| Age | Commit message (Collapse) | Author |
|---|
|
|
|
output when we never reach the destination.
Prompted by & input jmc
|
|
Traditional traceroute would send one probe and then wait for up to 5
seconds for a reply and then send the next probe. On a lossy link that
eventually ends in a black hole this would take about 15 minutes and
people would hit control-c in anger.
This rewrites the traceroute engine to use libevent and asr's async
DNS interface. Probes are now send every 30ms or as soon as we get an
answer back. With that we got the 15 minute worse case down to about
10 seconds.
A minor adjustment that is possible with this is to delay printing a
line until we get to a line with answers. This has two effects:
1) If there are intermediate hops that don't answer, output pauses for
a bit so we keep the visual cue of "something might be wrong here".
2) If there is a black hole at the end, we don't print out many "* * *"
lines and thus scrolling the interesting bits out of the terminal.
We collapse those lines and just print
64 * * *
at the end.
Unfortunately the -c option to send udp probes to a fixed port had to
go for now. But we should be able to add it back.
"Once you have seen the new one you can't go back to the old one" &
enthusiastic OK deraadt@
OK sthen@
"I am very distressed that florian went to bed without committing it"
beck@
|
|
|
|
OK deraadt@
|
|
|
|
|
|
Change the default -w from 5 to 3 seconds, reducing the time it waits
for a response. John proposed using 1 second for this, but several
of us are familiar with networks where that would be likely to
remove hops, 3 seems reasonable and still saves 6 seconds on a
non-responding hop (there's always mtr if you need faster output).
Feedback from various, ok phessler@ kn@ florian@
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
This is somewhat related to the "-b bind_addr" option some programs have,
which should get some cleanup also...
input florian claudio jmc
|
|
implausible bug existed in the socket setup (mostly dns-related and
setsockopt) it would be largely neutered. of course, a very restrictive
pledge is installed soon after that...
ok mestre brynet florian
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
|
|
traceroute bits from benno.
ok benno claudio
|
|
suggested by kn@ after similar changes to ping
|
|
it reuses the toskeyword handling that ipv4 uses for setting the
tos field, which is equiavlent to traffic class.
ok florian@ denis@
|
|
Sync ping.c r1.217 (20.10.2016) to only drop uid/gid if invoked as root.
OK sthen
|
|
are copying into the right sized struct.
We can also trust the resolver to give us IPv6 if we ask it to.
OK kn, deraadt
|
|
ICMP6_DST_UNREACH_NOTNEIGHBOR is ICMP6_DST_UNREACH_BEYONDSCOPE (RFC
1885 was obsoleted).
sthen grepped the ports sources to make sure nothing uses it.
OK millert, jca
|
|
ok florian@
|
|
ok florian@
|
|
Functions needing access to any of those vars get it passed as a parameter.
result: even less global vars.
ok florian@
|
|
only place where they are used.
Only exception: v6flags - make it an argument to usage()
ok florian@
|
|
table.
From dhill, tweeks by me.
OK benno
|
|
a packet not intended for us. E.g. a ping(8) is running in parallel.
In this case we need to account for the time we already waited.
Pointed out by Gabriel Nieto <gabnietof AT gmail>, thanks!
Looks good to and input millert@
|
|
|
|
|
|
ok florian
|
|
unprivileged user is not present instead of erroring out. This lets
ping and traceroute work in restricted enviornments like the bgplg
chroot.
Problem reported by sthen@
input & prodding deraadt@
|
|
It does not buy us much when called as a unpriv user. But if run as
root we can now lose privileges.
Input deraadt@
OK benno@, sthen@
|
|
We can get rid of inet_aton(3) and use the AF independent getaddrinfo(3).
OK natano@, krw@, millert@, claudio@
|
|
worker.c contains all other functions, and i tracked down which global
variables are used in which file and marked them accordingly with
static (or not). No functional change, just the basis of further work.
ok florian@, deraadt@
|
|
correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
|
|
The -A (Look up the AS number for each hop address) use DNS service.
ok jca@ sthen@
|
|
is NULL.
Noticed while trying to hoist the source address selection from
traceroute into ping / ping6.
|
|
|
|
we can tame it substantially with "stdio inet", plus "dns" if the -n option
is missing. a successful exploit against it then cannot create files, or
perform a variety of other operations, as described in the tame(2) man page.
florian helped me a fair bit hoisting initization code upwards in ping,
ping6, and traceroute, to make tame work here.
|
|
In some cases, do additional cleanup in the immediate vicinity.
|
|
pointed out by deraadt@
|
|
No object change.
|
|
intervals from src/sbin/ping/ping.c r1.115.
> use clock_gettime(CLOCK_MONOTONIC) to get timestamps to measure the
> interval between sending a ping and getting a reply for it.
>
> this makes it resistant against local wall clock changes, which can
> skew the intervals reported or make them go negative.
this version puts clock_getting in a local gettime() function that
converts to a struct timeval that all the previous callers of
gettimeofday expect to get.
requested by deraadt@ florian@
|
|
OK krw@, tedu@, deraadt@
|
|
ok florian
|
|
been one char too big when it was defined in terms of MAXHOSTNAMELEN.
While here, NI_MAXHOST is big enough for getnameinfo(3).
OK benno@
|
|
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
|
|
so we don't rely on undefined behavior. OK deraadt@
|
|
ok millert@
|
|
found with the new mandoc(1) MANDOCERR_AN_MISSING warning;
no text changes
|
|
Issue pointed out by, tweak and "looks ok" jmc@
|
|
first, remember which failed, drop privs and then decide which sockets
are needed and close the others.
Only error out if the creation of a needed socket failed. That is it
is non-fatal if tracerouting an INET4 address and the INET6 socket
creations failed.
prodding deraadt@; OK benno@
|
