rpms/iputils
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8
Branches Tags
rpms:c8
rpms:c9-beta
rpms:c9
rpms:c10-beta
rpms:c10s
rpms:c9s
rpms:c8-beta
rpms:c8s
rpms:imports/c9-beta/iputils-20210202-11.el9
rpms:imports/c9/iputils-20210202-10.el9_5
rpms:imports/c10-beta/iputils-20240117-6.el10
rpms:imports/c10s/iputils-20240905-2.el10
rpms:imports/c10s/iputils-20240905-1.el10
rpms:imports/c10s/iputils-20240117-6.el10
rpms:imports/c8/iputils-20180629-11.el8
rpms:imports/c9/iputils-20210202-9.el9
rpms:imports/c8-beta/iputils-20180629-11.el8
rpms:imports/c9-beta/iputils-20210202-9.el9
rpms:imports/c9-beta/iputils-20210202-8.el9
rpms:imports/c9/iputils-20210202-8.el9
rpms:imports/c9/iputils-20210202-8.el9_1.1
rpms:imports/c8/iputils-20180629-10.el8
rpms:imports/c8-beta/iputils-20180629-10.el8
rpms:imports/c9/iputils-20210202-7.el9
rpms:imports/c8/iputils-20180629-9.el8
rpms:imports/c8-beta/iputils-20180629-9.el8
rpms:imports/c8s/iputils-20180629-10.el8
rpms:imports/c8s/iputils-20180629-9.el8
rpms:imports/c8s/iputils-20180629-8.el8
rpms:imports/c9-beta/iputils-20210202-7.el9
rpms:imports/c8-beta/iputils-20180629-7.el8
rpms:imports/c8-beta/iputils-20180629-2.el8
rpms:imports/c8-beta/iputils-20180629-1.el8
rpms:imports/c8s/iputils-20180629-7.el8
rpms:imports/c8s/iputils-20180629-6.el8
rpms:imports/c8s/iputils-20180629-4.el8
rpms:imports/c8s/iputils-20180629-3.el8
rpms:imports/c8/iputils-20180629-7.el8
rpms:imports/c8/iputils-20180629-2.el8
rpms:imports/c8/iputils-20180629-1.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9-beta
rpms:c9
rpms:c10-beta
rpms:c10s
rpms:c9s
rpms:c8
rpms:c8-beta
rpms:c8s
rpms:imports/c9-beta/iputils-20210202-11.el9
rpms:imports/c9/iputils-20210202-10.el9_5
rpms:imports/c10-beta/iputils-20240117-6.el10
rpms:imports/c10s/iputils-20240905-2.el10
rpms:imports/c10s/iputils-20240905-1.el10
rpms:imports/c10s/iputils-20240117-6.el10
rpms:imports/c8/iputils-20180629-11.el8
rpms:imports/c9/iputils-20210202-9.el9
rpms:imports/c8-beta/iputils-20180629-11.el8
rpms:imports/c9-beta/iputils-20210202-9.el9
rpms:imports/c9-beta/iputils-20210202-8.el9
rpms:imports/c9/iputils-20210202-8.el9
rpms:imports/c9/iputils-20210202-8.el9_1.1
rpms:imports/c8/iputils-20180629-10.el8
rpms:imports/c8-beta/iputils-20180629-10.el8
rpms:imports/c9/iputils-20210202-7.el9
rpms:imports/c8/iputils-20180629-9.el8
rpms:imports/c8-beta/iputils-20180629-9.el8
rpms:imports/c8s/iputils-20180629-10.el8
rpms:imports/c8s/iputils-20180629-9.el8
rpms:imports/c8s/iputils-20180629-8.el8
rpms:imports/c9-beta/iputils-20210202-7.el9
rpms:imports/c8-beta/iputils-20180629-7.el8
rpms:imports/c8-beta/iputils-20180629-2.el8
rpms:imports/c8-beta/iputils-20180629-1.el8
rpms:imports/c8s/iputils-20180629-7.el8
rpms:imports/c8s/iputils-20180629-6.el8
rpms:imports/c8s/iputils-20180629-4.el8
rpms:imports/c8s/iputils-20180629-3.el8
rpms:imports/c8/iputils-20180629-7.el8
rpms:imports/c8/iputils-20180629-2.el8
rpms:imports/c8/iputils-20180629-1.el8

No commits in common. "c8" and "c9-beta" have entirely different histories.
c8 ... c9-beta

25 changed files with 1240 additions and 489 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/ifenslave.tar.gz
SOURCES/iputils-s20180629.tar.gz
SOURCES/iputils-20210202.tar.gz

2
.iputils.metadata
View File

@ -1,2 +1,2 @@
1e2652cb1d1e29a8ebed1209131924a6eb864daf SOURCES/ifenslave.tar.gz
353df20691bf027ad35fcaaf6894b122c39d8f2d SOURCES/iputils-s20180629.tar.gz
4e552cd0478388e1551853020b60efda18592028 SOURCES/iputils-20210202.tar.gz

20
SOURCES/0000-iputils-rh.patch
View File

@ -1,20 +0,0 @@
--- iputils-s20160308/Makefile 2016-03-08 13:58:56.000000000 +0100
+++ iputils-s20160308-new/Makefile 2016-03-09 10:09:02.295409179 +0100
@@ -36,7 +36,7 @@ WITHOUT_IFADDRS=no
ARPING_DEFAULT_DEVICE=
# nettle library for ipv6 ping [yes|no|static]
-USE_NETTLE=yes
+USE_NETTLE=no
# libgcrypt library for ipv6 ping [no|yes|static]
USE_GCRYPT=no
# Crypto library for ping6 [shared|static|no]
@@ -53,7 +53,7 @@ ENABLE_RDISC_SERVER=no
# What a pity, all new gccs are buggy and -Werror does not work. Sigh.
# CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall -Werror -g
CFLAGS?=-O3 -g
-CFLAGS+=-fno-strict-aliasing -Wstrict-prototypes -Wall
+CFLAGS+=$(RPM_OPT_FLAGS) -fno-strict-aliasing -Wstrict-prototypes -Wall
CPPFLAGS+=-D_GNU_SOURCE
LDLIB=

14
SOURCES/0002-iputils-freeaddrinfo.patch
View File

@ -1,14 +0,0 @@
--- a/ping.c 2018-06-29 20:00:46.000000000 +0200
+++ b/ping.c 2019-07-10 09:50:06.653039073 +0200
@@ -589,8 +589,10 @@ int ping4_run(int argc, char **argv, str
strncpy(hnamebuf, ai->ai_canonname, sizeof hnamebuf - 1);
hostname = hnamebuf;
- if (result)
+ if (result) {
freeaddrinfo(result);
+ ai = NULL;
+ }
}
if (argc > 1)
route[nroute++] = whereto.sin_addr.s_addr;

25
SOURCES/0003-fix-incorrect-statistics.patch
View File

@ -1,25 +0,0 @@
From 445826446c32035b3c8e8a7780c4e4b885f0f98f Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Mon, 7 Dec 2020 15:08:14 +0100
Subject: [PATCH] ping: Fix incorrect statistics
---
ping_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ping_common.c b/ping_common.c
index 040bf23..02cb5e1 100644
--- a/ping_common.c
+++ b/ping_common.c
@@ -934,7 +934,7 @@ void finish(void)
printf(", %g%% packet loss",
(float) ((((long long)(ntransmitted - nreceived)) * 100.0) /
ntransmitted));
- printf(", time %ldms", (1000*tv.tv_sec+tv.tv_usec+500)/1000);
+ printf(", time %ldms", 1000*tv.tv_sec+(tv.tv_usec+500)/1000);
}
putchar('\n');
--
2.28.0

38
SOURCES/0004-tracepath-fix-copying-input-ipv6-address.patch
View File

@ -1,38 +0,0 @@
From e0baf20067a75f093d690bd51a6db3f5afabca77 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 17 Jul 2018 17:56:10 +0200
Subject: [PATCH] tracepath: Fix copying input IPv6 address
Commit e669c86 broke copying input IPv6 address.
tracepath recover from it, but it's slower.
Previously was address too short:
strace ./tracepath -6 fe80::8895:e2af:e96e:fd8f
sendto(3, "\1\0\0\0\0\0\0\0\307\36N[\0\0\0\0w_\f\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
After fix is correct:
sendto(3, "\1\0\0\0\0\0\0\0\300\36N[\0\0\0\0'B\3\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 127952, 0, {sa_family=AF_INET6, sin6_port=htons(44444), inet_pton(AF_INET6, "fe80::8895:e2af:e96e:fd8f", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EMSGSIZE (Message too long)
Bug found by LTP test.
Fixes: e669c86 tracepath: fix heap-buffer-overflow [asan]
Fixes: #137
---
tracepath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tracepath.c b/tracepath.c
index 53bda16f..539a7a11 100644
--- a/tracepath.c
+++ b/tracepath.c
@@ -475,7 +475,7 @@ int main(int argc, char **argv)
fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
if (fd < 0)
continue;
- memcpy(&target, ai->ai_addr, sizeof(*ai->ai_addr));
+ memcpy(&target, ai->ai_addr, ai->ai_addrlen);
targetlen = ai->ai_addrlen;
break;
}

48
SOURCES/0005-ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
View File

@ -1,48 +0,0 @@
From 18f9a84e0e702841d6cc4d5f593de4fbd1348e83 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 28 Dec 2019 17:16:27 +0000
Subject: [PATCH] ninfod: change variable name to avoid colliding with function
name
The sys/capability.h header has 'extern int cap_setuid(uid_t uid);'
function prototype.
Addresses: https://github.com/iputils/iputils/issues/246
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
ninfod/ninfod.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/ninfod/ninfod.c b/ninfod/ninfod.c
index 26112d0d..95583de4 100644
--- a/ninfod/ninfod.c
+++ b/ninfod/ninfod.c
@@ -455,7 +455,7 @@ static void do_daemonize(void)
/* --------- */
#ifdef HAVE_LIBCAP
static const cap_value_t cap_net_raw = CAP_NET_RAW;
-static const cap_value_t cap_setuid = CAP_SETUID;
+static const cap_value_t cap_setuserid = CAP_SETUID;
static cap_flag_value_t cap_ok;
#else
static uid_t euid;
@@ -487,7 +487,7 @@ static void limit_capabilities(void)
cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok);
if (cap_ok != CAP_CLEAR)
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
if (cap_set_proc(cap_p) < 0) {
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));
@@ -520,8 +520,8 @@ static void drop_capabilities(void)
/* setuid / setuid */
if (cap_ok != CAP_CLEAR) {
- cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET);
- cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET);
+ cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuserid, CAP_SET);
+ cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuserid, CAP_SET);
if (cap_set_proc(cap_p) < 0) {
DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno));

113
SOURCES/0006-ping-Fix-unwanted-bell-on-unreachable-address.patch
View File

@ -1,113 +0,0 @@
From dc4f836759887a6edf141aa55adbdb9bc63f5e69 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 22 Mar 2022 12:59:21 +0100
Subject: [PATCH] ping: Fix unwanted bell on unreachable address
Commit 4471ac629cf2603f4b8b45e042e072c992ce25a5 caused regression for IPv6
that ping -a IP6_ADDR beeps also on wrong address (i.e. when "Address
unreachable"):
$ ping -a -c1 fd00:1:1:1::15
PING fd00:1:1:1::15(fd00:1:1:1::15) 56 data bytes
From fd00:1:1:1::2 icmp_seq=1 Destination unreachable: Address unreachable
--- fd00:1:1:1::15 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0m
It should only bell when ping returns correctly.
Another (fixed) regression was that ping after exit printed error "pipe N",
where N is number of counts. Error was result of code from ping_common.c:
printf("%spipe %d", comma, pipesize);
4471ac6 was wrong that code for sock->working_recverr == 1 should stay,
sock->working_recverr should be removed.
Thus changes:
* ping.c: put back "stronger filter" for raw socket but (unlike before
4471ac6) exit with 2 if setsockopt(ICMP_FILTER) fails
* ping6_common.c: put back setsockopt(IPV6_RECVERR), but (unlike before
4471ac6) exit with 2 if it fails
* ping6_common.c: remove ICMP6_FILTER_SETPASS calls. These caused error "pipe N".
* ping6_common.c: return 0 after acknowledge() in ping6_parse_reply
Fixes: 4471ac6 ("ping: Remove workaround for bug in IP_RECVERR on raw sockets")
Fixes: https://github.com/iputils/iputils/issues/182
Reported-by: Luiz Angelo Daros de Luca <luizluca@tre-sc.jus.br>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
---
Patch has been adjusted to be applicable to RHEL8 codebase
Resolves: #2057570
---
ping.c | 11 +++++++++++
ping6_common.c | 15 +++------------
2 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/ping.c b/ping.c
index d9a3f5d..c870390 100644
--- a/ping.c
+++ b/ping.c
@@ -949,6 +949,17 @@ int ping4_receive_error_msg(socket_st *sock)
acknowledge(ntohs(icmph.un.echo.sequence));
+ if (sock->socktype == SOCK_RAW)
+ {
+ struct icmp_filter filt;
+
+ filt.data = ~((1 << ICMP_SOURCE_QUENCH) |
+ (1 << ICMP_REDIRECT) |
+ (1 << ICMP_ECHOREPLY));
+ if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
+ sizeof(filt)) == -1)
+ error(2, errno, "setsockopt(ICMP_FILTER)");
+ }
net_errors++;
nerrors++;
if (options & F_QUIET)
diff --git a/ping6_common.c b/ping6_common.c
index 5991c2a..1181341 100644
--- a/ping6_common.c
+++ b/ping6_common.c
@@ -879,6 +879,8 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
}
hold = 1;
+ if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVERR, (const void *)&hold, sizeof hold))
+ error(2, errno, "IPV6_RECVERR");
/* Estimate memory eaten by single packet. It is rough estimate.
* Actually, for small datalen's it depends on kernel side a lot. */
@@ -906,11 +908,6 @@ int ping6_run(int argc, char **argv, struct addrinfo *ai, struct socket_st *sock
ICMP6_FILTER_SETBLOCKALL(&filter);
- ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &filter);
- ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &filter);
-
if (niquery_is_enabled())
ICMP6_FILTER_SETPASS(ICMPV6_NI_REPLY, &filter);
else
@@ -1437,13 +1434,7 @@ ping6_parse_reply(socket_st *sock, struct msghdr *msg, int cc, void *addr, struc
!is_ours(sock, icmph1->icmp6_id))
return 1;
acknowledge(ntohs(icmph1->icmp6_seq));
- nerrors++;
- if (options & F_FLOOD) {
- write_stdout("\bE", 2);
- return 0;
- }
- print_timestamp();
- printf("From %s: icmp_seq=%u ", pr_addr(from, sizeof *from), ntohs(icmph1->icmp6_seq));
+ return 0;
} else {
/* We've got something other than an ECHOREPLY */
if (!(options & F_VERBOSE) || uid)
--
2.35.1

131
SOURCES/0007-ping-allow-user-to-specify-VRF-and-source-IP.patch
View File

@ -1,131 +0,0 @@
From 2cc34ea408602f84fe102598ca258126531736c9 Mon Sep 17 00:00:00 2001
From: Jon Harrison <jon.harrison@metaswitch.com>
Date: Tue, 9 Jul 2019 16:48:07 +0100
Subject: [PATCH] ping: allow user to specify VRF and source IP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Without this, the options for sending a ping in the context of a VRF are
limited.
We can send a ping with a specific source IP address. For example:
ping 10.1.1.3 -I 10.1.1.2
We can send a ping in the context of a Linux VRF. For example:
ping 10.1.1.3 -I vrf_red
However, when pinging in the context of a VRF, Linux does not always choose
a sensible source IP address the source IP might not belong to the VRF.
As a result, the ping wont get a response. As a result, we want to be able
to specify both a VRF and a source IP address when initiating a ping. For
example:
ping 10.1.1.3 -I vrf_red -I 10.1.1.2
Ping reads in the command line parameters fine and sets up the 'source' and
'device' variables, but currently ignores the device if the source IP
address is non-zero. This commit adds a branch to ping.c that does the
socket bind to the device even in the case where the source IP is non-zero.
This branch is based on the existing case where source IP is zero, but
simplified a bit because we've already got a source IP address to use.
(cherry picked from commit 9e08707d743b29e853df81bd7def1729e3afe55d)
---
doc/ping.xml | 15 ++++++++++-----
ping.c | 44 +++++++++++++++++++++++++++++++++++++++++---
2 files changed, 51 insertions(+), 8 deletions(-)
diff --git a/doc/ping.xml b/doc/ping.xml
index bdf07b3..034e40c 100644
--- a/doc/ping.xml
+++ b/doc/ping.xml
@@ -158,11 +158,16 @@ to values less than 0.2 seconds.</para>
<varlistentry>
<term><option>-I </option><emphasis remap='I'>interface</emphasis></term>
<listitem>
-<para><emphasis remap='I'>interface</emphasis> is either an address, or an interface name.
-If <emphasis remap='I'>interface</emphasis> is an address, it sets source address
-to specified interface address.
-If <emphasis remap='I'>interface</emphasis> in an interface name, it sets
-source interface to specified interface.
+<para><emphasis remap='I'>interface</emphasis> is either an
+address, an interface name or a VRF name. If
+<emphasis remap="I">interface</emphasis> is an address, it
+sets source address to specified interface address. If
+<emphasis remap="I">interface</emphasis> is an interface
+name, it sets source interface to specified interface.
+If <emphasis remap="I">interface</emphasis> is a VRF
+name, each packet is routed using the corresponding
+routing table; in this case, the <option>-I</option> option
+can be repeated to specify a source address.
NOTE: For IPv6, when doing ping to a link-local scope
address, link specification (by the '%'-notation in
<emphasis remap='I'>destination</emphasis>, or by this option)
diff --git a/ping.c b/ping.c
index c870390..0f87723 100644
--- a/ping.c
+++ b/ping.c
@@ -705,7 +705,43 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock)
}
#endif
close(probe_fd);
- } while (0);
+
+ } else if (device) {
+ struct sockaddr_in dst = whereto;
+ struct ifreq ifr;
+ int fd = sock->fd;
+ int rc;
+ int errno_save;
+
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, device, IFNAMSIZ - 1);
+
+ enable_capability_raw();
+ rc = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, device, strlen(device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1) {
+ if (IN_MULTICAST(ntohl(dst.sin_addr.s_addr))) {
+ struct ip_mreqn imr;
+
+ if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
+ fprintf(stderr, "ping: %s: %s\n", "(\"unknown interface\")", device);
+ exit(2);
+ }
+ memset(&imr, 0, sizeof(imr));
+ imr.imr_ifindex = ifr.ifr_ifindex;
+ if (setsockopt(fd, SOL_IP, IP_MULTICAST_IF,
+ &imr, sizeof(imr)) == -1) {
+ fprintf(stderr, "ping: IP_MULTICAST_IF: %s\n", strerror(errno));
+ exit(2);
+ }
+ } else {
+ fprintf(stderr, "ping: SO_BINDTODEVICE %s: %s\n", device, strerror(errno_save));
+ exit(2);
+ }
+ }
+ }
if (whereto.sin_addr.s_addr == 0)
whereto.sin_addr.s_addr = source.sin_addr.s_addr;
@@ -957,8 +993,10 @@ int ping4_receive_error_msg(socket_st *sock)
(1 << ICMP_REDIRECT) |
(1 << ICMP_ECHOREPLY));
if (setsockopt(sock->fd, SOL_RAW, ICMP_FILTER, (const void *)&filt,
- sizeof(filt)) == -1)
- error(2, errno, "setsockopt(ICMP_FILTER)");
+ sizeof(filt)) == -1) {
+ fprintf(stderr, "ping: setsockopt(ICMP_FILTER): %s\n", strerror(errno));
+ exit(2);
+ }
}
net_errors++;
nerrors++;
--
2.40.1

51
SOURCES/001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch Normal file
View File

@ -0,0 +1,51 @@
From 79d713eab6181e219bf932b404706f6f59ff2539 Mon Sep 17 00:00:00 2001
From: Byron Stanoszek <gandalf@winds.org>
Date: Thu, 16 Sep 2021 23:38:54 +0200
Subject: [PATCH] ping: Remove 'unsupported IPv6' warning on disabled IPv6
Regression was introduced in d141cb6 as introduced condition
if ((errno == EAFNOSUPPORT && socktype == AF_INET6) || options & F_VERBOSE || requisite)
was wrong, it should have been:
if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) || options & F_VERBOSE)
but bug was hidden as `family == AF_INET6' was always false until
otherwise correct fix 904cdb6 ("ping: AF_INET6 is address family not
socket type [lgtm scan]") propagated the error.
Tested on kernel booted with ipv6.disable=1 (disabling via sysctl, i.e.
sysctl -w net.ipv6.conf.all.disable_ipv6=1; sysctl -w net.ipv6.conf.default.disable_ipv6=1
does not trigger the issue as it exit with "socket: Address family not
supported by protocol" - errno EADDRNOTAVAIL).
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
Closes: https://github.com/iputils/iputils/issues/293
Closes: https://github.com/iputils/iputils/pull/370
Reported-by: lekto <lekto@o2.pl>
Reviewed-by: Andrew Clayton <andrew@digital-domain.net>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Byron Stanoszek <gandalf@winds.org>
[ pvorel: create commit from Byron's patch on the issue, do analysis and wrote commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
ping/ping.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 6fcb44f2..0655bf4a 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -150,8 +150,8 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
/* Report error related to disabled IPv6 only when IPv6 also failed or in
* verbose mode. Report other errors always.
*/
- if ((errno == EAFNOSUPPORT && family == AF_INET6) ||
- rts->opt_verbose || requisite)
+ if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
+ rts->opt_verbose)
error(0, errno, "socket");
if (requisite)
exit(2);

40
SOURCES/002-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch Normal file
View File

@ -0,0 +1,40 @@
From a1890739e9d5953897cec43c59d5fea922384d5b Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Wed, 22 May 2024 07:05:14 +0200
Subject: [PATCH 1/2] arping: Fix 1s delay on exit for unsolicited arpings
Commit 67e070d introduced 1s poll() delay for unsolicited arpings,
when using -U or -A, e.g.:
# arping -A -c1 -I eth0 [IP address of eth0 interface]
# arping -U -c1 -I eth0 [IP address of eth0 interface]
Restore correct condition.
Fixes: 67e070d ("arping: use signalfd() and timerfd() rather than signals")
Fixes: https://github.com/iputils/iputils/issues/536
Closes: https://github.com/iputils/iputils/pull/541
Reported-by: <Curtis Taylor cjebpub@gmail.com>
Suggested-by: <Curtis Taylor cjebpub@gmail.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 4db1de672559804bebcb7073d231924339ca8cd8)
---
arping.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arping.c b/arping.c
index 53fdbb4..8929f8f 100644
--- a/arping.c
+++ b/arping.c
@@ -749,7 +749,7 @@ static int event_loop(struct run_state *ctl)
pfds[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP;
send_pack(ctl);
- while (!exit_loop) {
+ while (!(exit_loop || ctl->unsolicited)) {
int ret;
size_t i;
--
2.46.0

61
SOURCES/003-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch Normal file
View File

@ -0,0 +1,61 @@
From 5564dd9f224a7354a55c8f57ac0da9c2e58b18e5 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Fri, 24 May 2024 00:05:53 +0200
Subject: [PATCH 2/2] arping: Fix unsolicited ARP regressions on -c > 1
4db1de6 tried to fix a regression 1 sec delay due poll() for unsolicited
ARP, .i.e. -A and -U (introduced in 67e070d, reported as issue #536).
But skipping the while loop entirely introduced another regression for
-A and -U, which behave like -c1 (sending *always* only a single packet).
Fixing it by checking in while loop and comparing also count (as it was
done in 67e070d before the rewrite).
NOTE: use exit_loop with continue instead of simple break to keep things
consistent.
Fixes: 4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
Fixes: 67e070d ("arping: use signalfd() and timerfd() rather than signals")
Fixes: https://github.com/iputils/iputils/issues/536
Closes: https://github.com/iputils/iputils/pull/543
Reported-by: David Bond <dbond@suse.com>
Reviewed-by: Andrea Cervesato <andrea.cervesato@suse.com>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 5de892d15eea467775420c4fd641df229f024259)
---
arping.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/arping.c b/arping.c
index 8929f8f..ee9da1d 100644
--- a/arping.c
+++ b/arping.c
@@ -749,10 +749,15 @@ static int event_loop(struct run_state *ctl)
pfds[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP;
send_pack(ctl);
- while (!(exit_loop || ctl->unsolicited)) {
+ while (!exit_loop) {
int ret;
size_t i;
+ if ((ctl->sent == ctl->count) && ctl->unsolicited) {
+ exit_loop = 1;
+ continue;
+ }
+
ret = poll(pfds, POLLFD_COUNT, -1);
if (ret <= 0) {
if (errno == EAGAIN)
@@ -813,6 +818,7 @@ static int event_loop(struct run_state *ctl)
}
}
}
+
close(sfd);
close(tfd);
freeifaddrs(ctl->ifa0);
--
2.46.0

33
SOURCES/004-arping-fix-typo-in-error-checking.patch Normal file
View File

@ -0,0 +1,33 @@
From 357b788e667bdd51b66bbc0cc88cf82ae3169455 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <noahm@debian.org>
Date: Wed, 16 Feb 2022 22:25:30 -0800
Subject: [PATCH 1/2] arping: fix typo in error checking
When attempting to check the return value of timerfd_create(), we were
not checking the value of the variable containing the return value.
Fixes: e594ca5 ("arping: use additional timerfd to control when timeout happens")
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Noah Meyerhans <noahm@debian.org>
(cherry picked from commit 8a6a2ce3cd0cdf69f0551a3a1e598a191561d18e)
---
arping.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arping.c b/arping.c
index ee9da1d..8059517 100644
--- a/arping.c
+++ b/arping.c
@@ -733,7 +733,7 @@ static int event_loop(struct run_state *ctl)
/* timeout timerfd */
timeoutfd = timerfd_create(CLOCK_MONOTONIC, 0);
- if (tfd == -1) {
+ if (timeoutfd == -1) {
error(0, errno, "timerfd_create failed");
return 1;
}
--
2.46.0

62
SOURCES/005-arping-exit-0-if-running-in-deadline-mode-and-we-see.patch Normal file
View File

@ -0,0 +1,62 @@
From bf2900d716397734136ec3014a591281504aa00b Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <noahm@debian.org>
Date: Wed, 16 Feb 2022 22:27:49 -0800
Subject: [PATCH 2/2] arping: exit 0 if running in deadline mode and we see
replies
The arping behavior when running in deadline mode without a packet
count (-w without -c) should match that of ping: any replies indicate
that the host is up and should result in a zero (success) exit status.
Fixes: https://github.com/iputils/iputils/issues/392
Closes: https://github.com/iputils/iputils/pull/395
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Noah Meyerhans <noahm@debian.org>
(cherry picked from commit 854873bdd28fcdd9cc3fe0c2d29c083a07d07a86)
---
arping.c | 2 ++
doc/arping.xml | 14 +++++++-------
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/arping.c b/arping.c
index 8059517..6f94e90 100644
--- a/arping.c
+++ b/arping.c
@@ -828,6 +828,8 @@ static int event_loop(struct run_state *ctl)
else if (ctl->dad && ctl->quit_on_reply)
/* Duplicate address detection mode return value */
rc |= !(ctl->brd_sent != ctl->received);
+ else if (ctl->timeout && !(ctl->count > 0))
+ rc |= !(ctl->received > 0);
else
rc |= (ctl->sent != ctl->received);
return rc;
diff --git a/doc/arping.xml b/doc/arping.xml
index 711718f..9adbc0c 100644
--- a/doc/arping.xml
+++ b/doc/arping.xml
@@ -202,13 +202,13 @@ xml:id="man.arping">
<listitem>
<para>Specify a timeout, in seconds, before
<command>arping</command> exits regardless of how many
- packets have been sent or received. In this case
- <command>arping</command> does not stop after
- <emphasis remap='I'>count</emphasis> packet are sent, it
- waits either for
- <emphasis remap='I'>deadline</emphasis> expire or until
- <emphasis remap='I'>count</emphasis> probes are
- answered.</para>
+ packets have been sent or received. If any replies are
+ received, exit with status 0, otherwise status 1. When
+ combined with the <emphasis remap="I">count</emphasis>
+ option, exit with status 0 if <emphasis
+ remap="I">count</emphasis> replies are received before the
+ deadline expiration, otherwise status 1.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
--
2.46.0

119
SOURCES/006-Revert-Add-strict-pattern-matching-on-response-when-.patch Normal file
View File

@ -0,0 +1,119 @@
From 7d62be648f03adba22bcccd2eb3506d51169b85d Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Thu, 15 Apr 2021 07:48:03 +0200
Subject: [PATCH 1/3] Revert "Add strict pattern matching on response when
pattern was provided"
This reverts commit f7710a17c4d5994313a64583f511bcdb9559f2a9.
Commit broke report of truncated packets:
$ ping -c2 -s100 google.com
PING google.com (142.250.185.238) 100(128) bytes of data.
Running ping from both s20161105 (which does not contain f7710a1) and
reverted f7710a1 on master reports truncated packets:
$ ping -c2 -s100 google.com
PING google.com (142.250.185.238) 100(128) bytes of data.
76 bytes from fra16s53-in-f14.1e100.net (142.250.185.238): icmp_seq=1 ttl=116 (truncated)
76 bytes from fra16s53-in-f14.1e100.net (142.250.185.238): icmp_seq=2 ttl=116 (truncated)
There was unreachable code in gather_statistics() because
contains_pattern_in_payload() added in f7710a1 always found a mismatch
first. Due that all of these did not work:
* updating counters for statistics generation
* keeping track of timestamps and time-of-flight using the first section
of the payload
* checking for duplicate replies and report them
* printing basic info about the reply
* printing "(truncated)" if the reply was truncated
* checking the checksum
* validating the rest of the payload (bytes 17 and above) against the
ICMP request that was sent, and report any differences
Fixes: f7710a1 ("Add strict pattern matching on response when pattern was provided")
Closes: https://github.com/iputils/iputils/issues/320
Closes: https://github.com/iputils/iputils/pull/331
Reported-by: Paul Swirhun <paulswirhun@gmail.com>
Suggested-by: Paul Swirhun <paulswirhun@gmail.com>
Reviewed-by: Noah Meyerhans <noahm@debian.org>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit dff5d82dadab1b04400b2f9e1eb10a0d124868ed)
---
ping/ping.c | 2 --
ping/ping.h | 1 -
ping/ping6_common.c | 2 --
ping/ping_common.c | 18 ------------------
4 files changed, 23 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 1c98733..0655bf4 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -1549,8 +1549,6 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
return 1;
if (!is_ours(rts, sock, icp->un.echo.id))
return 1; /* 'Twas not our ECHO */
- if (!contains_pattern_in_payload(rts, (uint8_t *)(icp + 1)))
- return 1; /* 'Twas really not our ECHO */
if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
ntohs(icp->un.echo.sequence),
reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
diff --git a/ping/ping.h b/ping/ping.h
index c8bbcf6..86652bf 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -380,7 +380,6 @@ int is_ours(struct ping_rts *rts, socket_st *sock, uint16_t id);
extern int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock);
extern void sock_setbufs(struct ping_rts *rts, socket_st *, int alloc);
extern void setup(struct ping_rts *rts, socket_st *);
-extern int contains_pattern_in_payload(struct ping_rts *rts, uint8_t *ptr);
extern int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st*,
uint8_t *packet, int packlen);
extern int finish(struct ping_rts *rts);
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 459f63e..fcb48be 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -823,8 +823,6 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
return 1;
if (!is_ours(rts, sock, icmph->icmp6_id))
return 1;
- if (!contains_pattern_in_payload(rts, (uint8_t *)(icmph + 1)))
- return 1; /* 'Twas really not our ECHO */
if (gather_statistics(rts, (uint8_t *)icmph, sizeof(*icmph), cc,
ntohs(icmph->icmp6_seq),
hops, 0, tv, pr_addr(rts, from, sizeof *from),
diff --git a/ping/ping_common.c b/ping/ping_common.c
index 33e6003..357c39d 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -553,24 +553,6 @@ void setup(struct ping_rts *rts, socket_st *sock)
}
}
-/*
- * Return 0 if pattern in payload point to be ptr did not match the pattern that was sent
- */
-int contains_pattern_in_payload(struct ping_rts *rts, uint8_t *ptr)
-{
- size_t i;
- uint8_t *cp, *dp;
-
- /* check the data */
- cp = ((u_char *)ptr) + sizeof(struct timeval);
- dp = &rts->outpack[8 + sizeof(struct timeval)];
- for (i = sizeof(struct timeval); i < rts->datalen; ++i, ++cp, ++dp) {
- if (*cp != *dp)
- return 0;
- }
- return 1;
-}
-
int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock,
uint8_t *packet, int packlen)
{
--
2.46.0

36
SOURCES/007-ping-Move-ping_rts-multicast.patch Normal file
View File

@ -0,0 +1,36 @@
From 1c66917a079e95f00e9a1f2af1329c65501e8a60 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Mon, 18 Oct 2021 15:27:35 +0200
Subject: [PATCH 1/4] ping: Move ping_rts->multicast
as it's used for both IPv4 and IPv6.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 7a4ec7532871772cb22a3b2c42f6006f95f8b263)
---
ping/ping.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ping/ping.h b/ping/ping.h
index 703296d..a5f05f4 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -192,6 +192,7 @@ struct ping_rts {
struct sockaddr_in6 source6;
struct sockaddr_in6 whereto6;
struct sockaddr_in6 firsthop6;
+ int multicast;
/* Used only in ping.c */
int ts_type;
@@ -201,7 +202,6 @@ struct ping_rts {
int optlen;
int settos; /* Set TOS, Precedence or other QOS options */
int broadcast_pings;
- int multicast;
struct sockaddr_in source;
/* Used only in ping_common.c */
--
2.46.0

133
SOURCES/008-ping-Print-reply-from-Subnet-Router-anycast-address.patch Normal file
View File

@ -0,0 +1,133 @@
From aa75473cac4a37cd673da3a66904878efcfdbd6f Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Mon, 18 Oct 2021 15:13:44 +0200
Subject: [PATCH 2/3] ping: Print reply from Subnet-Router anycast address
by detecting Subnet-Router address for 64 bit prefix and suppress
address comparison check.
5e052ad ("ping: discard packets with wrong source address") correctly
hid replies with wrong source address to comply RFC 1122 (Section
3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same
as the specific-destination address").
While change in 5e052ad works for broadcast and multicast addresses and
some of anycast addresses, it does not work for (at least) Subnet-Router
anycast address):
# VETH1_IPV6=fd00:dead:beef:1234::1
# VPEER1_IPV6=fd00:dead:beef:1234::2
# ip netns add ns-ipv6
# ip li add name veth1 type veth peer name vpeer1
# ip -6 addr add $VETH1_IPV6/64 dev veth1
# ip li set dev veth1 up
# ip li set dev vpeer1 netns ns-ipv6
# ip netns exec ns-ipv6 ip li set dev lo up
# ip netns exec ns-ipv6 ip -6 addr add $VPEER1_IPV6/64 dev vpeer1
# ip netns exec ns-ipv6 ip li set vpeer1 up
# ip netns exec ns-ipv6 ip -6 route add default dev vpeer1 via $VETH1_IPV6
# sysctl -w net.ipv6.conf.all.forwarding=1
$ ping -c1 ff02::1 # anycast - all nodes
PING ff02::1(ff02::1) 56 data bytes
64 bytes from fe80::9c9c:ffff:fe14:e9d2%vpeer1: icmp_seq=1 ttl=64 time=0.064 ms
$ ping -c1 ff02::2 # anycast - all routers
PING ff02::2(ff02::2) 56 data bytes
64 bytes from fe80::5496:9ff:fef5:8f01%vpeer1: icmp_seq=1 ttl=64 time=0.088 ms
$ ping -c1 -W5 fd00:dead:beef:1234:: # Subnet-Router anycast
PING fd00:dead:beef:1234::(fd00:dead:beef:1234::) 56 data bytes
Subnet-Router anycast address works for both busybox ping (without
printing the real source address) and fping:
$ busybox ping -c1 fd00:dead:beef:1234::
PING fd00:dead:beef:1234:: (fd00:dead:beef:1234::): 56 data bytes
64 bytes from fd00:dead:beef:1234::1: seq=0 ttl=64 time=0.122 ms
$ fping -c1 fd00:dead:beef:1234::
[<- fd00:dead:beef:1234::1]fd00:dead:beef:1234:: : [0], 64 bytes, 0.096 ms (0.096 avg, 0% loss)
RFC 4291 specifies Subnet-Router anycast address as [1]:
The Subnet-Router anycast address is predefined. Its format is as
follows:
| n bits | 128-n bits |
+------------------------------------------------+----------------+
| subnet prefix | 00000000000000 |
+------------------------------------------------+----------------+
The "subnet prefix" in an anycast address is the prefix that
identifies a specific link. This anycast address is syntactically
the same as a unicast address for an interface on the link with the
interface identifier set to zero.
=> to detect Subnet-Router anycast address we need to know prefix, which
we don't know, thus detect it for prefix 64 (the default IPv6 prefix).
[1] https://datatracker.ietf.org/doc/html/rfc4291#section-2.6.1
Fixes: 5e052ad ("ping: discard packets with wrong source address")
Closes: https://github.com/iputils/iputils/issues/371
Reported-by: Tim Sandquist
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 15a5e5c7aace5a7a782ff802988e04ed4c1148a5)
---
ping/ping.h | 1 +
ping/ping6_common.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/ping/ping.h b/ping/ping.h
index 86652bf..f26fdac 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -212,6 +212,7 @@ struct ping_rts {
#endif
/* Used only in ping6_common.c */
+ int subnet_router_anycast; /* Subnet-Router anycast (RFC 4291) */
struct sockaddr_in6 firsthop;
unsigned char cmsgbuf[4096];
size_t cmsglen;
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index fcb48be..d0d2d84 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -101,6 +101,7 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
struct socket_st *sock)
{
int hold, packlen;
+ size_t i;
unsigned char *packet;
char *target;
struct icmp6_filter filter;
@@ -247,6 +248,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
rts->pmtudisc = IPV6_PMTUDISC_DO;
}
+ /* detect Subnet-Router anycast at least for the default prefix 64 */
+ rts->subnet_router_anycast = 1;
+ for (i = 8; i < sizeof(struct in6_addr); i++) {
+ if (rts->whereto6.sin6_addr.s6_addr[i]) {
+ rts->subnet_router_anycast = 0;
+ break;
+ }
+ }
+
if (rts->pmtudisc >= 0) {
if (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, &rts->pmtudisc,
sizeof rts->pmtudisc) == -1)
@@ -818,7 +828,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
}
if (icmph->icmp6_type == ICMP6_ECHO_REPLY) {
- if (!rts->multicast &&
+ if (!rts->multicast && !rts->subnet_router_anycast &&
memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
return 1;
if (!is_ours(rts, sock, icmph->icmp6_id))
--
2.46.0

149
SOURCES/009-ping-Print-reply-with-wrong-source-with-warning.patch Normal file
View File

@ -0,0 +1,149 @@
From ea2808dc199b89c12dd3b3a968e67bc0f522d399 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Fri, 15 Oct 2021 17:38:51 +0200
Subject: [PATCH 3/3] ping: Print reply with wrong source with warning
5e052ad ("ping: discard packets with wrong source address") correctly
hid replies with wrong source address to comply RFC 1122 (Section
3.2.1.3: "The IP source address in an ICMP Echo Reply MUST be the same
as the specific-destination address").
This caused to hide reply when pinging Subnet-Router anycast address.
Although it was fixed in the previous commit, relax this to admit the
reply but print warning "DIFFERENT ADDRESS!". ping is diagnostic program,
with insisting on RFC we force people to use tcpdump to see replies.
Link: https://github.com/iputils/iputils/issues/371
Reviewed-by: Matteo Croce <mcroce@microsoft.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 5f6bec5ab57cc8beaa78f5756a0ffbdf01f28d36)
---
ping/ping.c | 10 ++++++----
ping/ping.h | 3 ++-
ping/ping6_common.c | 13 ++++++++-----
ping/ping_common.c | 6 +++++-
4 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 0655bf4..81ee7c8 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -1504,6 +1504,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
int reply_ttl;
uint8_t *opts, *tmp_ttl;
int olen;
+ int wrong_source = 0;
/* Check the IP header */
ip = (struct iphdr *)buf;
@@ -1544,15 +1545,16 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
csfailed = in_cksum((unsigned short *)icp, cc, 0);
if (icp->type == ICMP_ECHOREPLY) {
- if (!rts->broadcast_pings && !rts->multicast &&
- from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr)
- return 1;
if (!is_ours(rts, sock, icp->un.echo.id))
return 1; /* 'Twas not our ECHO */
+
+ if (!rts->broadcast_pings && !rts->multicast &&
+ from->sin_addr.s_addr != rts->whereto.sin_addr.s_addr)
+ wrong_source = 1;
if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
ntohs(icp->un.echo.sequence),
reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
- pr_echo_reply, rts->multicast)) {
+ pr_echo_reply, rts->multicast, wrong_source)) {
fflush(stdout);
return 0;
}
diff --git a/ping/ping.h b/ping/ping.h
index f26fdac..703296d 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -389,7 +389,8 @@ extern void common_options(int ch);
extern int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
int cc, uint16_t seq, int hops,
int csfailed, struct timeval *tv, char *from,
- void (*pr_reply)(uint8_t *ptr, int cc), int multicast);
+ void (*pr_reply)(uint8_t *ptr, int cc), int multicast,
+ int wrong_source);
extern void print_timestamp(struct ping_rts *rts);
void fill(struct ping_rts *rts, char *patp, unsigned char *packet, size_t packet_size);
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index d0d2d84..4712928 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -802,6 +802,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
struct cmsghdr *c;
struct icmp6_hdr *icmph;
int hops = -1;
+ int wrong_source = 0;
for (c = CMSG_FIRSTHDR(msg); c; c = CMSG_NXTHDR(msg, c)) {
if (c->cmsg_level != IPPROTO_IPV6)
@@ -828,16 +829,18 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
}
if (icmph->icmp6_type == ICMP6_ECHO_REPLY) {
- if (!rts->multicast && !rts->subnet_router_anycast &&
- memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
- return 1;
if (!is_ours(rts, sock, icmph->icmp6_id))
return 1;
+
+ if (!rts->multicast && !rts->subnet_router_anycast &&
+ memcmp(&from->sin6_addr.s6_addr, &rts->whereto6.sin6_addr.s6_addr, 16))
+ wrong_source = 1;
+
if (gather_statistics(rts, (uint8_t *)icmph, sizeof(*icmph), cc,
ntohs(icmph->icmp6_seq),
hops, 0, tv, pr_addr(rts, from, sizeof *from),
pr_echo_reply,
- rts->multicast)) {
+ rts->multicast, wrong_source)) {
fflush(stdout);
return 0;
}
@@ -850,7 +853,7 @@ int ping6_parse_reply(struct ping_rts *rts, socket_st *sock,
seq,
hops, 0, tv, pr_addr(rts, from, sizeof *from),
pr_niquery_reply,
- rts->multicast))
+ rts->multicast, 0))
return 0;
} else {
int nexthdr;
diff --git a/ping/ping_common.c b/ping/ping_common.c
index 357c39d..0336259 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -711,7 +711,8 @@ int main_loop(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock,
int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
int cc, uint16_t seq, int hops,
int csfailed, struct timeval *tv, char *from,
- void (*pr_reply)(uint8_t *icmph, int cc), int multicast)
+ void (*pr_reply)(uint8_t *icmph, int cc), int multicast,
+ int wrong_source)
{
int dupflag = 0;
long triptime = 0;
@@ -804,10 +805,13 @@ restamp:
printf(_(" time=%ld.%03ld ms"), triptime / 1000,
triptime % 1000);
}
+
if (dupflag && (!multicast || rts->opt_verbose))
printf(_(" (DUP!)"));
if (csfailed)
printf(_(" (BAD CHECKSUM!)"));
+ if (wrong_source)
+ printf(_(" (DIFFERENT ADDRESS!)"));
/* check the data */
cp = ((unsigned char *)ptr) + sizeof(struct timeval);
--
2.46.0

51
SOURCES/010-ping-Fix-socket-error-reporting.patch Normal file
View File

@ -0,0 +1,51 @@
From 42ff1833920e2524b07790243ef9146125f5b2c4 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Wed, 10 Aug 2022 21:05:22 +0200
Subject: [PATCH] ping: Fix socket error reporting
There is actually no need for errno EAFNOSUPPORT special handling,
nor for any other errno. *All* errors needs to be reported on verbose
mode or when socket is required. If AF_INET6 socket is used with
disabled IPv6, error reporting is done by gai_strerror() (ipv6.disable=1)
or by connect() error handling in ping6_run() (EADDRNOTAVAIL on
net.ipv6.conf.all.disable_ipv6=1).
Bug was hidden because condition "errno == EAFNOSUPPORT && socktype ==
AF_INET6" introduced in d141cb6 was always false as AF_INET6 is is an address
family not a socket type, until otherwise correct fix 904cdb6. Attempt
to fix it in 79d713e introduced regression that other errors weren't
reported (e.g. EPERM on RAW socket on non-root, see #406).
Closes: https://github.com/iputils/iputils/pull/418
Fixes: https://github.com/iputils/iputils/issues/406
Fixes: 79d713e ("ping: Remove 'unsupported IPv6' warning on disabled IPv6")
Fixes: d141cb6 ("ping: work with older kernels that don't support ping sockets")
Reported-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Tested-by: Benjamin Poirier <benjamin.poirier@gmail.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit bbe451f91ecc769ac5f70c1269372a6cc28d6814)
---
ping/ping.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/ping/ping.c b/ping/ping.c
index 81ee7c8..ff7e742 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -147,11 +147,7 @@ static void create_socket(struct ping_rts *rts, socket_st *sock, int family,
}
if (sock->fd == -1) {
- /* Report error related to disabled IPv6 only when IPv6 also failed or in
- * verbose mode. Report other errors always.
- */
- if ((errno == EAFNOSUPPORT && family == AF_INET6 && requisite) ||
- rts->opt_verbose)
+ if (requisite || rts->opt_verbose)
error(0, errno, "socket");
if (requisite)
exit(2);
--
2.46.0

95
SOURCES/011-ping-Fix-ping6-binding-to-VRF-and-address.patch Normal file
View File

@ -0,0 +1,95 @@
From 36580e1d539b4bb7c187d4cf9ccc63afad9edbb1 Mon Sep 17 00:00:00 2001
From: Lahav Schlesinger <lschlesinger@drivenets.com>
Date: Wed, 30 Jun 2021 13:06:13 +0300
Subject: [PATCH 1/2] ping: Fix ping6 binding to VRF and address
Since Linux kernel commit 1893ff20275b ("net/ipv6: Add l3mdev check to
ipv6_chk_addr_and_flags") from v4.17-rc1 ping fails when trying to
create IPv6 SOCK_RAW socket (e.g. if net.ipv4.ping_group_range = 1 0)
and passing both -I <vrf_interface> and -I <local_ipv6_addr>.
It works for IPv4 SOCK_RAW socket.
# ip netns add tmp_ns
# ip -n tmp_ns link add vrf_1 type vrf table 10001
# ip -n tmp_ns link add lo10 type dummy
# ip -n tmp_ns link set lo10 master vrf_1
# ip -n tmp_ns link set vrf_1 up
# ip -n tmp_ns link set lo10 up
# ip -n tmp_ns link set lo up
# ip -n tmp_ns addr add 1:2::3:4/128 dev lo10
# ip -n tmp_ns addr add 1.2.3.4/32 dev lo10
# ip netns exec tmp_ns ping -6 1:2::3:4 -I vrf_1 -I 1:2::3:4 -c 1 # IPv6 broken
ping: bind icmp socket: Cannot assign requested address
# ping 1.2.3.4 -I vrf_1 -I 1.2.3.4 -c 1 # IPv4 working
PING 1.2.3.4 (1.2.3.4) from 1.2.3.4 vrf_1: 56(84) bytes of data.
64 bytes from 1.2.3.4: icmp_seq=1 ttl=64 time=0.090 ms
--- 1.2.3.4 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.090/0.090/0.090/0.000 ms
ping fails because it doesn't actually bind to the VRF interface, while
after 1893ff20275b, binding to an IPv6 address searches only on the same
l3mdev as the device the function receives. If the socket wasn't
SO_BINDTODEVICE-ed, then the kernel will only search for devices that
are not ensalved to an l3mdev device (= in the default VRF), which will
cause the bind() to fail.
Only SOCK_RAW socket is affected. SOCK_DGRAM is not affected because
Linux kernel doesn't check the device the socket was SO_BINDTODEVICE-ed
to, but only the device from addr->sin6_scope_id (which if none is
passed, it will again only search devices in the default VRF).
NOTE: creating network namespace to reproduce the issue is needed just
on systems with net.ipv4.ping_group_range = 0 2147483647 (e.g. current
Fedora, openSUSE, Ubuntu), which causes to use SOCK_DGRAM socket.
Alternatively to force SOCK_RAW to it'd be enough just to properly set
net.ipv4.ping_group_range:
# echo "1 0" > /proc/sys/net/ipv4/ping_group_range
Closes: https://github.com/iputils/iputils/pull/344
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
[ pvorel: adjusted commit message ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit 7c65999f98bc4a1984594b7fad1af0eaf0b9d34b)
---
ping/ping6_common.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 4712928..98b5adb 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -223,6 +223,8 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
if (rts->device) {
struct cmsghdr *cmsg;
struct in6_pktinfo *ipi;
+ int rc;
+ int errno_save;
cmsg = (struct cmsghdr *)(rts->cmsgbuf + rts->cmsglen);
rts->cmsglen += CMSG_SPACE(sizeof(*ipi));
@@ -233,6 +235,15 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
ipi = (struct in6_pktinfo *)CMSG_DATA(cmsg);
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
+
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

54
SOURCES/012-ping6-Avoid-binding-to-non-VRF.patch Normal file
View File

@ -0,0 +1,54 @@
From a2d2428c5fa6bf370486f509b18862c5c7b8b47e Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Tue, 9 Nov 2021 02:39:56 +0100
Subject: [PATCH 2/2] ping6: Avoid binding to non-VRF
This fixes permission issue when specifying just address (without VRF)
unless having CAP_NET_ADMIN (i.e. root) permission:
$ ./builddir/ping/ping -c1 -I lo ::1
./builddir/ping/ping: SO_BINDTODEVICE lo: Operation not permitted
because setsockopt() SO_BINDTODEVICE (similar to bind()) can be only done on
opt_strictsource.
Fixes: 7c65999 ("ping: Fix ping6 binding to VRF and address")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
(cherry picked from commit f52b582248f1f870e870a9973621805d969906b4)
---
ping/ping6_common.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 98b5adb..a784be0 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -236,14 +236,16 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
memset(ipi, 0, sizeof(*ipi));
ipi->ipi6_ifindex = if_name2index(rts->device);
- enable_capability_raw();
- rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
- rts->device, strlen(rts->device) + 1);
- errno_save = errno;
- disable_capability_raw();
-
- if (rc == -1)
- error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ if (rts->opt_strictsource) {
+ enable_capability_raw();
+ rc = setsockopt(sock->fd, SOL_SOCKET, SO_BINDTODEVICE,
+ rts->device, strlen(rts->device) + 1);
+ errno_save = errno;
+ disable_capability_raw();
+
+ if (rc == -1)
+ error(2, errno_save, "SO_BINDTODEVICE %s", rts->device);
+ }
}
if (IN6_IS_ADDR_MULTICAST(&rts->whereto6.sin6_addr)) {
--
2.46.0

0
SOURCES/0001-iputils-ifenslave.patch → SOURCES/100-iputils-ifenslave.patch
View File

88
SOURCES/101-iputils-ifenslave-CWE-170.patch Normal file
View File

@ -0,0 +1,88 @@
From a38091c8eb0c515441080806975856ee09d2edc7 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 23 Mar 2021 08:10:10 +0100
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
---
ifenslave.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/ifenslave.c b/ifenslave.c
index ddd82ec..1efe4f1 100644
--- a/ifenslave.c
+++ b/ifenslave.c
@@ -509,21 +509,24 @@ static int if_getconfig(char *ifname)
struct sockaddr dstaddr, broadaddr, netmask;
unsigned char *hwaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0)
return -1;
mif_flags = ifr.ifr_flags;
printf("The result of SIOCGIFFLAGS on %s is %x.\n",
ifname, ifr.ifr_flags);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFADDR, &ifr) < 0)
return -1;
printf("The result of SIOCGIFADDR is %2.2x.%2.2x.%2.2x.%2.2x.\n",
ifr.ifr_addr.sa_data[2], ifr.ifr_addr.sa_data[3],
ifr.ifr_addr.sa_data[4], ifr.ifr_addr.sa_data[5]);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
return -1;
@@ -534,33 +537,38 @@ static int if_getconfig(char *ifname)
ifr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1],
hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFMETRIC, &ifr) < 0) {
metric = 0;
} else
metric = ifr.ifr_metric;
printf("The result of SIOCGIFMETRIC is %d\n", metric);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFMTU, &ifr) < 0)
mtu = 0;
else
mtu = ifr.ifr_mtu;
printf("The result of SIOCGIFMTU is %d\n", mtu);
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFDSTADDR, &ifr) < 0) {
memset(&dstaddr, 0, sizeof(struct sockaddr));
} else
dstaddr = ifr.ifr_dstaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFBRDADDR, &ifr) < 0) {
memset(&broadaddr, 0, sizeof(struct sockaddr));
} else
broadaddr = ifr.ifr_broadaddr;
- strcpy(ifr.ifr_name, ifname);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
if (ioctl(skfd, SIOCGIFNETMASK, &ifr) < 0) {
memset(&netmask, 0, sizeof(struct sockaddr));
} else
--
2.29.2

154
SOURCES/102-iputils-ifenslave-CWE-170-2.patch Normal file
View File

@ -0,0 +1,154 @@
From bea19fd9a86dd2c601681ff2ef4a9c1afab1e34d Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 8 Jun 2021 15:41:58 +0200
Subject: [PATCH] ifenslave: fix CWE-170: Improper Null Termination
Resolves: #1938746
---
ifenslave.c | 43 +++++++++++++++++++++++++++----------------
1 file changed, 27 insertions(+), 16 deletions(-)
diff --git a/ifenslave.c b/ifenslave.c
index 1efe4f1..59bce4c 100644
--- a/ifenslave.c
+++ b/ifenslave.c
@@ -619,7 +619,7 @@ static int get_drv_info(char *master_ifname)
char *endptr;
memset(&ifr, 0, sizeof(ifr));
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
ifr.ifr_data = (caddr_t)&info;
info.cmd = ETHTOOL_GDRVINFO;
@@ -664,8 +664,9 @@ static int change_active(char *master_ifname, char *slave_ifname)
return 1;
}
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDCHANGEACTIVE, &ifr) < 0) &&
(ioctl(skfd, BOND_CHANGE_ACTIVE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -806,8 +807,9 @@ static int enslave(char *master_ifname, char *slave_ifname)
}
/* Do the real thing */
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDENSLAVE, &ifr) < 0) &&
(ioctl(skfd, BOND_ENSLAVE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -847,8 +849,9 @@ static int release(char *master_ifname, char *slave_ifname)
return 1;
}
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
- strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
+ strncpy(ifr.ifr_slave, slave_ifname, IFNAMSIZ - 1);
if ((ioctl(skfd, SIOCBONDRELEASE, &ifr) < 0) &&
(ioctl(skfd, BOND_RELEASE_OLD, &ifr) < 0)) {
saved_errno = errno;
@@ -880,7 +883,8 @@ static int get_if_settings(char *ifname, struct dev_ifr ifra[])
int res = 0;
for (i = 0; ifra[i].req_ifr; i++) {
- strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ);
+ strncpy(ifra[i].req_ifr->ifr_name, ifname, IFNAMSIZ - 1);
+ ifra[i].req_ifr->ifr_name[IFNAMSIZ - 1] = '\0';
res = ioctl(skfd, ifra[i].req_type, ifra[i].req_ifr);
if (res < 0) {
saved_errno = errno;
@@ -899,7 +903,8 @@ static int get_slave_flags(char *slave_ifname)
{
int res = 0;
- strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(slave_flags.ifr_name, slave_ifname, IFNAMSIZ - 1);
+ slave_flags.ifr_name[IFNAMSIZ - 1] = '\0';
res = ioctl(skfd, SIOCGIFFLAGS, &slave_flags);
if (res < 0) {
saved_errno = errno;
@@ -919,7 +924,8 @@ static int set_master_hwaddr(char *master_ifname, struct sockaddr *hwaddr)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
if (res < 0) {
@@ -943,7 +949,8 @@ static int set_slave_hwaddr(char *slave_ifname, struct sockaddr *hwaddr)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
memcpy(&(ifr.ifr_hwaddr), hwaddr, sizeof(struct sockaddr));
res = ioctl(skfd, SIOCSIFHWADDR, &ifr);
if (res < 0) {
@@ -980,8 +987,9 @@ static int set_slave_mtu(char *slave_ifname, int mtu)
struct ifreq ifr;
int res = 0;
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_mtu = mtu;
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, SIOCSIFMTU, &ifr);
if (res < 0) {
@@ -1000,8 +1008,9 @@ static int set_if_flags(char *ifname, short flags)
struct ifreq ifr;
int res = 0;
+ memset(&ifr, 0, sizeof(ifr));
ifr.ifr_flags = flags;
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
res = ioctl(skfd, SIOCSIFFLAGS, &ifr);
if (res < 0) {
@@ -1030,7 +1039,8 @@ static int clear_if_addr(char *ifname)
struct ifreq ifr;
int res = 0;
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
+ memset(&ifr, 0, sizeof(ifr));
+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
ifr.ifr_addr.sa_family = AF_INET;
memset(ifr.ifr_addr.sa_data, 0, sizeof(ifr.ifr_addr.sa_data));
@@ -1065,8 +1075,9 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
{NULL, NULL, 0, 0},
};
+ memset(&ifr, 0, sizeof(ifr));
for (i = 0; ifra[i].req_name; i++) {
- strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, master_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, ifra[i].g_ioctl, &ifr);
if (res < 0) {
int saved_errno = errno;
@@ -1080,7 +1091,7 @@ static int set_if_addr(char *master_ifname, char *slave_ifname)
sizeof(ifr.ifr_addr.sa_data));
}
- strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ);
+ strncpy(ifr.ifr_name, slave_ifname, IFNAMSIZ - 1);
res = ioctl(skfd, ifra[i].s_ioctl, &ifr);
if (res < 0) {
int saved_errno = errno;
--
2.31.1

208
SPECS/iputils.spec
View File

@ -2,15 +2,15 @@
Summary: Network monitoring tools including ping
Name: iputils
Version: 20180629
Version: 20210202
Release: 11%{?dist}
# some parts are under the original BSD (ping.c)
# some are under GPLv2+ (tracepath.c)
License: BSD and GPLv2+
URL: https://github.com/iputils/iputils
Group: System Environment/Daemons
Source0: https://github.com/iputils/iputils/archive/s%{version}.tar.gz#/%{name}-s%{version}.tar.gz
Source0: https://github.com/iputils/iputils/archive/%{version}/%{name}-%{version}.tar.gz
# ifenslave.tar.gz was taken from kernel 3.10 source at: https://elixir.bootlin.com/linux/v3.10/source/Documentation/networking/ifenslave.c
Source1: ifenslave.tar.gz
Source2: rdisc.service
Source3: ninfod.service
@ -18,29 +18,35 @@ Source3: ninfod.service
Source4: bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch0: 0000-iputils-rh.patch
Patch1: 0001-iputils-ifenslave.patch
Patch2: 0002-iputils-freeaddrinfo.patch
Patch3: 0003-fix-incorrect-statistics.patch
Patch4: 0004-tracepath-fix-copying-input-ipv6-address.patch
Patch5: 0005-ninfod-change-variable-name-to-avoid-colliding-with-function-name.patch
Patch6: 0006-ping-Fix-unwanted-bell-on-unreachable-address.patch
# Upstream patches
Patch001: 001-ping-remove-unsupported-IPv6-warning-on-disabled-IPv6.patch
Patch002: 002-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
Patch003: 003-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
Patch004: 004-arping-fix-typo-in-error-checking.patch
Patch005: 005-arping-exit-0-if-running-in-deadline-mode-and-we-see.patch
Patch006: 006-Revert-Add-strict-pattern-matching-on-response-when-.patch
Patch007: 007-ping-Move-ping_rts-multicast.patch
Patch008: 008-ping-Print-reply-from-Subnet-Router-anycast-address.patch
Patch009: 009-ping-Print-reply-with-wrong-source-with-warning.patch
Patch010: 010-ping-Fix-socket-error-reporting.patch
Patch011: 011-ping-Fix-ping6-binding-to-VRF-and-address.patch
Patch012: 012-ping6-Avoid-binding-to-non-VRF.patch
# bz2208409 - [RFE] support VRF with ping command
Patch7: 0007-ping-allow-user-to-specify-VRF-and-source-IP.patch
# Downstream-only patches
Patch100: 100-iputils-ifenslave.patch
Patch101: 101-iputils-ifenslave-CWE-170.patch
Patch102: 102-iputils-ifenslave-CWE-170-2.patch
%if ! 0%{?_module_build}
BuildRequires: docbook-utils perl-SGMLSpm
%endif
BuildRequires: gcc
BuildRequires: meson
BuildRequires: gettext
BuildRequires: glibc-kernheaders >= 2.4-8.19
BuildRequires: libidn2-devel
BuildRequires: openssl-devel
BuildRequires: libcap-devel
BuildRequires: libxslt docbook-style-xsl
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
BuildRequires: libxslt docbook5-style-xsl
BuildRequires: systemd
%{?systemd_ordering}
Provides: /bin/ping
Provides: /bin/ping6
Provides: /sbin/arping
@ -53,7 +59,6 @@ ECHO_REQUEST packets to a specified network host to discover whether
the target machine is alive and receiving network traffic.
%package ninfod
Group: System Environment/Daemons
Summary: Node Information Query Daemon
Requires: %{name} = %{version}-%{release}
Provides: %{_sbindir}/ninfod
@ -63,67 +68,30 @@ Node Information Query (RFC4620) daemon. Responds to IPv6 Node Information
Queries.
%prep
%setup -q -a 1 -n %{name}-s%{version}
%setup -q -a 1 -n %{name}-%{version}
cp %{SOURCE4} %{SOURCE5} .
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%autopatch -p1
%build
%ifarch s390 s390x
export CFLAGS="-fPIE"
%else
export CFLAGS="-fpie"
%endif
export LDFLAGS="-pie -Wl,-z,relro,-z,now"
%meson -DBUILD_TFTPD=false
%meson_build
make %{?_smp_mflags} arping clockdiff ping rdisc tracepath ninfod
gcc -Wall $RPM_OPT_FLAGS $CFLAGS $LDFLAGS ifenslave.c -o ifenslave
%if ! 0%{?_module_build}
make -C doc man
%endif
gcc $RPM_OPT_FLAGS $CFLAGS $RPM_LD_FLAGS $LDFLAGS ifenslave.c -o ifenslave
%install
mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
mkdir -p $RPM_BUILD_ROOT/%{_unitdir}
install -c clockdiff ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp arping ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp ping ${RPM_BUILD_ROOT}%{_bindir}/
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp rdisc ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp tracepath ${RPM_BUILD_ROOT}%{_bindir}/
install -cp ninfod/ninfod ${RPM_BUILD_ROOT}%{_sbindir}/
%meson_install
%find_lang %{name}
mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping
ln -sf ../bin/ping ${RPM_BUILD_ROOT}%{_sbindir}/ping6
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath
ln -sf ../bin/tracepath ${RPM_BUILD_ROOT}%{_sbindir}/tracepath6
mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8
%if ! 0%{?_module_build}
install -cp doc/clockdiff.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/arping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/ping.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/rdisc.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/tracepath.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
install -cp doc/ninfod.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
ln -sf ../bin/arping ${RPM_BUILD_ROOT}%{_sbindir}/arping
ln -sf ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
ln -sf tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
install -cp ifenslave ${RPM_BUILD_ROOT}%{_sbindir}/
install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
ln -s ping.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/ping6.8.gz
ln -s tracepath.8.gz ${RPM_BUILD_ROOT}%{_mandir}/man8/tracepath6.8.gz
%endif
install -dp ${RPM_BUILD_ROOT}%{_sysconfdir}/rc.d/init.d
install -m 644 %SOURCE2 ${RPM_BUILD_ROOT}/%{_unitdir}
install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%post
%systemd_post rdisc.service
@ -143,13 +111,12 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%postun ninfod
%systemd_postun_with_restart ninfod.service
%files
%files -f %{name}.lang
%doc README.bonding
%{!?_licensedir:%global license %%doc}
%license bsd.txt gpl-2.0.txt
%{_unitdir}/rdisc.service
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/clockdiff
%attr(0755,root,root) %caps(cap_net_raw=p) %{_sbindir}/arping
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/clockdiff
%attr(0755,root,root) %caps(cap_net_raw=p) %{_bindir}/arping
%attr(0755,root,root) %{_bindir}/ping
%{_sbindir}/ifenslave
%{_sbindir}/rdisc
@ -158,7 +125,7 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%{_sbindir}/ping6
%{_sbindir}/tracepath
%{_sbindir}/tracepath6
%if ! 0%{?_module_build}
%{_sbindir}/arping
%attr(644,root,root) %{_mandir}/man8/clockdiff.8.gz
%attr(644,root,root) %{_mandir}/man8/arping.8.gz
%attr(644,root,root) %{_mandir}/man8/ping.8.gz
@ -167,47 +134,94 @@ install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}/%{_unitdir}
%attr(644,root,root) %{_mandir}/man8/tracepath.8.gz
%{_mandir}/man8/tracepath6.8.gz
%attr(644,root,root) %{_mandir}/man8/ifenslave.8.gz
%endif
%files ninfod
%attr(0755,root,root) %caps(cap_net_raw=ep) %{_sbindir}/ninfod
%{_unitdir}/ninfod.service
%if ! 0%{?_module_build}
%attr(644,root,root) %{_mandir}/man8/ninfod.8.gz
%endif
%changelog
* Thu Jun 08 2023 Jan Macku <jamacku@redhat.com> - 20180629-11
- Add support for VRF with ping command (#2208409)
* Fri Sep 06 2024 Jan Macku <jamacku@redhat.com> - 20210202-11
- ping: Fix ping6 binding to VRF and address (RHEL-57734)
* Tue Mar 22 2022 Jan Macku <jamacku@redhat.com> - 20180629-10
- Fix regression of output when pinging unreachable IPv6 host (#2057570)
* Wed Aug 28 2024 Jan Macku <jamacku@redhat.com> - 20210202-10
- arping: Fix 1s delay on exit for unsolicited arpings (RHEL-34110)
- arping: exit 0 if running in deadline mode and we see replies (RHEL-27718)
- ping: Print reply with wrong source with warning & some follow-up fixes (RHEL-12789, RHEL-13480)
- ping: Fix socket error reporting (RHEL-4608)
* Thu Feb 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-9
- Fix copying input IPv6 address (#2047659)
* Wed May 03 2023 Jan Macku <jamacku@redhat.com> - 20210202-9
- ping: Remove 'unsupported IPv6' warning on disabled IPv6 (rhbz#2152511)
* Mon Jan 03 2022 Jan Macku <jamacku@redhat.com> - 20180629-8
- Make ping unprivileged (#2030107)
* Fri Nov 25 2022 Jan Macku <jamacku@redhat.com> - 20210202-8
- Build iputils and ifenslave with correct flags (rhbz#2144509)
* Wed Feb 17 2021 Jan Macku <jamacku@redhat.com> - 20180629-7
- Revert patch introduced by #1852638 (#1928179)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-7
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Dec 15 2020 Jan Macku <jamacku@redhat.com> - 20180629-6
- Exit on error (#1852638)
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu Dec 10 2020 Jan Macku <jamacku@redhat.com> - 20180629-5
- Change error() -> fprintf() reported by covscan (#1852638)
* Mon Jun 14 2021 Jan Macku <jamacku@redhat.com> - 20210202-5
- spec: Add note about source of ifenslave code (rhbz#1938746)
* Wed Dec 09 2020 Jan Macku <jamacku@redhat.com> - 20180629-4
- Fix infinite loop caused by subsecond timeouts (#1852638)
* Wed Jun 09 2021 Jan Macku <jamacku@redhat.com> - 20210202-4
- ifenslave: fix CWE-170 (rhbz#1938746)
* Tue Dec 08 2020 Jan Macku <jamacku@redhat.com> - 20180629-3
- Fix incorrect ping statistics (#1901780)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 20210202-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Wed Jul 10 2019 Jan Synáček <jsynacek@redhat.com> - 20180629-2
- covscan fix (#1606968)
* Tue Mar 23 2021 Jan Macku <jamacku@redhat.com> - 20210202-2
- ifenslave: fix CWE-170 (related to rhbz#1938746)
* Tue Jul 03 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1
* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 20210202-1
- Update to 20210202. Fixes rhbz#1923917
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20200821-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Oct 31 2020 Kevin Fenzi <kevin@scrye.com> - 20200821-1
- Update to 20200821 release. Fixes bug #1871310
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 18 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-7
- arping exits with error when should not (#1836607)
* Mon Mar 2 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-6
- Make ping unprivileged (#1699497)
* Mon Feb 3 2020 Jan Synáček <jsynacek@redhat.com> - 20190515-5
- Symlink arping to /usr/sbin/arping to maintain backward compatibility (#1797525)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20190515-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-2
- Mark localization files correctly (#1712514)
* Wed May 22 2019 Jan Synáček <jsynacek@redhat.com> - 20190515-1
- Update to s20190515 (#1710647)
* Thu Mar 28 2019 Jan Synáček <jsynacek@redhat.com> - 20190324-1
- Update to s20190324 (#1692136)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Bogdan Dobrelya <bdobreli@redhat.com> - 20180629-3
- Use systemd_ordering macro
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20180629-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 3 2018 Jan Synáček <jsynacek@redhat.com> - 20180629-1
- update to s20180629 (#1596893)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161105-9