capcas, *capdnsloc; 1766 const char *types[2]; 1767 int families[1]; 1768 1769 capcas = cap_init(); 1770 if (capcas == NULL) 1771 err(1, "unable to create casper process"); 1772 capdnsloc = cap_service_open(capcas, "system.dns"); 1773 /* Casper capability no longer needed. */ 1774 cap_close(capcas); 1775 if (capdnsloc == NULL) 1776 err(1, "unable to open system.dns service"); 1777 types[0] = "NAME2ADDR"; 1778 types[1] = "ADDR2NAME"; 1779 if (cap_dns_type_limit(capdnsloc, types, 2) < 0) 1780 err(1, "unable to limit access to system.dns service"); 1781 families[0] = AF_INET; 1782 if (cap_dns_family_limit(capdnsloc, families, 1) < 0) 1783 err(1, "unable to limit access to system.dns service"); 1784 1785 return (capdnsloc); 1786 } 1787 1788 #if defined(IPSEC) && defined(IPSEC_POLICY_IPSEC) 1789 #define SECOPT " [-P policy]" 1790 #else 1791 #define SECOPT "" 1792 #endif 1793 static void 1794 usage(void) 1795 { 1796 1797 (void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n", 1798 "usage: ping [-AaDdfnoQqRrv] [-c count] [-G sweepmaxsize] [-g sweepminsize]", 1799 " [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]", 1800 " " SECOPT " [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]", 1801 " [-W waittime] [-z tos] host", 1802 " ping [-AaDdfLnoQqRrv] [-c count] [-I iface] [-i wait] [-l preload]", 1803 " [-M mask | time] [-m ttl]" SECOPT " [-p pattern] [-S src_addr]", 1804 " [-s packetsize] [-T ttl] [-t timeout] [-W waittime]", 1805 " [-z tos] mcast-group"); 1806 exit(EX_USAGE); 1807 } 1808