packages/iputils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync some patches from upstream

Browse Source
This commit is contained in:
yangl777 2025-02-13 06:19:15 +00:00
parent 33841ce719
commit 3a2591c5ff
9 changed files with 480 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
backport-Revert-ping-use-random-value-for-the-identifier-field.patch Normal file
View File

@ -0,0 +1,155 @@
From d466aabcadcc2d7fd1f132ea3f580ad102773cf9 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Wed, 6 Dec 2023 15:42:16 +0100
Subject: [PATCH] Revert "ping: use random value for the identifier field"
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This reverts commit 5026c2221a15bf13e601eade015c971bf07a27e9.
Unlike TCP and UDP, which use port to uniquely identify the socket to
deliver data, ICMP use identifier field (ID) to identify the socket.
Therefore if on the same machine, at the same time, two ping processes
use the same ID, echo reply can be delivered to the wrong socket.
This is known problem due 16 bit ID field (65535). We used to use PID
to get unique number. The default value of /proc/sys/kernel/pid_max is
32768 (half).
The problem is not new, but it was hidden until 5f6bec5 ("ping: Print
reply with wrong source with warning"). 5026c22 changed it to use our
random implementation to increase security. But that actually increases
the collisions on systems that use ping heavily: e.g. ping run with
Nagios via Debian specific check-host-alive Nagios plugin:
$ ping -n -v -D -W 1 -i 1 -c 5 -M 'do' -s 56 -O "$Host")
(75-100 ping instances in the reported issue.)
Because we consider warning from 5f6bec5 useful and not consider leaking
PID information as a real security issue, we revert 5026c22. getpid() is
used in other ping implementations:
* fping
https://github.com/schweikert/fping/blob/develop/src/fping.c#L496
* busybox
https://git.busybox.net/busybox/tree/networking/ping.c#n376
* FreeBSD
https://cgit.freebsd.org/src/tree/sbin/ping/ping.c#n632
* inetutils
https://git.savannah.gnu.org/cgit/inetutils.git/tree/ping/ping.c#n286
* Apple
https://opensource.apple.com/source/network_cmds/network_cmds-433/ping.tproj/ping.c.auto.html
In case leaking PID *is* a real problem, we could solve this with
comparing the ICMP optional data. We could add 128 bit random value to
check. But we already use struct timeval if packet size is big enough
for it (>= 16 bits), therefore we could use it for comparing for most of
the packet sizes (the default is 56 bits).
Fixes: https://github.com/iputils/iputils/issues/489
Closes: https://github.com/iputils/iputils/pull/503
Reported-by: Miloslav Hůla <miloslav.hula@gmail.com>
Suggested-by: Cyril Hrubis <chrubis@suse.cz>
Acked-by: Johannes Segitz jsegitz@suse.de
Acked-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Conflict:NA
Reference:https://github.com/iputils/iputils/commit/d466aabcadcc2d7fd1f132ea3f580ad102773cf9
---
ping/node_info.c | 1 +
ping/ping.c | 4 +---
ping/ping.h | 2 +-
ping/ping6_common.c | 2 +-
ping/ping_common.c | 4 ++--
5 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/ping/node_info.c b/ping/node_info.c
index 10a76818..ce392a28 100644
--- a/ping/node_info.c
+++ b/ping/node_info.c
@@ -91,6 +91,7 @@ int niquery_is_enabled(struct ping_ni *ni)
void niquery_init_nonce(struct ping_ni *ni)
{
#if PING6_NONCE_MEMORY
+ iputils_srand();
ni->nonce_ptr = calloc(NI_NONCE_SIZE, MAX_DUP_CHK);
if (!ni->nonce_ptr)
error(2, errno, "calloc");
diff --git a/ping/ping.c b/ping/ping.c
index f4707104..0ff5a487 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -569,8 +569,6 @@ main(int argc, char **argv)
if (!argc)
error(1, EDESTADDRREQ, "usage error");
- iputils_srand();
-
target = argv[argc - 1];
rts.outpack = malloc(rts.datalen + 28);
@@ -1527,7 +1525,7 @@ in_cksum(const unsigned short *addr, int len, unsigned short csum)
/*
* pinger --
* Compose and transmit an ICMP ECHO REQUEST packet. The IP packet
- * will be added on by the kernel. The ID field is a random number,
+ * will be added on by the kernel. The ID field is our UNIX process ID,
* and the sequence number is an ascending integer. The first several bytes
* of the data portion are used to hold a UNIX "timeval" struct in VAX
* byte-order, to compute the round-trip time.
diff --git a/ping/ping.h b/ping/ping.h
index 04b2ccf4..7799395f 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -159,7 +159,7 @@ struct ping_rts {
size_t datalen;
char *hostname;
uid_t uid;
- int ident; /* random id to identify our packets */
+ int ident; /* process id to identify our packets */
int sndbuf;
int ttl;
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 7b2bf158..5e78f852 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -583,7 +583,7 @@ int ping6_receive_error_msg(struct ping_rts *rts, socket_st *sock)
/*
* pinger --
* Compose and transmit an ICMP ECHO REQUEST packet. The IP packet
- * will be added on by the kernel. The ID field is a random number,
+ * will be added on by the kernel. The ID field is our UNIX process ID,
* and the sequence number is an ascending integer. The first several bytes
* of the data portion are used to hold a UNIX "timeval" struct in VAX
* byte-order, to compute the round-trip time.
diff --git a/ping/ping_common.c b/ping/ping_common.c
index ed4fee87..6eb1aa4e 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -303,7 +303,7 @@ void print_timestamp(struct ping_rts *rts)
/*
* pinger --
* Compose and transmit an ICMP ECHO REQUEST packet. The IP packet
- * will be added on by the kernel. The ID field is a random number,
+ * will be added on by the kernel. The ID field is our UNIX process ID,
* and the sequence number is an ascending integer. The first several bytes
* of the data portion are used to hold a UNIX "timeval" struct in VAX
* byte-order, to compute the round-trip time.
@@ -536,7 +536,7 @@ void setup(struct ping_rts *rts, socket_st *sock)
}
if (sock->socktype == SOCK_RAW && rts->ident == -1)
- rts->ident = rand() & IDENTIFIER_MAX;
+ rts->ident = htons(getpid() & 0xFFFF);
set_signal(SIGINT, sigexit);
set_signal(SIGALRM, sigexit);

64
backport-ping-Fix-the-errno-handling-for-strtod.patch Normal file
View File

@ -0,0 +1,64 @@
From 33e78be2e60ed9ac918dec13271d1bd9dce6e94e Mon Sep 17 00:00:00 2001
From: Jacek Tomasiak <jtomasiak@arista.com>
Date: Mon, 6 Feb 2023 13:39:44 +0100
Subject: [PATCH] ping: Fix the errno handling for strtod
The setlocale(LC_ALL, "") following the strtod() for the '-i' option
can fail if the LC_CTYPE is invalid.
Hence the errno check following the setlocale(LC_ALL, "") thinks
wrongly that strtod() failed with the errno and prints a warning:
$ LC_ALL=XXX ping -i 1.9 -c1 8.8.8.8
ping: option argument contains garbage:
ping: this will become fatal error in the future
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=1.34 ms
The errno got from the execution of strtod() is saved and restored
after setlocale() to be checked for any errors.
The problem is only on Fedora/CentOS/RHEL with applied patch [1]
from 2012 for glibc bug #14247.
[1] https://src.fedoraproject.org/rpms/glibc/blob/rawhide/f/glibc-rh827510.patch
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=14247
Closes: https://github.com/iputils/iputils/pull/450
Reference:https://github.com/iputils/iputils/commit/33e78be2e60ed9ac918dec13271d1bd9dce6e94e
Conflict:NA
Fixes: 918e824 ("ping: add support for sub-second timeouts")
Co-Developed-by: Sriram Rajagopalan <sriramr@arista.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
[ pvorel: mention glibc bug and Fedora/CentOS/RHEL ]
Signed-off-by: Sriram Rajagopalan <sriramr@arista.com>
Signed-off-by: Jacek Tomasiak <jtomasiak@arista.com>
---
ping/ping.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ping/ping.c b/ping/ping.c
index 89b0fa19..8f442037 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -214,6 +214,7 @@ static double ping_strtod(const char *str, const char *err_msg)
{
double num;
char *end = NULL;
+ int strtod_errno = 0;
if (str == NULL || *str == '\0')
goto err;
@@ -225,7 +226,10 @@ static double ping_strtod(const char *str, const char *err_msg)
*/
setlocale(LC_ALL, "C");
num = strtod(str, &end);
+ strtod_errno = errno;
setlocale(LC_ALL, "");
+ /* Ignore setlocale() errno (e.g. invalid locale in env). */
+ errno = strtod_errno;
if (errno || str == end || (end && *end)) {
error(0, 0, _("option argument contains garbage: %s"), end);

36
backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch Normal file
View File

@ -0,0 +1,36 @@
From 7448c33af407636e66ac90deb828764df51835d4 Mon Sep 17 00:00:00 2001
From: Josh Triplett <josh@joshtriplett.org>
Date: Mon, 20 Nov 2023 19:09:06 -0800
Subject: [PATCH] ping: Handle interval correctly in the second after booting
ping assumes that if a timespec has tv_sec == 0, it hasn't been
initialized yet. However, in the second after booting up, tv_sec will
legitimately be 0. This causes ping to send pings one after another
without waiting.
Check that tv_nsec is 0 as well.
Link: https://github.com/iputils/iputils/pull/499
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Tested-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Conflict:NA
Reference:https://github.com/iputils/iputils/commit/7448c33af407636e66ac90deb828764df51835d4
---
ping/ping_common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ping/ping_common.c b/ping/ping_common.c
index c8b868b7..5a6c35aa 100644
--- a/ping/ping_common.c
+++ b/ping/ping_common.c
@@ -321,7 +321,7 @@ int pinger(struct ping_rts *rts, ping_func_set_st *fset, socket_st *sock)
return 1000;
/* Check that packets < rate*time + preload */
- if (rts->cur_time.tv_sec == 0) {
+ if (rts->cur_time.tv_sec == 0 && rts->cur_time.tv_nsec == 0) {
clock_gettime(CLOCK_MONOTONIC_RAW, &rts->cur_time);
tokens = rts->interval * (rts->preload - 1);
} else {

26
backport-ping-Remove-duplicate-include.patch Normal file
View File

@ -0,0 +1,26 @@
From bacb69e166106f0125b7288f377299894c8c7e78 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Mon, 6 Mar 2023 21:17:09 +0100
Subject: [PATCH] ping.h: Remove duplicate include
Reference:https://github.com/iputils/iputils/commit/bacb69e166106f0125b7288f377299894c8c7e78
Conflict:NA
Fixes: ba7e8a7 ("ping: merge all ping header files into a single one")
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
ping/ping.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/ping/ping.h b/ping/ping.h
index caf79cd1..ef358ad4 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -23,7 +23,6 @@
#include <string.h>
#include <netdb.h>
#include <setjmp.h>
-#include <netinet/icmp6.h>
#include <asm/byteorder.h>
#include <sched.h>
#include <math.h>

52
backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch Normal file
View File

@ -0,0 +1,52 @@
From 0f12e6d5bb325df4eb9273b1e294a2cf94a53120 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 28 May 2024 12:25:57 +0200
Subject: [PATCH 1/1] ping: check return value of write() to avoid integer
overflow
Error: INTEGER_OVERFLOW (CWE-190):
iputils-20240117/ping/ping.h:291: tainted_data_return: Called function "write(1, str + o, len - o)", and a possible return value may be less than zero.
iputils-20240117/ping/ping.h:291: assign: Assigning: "cc" = "write(1, str + o, len - o)".
iputils-20240117/ping/ping.h:292: overflow: The expression "o += cc" might be negative, but is used in a context that treats it as unsigned.
iputils-20240117/ping/ping.h:291: overflow: The expression "len - o" is deemed underflowed because at least one of its arguments has underflowed.
iputils-20240117/ping/ping.h:291: overflow_sink: "len - o", which might have underflowed, is passed to "write(1, str + o, len - o)".
289| ssize_t cc;
290| do {
291|-> cc = write(STDOUT_FILENO, str + o, len - o);
292| o += cc;
293| } while (len > o || cc < 0);
Closes: https://github.com/iputils/iputils/pull/545
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Jan Macku <jamacku@redhat.com>
Reference:https://github.com/iputils/iputils/commit/0f12e6d5bb325df4eb9273b1e294a2cf94a53120
Conflict:NA
---
ping/ping.h | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ping/ping.h b/ping/ping.h
index 98d035d..3e2e3c3 100644
--- a/ping/ping.h
+++ b/ping/ping.h
@@ -290,8 +290,12 @@ static inline void write_stdout(const char *str, size_t len)
ssize_t cc;
do {
cc = write(STDOUT_FILENO, str + o, len - o);
- o += cc;
- } while (len > o || cc < 0);
+
+ if (cc < 0)
+ break;
+
+ o += (size_t) cc;
+ } while (len > o);
}
/*
--
2.33.0

45
backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch Normal file
View File

@ -0,0 +1,45 @@
From bacf1b7bb8555c407d065e97015319abef2a742d Mon Sep 17 00:00:00 2001
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Date: Thu, 4 Apr 2024 21:17:39 +0200
Subject: [PATCH 1/1] ping: fix IPv4 checksum check always succeeding once
again
This issue was fixed once already in commit bff65fbb6f73
("fix checksum always success in IPv4 ping."), but was reverted
shortly after, likely due to a botched rebase.
Fix this issue again, so ping correctly reports checksum mismatches
in ICMP ECHO replies.
This time it was found with barebox v2024.03.0 (or older) which has
broken checksum on a Raspberry Pi 3b and ping its network interface
(checksum mismatch verified by Wireshark).
Closes: https://github.com/iputils/iputils/pull/534
Fixes: 8b8686794f69 ("warnings: remove variable shadowing")
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Reference:https://github.com/iputils/iputils/commit/bacf1b7bb8555c407d065e97015319abef2a742d
Conflict:NA
---
ping/ping.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ping/ping.c b/ping/ping.c
index d0803fe..1a3e52c 100644
--- a/ping/ping.c
+++ b/ping/ping.c
@@ -1654,7 +1654,7 @@ int ping4_parse_reply(struct ping_rts *rts, struct socket_st *sock,
wrong_source = 1;
if (gather_statistics(rts, (uint8_t *)icp, sizeof(*icp), cc,
ntohs(icp->un.echo.sequence),
- reply_ttl, 0, tv, pr_addr(rts, from, sizeof *from),
+ reply_ttl, csfailed, tv, pr_addr(rts, from, sizeof *from),
pr_echo_reply, rts->multicast, wrong_source)) {
fflush(stdout);
return 0;
--
2.33.0

54
backport-ping6-Fix-support-for-DSCP.patch Normal file
View File

@ -0,0 +1,54 @@
From 425f711a62f7d7523badd6b917f15ad58ecdb0ae Mon Sep 17 00:00:00 2001
From: Guillaume Nault <guillaume.nault@wanadoo.fr>
Date: Thu, 18 May 2023 18:12:54 +0200
Subject: [PATCH] ping6: Fix support for DSCP (Traffic Class, option -Q)
Set the IPV6_TCLASS option on probe_fd. Otherwise ip-rule is unaware
of the DSCP value at connect() time and can lookup the remote address
in the wrong routing table.
For example:
ip route add table main unreachable 2001:db8::10/124
ip route add table 100 2001:db8::10/124 dev eth0
ip -6 rule add dsfield 0x04 table 100
ping -Q 0x04 2001:db8::11
Without this patch, probe_fd fails to connect to 2001:db8::11 (No route
to host) since the route lookup is done in the main table instead of
table 100.
Note that, to work correctly, this patch also depends on a Linux kernel
bug fix (see
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e010ae08c71fda8be3d6bda256837795a0b3ea41).
That kernel patch has been backported to Linux stable trees and should
have already reached most distributions.
Reference:https://github.com/iputils/iputils/commit/425f711a62f7d7523badd6b917f15ad58ecdb0ae
Conflict:NA
Fixes: 33370345c7d8 ("Initial import of iputils")
Link: https://github.com/iputils/iputils/pull/468
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Guillaume Nault <guillaume.nault@wanadoo.fr>
---
ping/ping6_common.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ping/ping6_common.c b/ping/ping6_common.c
index 21333aa0..e980a152 100644
--- a/ping/ping6_common.c
+++ b/ping/ping6_common.c
@@ -182,6 +182,10 @@ int ping6_run(struct ping_rts *rts, int argc, char **argv, struct addrinfo *ai,
disable_capability_raw();
}
+ if (rts->tclass &&
+ setsockopt(probe_fd, IPPROTO_IPV6, IPV6_TCLASS, &rts->tclass, sizeof (rts->tclass)) <0)
+ error(2, errno, "setsockopt(IPV6_TCLASS)");
+
if (!IN6_IS_ADDR_LINKLOCAL(&rts->firsthop.sin6_addr) &&
!IN6_IS_ADDR_MC_LINKLOCAL(&rts->firsthop.sin6_addr))
rts->firsthop.sin6_family = AF_INET6;

32
backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch Normal file
View File

@ -0,0 +1,32 @@
From c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b Mon Sep 17 00:00:00 2001
From: Josh Triplett <josh@joshtriplett.org>
Date: Mon, 20 Nov 2023 19:15:40 -0800
Subject: [PATCH] tracepath: Don't assume tv_sec == 0 means unset
A CLOCK_MONOTONIC timespec's tv_sec value can legitimately be 0 during
the second after booting. Check tv_nsec as well before assuming an unset
timestamp.
Closes: https://github.com/iputils/iputils/pull/499
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Conflict:NA
Reference:https://github.com/iputils/iputils/commit/c64bcd8d8eca5c7f66e75e0bc9d42828bc09ba1b
---
tracepath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tracepath.c b/tracepath.c
index 04d77b83..046dc332 100644
--- a/tracepath.c
+++ b/tracepath.c
@@ -192,7 +192,7 @@ static int recverr(struct run_state *const ctl)
ctl->his[slot].hops = 0;
}
if (recv_size == sizeof(rcvbuf)) {
- if (rcvbuf.ttl == 0 || rcvbuf.ts.tv_sec == 0)
+ if (rcvbuf.ttl == 0 || (rcvbuf.ts.tv_sec == 0 && rcvbuf.ts.tv_nsec == 0))
broken_router = 1;
else {
sndhops = rcvbuf.ttl;

17
iputils.spec
View File

@ -1,6 +1,6 @@
Name: iputils
Version: 20221126
Release: 5
Release: 6
Summary: Network monitoring tools including ping
License: BSD and GPLv2+
URL: https://github.com/iputils/iputils
@ -22,6 +22,15 @@ Patch6002: backport-tracepath-Restore-the-MTU-probing-behavior.patch
# reference https://github.com/iputils/iputils/commit/608c62b3967882d31ff9edde97e38de0fcff154b
Patch6003: backport-tracepath-Merge-if-clauses.patch
Patch6004: backport-ping-Fix-the-errno-handling-for-strtod.patch
Patch6005: backport-ping-Remove-duplicate-include.patch
Patch6006: backport-ping6-Fix-support-for-DSCP.patch
Patch6007: backport-Revert-ping-use-random-value-for-the-identifier-field.patch
Patch6008: backport-ping-Handle-interval-correctly-in-the-second-after-booting.patch
Patch6009: backport-tracepath-Dont-assume-tv_sec-0-means-unset.patch
Patch6010: backport-ping-check-return-value-of-write-to-avoid-integer-overflow.patch
Patch6011: backport-ping-fix-IPv4-checksum-check-always-succeeding-once-again.patch
BuildRequires: gcc meson libidn2-devel openssl-devel libcap-devel libxslt
BuildRequires: docbook5-style-xsl systemd iproute glibc-kernheaders gettext
%{?systemd_ordering}
@ -91,6 +100,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
%{_mandir}/man8/*.8.gz
%changelog
* Thu Feb 13 2025 yanglu <yanglu72@h-partners.com> - 20221126-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:sync some patches from upstream
* Thu May 16 2024 xiaozai <xiaozai@kylinos.cn> - 20221126-5
- Type:NA
- ID:NA