Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/ifenslave.tar.gz
|
||||
SOURCES/iputils-s20180629.tar.gz
|
||||
SOURCES/iputils-20210202.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz
|
||||
353df20691bf027ad35fcaaf6894b122c39d8f2d SOURCES/iputils-s20180629.tar.gz
|
||||
4e552cd0478388e1551853020b60efda18592028 SOURCES/iputils-20210202.tar.gz
|
||||
|
@ -1,20 +0,0 @@
|
||||
--- iputils-s20160308/Makefile 2016-03-08 13:58:56.000000000 +0100
|
||||
+++ iputils-s20160308-new/Makefile 2016-03-09 10:09:02.295409179 +0100
|
||||
@@ -36,7 +36,7 @@ WITHOUT_IFADDRS=no
|
||||
ARPING_DEFAULT_DEVICE=
|
||||
|
||||
# nettle library for ipv6 ping [yes|no|static]
|
||||
-USE_NETTLE=yes
|
||||
+USE_NETTLE=no
|
||||
# libgcrypt library for ipv6 ping [no|yes|static]
|
||||
USE_GCRYPT=no
|
||||
# Crypto library for ping6 [shared|static|no]
|
||||
@@ -53,7 +53,7 @@ ENABLE_RDISC_SERVER=no
|
||||
# What a pity, all new gccs are buggy and -Werror does not work. Sigh.
|
||||
# CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall -Werror -g
|
||||
CFLAGS?=-O3 -g
|
||||
-CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall
|
||||
+CFLAGS+=$(RPM_OPT_FLAGS) -fno-strict-aliasing -Wstrict-prototypes -Wall
|
||||
CPPFLAGS+=-D_GNU_SOURCE
|
||||
LDLIB=
|
||||
|
@ -1,14 +0,0 @@
|
||||
--- a/ping.c 2018-06-29 20:00:46.000000000 +0200
|
||||
+++ b/ping.c 2019-07-10 09:50:06.653039073 +0200
|
||||
@@ -589,8 +589,10 @@ int ping4_run(int argc, char **argv, str
|
||||
strncpy(hnamebuf, ai->ai_canonname, sizeof hnamebuf - 1);
|
||||
hostname = hnamebuf;
|
||||
|
||||
- if (result)
|
||||
+ if (result) {
|
||||
freeaddrinfo(result);
|
||||
+ ai = NULL;
|
||||
+ }
|
||||
}
|
||||
if (argc > 1)
|
||||
route[nroute++] = whereto.sin_addr.s_addr;
|
@ -1,25 +0,0 @@
|
||||
From 445826446c32035b3c8e8a7780c4e4b885f0f98f Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Mon, 7 Dec 2020 15:08:14 +0100
|
||||
Subject: [PATCH] ping: Fix incorrect statistics
|
||||
|
||||
---
|
||||
ping_common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ping_common.c b/ping_common.c
|
||||
index 040bf23..02cb5e1 100644
|
||||
--- a/ping_common.c
|
||||
+++ b/ping_common.c
|
||||
@@ -934,7 +934,7 @@ void finish(void)
|
||||
printf(", %g%% packet loss",
|
||||
(float) ((((long long)(ntransmitted - nreceived)) * 100.0) /
|
||||
ntransmitted));
|
||||
- printf(", time %ldms", (1000*tv.tv_sec+tv.tv_usec+500)/1000);
|
||||
+ printf(", time %ldms", 1000*tv.tv_sec+(tv.tv_usec+500)/1000);
|
||||
}
|
||||
putchar('\n');
|
||||
|
||||
--
|
||||
2.28.0
|
||||
|
@ -1,38 +0,0 @@
|
||||
From e0baf20067a75f093d690bd51a6db3f5afabca77 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Tue, 17 Jul 2018 17:56:10 +0200
|
||||
Subject: [PATCH] tracepath: Fix copying input IPv6 address
|
||||
|
||||
Commit e669c86 broke copying input IPv6 address.
|
||||
tracepath recover from it, but it's slower.
|
||||
|
||||
Previously was address too short:
|
||||
|
||||
strace ./tracepath -6 fe80::8895:e2af:e96e:fd8f
|
||||
sendto(3, "\1\0\0\0\0\0\0\0\307\36N[\0\0\0\0w_\f\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
|
||||
|
||||
After fix is correct:
|
||||
|
||||
sendto(3, "\1\0\0\0\0\0\0\0\300\36N[\0\0\0\0'B\3\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::8895:e2af:e96e:fd8f", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
|
||||
|
||||
Bug found by LTP test.
|
||||
|
||||
Fixes: e669c86 tracepath: fix heap-buffer-overflow [asan]
|
||||
Fixes: #137
|
||||
---
|
||||
tracepath.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/tracepath.c b/tracepath.c
|
||||
index 53bda16f..539a7a11 100644
|
||||
--- a/tracepath.c
|
||||
+++ b/tracepath.c
|
||||
@@ -475,7 +475,7 @@ int main(int argc, char **argv)
|
||||
fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
||||
if (fd < 0)
|
||||
continue;
|
||||
- memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr));
|
||||
+ memcpy(&target, ai->ai_addr, ai->ai_addrlen);
|
||||
targetlen = ai->ai_addrlen;
|
||||
break;
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
From 18f9a84e0e702841d6cc4d5f593de4fbd1348e83 Mon Sep 17 00:00:00 2001
|
||||
From: Sami Kerola <kerolasa@iki.fi>
|
||||
Date: Sat, 28 Dec 2019 17:16:27 +0000
|
||||
Subject: [PATCH] ninfod: change variable name to avoid colliding with function
|
||||
name
|
||||
|
||||
The sys/capability.h header has 'extern int cap_setuid(uid_t uid);'
|
||||
function prototype.
|
||||
|
||||
Addresses: https://github.com/iputils/iputils/issues/246
|
||||
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
||||
---
|
||||
ninfod/ninfod.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c
|
||||
index 26112d0d..95583de4 100644
|
||||
--- a/ninfod/ninfod.c
|
||||
+++ b/ninfod/ninfod.c
|
||||
@@ -455,7 +455,7 @@ static void do_daemonize(void)
|
||||
/* --------- */
|
||||
#ifdef HAVE_LIBCAP
|
||||
static const cap_value_t cap_net_raw = CAP_NET_RAW;
|
||||
-static const cap_value_t cap_setuid = CAP_SETUID;
|
||||
+static const cap_value_t cap_setuserid = CAP_SETUID;
|
||||
static cap_flag_value_t cap_ok;
|
||||
#else
|
||||
static uid_t euid;
|
||||
@@ -487,7 +487,7 @@ static void limit_capabilities(void)
|
||||
|
||||
cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok);
|
||||
if (cap_ok != CAP_CLEAR)
|
||||
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
|
||||
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
|
||||
|
||||
if (cap_set_proc(cap_p) < 0) {
|
||||
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
|
||||
@@ -520,8 +520,8 @@ static void drop_capabilities(void)
|
||||
|
||||
/* setuid / setuid */
|
||||
if (cap_ok != CAP_CLEAR) {
|
||||
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
|
||||
- cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET);
|
||||
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
|
||||
+ cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET);
|
||||
|
||||
if (cap_set_proc(cap_p) < 0) {
|
||||
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
|
@ -1,113 +0,0 @@
|
||||
From dc4f836759887a6edf141aa55adbdb9bc63f5e69 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 22 Mar 2022 12:59:21 +0100
|
||||
Subject: [PATCH] ping: Fix unwanted bell on unreachable address
|
||||
|
||||
Commit 4471ac629cf2603f4b8b45e042e072c992ce25a5 caused regression for IPv6
|
||||
that ping -a IP6_ADDR beeps also on wrong address (i.e. when "Address
|
||||
unreachable"):
|
||||
|
||||
$ ping -a -c1 fd00:1:1:1::15
|
||||
PING fd00:1:1:1::15(fd00:1:1:1::15) 56 data bytes
|
||||
From fd00:1:1:1::2 icmp_seq=1 Destination unreachable: Address unreachable
|
||||
|
||||
--- fd00:1:1:1::15 ping statistics ---
|
||||
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0m
|
||||
|
||||
It should only bell when ping returns correctly.
|
||||
|
||||
Another (fixed) regression was that ping after exit printed error "pipe N",
|
||||
where N is number of counts. Error was result of code from ping_common.c:
|
||||
printf("%spipe %d", comma, pipesize);
|
||||
|
||||
4471ac6 was wrong that code for sock->working_recverr == 1 should stay,
|
||||
sock->working_recverr should be removed.
|
||||
|
||||
Thus changes:
|
||||
* ping.c: put back "stronger filter" for raw socket but (unlike before
|
||||
4471ac6) exit with 2 if setsockopt(ICMP_FILTER) fails
|
||||
* ping6_common.c: put back setsockopt(IPV6_RECVERR), but (unlike before
|
||||
4471ac6) exit with 2 if it fails
|
||||
* ping6_common.c: remove ICMP6_FILTER_SETPASS calls. These caused error "pipe N".
|
||||
* ping6_common.c: return 0 after acknowledge() in ping6_parse_reply
|
||||
|
||||
Fixes: 4471ac6 ("ping: Remove workaround for bug in IP_RECVERR on raw sockets")
|
||||
Fixes: https://github.com/iputils/iputils/issues/182
|
||||
Reported-by: Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
|
||||
|
||||
---
|
||||
Patch has been adjusted to be applicable to RHEL8 codebase
|
||||
|
||||
Resolves: #2057570
|
||||
---
|
||||
ping.c | 11 +++++++++++
|
||||
ping6_common.c | 15 +++------------
|
||||
2 files changed, 14 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/ping.c b/ping.c
|
||||
index d9a3f5d..c870390 100644
|
||||
--- a/ping.c
|
||||
+++ b/ping.c
|
||||
@@ -949,6 +949,17 @@ int ping4_receive_error_msg(socket_st *sock)
|
||||
|
||||
acknowledge(ntohs(icmph.un.echo.sequence));
|
||||
|
||||
+ if (sock->socktype == SOCK_RAW)
|
||||
+ {
|
||||
+ struct icmp_filter filt;
|
||||
+
|
||||
+ filt.data = ~((1 << ICMP_SOURCE_QUENCH) |
|
||||
+ (1 << ICMP_REDIRECT) |
|
||||
+ (1 << ICMP_ECHOREPLY));
|
||||
+ if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
|
||||
+ sizeof(filt)) == -1)
|
||||
+ error(2, errno, "setsockopt(ICMP_FILTER)");
|
||||
+ }
|
||||
net_errors++;
|
||||
nerrors++;
|
||||
if (options & F_QUIET)
|
||||
diff --git a/ping6_common.c b/ping6_common.c
|
||||
index 5991c2a..1181341 100644
|
||||
--- a/ping6_common.c
|
||||
+++ b/ping6_common.c
|
||||
@@ -879,6 +879,8 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
|
||||
}
|
||||
|
||||
hold = 1;
|
||||
+ if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVERR, (const void *)&hold, sizeof hold))
|
||||
+ error(2, errno, "IPV6_RECVERR");
|
||||
|
||||
/* Estimate memory eaten by single packet. It is rough estimate.
|
||||
* Actually, for small datalen's it depends on kernel side a lot. */
|
||||
@@ -906,11 +908,6 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
|
||||
|
||||
ICMP6_FILTER_SETBLOCKALL(&filter);
|
||||
|
||||
- ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &filter);
|
||||
- ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &filter);
|
||||
- ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &filter);
|
||||
- ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &filter);
|
||||
-
|
||||
if (niquery_is_enabled())
|
||||
ICMP6_FILTER_SETPASS(ICMPV6_NI_REPLY, &filter);
|
||||
else
|
||||
@@ -1437,13 +1434,7 @@ ping6_parse_reply(socket_st *sock, struct msghdr *msg, int cc, void *addr, struc
|
||||
!is_ours(sock, icmph1->icmp6_id))
|
||||
return 1;
|
||||
acknowledge(ntohs(icmph1->icmp6_seq));
|
||||
- nerrors++;
|
||||
- if (options & F_FLOOD) {
|
||||
- write_stdout("\bE", 2);
|
||||
- return 0;
|
||||
- }
|
||||
- print_timestamp();
|
||||
- printf("From %s: icmp_seq=%u ", pr_addr(from, sizeof *from), ntohs(icmph1->icmp6_seq));
|
||||
+ return 0;
|
||||
} else {
|
||||
/* We've got something other than an ECHOREPLY */
|
||||
if (!(options & F_VERBOSE) || uid)
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,131 +0,0 @@
|
||||
From 2cc34ea408602f84fe102598ca258126531736c9 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Harrison <jon.harrison@metaswitch.com>
|
||||
Date: Tue, 9 Jul 2019 16:48:07 +0100
|
||||
Subject: [PATCH] ping: allow user to specify VRF and source IP
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Without this, the options for sending a ping in the context of a VRF are
|
||||
limited.
|
||||
|
||||
We can send a ping with a specific source IP address. For example:
|
||||
|
||||
ping 10.1.1.3 -I 10.1.1.2
|
||||
|
||||
We can send a ping in the context of a Linux VRF. For example:
|
||||
|
||||
ping 10.1.1.3 -I vrf_red
|
||||
|
||||
However, when pinging in the context of a VRF, Linux does not always choose
|
||||
a sensible source IP address – the source IP might not belong to the VRF.
|
||||
As a result, the ping won’t get a response. As a result, we want to be able
|
||||
to specify both a VRF and a source IP address when initiating a ping. For
|
||||
example:
|
||||
|
||||
ping 10.1.1.3 -I vrf_red -I 10.1.1.2
|
||||
|
||||
Ping reads in the command line parameters fine and sets up the 'source' and
|
||||
'device' variables, but currently ignores the device if the source IP
|
||||
address is non-zero. This commit adds a branch to ping.c that does the
|
||||
socket bind to the device even in the case where the source IP is non-zero.
|
||||
This branch is based on the existing case where source IP is zero, but
|
||||
simplified a bit because we've already got a source IP address to use.
|
||||
|
||||
(cherry picked from commit 9e08707d743b29e853df81bd7def1729e3afe55d)
|
||||
---
|
||||
doc/ping.xml | 15 ++++++++++-----
|
||||
ping.c | 44 +++++++++++++++++++++++++++++++++++++++++---
|
||||
2 files changed, 51 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/doc/ping.xml b/doc/ping.xml
|
||||
index bdf07b3..034e40c 100644
|
||||
--- a/doc/ping.xml
|
||||
+++ b/doc/ping.xml
|
||||
@@ -158,11 +158,16 @@ to values less than 0.2 seconds.</para>
|
||||
<varlistentry>
|
||||
<term><option>-I </option><emphasis remap='I'>interface</emphasis></term>
|
||||
<listitem>
|
||||
-<para><emphasis remap='I'>interface</emphasis> is either an address, or an interface name.
|
||||
-If <emphasis remap='I'>interface</emphasis> is an address, it sets source address
|
||||
-to specified interface address.
|
||||
-If <emphasis remap='I'>interface</emphasis> in an interface name, it sets
|
||||
-source interface to specified interface.
|
||||
+<para><emphasis remap='I'>interface</emphasis> is either an
|
||||
+address, an interface name or a VRF name. If
|
||||
+<emphasis remap="I">interface</emphasis> is an address, it
|
||||
+sets source address to specified interface address. If
|
||||
+<emphasis remap="I">interface</emphasis> is an interface
|
||||
+name, it sets source interface to specified interface.
|
||||
+If <emphasis remap="I">interface</emphasis> is a VRF
|
||||
+name, each packet is routed using the corresponding
|
||||
+routing table; in this case, the <option>-I</option> option
|
||||
+can be repeated to specify a source address.
|
||||
NOTE: For IPv6, when doing ping to a link-local scope
|
||||
address, link specification (by the '%'-notation in
|
||||
<emphasis remap='I'>destination</emphasis>, or by this option)
|
||||
diff --git a/ping.c b/ping.c
|
||||
index c870390..0f87723 100644
|
||||
--- a/ping.c
|
||||
+++ b/ping.c
|
||||
@@ -705,7 +705,43 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock)
|
||||
}
|
||||
#endif
|
||||
close(probe_fd);
|
||||
- } while (0);
|
||||
+
|
||||
+ } else if (device) {
|
||||
+ struct sockaddr_in dst = whereto;
|
||||
+ struct ifreq ifr;
|
||||
+ int fd = sock->fd;
|
||||
+ int rc;
|
||||
+ int errno_save;
|
||||
+
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, device, IFNAMSIZ - 1);
|
||||
+
|
||||
+ enable_capability_raw();
|
||||
+ rc = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device) + 1);
|
||||
+ errno_save = errno;
|
||||
+ disable_capability_raw();
|
||||
+
|
||||
+ if (rc == -1) {
|
||||
+ if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) {
|
||||
+ struct ip_mreqn imr;
|
||||
+
|
||||
+ if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
|
||||
+ fprintf(stderr, "ping: %s: %s\n", "(\"unknown interface\")", device);
|
||||
+ exit(2);
|
||||
+ }
|
||||
+ memset(&imr, 0, sizeof(imr));
|
||||
+ imr.imr_ifindex = ifr.ifr_ifindex;
|
||||
+ if (setsockopt(fd, SOL_IP, IP_MULTICAST_IF,
|
||||
+ &imr, sizeof(imr)) == -1) {
|
||||
+ fprintf(stderr, "ping: IP_MULTICAST_IF: %s\n", strerror(errno));
|
||||
+ exit(2);
|
||||
+ }
|
||||
+ } else {
|
||||
+ fprintf(stderr, "ping: SO_BINDTODEVICE %s: %s\n", device, strerror(errno_save));
|
||||
+ exit(2);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
|
||||
if (whereto.sin_addr.s_addr == 0)
|
||||
whereto.sin_addr.s_addr = source.sin_addr.s_addr;
|
||||
@@ -957,8 +993,10 @@ int ping4_receive_error_msg(socket_st *sock)
|
||||
(1 << ICMP_REDIRECT) |
|
||||
(1 << ICMP_ECHOREPLY));
|
||||
if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
|
||||
- sizeof(filt)) == -1)
|
||||
- error(2, errno, "setsockopt(ICMP_FILTER)");
|
||||
+ sizeof(filt)) == -1) {
|
||||
+ fprintf(stderr, "ping: setsockopt(ICMP_FILTER): %s\n", strerror(errno));
|
||||
+ exit(2);
|
||||
+ }
|
||||
}
|
||||
net_errors++;
|
||||
nerrors++;
|
||||
--
|
||||
2.40.1
|
||||
|
@ -0,0 +1,51 @@
|
||||
From 79d713eab6181e219bf932b404706f6f59ff2539 Mon Sep 17 00:00:00 2001
|
||||
From: Byron Stanoszek <gandalf@winds.org>
|
||||
Date: Thu, 16 Sep 2021 23:38:54 +0200
|
||||
Subject: [PATCH] ping: Remove 'unsupported IPv6' warning on disabled IPv6
|
||||
|
||||
Regression was introduced in d141cb6 as introduced condition
|
||||
|
||||
if ((errno == EAFNOSUPPORT && socktype == AF_INET6) || options & F_VERBOSE || requisite)
|
||||
|
||||
was wrong, it should have been:
|
||||
|
||||
if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) || options & F_VERBOSE)
|
||||
|
||||
but bug was hidden as `family == AF_INET6' was always false until
|
||||
otherwise correct fix 904cdb6 ("ping: AF_INET6 is address family not
|
||||
socket type [lgtm scan]") propagated the error.
|
||||
|
||||
Tested on kernel booted with ipv6.disable=1 (disabling via sysctl, i.e.
|
||||
sysctl -w net.ipv6.conf.all.disable_ipv6=1; sysctl -w net.ipv6.conf.default.disable_ipv6=1
|
||||
does not trigger the issue as it exit with "socket: Address family not
|
||||
supported by protocol" - errno EADDRNOTAVAIL).
|
||||
|
||||
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
|
||||
Closes: https://github.com/iputils/iputils/issues/293
|
||||
Closes: https://github.com/iputils/iputils/pull/370
|
||||
|
||||
Reported-by: lekto <lekto@o2.pl>
|
||||
Reviewed-by: Andrew Clayton <andrew@digital-domain.net>
|
||||
Reviewed-by: Petr Vorel <pvorel@suse.cz>
|
||||
Signed-off-by: Byron Stanoszek <gandalf@winds.org>
|
||||
[ pvorel: create commit from Byron's patch on the issue, do analysis and wrote commit message ]
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
---
|
||||
ping/ping.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ping/ping.c b/ping/ping.c
|
||||
index 6fcb44f2..0655bf4a 100644
|
||||
--- a/ping/ping.c
|
||||
+++ b/ping/ping.c
|
||||
@@ -150,8 +150,8 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
|
||||
/* Report error related to disabled IPv6 only when IPv6 also failed or in
|
||||
* verbose mode. Report other errors always.
|
||||
*/
|
||||
- if ((errno == EAFNOSUPPORT && family == AF_INET6) ||
|
||||
- rts->opt_verbose || requisite)
|
||||
+ if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
|
||||
+ rts->opt_verbose)
|
||||
error(0, errno, "socket");
|
||||
if (requisite)
|
||||
exit(2);
|
@ -0,0 +1,40 @@
|
||||
From a1890739e9d5953897cec43c59d5fea922384d5b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Wed, 22 May 2024 07:05:14 +0200
|
||||
Subject: [PATCH 1/2] arping: Fix 1s delay on exit for unsolicited arpings
|
||||
|
||||
Commit 67e070d introduced 1s poll() delay for unsolicited arpings,
|
||||
when using -U or -A, e.g.:
|
||||
|
||||
# arping -A -c1 -I eth0 [IP address of eth0 interface]
|
||||
# arping -U -c1 -I eth0 [IP address of eth0 interface]
|
||||
|
||||
Restore correct condition.
|
||||
|
||||
Fixes: 67e070d ("arping: use signalfd() and timerfd() rather than signals")
|
||||
Fixes: https://github.com/iputils/iputils/issues/536
|
||||
Closes: https://github.com/iputils/iputils/pull/541
|
||||
Reported-by: <Curtis Taylor cjebpub@gmail.com>
|
||||
Suggested-by: <Curtis Taylor cjebpub@gmail.com>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 4db1de672559804bebcb7073d231924339ca8cd8)
|
||||
---
|
||||
arping.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arping.c b/arping.c
|
||||
index 53fdbb4..8929f8f 100644
|
||||
--- a/arping.c
|
||||
+++ b/arping.c
|
||||
@@ -749,7 +749,7 @@ static int event_loop(struct run_state *ctl)
|
||||
pfds[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP;
|
||||
send_pack(ctl);
|
||||
|
||||
- while (!exit_loop) {
|
||||
+ while (!(exit_loop || ctl->unsolicited)) {
|
||||
int ret;
|
||||
size_t i;
|
||||
|
||||
--
|
||||
2.46.0
|
||||
|
@ -0,0 +1,61 @@
|
||||
From 5564dd9f224a7354a55c8f57ac0da9c2e58b18e5 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Fri, 24 May 2024 00:05:53 +0200
|
||||
Subject: [PATCH 2/2] arping: Fix unsolicited ARP regressions on -c > 1
|
||||
|
||||
4db1de6 tried to fix a regression 1 sec delay due poll() for unsolicited
|
||||
ARP, .i.e. -A and -U (introduced in 67e070d, reported as issue #536).
|
||||
But skipping the while loop entirely introduced another regression for
|
||||
-A and -U, which behave like -c1 (sending *always* only a single packet).
|
||||
|
||||
Fixing it by checking in while loop and comparing also count (as it was
|
||||
done in 67e070d before the rewrite).
|
||||
|
||||
NOTE: use exit_loop with continue instead of simple break to keep things
|
||||
consistent.
|
||||
|
||||
Fixes: 4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
|
||||
Fixes: 67e070d ("arping: use signalfd() and timerfd() rather than signals")
|
||||
Fixes: https://github.com/iputils/iputils/issues/536
|
||||
Closes: https://github.com/iputils/iputils/pull/543
|
||||
Reported-by: David Bond <dbond@suse.com>
|
||||
Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>
|
||||
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 5de892d15eea467775420c4fd641df229f024259)
|
||||
---
|
||||
arping.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arping.c b/arping.c
|
||||
index 8929f8f..ee9da1d 100644
|
||||
--- a/arping.c
|
||||
+++ b/arping.c
|
||||
@@ -749,10 +749,15 @@ static int event_loop(struct run_state *ctl)
|
||||
pfds[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP;
|
||||
send_pack(ctl);
|
||||
|
||||
- while (!(exit_loop || ctl->unsolicited)) {
|
||||
+ while (!exit_loop) {
|
||||
int ret;
|
||||
size_t i;
|
||||
|
||||
+ if ((ctl->sent == ctl->count) && ctl->unsolicited) {
|
||||
+ exit_loop = 1;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
ret = poll(pfds, POLLFD_COUNT, -1);
|
||||
if (ret <= 0) {
|
||||
if (errno == EAGAIN)
|
||||
@@ -813,6 +818,7 @@ static int event_loop(struct run_state *ctl)
|
||||
}
|
||||
}
|
||||
}
|
||||
+
|
||||
close(sfd);
|
||||
close(tfd);
|
||||
freeifaddrs(ctl->ifa0);
|
||||
--
|
||||
2.46.0
|
||||
|
33
SOURCES/004-arping-fix-typo-in-error-checking.patch
Normal file
33
SOURCES/004-arping-fix-typo-in-error-checking.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 357b788e667bdd51b66bbc0cc88cf82ae3169455 Mon Sep 17 00:00:00 2001
|
||||
From: Noah Meyerhans <noahm@debian.org>
|
||||
Date: Wed, 16 Feb 2022 22:25:30 -0800
|
||||
Subject: [PATCH 1/2] arping: fix typo in error checking
|
||||
|
||||
When attempting to check the return value of timerfd_create(), we were
|
||||
not checking the value of the variable containing the return value.
|
||||
|
||||
Fixes: e594ca5 ("arping: use additional timerfd to control when timeout happens")
|
||||
|
||||
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
|
||||
Signed-off-by: Noah Meyerhans <noahm@debian.org>
|
||||
(cherry picked from commit 8a6a2ce3cd0cdf69f0551a3a1e598a191561d18e)
|
||||
---
|
||||
arping.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/arping.c b/arping.c
|
||||
index ee9da1d..8059517 100644
|
||||
--- a/arping.c
|
||||
+++ b/arping.c
|
||||
@@ -733,7 +733,7 @@ static int event_loop(struct run_state *ctl)
|
||||
|
||||
/* timeout timerfd */
|
||||
timeoutfd = timerfd_create(CLOCK_MONOTONIC, 0);
|
||||
- if (tfd == -1) {
|
||||
+ if (timeoutfd == -1) {
|
||||
error(0, errno, "timerfd_create failed");
|
||||
return 1;
|
||||
}
|
||||
--
|
||||
2.46.0
|
||||
|
@ -0,0 +1,62 @@
|
||||
From bf2900d716397734136ec3014a591281504aa00b Mon Sep 17 00:00:00 2001
|
||||
From: Noah Meyerhans <noahm@debian.org>
|
||||
Date: Wed, 16 Feb 2022 22:27:49 -0800
|
||||
Subject: [PATCH 2/2] arping: exit 0 if running in deadline mode and we see
|
||||
replies
|
||||
|
||||
The arping behavior when running in deadline mode without a packet
|
||||
count (-w without -c) should match that of ping: any replies indicate
|
||||
that the host is up and should result in a zero (success) exit status.
|
||||
|
||||
Fixes: https://github.com/iputils/iputils/issues/392
|
||||
Closes: https://github.com/iputils/iputils/pull/395
|
||||
|
||||
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
|
||||
Signed-off-by: Noah Meyerhans <noahm@debian.org>
|
||||
(cherry picked from commit 854873bdd28fcdd9cc3fe0c2d29c083a07d07a86)
|
||||
---
|
||||
arping.c | 2 ++
|
||||
doc/arping.xml | 14 +++++++-------
|
||||
2 files changed, 9 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/arping.c b/arping.c
|
||||
index 8059517..6f94e90 100644
|
||||
--- a/arping.c
|
||||
+++ b/arping.c
|
||||
@@ -828,6 +828,8 @@ static int event_loop(struct run_state *ctl)
|
||||
else if (ctl->dad && ctl->quit_on_reply)
|
||||
/* Duplicate address detection mode return value */
|
||||
rc |= !(ctl->brd_sent != ctl->received);
|
||||
+ else if (ctl->timeout && !(ctl->count > 0))
|
||||
+ rc |= !(ctl->received > 0);
|
||||
else
|
||||
rc |= (ctl->sent != ctl->received);
|
||||
return rc;
|
||||
diff --git a/doc/arping.xml b/doc/arping.xml
|
||||
index 711718f..9adbc0c 100644
|
||||
--- a/doc/arping.xml
|
||||
+++ b/doc/arping.xml
|
||||
@@ -202,13 +202,13 @@ xml:id="man.arping">
|
||||
<listitem>
|
||||
<para>Specify a timeout, in seconds, before
|
||||
<command>arping</command> exits regardless of how many
|
||||
- packets have been sent or received. In this case
|
||||
- <command>arping</command> does not stop after
|
||||
- <emphasis remap='I'>count</emphasis> packet are sent, it
|
||||
- waits either for
|
||||
- <emphasis remap='I'>deadline</emphasis> expire or until
|
||||
- <emphasis remap='I'>count</emphasis> probes are
|
||||
- answered.</para>
|
||||
+ packets have been sent or received. If any replies are
|
||||
+ received, exit with status 0, otherwise status 1. When
|
||||
+ combined with the <emphasis remap="I">count</emphasis>
|
||||
+ option, exit with status 0 if <emphasis
|
||||
+ remap="I">count</emphasis> replies are received before the
|
||||
+ deadline expiration, otherwise status 1.
|
||||
+ </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
--
|
||||
2.46.0
|
||||
|
@ -0,0 +1,119 @@
|
||||
From 7d62be648f03adba22bcccd2eb3506d51169b85d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Thu, 15 Apr 2021 07:48:03 +0200
|
||||
Subject: [PATCH 1/3] Revert "Add strict pattern matching on response when
|
||||
pattern was provided"
|
||||
|
||||
This reverts commit f7710a17c4d5994313a64583f511bcdb9559f2a9.
|
||||
|
||||
Commit broke report of truncated packets:
|
||||
$ ping -c2 -s100 google.com
|
||||
PING google.com (142.250.185.238) 100(128) bytes of data.
|
||||
|
||||
Running ping from both s20161105 (which does not contain f7710a1) and
|
||||
reverted f7710a1 on master reports truncated packets:
|
||||
|
||||
$ ping -c2 -s100 google.com
|
||||
PING google.com (142.250.185.238) 100(128) bytes of data.
|
||||
76 bytes from fra16s53-in-f14.1e100.net (142.250.185.238): icmp_seq=1 ttl=116 (truncated)
|
||||
76 bytes from fra16s53-in-f14.1e100.net (142.250.185.238): icmp_seq=2 ttl=116 (truncated)
|
||||
|
||||
There was unreachable code in gather_statistics() because
|
||||
contains_pattern_in_payload() added in f7710a1 always found a mismatch
|
||||
first. Due that all of these did not work:
|
||||
* updating counters for statistics generation
|
||||
* keeping track of timestamps and time-of-flight using the first section
|
||||
of the payload
|
||||
* checking for duplicate replies and report them
|
||||
* printing basic info about the reply
|
||||
* printing "(truncated)" if the reply was truncated
|
||||
* checking the checksum
|
||||
* validating the rest of the payload (bytes 17 and above) against the
|
||||
ICMP request that was sent, and report any differences
|
||||
|
||||
Fixes: f7710a1 ("Add strict pattern matching on response when pattern was provided")
|
||||
Closes: https://github.com/iputils/iputils/issues/320
|
||||
Closes: https://github.com/iputils/iputils/pull/331
|
||||
|
||||
Reported-by: Paul Swirhun <paulswirhun@gmail.com>
|
||||
Suggested-by: Paul Swirhun <paulswirhun@gmail.com>
|
||||
Reviewed-by: Noah Meyerhans <noahm@debian.org>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit dff5d82dadab1b04400b2f9e1eb10a0d124868ed)
|
||||
---
|
||||
ping/ping.c | 2 --
|
||||
ping/ping.h | 1 -
|
||||
ping/ping6_common.c | 2 --
|
||||
ping/ping_common.c | 18 ------------------
|
||||
4 files changed, 23 deletions(-)
|
||||
|
||||
diff --git a/ping/ping.c b/ping/ping.c
|
||||
index 1c98733..0655bf4 100644
|
||||
--- a/ping/ping.c
|
||||
+++ b/ping/ping.c
|
||||
@@ -1549,8 +1549,6 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
|
||||
return 1;
|
||||
if (!is_ours(rts, sock, icp->un.echo.id))
|
||||
return 1; /* 'Twas not our ECHO */
|
||||
- if (!contains_pattern_in_payload(rts, (uint8_t *)(icp + 1)))
|
||||
- return 1; /* 'Twas really not our ECHO */
|
||||
if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
|
||||
ntohs(icp->un.echo.sequence),
|
||||
reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
|
||||
diff --git a/ping/ping.h b/ping/ping.h
|
||||
index c8bbcf6..86652bf 100644
|
||||
--- a/ping/ping.h
|
||||
+++ b/ping/ping.h
|
||||
@@ -380,7 +380,6 @@ int is_ours(struct ping_rts *rts, socket_st *sock, uint16_t id);
|
||||
extern int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock);
|
||||
extern void sock_setbufs(struct ping_rts *rts, socket_st *, int alloc);
|
||||
extern void setup(struct ping_rts *rts, socket_st *);
|
||||
-extern int contains_pattern_in_payload(struct ping_rts *rts, uint8_t *ptr);
|
||||
extern int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st*,
|
||||
uint8_t *packet, int packlen);
|
||||
extern int finish(struct ping_rts *rts);
|
||||
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
||||
index 459f63e..fcb48be 100644
|
||||
--- a/ping/ping6_common.c
|
||||
+++ b/ping/ping6_common.c
|
||||
@@ -823,8 +823,6 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
|
||||
return 1;
|
||||
if (!is_ours(rts, sock, icmph->icmp6_id))
|
||||
return 1;
|
||||
- if (!contains_pattern_in_payload(rts, (uint8_t *)(icmph + 1)))
|
||||
- return 1; /* 'Twas really not our ECHO */
|
||||
if (gather_statistics(rts, (uint8_t *)icmph, sizeof(*icmph), cc,
|
||||
ntohs(icmph->icmp6_seq),
|
||||
hops, 0, tv, pr_addr(rts, from, sizeof *from),
|
||||
diff --git a/ping/ping_common.c b/ping/ping_common.c
|
||||
index 33e6003..357c39d 100644
|
||||
--- a/ping/ping_common.c
|
||||
+++ b/ping/ping_common.c
|
||||
@@ -553,24 +553,6 @@ void setup(struct ping_rts *rts, socket_st *sock)
|
||||
}
|
||||
}
|
||||
|
||||
-/*
|
||||
- * Return 0 if pattern in payload point to be ptr did not match the pattern that was sent
|
||||
- */
|
||||
-int contains_pattern_in_payload(struct ping_rts *rts, uint8_t *ptr)
|
||||
-{
|
||||
- size_t i;
|
||||
- uint8_t *cp, *dp;
|
||||
-
|
||||
- /* check the data */
|
||||
- cp = ((u_char *)ptr) + sizeof(struct timeval);
|
||||
- dp = &rts->outpack[8 + sizeof(struct timeval)];
|
||||
- for (i = sizeof(struct timeval); i < rts->datalen; ++i, ++cp, ++dp) {
|
||||
- if (*cp != *dp)
|
||||
- return 0;
|
||||
- }
|
||||
- return 1;
|
||||
-}
|
||||
-
|
||||
int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock,
|
||||
uint8_t *packet, int packlen)
|
||||
{
|
||||
--
|
||||
2.46.0
|
||||
|
36
SOURCES/007-ping-Move-ping_rts-multicast.patch
Normal file
36
SOURCES/007-ping-Move-ping_rts-multicast.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 1c66917a079e95f00e9a1f2af1329c65501e8a60 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Mon, 18 Oct 2021 15:27:35 +0200
|
||||
Subject: [PATCH 1/4] ping: Move ping_rts->multicast
|
||||
|
||||
as it's used for both IPv4 and IPv6.
|
||||
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 7a4ec7532871772cb22a3b2c42f6006f95f8b263)
|
||||
---
|
||||
ping/ping.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ping/ping.h b/ping/ping.h
|
||||
index 703296d..a5f05f4 100644
|
||||
--- a/ping/ping.h
|
||||
+++ b/ping/ping.h
|
||||
@@ -192,6 +192,7 @@ struct ping_rts {
|
||||
struct sockaddr_in6 source6;
|
||||
struct sockaddr_in6 whereto6;
|
||||
struct sockaddr_in6 firsthop6;
|
||||
+ int multicast;
|
||||
|
||||
/* Used only in ping.c */
|
||||
int ts_type;
|
||||
@@ -201,7 +202,6 @@ struct ping_rts {
|
||||
int optlen;
|
||||
int settos; /* Set TOS, Precedence or other QOS options */
|
||||
int broadcast_pings;
|
||||
- int multicast;
|
||||
struct sockaddr_in source;
|
||||
|
||||
/* Used only in ping_common.c */
|
||||
--
|
||||
2.46.0
|
||||
|
@ -0,0 +1,133 @@
|
||||
From aa75473cac4a37cd673da3a66904878efcfdbd6f Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Mon, 18 Oct 2021 15:13:44 +0200
|
||||
Subject: [PATCH 2/3] ping: Print reply from Subnet-Router anycast address
|
||||
|
||||
by detecting Subnet-Router address for 64 bit prefix and suppress
|
||||
address comparison check.
|
||||
|
||||
5e052ad ("ping: discard packets with wrong source address") correctly
|
||||
hid replies with wrong source address to comply RFC 1122 (Section
|
||||
3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same
|
||||
as the specific-destination address").
|
||||
|
||||
While change in 5e052ad works for broadcast and multicast addresses and
|
||||
some of anycast addresses, it does not work for (at least) Subnet-Router
|
||||
anycast address):
|
||||
|
||||
# VETH1_IPV6=fd00:dead:beef:1234::1
|
||||
# VPEER1_IPV6=fd00:dead:beef:1234::2
|
||||
# ip netns add ns-ipv6
|
||||
# ip li add name veth1 type veth peer name vpeer1
|
||||
# ip -6 addr add $VETH1_IPV6/64 dev veth1
|
||||
# ip li set dev veth1 up
|
||||
# ip li set dev vpeer1 netns ns-ipv6
|
||||
# ip netns exec ns-ipv6 ip li set dev lo up
|
||||
# ip netns exec ns-ipv6 ip -6 addr add $VPEER1_IPV6/64 dev vpeer1
|
||||
# ip netns exec ns-ipv6 ip li set vpeer1 up
|
||||
# ip netns exec ns-ipv6 ip -6 route add default dev vpeer1 via $VETH1_IPV6
|
||||
# sysctl -w net.ipv6.conf.all.forwarding=1
|
||||
|
||||
$ ping -c1 ff02::1 # anycast - all nodes
|
||||
PING ff02::1(ff02::1) 56 data bytes
|
||||
64 bytes from fe80::9c9c:ffff:fe14:e9d2%vpeer1: icmp_seq=1 ttl=64 time=0.064 ms
|
||||
|
||||
$ ping -c1 ff02::2 # anycast - all routers
|
||||
PING ff02::2(ff02::2) 56 data bytes
|
||||
64 bytes from fe80::5496:9ff:fef5:8f01%vpeer1: icmp_seq=1 ttl=64 time=0.088 ms
|
||||
|
||||
$ ping -c1 -W5 fd00:dead:beef:1234:: # Subnet-Router anycast
|
||||
PING fd00:dead:beef:1234::(fd00:dead:beef:1234::) 56 data bytes
|
||||
|
||||
Subnet-Router anycast address works for both busybox ping (without
|
||||
printing the real source address) and fping:
|
||||
|
||||
$ busybox ping -c1 fd00:dead:beef:1234::
|
||||
PING fd00:dead:beef:1234:: (fd00:dead:beef:1234::): 56 data bytes
|
||||
64 bytes from fd00:dead:beef:1234::1: seq=0 ttl=64 time=0.122 ms
|
||||
|
||||
$ fping -c1 fd00:dead:beef:1234::
|
||||
[<- fd00:dead:beef:1234::1]fd00:dead:beef:1234:: : [0], 64 bytes, 0.096 ms (0.096 avg, 0% loss)
|
||||
|
||||
RFC 4291 specifies Subnet-Router anycast address as [1]:
|
||||
|
||||
The Subnet-Router anycast address is predefined. Its format is as
|
||||
follows:
|
||||
| n bits | 128-n bits |
|
||||
+------------------------------------------------+----------------+
|
||||
| subnet prefix | 00000000000000 |
|
||||
+------------------------------------------------+----------------+
|
||||
|
||||
The "subnet prefix" in an anycast address is the prefix that
|
||||
identifies a specific link. This anycast address is syntactically
|
||||
the same as a unicast address for an interface on the link with the
|
||||
interface identifier set to zero.
|
||||
|
||||
=> to detect Subnet-Router anycast address we need to know prefix, which
|
||||
we don't know, thus detect it for prefix 64 (the default IPv6 prefix).
|
||||
|
||||
[1] https://datatracker.ietf.org/doc/html/rfc4291#section-2.6.1
|
||||
|
||||
Fixes: 5e052ad ("ping: discard packets with wrong source address")
|
||||
Closes: https://github.com/iputils/iputils/issues/371
|
||||
|
||||
Reported-by: Tim Sandquist
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 15a5e5c7aace5a7a782ff802988e04ed4c1148a5)
|
||||
---
|
||||
ping/ping.h | 1 +
|
||||
ping/ping6_common.c | 12 +++++++++++-
|
||||
2 files changed, 12 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ping/ping.h b/ping/ping.h
|
||||
index 86652bf..f26fdac 100644
|
||||
--- a/ping/ping.h
|
||||
+++ b/ping/ping.h
|
||||
@@ -212,6 +212,7 @@ struct ping_rts {
|
||||
#endif
|
||||
|
||||
/* Used only in ping6_common.c */
|
||||
+ int subnet_router_anycast; /* Subnet-Router anycast (RFC 4291) */
|
||||
struct sockaddr_in6 firsthop;
|
||||
unsigned char cmsgbuf[4096];
|
||||
size_t cmsglen;
|
||||
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
||||
index fcb48be..d0d2d84 100644
|
||||
--- a/ping/ping6_common.c
|
||||
+++ b/ping/ping6_common.c
|
||||
@@ -101,6 +101,7 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
||||
struct socket_st *sock)
|
||||
{
|
||||
int hold, packlen;
|
||||
+ size_t i;
|
||||
unsigned char *packet;
|
||||
char *target;
|
||||
struct icmp6_filter filter;
|
||||
@@ -247,6 +248,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
||||
rts->pmtudisc = IPV6_PMTUDISC_DO;
|
||||
}
|
||||
|
||||
+ /* detect Subnet-Router anycast at least for the default prefix 64 */
|
||||
+ rts->subnet_router_anycast = 1;
|
||||
+ for (i = 8; i < sizeof(struct in6_addr); i++) {
|
||||
+ if (rts->whereto6.sin6_addr.s6_addr[i]) {
|
||||
+ rts->subnet_router_anycast = 0;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
if (rts->pmtudisc >= 0) {
|
||||
if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &rts->pmtudisc,
|
||||
sizeof rts->pmtudisc) == -1)
|
||||
@@ -818,7 +828,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
|
||||
}
|
||||
|
||||
if (icmph->icmp6_type == ICMP6_ECHO_REPLY) {
|
||||
- if (!rts->multicast &&
|
||||
+ if (!rts->multicast && !rts->subnet_router_anycast &&
|
||||
memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
|
||||
return 1;
|
||||
if (!is_ours(rts, sock, icmph->icmp6_id))
|
||||
--
|
||||
2.46.0
|
||||
|
@ -0,0 +1,149 @@
|
||||
From ea2808dc199b89c12dd3b3a968e67bc0f522d399 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Fri, 15 Oct 2021 17:38:51 +0200
|
||||
Subject: [PATCH 3/3] ping: Print reply with wrong source with warning
|
||||
|
||||
5e052ad ("ping: discard packets with wrong source address") correctly
|
||||
hid replies with wrong source address to comply RFC 1122 (Section
|
||||
3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same
|
||||
as the specific-destination address").
|
||||
|
||||
This caused to hide reply when pinging Subnet-Router anycast address.
|
||||
Although it was fixed in the previous commit, relax this to admit the
|
||||
reply but print warning "DIFFERENT ADDRESS!". ping is diagnostic program,
|
||||
with insisting on RFC we force people to use tcpdump to see replies.
|
||||
|
||||
Link: https://github.com/iputils/iputils/issues/371
|
||||
|
||||
Reviewed-by: Matteo Croce <mcroce@microsoft.com>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 5f6bec5ab57cc8beaa78f5756a0ffbdf01f28d36)
|
||||
---
|
||||
ping/ping.c | 10 ++++++----
|
||||
ping/ping.h | 3 ++-
|
||||
ping/ping6_common.c | 13 ++++++++-----
|
||||
ping/ping_common.c | 6 +++++-
|
||||
4 files changed, 21 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/ping/ping.c b/ping/ping.c
|
||||
index 0655bf4..81ee7c8 100644
|
||||
--- a/ping/ping.c
|
||||
+++ b/ping/ping.c
|
||||
@@ -1504,6 +1504,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
|
||||
int reply_ttl;
|
||||
uint8_t *opts, *tmp_ttl;
|
||||
int olen;
|
||||
+ int wrong_source = 0;
|
||||
|
||||
/* Check the IP header */
|
||||
ip = (struct iphdr *)buf;
|
||||
@@ -1544,15 +1545,16 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
|
||||
csfailed = in_cksum((unsigned short *)icp, cc, 0);
|
||||
|
||||
if (icp->type == ICMP_ECHOREPLY) {
|
||||
- if (!rts->broadcast_pings && !rts->multicast &&
|
||||
- from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr)
|
||||
- return 1;
|
||||
if (!is_ours(rts, sock, icp->un.echo.id))
|
||||
return 1; /* 'Twas not our ECHO */
|
||||
+
|
||||
+ if (!rts->broadcast_pings && !rts->multicast &&
|
||||
+ from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr)
|
||||
+ wrong_source = 1;
|
||||
if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
|
||||
ntohs(icp->un.echo.sequence),
|
||||
reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
|
||||
- pr_echo_reply, rts->multicast)) {
|
||||
+ pr_echo_reply, rts->multicast, wrong_source)) {
|
||||
fflush(stdout);
|
||||
return 0;
|
||||
}
|
||||
diff --git a/ping/ping.h b/ping/ping.h
|
||||
index f26fdac..703296d 100644
|
||||
--- a/ping/ping.h
|
||||
+++ b/ping/ping.h
|
||||
@@ -389,7 +389,8 @@ extern void common_options(int ch);
|
||||
extern int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
|
||||
int cc, uint16_t seq, int hops,
|
||||
int csfailed, struct timeval *tv, char *from,
|
||||
- void (*pr_reply)(uint8_t *ptr, int cc), int multicast);
|
||||
+ void (*pr_reply)(uint8_t *ptr, int cc), int multicast,
|
||||
+ int wrong_source);
|
||||
extern void print_timestamp(struct ping_rts *rts);
|
||||
void fill(struct ping_rts *rts, char *patp, unsigned char *packet, size_t packet_size);
|
||||
|
||||
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
||||
index d0d2d84..4712928 100644
|
||||
--- a/ping/ping6_common.c
|
||||
+++ b/ping/ping6_common.c
|
||||
@@ -802,6 +802,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
|
||||
struct cmsghdr *c;
|
||||
struct icmp6_hdr *icmph;
|
||||
int hops = -1;
|
||||
+ int wrong_source = 0;
|
||||
|
||||
for (c = CMSG_FIRSTHDR(msg); c; c = CMSG_NXTHDR(msg, c)) {
|
||||
if (c->cmsg_level != IPPROTO_IPV6)
|
||||
@@ -828,16 +829,18 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
|
||||
}
|
||||
|
||||
if (icmph->icmp6_type == ICMP6_ECHO_REPLY) {
|
||||
- if (!rts->multicast && !rts->subnet_router_anycast &&
|
||||
- memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
|
||||
- return 1;
|
||||
if (!is_ours(rts, sock, icmph->icmp6_id))
|
||||
return 1;
|
||||
+
|
||||
+ if (!rts->multicast && !rts->subnet_router_anycast &&
|
||||
+ memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
|
||||
+ wrong_source = 1;
|
||||
+
|
||||
if (gather_statistics(rts, (uint8_t *)icmph, sizeof(*icmph), cc,
|
||||
ntohs(icmph->icmp6_seq),
|
||||
hops, 0, tv, pr_addr(rts, from, sizeof *from),
|
||||
pr_echo_reply,
|
||||
- rts->multicast)) {
|
||||
+ rts->multicast, wrong_source)) {
|
||||
fflush(stdout);
|
||||
return 0;
|
||||
}
|
||||
@@ -850,7 +853,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
|
||||
seq,
|
||||
hops, 0, tv, pr_addr(rts, from, sizeof *from),
|
||||
pr_niquery_reply,
|
||||
- rts->multicast))
|
||||
+ rts->multicast, 0))
|
||||
return 0;
|
||||
} else {
|
||||
int nexthdr;
|
||||
diff --git a/ping/ping_common.c b/ping/ping_common.c
|
||||
index 357c39d..0336259 100644
|
||||
--- a/ping/ping_common.c
|
||||
+++ b/ping/ping_common.c
|
||||
@@ -711,7 +711,8 @@ int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock,
|
||||
int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
|
||||
int cc, uint16_t seq, int hops,
|
||||
int csfailed, struct timeval *tv, char *from,
|
||||
- void (*pr_reply)(uint8_t *icmph, int cc), int multicast)
|
||||
+ void (*pr_reply)(uint8_t *icmph, int cc), int multicast,
|
||||
+ int wrong_source)
|
||||
{
|
||||
int dupflag = 0;
|
||||
long triptime = 0;
|
||||
@@ -804,10 +805,13 @@ restamp:
|
||||
printf(_(" time=%ld.%03ld ms"), triptime / 1000,
|
||||
triptime % 1000);
|
||||
}
|
||||
+
|
||||
if (dupflag && (!multicast || rts->opt_verbose))
|
||||
printf(_(" (DUP!)"));
|
||||
if (csfailed)
|
||||
printf(_(" (BAD CHECKSUM!)"));
|
||||
+ if (wrong_source)
|
||||
+ printf(_(" (DIFFERENT ADDRESS!)"));
|
||||
|
||||
/* check the data */
|
||||
cp = ((unsigned char *)ptr) + sizeof(struct timeval);
|
||||
--
|
||||
2.46.0
|
||||
|
51
SOURCES/010-ping-Fix-socket-error-reporting.patch
Normal file
51
SOURCES/010-ping-Fix-socket-error-reporting.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 42ff1833920e2524b07790243ef9146125f5b2c4 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Wed, 10 Aug 2022 21:05:22 +0200
|
||||
Subject: [PATCH] ping: Fix socket error reporting
|
||||
|
||||
There is actually no need for errno EAFNOSUPPORT special handling,
|
||||
nor for any other errno. *All* errors needs to be reported on verbose
|
||||
mode or when socket is required. If AF_INET6 socket is used with
|
||||
disabled IPv6, error reporting is done by gai_strerror() (ipv6.disable=1)
|
||||
or by connect() error handling in ping6_run() (EADDRNOTAVAIL on
|
||||
net.ipv6.conf.all.disable_ipv6=1).
|
||||
|
||||
Bug was hidden because condition "errno == EAFNOSUPPORT && socktype ==
|
||||
AF_INET6" introduced in d141cb6 was always false as AF_INET6 is is an address
|
||||
family not a socket type, until otherwise correct fix 904cdb6. Attempt
|
||||
to fix it in 79d713e introduced regression that other errors weren't
|
||||
reported (e.g. EPERM on RAW socket on non-root, see #406).
|
||||
|
||||
Closes: https://github.com/iputils/iputils/pull/418
|
||||
Fixes: https://github.com/iputils/iputils/issues/406
|
||||
Fixes: 79d713e ("ping: Remove 'unsupported IPv6' warning on disabled IPv6")
|
||||
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
|
||||
|
||||
Reported-by: Benjamin Poirier <benjamin.poirier@gmail.com>
|
||||
Tested-by: Benjamin Poirier <benjamin.poirier@gmail.com>
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit bbe451f91ecc769ac5f70c1269372a6cc28d6814)
|
||||
---
|
||||
ping/ping.c | 6 +-----
|
||||
1 file changed, 1 insertion(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ping/ping.c b/ping/ping.c
|
||||
index 81ee7c8..ff7e742 100644
|
||||
--- a/ping/ping.c
|
||||
+++ b/ping/ping.c
|
||||
@@ -147,11 +147,7 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
|
||||
}
|
||||
|
||||
if (sock->fd == -1) {
|
||||
- /* Report error related to disabled IPv6 only when IPv6 also failed or in
|
||||
- * verbose mode. Report other errors always.
|
||||
- */
|
||||
- if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
|
||||
- rts->opt_verbose)
|
||||
+ if (requisite || rts->opt_verbose)
|
||||
error(0, errno, "socket");
|
||||
if (requisite)
|
||||
exit(2);
|
||||
--
|
||||
2.46.0
|
||||
|
95
SOURCES/011-ping-Fix-ping6-binding-to-VRF-and-address.patch
Normal file
95
SOURCES/011-ping-Fix-ping6-binding-to-VRF-and-address.patch
Normal file
@ -0,0 +1,95 @@
|
||||
From 36580e1d539b4bb7c187d4cf9ccc63afad9edbb1 Mon Sep 17 00:00:00 2001
|
||||
From: Lahav Schlesinger <lschlesinger@drivenets.com>
|
||||
Date: Wed, 30 Jun 2021 13:06:13 +0300
|
||||
Subject: [PATCH 1/2] ping: Fix ping6 binding to VRF and address
|
||||
|
||||
Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to
|
||||
ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to
|
||||
create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0)
|
||||
and passing both -I <vrf_interface> and -I <local_ipv6_addr>.
|
||||
It works for IPv4 SOCK_RAW socket.
|
||||
|
||||
# ip netns add tmp_ns
|
||||
# ip -n tmp_ns link add vrf_1 type vrf table 10001
|
||||
# ip -n tmp_ns link add lo10 type dummy
|
||||
# ip -n tmp_ns link set lo10 master vrf_1
|
||||
# ip -n tmp_ns link set vrf_1 up
|
||||
# ip -n tmp_ns link set lo10 up
|
||||
# ip -n tmp_ns link set lo up
|
||||
# ip -n tmp_ns addr add 1:2::3:4/128 dev lo10
|
||||
# ip -n tmp_ns addr add 1.2.3.4/32 dev lo10
|
||||
|
||||
# ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken
|
||||
ping: bind icmp socket: Cannot assign requested address
|
||||
|
||||
# ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working
|
||||
PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data.
|
||||
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms
|
||||
|
||||
--- 1.2.3.4 ping statistics ---
|
||||
1 packets transmitted, 1 received, 0% packet loss, time 0ms
|
||||
rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms
|
||||
|
||||
ping fails because it doesn't actually bind to the VRF interface, while
|
||||
after 1893ff20275b, binding to an IPv6 address searches only on the same
|
||||
l3mdev as the device the function receives. If the socket wasn't
|
||||
SO_BINDTODEVICE-ed, then the kernel will only search for devices that
|
||||
are not ensalved to an l3mdev device (= in the default VRF), which will
|
||||
cause the bind() to fail.
|
||||
|
||||
Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because
|
||||
Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed
|
||||
to, but only the device from addr->sin6_scope_id (which if none is
|
||||
passed, it will again only search devices in the default VRF).
|
||||
|
||||
NOTE: creating network namespace to reproduce the issue is needed just
|
||||
on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current
|
||||
Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket.
|
||||
Alternatively to force SOCK_RAW to it'd be enough just to properly set
|
||||
net.ipv4.ping_group_range:
|
||||
|
||||
# echo "1 0" > /proc/sys/net/ipv4/ping_group_range
|
||||
|
||||
Closes: https://github.com/iputils/iputils/pull/344
|
||||
|
||||
Reviewed-by: Petr Vorel <pvorel@suse.cz>
|
||||
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
|
||||
[ pvorel: adjusted commit message ]
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b)
|
||||
---
|
||||
ping/ping6_common.c | 11 +++++++++++
|
||||
1 file changed, 11 insertions(+)
|
||||
|
||||
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
||||
index 4712928..98b5adb 100644
|
||||
--- a/ping/ping6_common.c
|
||||
+++ b/ping/ping6_common.c
|
||||
@@ -223,6 +223,8 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
||||
if (rts->device) {
|
||||
struct cmsghdr *cmsg;
|
||||
struct in6_pktinfo *ipi;
|
||||
+ int rc;
|
||||
+ int errno_save;
|
||||
|
||||
cmsg = (struct cmsghdr *)(rts->cmsgbuf + rts->cmsglen);
|
||||
rts->cmsglen += CMSG_SPACE(sizeof(*ipi));
|
||||
@@ -233,6 +235,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
||||
ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg);
|
||||
memset(ipi, 0, sizeof(*ipi));
|
||||
ipi->ipi6_ifindex = if_name2index(rts->device);
|
||||
+
|
||||
+ enable_capability_raw();
|
||||
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
|
||||
+ rts->device, strlen(rts->device) + 1);
|
||||
+ errno_save = errno;
|
||||
+ disable_capability_raw();
|
||||
+
|
||||
+ if (rc == -1)
|
||||
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
|
||||
}
|
||||
|
||||
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
|
||||
--
|
||||
2.46.0
|
||||
|
54
SOURCES/012-ping6-Avoid-binding-to-non-VRF.patch
Normal file
54
SOURCES/012-ping6-Avoid-binding-to-non-VRF.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From a2d2428c5fa6bf370486f509b18862c5c7b8b47e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Vorel <pvorel@suse.cz>
|
||||
Date: Tue, 9 Nov 2021 02:39:56 +0100
|
||||
Subject: [PATCH 2/2] ping6: Avoid binding to non-VRF
|
||||
|
||||
This fixes permission issue when specifying just address (without VRF)
|
||||
unless having CAP_NET_ADMIN (i.e. root) permission:
|
||||
|
||||
$ ./builddir/ping/ping -c1 -I lo ::1
|
||||
./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted
|
||||
|
||||
because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
|
||||
opt_strictsource.
|
||||
|
||||
Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")
|
||||
|
||||
Signed-off-by: Petr Vorel <pvorel@suse.cz>
|
||||
(cherry picked from commit f52b582248f1f870e870a9973621805d969906b4)
|
||||
---
|
||||
ping/ping6_common.c | 18 ++++++++++--------
|
||||
1 file changed, 10 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
|
||||
index 98b5adb..a784be0 100644
|
||||
--- a/ping/ping6_common.c
|
||||
+++ b/ping/ping6_common.c
|
||||
@@ -236,14 +236,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
|
||||
memset(ipi, 0, sizeof(*ipi));
|
||||
ipi->ipi6_ifindex = if_name2index(rts->device);
|
||||
|
||||
- enable_capability_raw();
|
||||
- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
|
||||
- rts->device, strlen(rts->device) + 1);
|
||||
- errno_save = errno;
|
||||
- disable_capability_raw();
|
||||
-
|
||||
- if (rc == -1)
|
||||
- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
|
||||
+ if (rts->opt_strictsource) {
|
||||
+ enable_capability_raw();
|
||||
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
|
||||
+ rts->device, strlen(rts->device) + 1);
|
||||
+ errno_save = errno;
|
||||
+ disable_capability_raw();
|
||||
+
|
||||
+ if (rc == -1)
|
||||
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
|
||||
+ }
|
||||
}
|
||||
|
||||
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
|
||||
--
|
||||
2.46.0
|
||||
|
88
SOURCES/101-iputils-ifenslave-CWE-170.patch
Normal file
88
SOURCES/101-iputils-ifenslave-CWE-170.patch
Normal file
@ -0,0 +1,88 @@
|
||||
From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 23 Mar 2021 08:10:10 +0100
|
||||
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
|
||||
|
||||
---
|
||||
ifenslave.c | 24 ++++++++++++++++--------
|
||||
1 file changed, 16 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/ifenslave.c b/ifenslave.c
|
||||
index ddd82ec..1efe4f1 100644
|
||||
--- a/ifenslave.c
|
||||
+++ b/ifenslave.c
|
||||
@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname)
|
||||
struct sockaddr dstaddr, broadaddr, netmask;
|
||||
unsigned char *hwaddr;
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0)
|
||||
return -1;
|
||||
mif_flags = ifr.ifr_flags;
|
||||
printf("The result of SIOCGIFFLAGS on %s is %x.\n",
|
||||
ifname, ifr.ifr_flags);
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0)
|
||||
return -1;
|
||||
printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n",
|
||||
ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3],
|
||||
ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]);
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
|
||||
return -1;
|
||||
|
||||
@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname)
|
||||
ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1],
|
||||
hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) {
|
||||
metric = 0;
|
||||
} else
|
||||
metric = ifr.ifr_metric;
|
||||
printf("The result of SIOCGIFMETRIC is %d\n", metric);
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0)
|
||||
mtu = 0;
|
||||
else
|
||||
mtu = ifr.ifr_mtu;
|
||||
printf("The result of SIOCGIFMTU is %d\n", mtu);
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) {
|
||||
memset(&dstaddr, 0, sizeof(struct sockaddr));
|
||||
} else
|
||||
dstaddr = ifr.ifr_dstaddr;
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) {
|
||||
memset(&broadaddr, 0, sizeof(struct sockaddr));
|
||||
} else
|
||||
broadaddr = ifr.ifr_broadaddr;
|
||||
|
||||
- strcpy(ifr.ifr_name, ifname);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) {
|
||||
memset(&netmask, 0, sizeof(struct sockaddr));
|
||||
} else
|
||||
--
|
||||
2.29.2
|
||||
|
154
SOURCES/102-iputils-ifenslave-CWE-170-2.patch
Normal file
154
SOURCES/102-iputils-ifenslave-CWE-170-2.patch
Normal file
@ -0,0 +1,154 @@
|
||||
From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 15:41:58 +0200
|
||||
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
|
||||
|
||||
Resolves: #1938746
|
||||
---
|
||||
ifenslave.c | 43 +++++++++++++++++++++++++++----------------
|
||||
1 file changed, 27 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/ifenslave.c b/ifenslave.c
|
||||
index 1efe4f1..59bce4c 100644
|
||||
--- a/ifenslave.c
|
||||
+++ b/ifenslave.c
|
||||
@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname)
|
||||
char *endptr;
|
||||
|
||||
memset(&ifr, 0, sizeof(ifr));
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
ifr.ifr_data = (caddr_t)&info;
|
||||
|
||||
info.cmd = ETHTOOL_GDRVINFO;
|
||||
@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname)
|
||||
return 1;
|
||||
}
|
||||
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
||||
if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) &&
|
||||
(ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) {
|
||||
saved_errno = errno;
|
||||
@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname)
|
||||
}
|
||||
|
||||
/* Do the real thing */
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
||||
if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) &&
|
||||
(ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) {
|
||||
saved_errno = errno;
|
||||
@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname)
|
||||
return 1;
|
||||
}
|
||||
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
|
||||
if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) &&
|
||||
(ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) {
|
||||
saved_errno = errno;
|
||||
@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[])
|
||||
int res = 0;
|
||||
|
||||
for (i = 0; ifra[i].req_ifr; i++) {
|
||||
- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ);
|
||||
+ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1);
|
||||
+ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0';
|
||||
res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr);
|
||||
if (res < 0) {
|
||||
saved_errno = errno;
|
||||
@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname)
|
||||
{
|
||||
int res = 0;
|
||||
|
||||
- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ);
|
||||
+ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
||||
+ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0';
|
||||
res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags);
|
||||
if (res < 0) {
|
||||
saved_errno = errno;
|
||||
@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr)
|
||||
struct ifreq ifr;
|
||||
int res = 0;
|
||||
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
|
||||
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
|
||||
if (res < 0) {
|
||||
@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr)
|
||||
struct ifreq ifr;
|
||||
int res = 0;
|
||||
|
||||
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
||||
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
|
||||
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
|
||||
if (res < 0) {
|
||||
@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu)
|
||||
struct ifreq ifr;
|
||||
int res = 0;
|
||||
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
ifr.ifr_mtu = mtu;
|
||||
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
||||
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
||||
|
||||
res = ioctl(skfd, SIOCSIFMTU, &ifr);
|
||||
if (res < 0) {
|
||||
@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags)
|
||||
struct ifreq ifr;
|
||||
int res = 0;
|
||||
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
ifr.ifr_flags = flags;
|
||||
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
|
||||
res = ioctl(skfd, SIOCSIFFLAGS, &ifr);
|
||||
if (res < 0) {
|
||||
@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname)
|
||||
struct ifreq ifr;
|
||||
int res = 0;
|
||||
|
||||
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
|
||||
ifr.ifr_addr.sa_family = AF_INET;
|
||||
memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data));
|
||||
|
||||
@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
|
||||
{NULL, NULL, 0, 0},
|
||||
};
|
||||
|
||||
+ memset(&ifr, 0, sizeof(ifr));
|
||||
for (i = 0; ifra[i].req_name; i++) {
|
||||
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
|
||||
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
|
||||
res = ioctl(skfd, ifra[i].g_ioctl, &ifr);
|
||||
if (res < 0) {
|
||||
int saved_errno = errno;
|
||||
@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
|
||||
sizeof(ifr.ifr_addr.sa_data));
|
||||
}
|
||||
|
||||
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
|
||||
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
|
||||
res = ioctl(skfd, ifra[i].s_ioctl, &ifr);
|
||||
if (res < 0) {
|
||||
int saved_errno = errno;
|
||||
--
|
||||
2.31.1
|
||||
|
@ -2,15 +2,15 @@
|
||||
|
||||
Summary: Network monitoring tools including ping
|
||||
Name: iputils
|
||||
Version: 20180629
|
||||
Version: 20210202
|
||||
Release: 11%{?dist}
|
||||
# some parts are under the original BSD (ping.c)
|
||||
# some are under GPLv2+ (tracepath.c)
|
||||
License: BSD and GPLv2+
|
||||
URL: https://github.com/iputils/iputils
|
||||
Group: System Environment/Daemons
|
||||
|
||||
Source0: https://github.com/iputils/iputils/archive/s%{version}.tar.gz#/%{name}-s%{version}.tar.gz
|
||||
Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz
|
||||
# ifenslave.tar.gz was taken from kernel 3.10 source at: https://elixir.bootlin.com/linux/v3.10/source/Documentation/networking/ifenslave.c
|
||||
Source1: ifenslave.tar.gz
|
||||
Source2: rdisc.service
|
||||
Source3: ninfod.service
|
||||
@ -18,29 +18,35 @@ Source3: ninfod.service
|
||||
Source4: bsd.txt
|
||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
|
||||
Patch0: 0000-iputils-rh.patch
|
||||
Patch1: 0001-iputils-ifenslave.patch
|
||||
Patch2: 0002-iputils-freeaddrinfo.patch
|
||||
Patch3: 0003-fix-incorrect-statistics.patch
|
||||
Patch4: 0004-tracepath-fix-copying-input-ipv6-address.patch
|
||||
Patch5: 0005-ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
|
||||
Patch6: 0006-ping-Fix-unwanted-bell-on-unreachable-address.patch
|
||||
# Upstream patches
|
||||
Patch001: 001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
|
||||
Patch002: 002-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
|
||||
Patch003: 003-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
|
||||
Patch004: 004-arping-fix-typo-in-error-checking.patch
|
||||
Patch005: 005-arping-exit-0-if-running-in-deadline-mode-and-we-see.patch
|
||||
Patch006: 006-Revert-Add-strict-pattern-matching-on-response-when-.patch
|
||||
Patch007: 007-ping-Move-ping_rts-multicast.patch
|
||||
Patch008: 008-ping-Print-reply-from-Subnet-Router-anycast-address.patch
|
||||
Patch009: 009-ping-Print-reply-with-wrong-source-with-warning.patch
|
||||
Patch010: 010-ping-Fix-socket-error-reporting.patch
|
||||
Patch011: 011-ping-Fix-ping6-binding-to-VRF-and-address.patch
|
||||
Patch012: 012-ping6-Avoid-binding-to-non-VRF.patch
|
||||
|
||||
# bz2208409 - [RFE] support VRF with ping command
|
||||
Patch7: 0007-ping-allow-user-to-specify-VRF-and-source-IP.patch
|
||||
# Downstream-only patches
|
||||
Patch100: 100-iputils-ifenslave.patch
|
||||
Patch101: 101-iputils-ifenslave-CWE-170.patch
|
||||
Patch102: 102-iputils-ifenslave-CWE-170-2.patch
|
||||
|
||||
%if ! 0%{?_module_build}
|
||||
BuildRequires: docbook-utils perl-SGMLSpm
|
||||
%endif
|
||||
BuildRequires: gcc
|
||||
BuildRequires: meson
|
||||
BuildRequires: gettext
|
||||
BuildRequires: glibc-kernheaders >= 2.4-8.19
|
||||
BuildRequires: libidn2-devel
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: libcap-devel
|
||||
BuildRequires: libxslt docbook-style-xsl
|
||||
Requires(post): systemd
|
||||
Requires(preun): systemd
|
||||
Requires(postun): systemd
|
||||
BuildRequires: libxslt docbook5-style-xsl
|
||||
BuildRequires: systemd
|
||||
%{?systemd_ordering}
|
||||
Provides: /bin/ping
|
||||
Provides: /bin/ping6
|
||||
Provides: /sbin/arping
|
||||
@ -53,7 +59,6 @@ ECHO_REQUEST packets to a specified network host to discover whether
|
||||
the target machine is alive and receiving network traffic.
|
||||
|
||||
%package ninfod
|
||||
Group: System Environment/Daemons
|
||||
Summary: Node Information Query Daemon
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Provides: %{_sbindir}/ninfod
|
||||
@ -63,67 +68,30 @@ Node Information Query (RFC4620) daemon. Responds to IPv6 Node Information
|
||||
Queries.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1 -n %{name}-s%{version}
|
||||
%setup -q -a 1 -n %{name}-%{version}
|
||||
cp %{SOURCE4} %{SOURCE5} .
|
||||
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%autopatch -p1
|
||||
|
||||
%build
|
||||
%ifarch s390 s390x
|
||||
export CFLAGS="-fPIE"
|
||||
%else
|
||||
export CFLAGS="-fpie"
|
||||
%endif
|
||||
export LDFLAGS="-pie -Wl,-z,relro,-z,now"
|
||||
%meson -DBUILD_TFTPD=false
|
||||
%meson_build
|
||||
|
||||
make %{?_smp_mflags} arping clockdiff ping rdisc tracepath ninfod
|
||||
gcc -Wall $RPM_OPT_FLAGS $CFLAGS $LDFLAGS ifenslave.c -o ifenslave
|
||||
%if ! 0%{?_module_build}
|
||||
make -C doc man
|
||||
%endif
|
||||
gcc $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave
|
||||
|
||||
%install
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
|
||||
|
||||
install -c clockdiff ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
install -cp arping ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
install -cp ping ${RPM_BUILD_ROOT}%{_bindir}/
|
||||
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
install -cp rdisc ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
install -cp tracepath ${RPM_BUILD_ROOT}%{_bindir}/
|
||||
install -cp ninfod/ninfod ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
%meson_install
|
||||
%find_lang %{name}
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
|
||||
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping
|
||||
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6
|
||||
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath
|
||||
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6
|
||||
|
||||
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
|
||||
%if ! 0%{?_module_build}
|
||||
install -cp doc/clockdiff.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
install -cp doc/arping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
install -cp doc/ping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
install -cp doc/rdisc.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
install -cp doc/tracepath.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
install -cp doc/ninfod.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
ln -sf ../bin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping
|
||||
ln -sf ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
|
||||
ln -sf tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
|
||||
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
|
||||
install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
|
||||
ln -s ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
|
||||
ln -s tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
|
||||
%endif
|
||||
|
||||
install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
|
||||
install -m 644 %SOURCE2 ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
|
||||
%post
|
||||
%systemd_post rdisc.service
|
||||
@ -143,13 +111,12 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
%postun ninfod
|
||||
%systemd_postun_with_restart ninfod.service
|
||||
|
||||
%files
|
||||
%files -f %{name}.lang
|
||||
%doc README.bonding
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license bsd.txt gpl-2.0.txt
|
||||
%{_unitdir}/rdisc.service
|
||||
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff
|
||||
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping
|
||||
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/clockdiff
|
||||
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping
|
||||
%attr(0755,root,root) %{_bindir}/ping
|
||||
%{_sbindir}/ifenslave
|
||||
%{_sbindir}/rdisc
|
||||
@ -158,7 +125,7 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
%{_sbindir}/ping6
|
||||
%{_sbindir}/tracepath
|
||||
%{_sbindir}/tracepath6
|
||||
%if ! 0%{?_module_build}
|
||||
%{_sbindir}/arping
|
||||
%attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/arping.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ping.8.gz
|
||||
@ -167,47 +134,94 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
|
||||
%attr(644,root,root) %{_mandir}/man8/tracepath.8.gz
|
||||
%{_mandir}/man8/tracepath6.8.gz
|
||||
%attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz
|
||||
%endif
|
||||
|
||||
%files ninfod
|
||||
%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod
|
||||
%{_unitdir}/ninfod.service
|
||||
%if ! 0%{?_module_build}
|
||||
%attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Jun 08 2023 Jan Macku <jamacku@redhat.com> - 20180629-11
|
||||
- Add support for VRF with ping command (#2208409)
|
||||
* Fri Sep 06 2024 Jan Macku <jamacku@redhat.com> - 20210202-11
|
||||
- ping: Fix ping6 binding to VRF and address (RHEL-57734)
|
||||
|
||||
* Tue Mar 22 2022 Jan Macku <jamacku@redhat.com> - 20180629-10
|
||||
- Fix regression of output when pinging unreachable IPv6 host (#2057570)
|
||||
* Wed Aug 28 2024 Jan Macku <jamacku@redhat.com> - 20210202-10
|
||||
- arping: Fix 1s delay on exit for unsolicited arpings (RHEL-34110)
|
||||
- arping: exit 0 if running in deadline mode and we see replies (RHEL-27718)
|
||||
- ping: Print reply with wrong source with warning & some follow-up fixes (RHEL-12789, RHEL-13480)
|
||||
- ping: Fix socket error reporting (RHEL-4608)
|
||||
|
||||
* Thu Feb 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-9
|
||||
- Fix copying input IPv6 address (#2047659)
|
||||
* Wed May 03 2023 Jan Macku <jamacku@redhat.com> - 20210202-9
|
||||
- ping: Remove 'unsupported IPv6' warning on disabled IPv6 (rhbz#2152511)
|
||||
|
||||
* Mon Jan 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-8
|
||||
- Make ping unprivileged (#2030107)
|
||||
* Fri Nov 25 2022 Jan Macku <jamacku@redhat.com> - 20210202-8
|
||||
- Build iputils and ifenslave with correct flags (rhbz#2144509)
|
||||
|
||||
* Wed Feb 17 2021 Jan Macku <jamacku@redhat.com> - 20180629-7
|
||||
- Revert patch introduced by #1852638 (#1928179)
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-7
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Tue Dec 15 2020 Jan Macku <jamacku@redhat.com> - 20180629-6
|
||||
- Exit on error (#1852638)
|
||||
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-6
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Thu Dec 10 2020 Jan Macku <jamacku@redhat.com> - 20180629-5
|
||||
- Change error() -> fprintf() reported by covscan (#1852638)
|
||||
* Mon Jun 14 2021 Jan Macku <jamacku@redhat.com> - 20210202-5
|
||||
- spec: Add note about source of ifenslave code (rhbz#1938746)
|
||||
|
||||
* Wed Dec 09 2020 Jan Macku <jamacku@redhat.com> - 20180629-4
|
||||
- Fix infinite loop caused by subsecond timeouts (#1852638)
|
||||
* Wed Jun 09 2021 Jan Macku <jamacku@redhat.com> - 20210202-4
|
||||
- ifenslave: fix CWE-170 (rhbz#1938746)
|
||||
|
||||
* Tue Dec 08 2020 Jan Macku <jamacku@redhat.com> - 20180629-3
|
||||
- Fix incorrect ping statistics (#1901780)
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-3
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Wed Jul 10 2019 Jan Synáček <jsynacek@redhat.com> - 20180629-2
|
||||
- covscan fix (#1606968)
|
||||
* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-2
|
||||
- ifenslave: fix CWE-170 (related to rhbz#1938746)
|
||||
|
||||
* Tue Jul 03 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1
|
||||
* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 20210202-1
|
||||
- Update to 20210202. Fixes rhbz#1923917
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20200821-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sat Oct 31 2020 Kevin Fenzi <kevin@scrye.com> - 20200821-1
|
||||
- Update to 20200821 release. Fixes bug #1871310
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon May 18 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-7
|
||||
- arping exits with error when should not (#1836607)
|
||||
|
||||
* Mon Mar 2 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-6
|
||||
- Make ping unprivileged (#1699497)
|
||||
|
||||
* Mon Feb 3 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-5
|
||||
- Symlink arping to /usr/sbin/arping to maintain backward compatibility (#1797525)
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-2
|
||||
- Mark localization files correctly (#1712514)
|
||||
|
||||
* Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-1
|
||||
- Update to s20190515 (#1710647)
|
||||
|
||||
* Thu Mar 28 2019 Jan Synáček <jsynacek@redhat.com> - 20190324-1
|
||||
- Update to s20190324 (#1692136)
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Jan 23 2019 Bogdan Dobrelya <bdobreli@redhat.com> - 20180629-3
|
||||
- Use systemd_ordering macro
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Tue Jul 3 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1
|
||||
- update to s20180629 (#1596893)
|
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161105-9
|
||||
|
Loading…
Reference in New Issue
Block a user