summaryrefslogtreecommitdiffstats
path: root/usr.sbin/traceroute (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Simplify and unify wording for the -I sourceaddr option in various places.deraadt2020-02-112-17/+10
| | | | | | This is somewhat related to the "-b bind_addr" option some programs have, which should get some cleanup also... input florian claudio jmc
* At startup, unveil entire filesystem to read-only. If after privdrop, somederaadt2019-08-281-1/+7
| | | | | | | implausible bug existed in the socket setup (mostly dns-related and setsockopt) it would be largely neutered. of course, a very restrictive pledge is installed soon after that... ok mestre brynet florian
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-282-22/+21
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* fix link URL; pointed out by "openbsduser <at> airmail.cc"sthen2019-04-051-3/+3
|
* delay dropping privs a bit when root so that setrtable works.tedu2019-03-191-3/+9
| | | | | traceroute bits from benno. ok benno claudio
* get rid of useless casts on setsockopt callsdlg2018-11-121-7/+7
| | | | suggested by kn@ after similar changes to ping
* add support for setting the traffic class on ipv6 packets.dlg2018-11-102-9/+15
| | | | | | | it reuses the toskeyword handling that ipv4 uses for setting the tos field, which is equiavlent to traffic class. ok florian@ denis@
* Sync root check from pingkn2018-10-201-2/+2
| | | | | | Sync ping.c r1.217 (20.10.2016) to only drop uid/gid if invoked as root. OK sthen
* No need to check ai_addrlen when we already checked ai_family, weflorian2018-10-151-9/+1
| | | | | | are copying into the right sized struct. We can also trust the resolver to give us IPv6 if we ask it to. OK kn, deraadt
* Since nearly 20 years the correct spelling offlorian2017-08-031-2/+2
| | | | | | | ICMP6_DST_UNREACH_NOTNEIGHBOR is ICMP6_DST_UNREACH_BEYONDSCOPE (RFC 1885 was obsoleted). sthen grepped the ports sources to make sure nothing uses it. OK millert, jca
* style(9) some variable declarationsbenno2017-05-282-66/+58
| | | | ok florian@
* check_tos() gets a parameter so i can remove another global var.benno2017-05-283-12/+9
| | | | ok florian@
* introduce struct tr_conf to keep all of the configuration.benno2017-05-283-186/+241
| | | | | | Functions needing access to any of those vars get it passed as a parameter. result: even less global vars. ok florian@
* move as many globals as possible into the main function - thats thebenno2017-05-281-18/+22
| | | | | | only place where they are used. Only exception: v6flags - make it an argument to usage() ok florian@
* Tell traceroute6 to choose source address based on correct routingflorian2017-01-241-2/+6
| | | | | | table. From dhill, tweeks by me. OK benno
* traceroute never sees a timeout when poll(2) returns when it receivesflorian2017-01-133-9/+19
| | | | | | | | | a packet not intended for us. E.g. a ping(8) is running in parallel. In this case we need to account for the time we already waited. Pointed out by Gabriel Nieto <gabnietof AT gmail>, thanks! Looks good to and input millert@
* some text cleanup and remove an irrelevant note; ok florianjmc2016-10-211-24/+19
|
* some macro fixes for the options list;jmc2016-10-201-31/+30
|
* try to make DESCRIPTION read like it was written for one program, not two;jmc2016-10-201-17/+18
| | | | ok florian
* Always do the setgroups, setresgid and setresuid even if if theflorian2016-09-281-10/+16
| | | | | | | | unprivileged user is not present instead of erroring out. This lets ping and traceroute work in restricted enviornments like the bgplg chroot. Problem reported by sthen@ input & prodding deraadt@
* Drop privileges to newly added _traceroute user/group.florian2016-09-271-5/+13
| | | | | | | It does not buy us much when called as a unpriv user. But if run as root we can now lose privileges. Input deraadt@ OK benno@, sthen@
* Only allow standard dot notation for IPv4 addresses as target.florian2016-09-191-7/+2
| | | | | We can get rid of inet_aton(3) and use the AF independent getaddrinfo(3). OK natano@, krw@, millert@, claudio@
* rearrange code: traceroute.c now only contains main() and usage(),benno2016-09-034-995/+1185
| | | | | | | | worker.c contains all other functions, and i tracked down which global variables are used in which file and marked them accordingly with static (or not). No functional change, just the basis of further work. ok florian@, deraadt@
* for some time now mandoc has not required MLINKS to functionjmc2016-03-301-2/+1
| | | | | | | | | | | | correctly - logically complete that now by removing MLINKS from base; authors need only to ensure there is an entry in NAME for any function/ util being added. MLINKS will still work, and remain for perl to ease upgrades; ok nicm (curses) bcook (ssl) ok schwarze, who provided a lot of feedback and assistance ok tb natano jung
* pledge for "dns" if -A is passed, even with -n.semarie2016-02-121-2/+2
| | | | | | The -A (Look up the AS number for each hop address) use DNS service. ok jca@ sthen@
* "source" doesn't need to be a global. While here, the correct spellingflorian2015-11-061-3/+2
| | | | | | is NULL. Noticed while trying to hoist the source address selection from traceroute into ping / ping6.
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-5/+5
|
* like ping, traceroute is a setuid root priv-drop which holds a sockraw.deraadt2015-10-031-1/+9
| | | | | | | | | we can tame it substantially with "stdio inet", plus "dns" if the -n option is missing. a successful exploit against it then cannot create files, or perform a variety of other operations, as described in the tame(2) man page. florian helped me a fair bit hoisting initization code upwards in ping, ping6, and traceroute, to make tame work here.
* Avoid .Ns right after .Pf, it's pointless.schwarze2015-09-141-8/+4
| | | | In some cases, do additional cleanup in the immediate vicinity.
* warnx(3) has an implicit \n at the end.florian2015-08-301-2/+2
| | | | pointed out by deraadt@
* The return type of memset(3) is void. No need for a cast.florian2015-07-161-4/+4
| | | | No object change.
* port the idea of using clock_gettime(CLOCK_MONOTONIC) for measuringdlg2015-03-111-6/+18
| | | | | | | | | | | | | | | | intervals from src/sbin/ping/ping.c r1.115. > use clock_gettime(CLOCK_MONOTONIC) to get timestamps to measure the > interval between sending a ping and getting a reply for it. > > this makes it resistant against local wall clock changes, which can > skew the intervals reported or make them go negative. this version puts clock_getting in a local gettime() function that converts to a struct timeval that all the previous callers of gettimeofday expect to get. requested by deraadt@ florian@
* Replace base 10 strtol with strtonum.florian2015-02-111-49/+31
| | | | OK krw@, tedu@, deraadt@
* clean up flags++ instances around getopt()deraadt2015-02-091-5/+5
| | | | ok florian
* HOST_NAME_MAX + 1 is big enough for gethostname(3); this array hasflorian2015-01-201-3/+3
| | | | | | been one char too big when it was defined in terms of MAXHOSTNAMELEN. While here, NI_MAXHOST is big enough for getnameinfo(3). OK benno@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-3/+3
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* Use memmove() instead of strlcpy() for an overlapping string copymillert2014-12-091-2/+2
| | | | so we don't rely on undefined behavior. OK deraadt@
* Remove unnecessary netinet/in_systm.h include.lteo2014-10-251-2/+1
| | | | ok millert@
* obvious cases of missing .An;schwarze2014-09-081-4/+11
| | | | | found with the new mandoc(1) MANDOCERR_AN_MISSING warning; no text changes
* Update description of optional argument "datalen" to reality.florian2014-06-061-5/+7
| | | | Issue pointed out by, tweak and "looks ok" jmc@
* Reduce code running as root by trying to create all needed socketsflorian2014-06-051-14/+38
| | | | | | | | | first, remember which failed, drop privs and then decide which sockets are needed and close the others. Only error out if the creation of a needed socket failed. That is it is non-fatal if tracerouting an INET4 address and the INET6 socket creations failed. prodding deraadt@; OK benno@
* datalen is additional data, sync traceroute6 to traceroute. Also "nnflorian2014-06-041-12/+33
| | | | | | byte packets" in the first line of traceroute output is the length of the complete IP packet, fix this for traceroute6. OK benno@
* Replace ICMP6ECHOLEN define with sizeof()florian2014-06-041-5/+5
| | | | OK benno@
* a void function should not be returning anything.daniel2014-05-281-3/+3
| | | | ok florian@
* change some argument names in order to give some consistency between traceroutejmc2014-05-012-16/+16
| | | | | | | and traceroute6; i also fudged the formatting to allow SYNOPSIS to display a bit nicer, and for usage() to look like SYNOPSIS; ok florian
* a bit more merge for traceroute6 stuff, and some consistency fixes;jmc2014-04-291-10/+15
| | | | help/ok florian
* whitespace cleanup while reading result of florian's recent (very nice) workderaadt2014-04-281-17/+18
|
* zap a ton of silly Tn, and uppercase TTL; a few other minor tweaks along thejmc2014-04-271-60/+34
| | | | way;
* Link traceroute6 to traceroute, thus completing the merge.florian2014-04-261-1/+3
| | | | | | I was originally sent on this little errand by deraadt@. OK sthen@, benno@ (Committing from a bus somewhere in germany on its way to berlin.)
* add traceroute6 to NAME, and knock out some unneeded Bk/Ek;jmc2014-04-251-4/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.