[SCM] GNU Inetutils branch, master, updated. inetutils-1_9

commit-inetutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-23-g726789

From:	Mats Erik Andersson
Subject:	[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-23-g7267896
Date:	Wed, 17 Feb 2016 12:26:23 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  7267896f92e3df2eb935b5b8dd4adde1ee0b4c21 (commit)
      from  05a2f938e3f56ce0136966136410c5f9e20c37a7 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=7267896f92e3df2eb935b5b8dd4adde1ee0b4c21


commit 7267896f92e3df2eb935b5b8dd4adde1ee0b4c21
Author: Mats Erik Andersson <address@hidden>
Date:   Tue Feb 16 23:29:25 2016 +0100

    traceroute: Subprivileged use case.
    
    A fallback for ICMP tracing relevant to GNU/Linux is implemented,
    allowing a rudimentary but suid-less use case.

diff --git a/ChangeLog b/ChangeLog
index 3c42992..b85e63d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,21 @@
+2016-02-16  Mats Erik Andersson  <address@hidden>
+
+       traceroute: Subprivileged use case.
+       A fallback for ICMP tracing relevant to GNU/Linux is implemented,
+       allowing a rudimentary but suid-less use case.  The ability to
+       identify intermediary hosts is missing, due to the crippled
+       capability of receiving ICMP packets other than ICMP_ECHOREPLY.
+
+       * src/traceroute.c (struct trace): New member `no_ident'.
+       (trace_init): Initiate `t->no_ident'.
+       <type TRACE_ICMP or TRACE_UDP>: In case a raw socket for an ICMP
+       protocol fails, fall back to a datagram socket.
+       (trace_read) <type TRACE_ICMP>: Short circuit `ic->icmp_id != pid'
+       with the conditional `t->no_ident == 0'.
+       (trace_write) <type TRACE_ICMP>: New variable I.  Initialize HDR
+       to its full extent.  If `t->no_ident' is non-zero, insert our
+       intended target as payload of HDR for trace identification.
+
 2016-02-12  Mats Erik Andersson  <address@hidden>
 
        ping: Implement subprivileged echo method.
diff --git a/src/traceroute.c b/src/traceroute.c
index dac45e7..301507d 100644
--- a/src/traceroute.c
+++ b/src/traceroute.c
@@ -75,6 +75,7 @@ typedef struct trace
 {
   int icmpfd, udpfd;
   enum trace_type type;
+  int no_ident;
   struct sockaddr_in to, from;
   int ttl;
   struct timeval tsent;
@@ -476,6 +477,7 @@ trace_init (trace_t * t, const struct sockaddr_in to,
   t->type = type;
   t->to = to;
   t->ttl = opt_ttl;
+  t->no_ident = 0;
 
   if (t->type == TRACE_UDP)
     {
@@ -494,6 +496,21 @@ trace_init (trace_t * t, const struct sockaddr_in to,
       if (protocol)
        {
          t->icmpfd = socket (PF_INET, SOCK_RAW, protocol->p_proto);
+         if (t->icmpfd < 0 && (errno == EPERM || errno == EACCES))
+           {
+             /* A subprivileged user on GNU/Linux might be allowed
+              * to create ICMP packets from a datagram socket.
+              * Such packets are always severely crippled.
+              */
+             errno = 0;
+             t->icmpfd = socket (PF_INET, SOCK_DGRAM, protocol->p_proto);
+             t->no_ident++;
+
+             /* Recover error message for non-Linux systems.  */
+             if (errno == EPROTONOSUPPORT)
+               errno = EPERM;
+           }
+
          if (t->icmpfd < 0)
            error (EXIT_FAILURE, errno, "socket");
 
@@ -609,7 +626,7 @@ trace_read (trace_t * t, int * type, int * code)
 
       if (ic->icmp_type == ICMP_ECHOREPLY
          && (ntohs (ic->icmp_seq) != seqno
-             || ntohs (ic->icmp_id) != pid))
+             || (ntohs (ic->icmp_id) != pid && t->no_ident == 0)))
        return -1;
 
       if (ic->icmp_type == ICMP_TIME_EXCEEDED
@@ -685,6 +702,17 @@ trace_write (trace_t * t)
     case TRACE_ICMP:
       {
        icmphdr_t hdr;
+       int i;
+
+       /* Deposit deterministic values throughout the header!  */
+       for (i = 0; i < sizeof (hdr); ++i)
+         *((char *) &hdr + i) = i;
+
+       /* The subprivileged use case of ICMP sent over datagram
+        * sockets needs extra help with identification of target.
+        */
+       if (t->no_ident)
+         *((int *) &hdr + 12 / sizeof(int)) = dest.sin_addr.s_addr;
 
        /* The sequence number is updated to a valid value!  */
        if (icmp_echo_encode ((unsigned char *) &hdr, sizeof (hdr),

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog        |   18 ++++++++++++++++++
 src/traceroute.c |   30 +++++++++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU Inetutils

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-23-g7267896, Mats Erik Andersson <=

Prev by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-22-g05a2f93
Previous by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_4-22-g05a2f93
Index(es):
- Date
- Thread