Add patch from OWL for non-root/set*id/cap ping support.

(Portage version: 2.2.0_alpha72/cvs/Linux x86_64)

4 files changed, 327 insertions, 2 deletions

diff --git a/net-misc/iputils/ChangeLog b/net-misc/iputils/ChangeLog
index 2457ce1924bd..c65d7301c4ff 100644
--- a/net-misc/iputils/ChangeLog
+++ b/net-misc/iputils/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/iputils
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/ChangeLog,v 1.98 2011/09/21 09:01:28 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/ChangeLog,v 1.99 2011/11/09 22:34:11 vapier Exp $
+
+*iputils-20101006-r2 (09 Nov 2011)
+
+  09 Nov 2011; Mike Frysinger <vapier@gentoo.org> +iputils-20101006-r2.ebuild,
+  +files/iputils-20101006-owl-pingsock.diff, iputils-99999999.ebuild:
+  Add patch from OWL for non-root/set*id/cap ping support.
 
   21 Sep 2011; Michał Górny <mgorny@gentoo.org> iputils-99999999.ebuild:
   Migrate to git-2.
diff --git a/net-misc/iputils/files/iputils-20101006-owl-pingsock.diff b/net-misc/iputils/files/iputils-20101006-owl-pingsock.diff
new file mode 100644
index 000000000000..86c85bcaa27c
--- /dev/null
+++ b/net-misc/iputils/files/iputils-20101006-owl-pingsock.diff
@@ -0,0 +1,224 @@
+http://openwall.info/wiki/people/segoon/ping
+
+--- iputils-s20101006/ping.c
++++ iputils-s20101006/ping.c
+@@ -88,6 +88,7 @@ struct sockaddr_in whereto;	/* who to pi
+ int optlen = 0;
+ int settos = 0;			/* Set TOS, Precendence or other QOS options */
+ int icmp_sock;			/* socket file descriptor */
++int using_ping_socket = 0;
+ u_char outpack[0x10000];
+ int maxpacket = sizeof(outpack);
+ 
+@@ -123,7 +124,11 @@ main(int argc, char **argv)
+ 	char *target, hnamebuf[MAX_HOSTNAMELEN];
+ 	char rspace[3 + 4 * NROUTES + 1];	/* record route space */
+ 
+-	icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
++	icmp_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
++	if (icmp_sock != -1)
++		using_ping_socket = 1;
++	else
++		icmp_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+ 	socket_errno = errno;
+ 
+ 	uid = getuid();
+@@ -377,13 +382,35 @@ main(int argc, char **argv)
+ 		}
+ 	}
+ 
+-	if ((options&F_STRICTSOURCE) &&
+-	    bind(icmp_sock, (struct sockaddr*)&source, sizeof(source)) == -1) {
+-		perror("bind");
+-		exit(2);
++	if (!using_ping_socket) {
++		if ((options&F_STRICTSOURCE) &&
++		    bind(icmp_sock, (struct sockaddr*)&source, sizeof(source)) == -1) {
++			perror("bind");
++			exit(2);
++		}
++	} else {
++		struct sockaddr_in sa;
++		socklen_t sl;
++
++		sa.sin_family = AF_INET;
++		sa.sin_port = 0;
++		sa.sin_addr.s_addr = (options&F_STRICTSOURCE) ?
++			source.sin_addr.s_addr : 0;
++		sl = sizeof(sa);
++
++		if (bind(icmp_sock, (struct sockaddr *) &sa, sl) == -1) {
++			perror("bind");
++			exit(2);
++		}
++
++		if (getsockname(icmp_sock, (struct sockaddr *) &sa, &sl) == -1) {
++			perror("getsockname");
++			exit(2);
++		}
++		ident = sa.sin_port;
+ 	}
+ 
+-	if (1) {
++	if (!using_ping_socket) {
+ 		struct icmp_filter filt;
+ 		filt.data = ~((1<<ICMP_SOURCE_QUENCH)|
+ 			      (1<<ICMP_DEST_UNREACH)|
+@@ -398,6 +425,12 @@ main(int argc, char **argv)
+ 	hold = 1;
+ 	if (setsockopt(icmp_sock, SOL_IP, IP_RECVERR, (char *)&hold, sizeof(hold)))
+ 		fprintf(stderr, "WARNING: your kernel is veeery old. No problems.\n");
++	if (using_ping_socket) {
++		if (setsockopt(icmp_sock, SOL_IP, IP_RECVTTL, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RECVTTL)");
++		if (setsockopt(icmp_sock, SOL_IP, IP_RETOPTS, (char *)&hold, sizeof(hold)))
++			perror("WARNING: setsockopt(IP_RETOPTS)");
++	}
+ 
+ 	/* record route option */
+ 	if (options & F_RROUTE) {
+@@ -566,6 +599,7 @@ int receive_error_msg()
+ 		nerrors++;
+ 	} else if (e->ee_origin == SO_EE_ORIGIN_ICMP) {
+ 		struct sockaddr_in *sin = (struct sockaddr_in*)(e+1);
++		int error_pkt;
+ 
+ 		if (res < sizeof(icmph) ||
+ 		    target.sin_addr.s_addr != whereto.sin_addr.s_addr ||
+@@ -576,9 +610,18 @@ int receive_error_msg()
+ 			goto out;
+ 		}
+ 
+-		acknowledge(ntohs(icmph.un.echo.sequence));
++		error_pkt = (e->ee_type != ICMP_REDIRECT &&
++			     e->ee_type != ICMP_SOURCE_QUENCH);
++		if (error_pkt) {
++			acknowledge(ntohs(icmph.un.echo.sequence));
++			net_errors++;
++			nerrors++;
++		}
++		else {
++			saved_errno = 0;
++		}
+ 
+-		if (!working_recverr) {
++		if (!using_ping_socket && !working_recverr) {
+ 			struct icmp_filter filt;
+ 			working_recverr = 1;
+ 			/* OK, it works. Add stronger filter. */
+@@ -589,15 +632,14 @@ int receive_error_msg()
+ 				perror("\rWARNING: setsockopt(ICMP_FILTER)");
+ 		}
+ 
+-		net_errors++;
+-		nerrors++;
+ 		if (options & F_QUIET)
+ 			goto out;
+ 		if (options & F_FLOOD) {
+-			write(STDOUT_FILENO, "\bE", 2);
++			if (error_pkt)
++				write(STDOUT_FILENO, "\bE", 2);
+ 		} else {
+ 			print_timestamp();
+-			printf("From %s icmp_seq=%u ", pr_addr(sin->sin_addr.s_addr), ntohs(icmph.un.echo.sequence));
++			printf("From %s: icmp_seq=%u ", pr_addr(sin->sin_addr.s_addr), ntohs(icmph.un.echo.sequence));
+ 			pr_icmph(e->ee_type, e->ee_code, e->ee_info, NULL);
+ 			fflush(stdout);
+ 		}
+@@ -695,15 +737,41 @@ parse_reply(struct msghdr *msg, int cc, 
+ 	struct iphdr *ip;
+ 	int hlen;
+ 	int csfailed;
++	struct cmsghdr *cmsg;
++	int ttl;
++	__u8 *opts;
++	int optlen;
+ 
+ 	/* Check the IP header */
+ 	ip = (struct iphdr *)buf;
+-	hlen = ip->ihl*4;
+-	if (cc < hlen + 8 || ip->ihl < 5) {
+-		if (options & F_VERBOSE)
+-			fprintf(stderr, "ping: packet too short (%d bytes) from %s\n", cc,
+-				pr_addr(from->sin_addr.s_addr));
+-		return 1;
++	if (!using_ping_socket) {
++		hlen = ip->ihl*4;
++		if (cc < hlen + 8 || ip->ihl < 5) {
++			if (options & F_VERBOSE)
++				fprintf(stderr, "ping: packet too short (%d bytes) from %s\n", cc,
++					pr_addr(from->sin_addr.s_addr));
++			return 1;
++		}
++		ttl = ip->ttl;
++		opts = buf + sizeof(struct iphdr);
++		optlen = hlen - sizeof(struct iphdr);
++	} else {
++		hlen = 0;
++		ttl = 0;
++		opts = buf;
++		optlen = 0;
++		for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
++			if (cmsg->cmsg_level != SOL_IP)
++				continue;
++			if (cmsg->cmsg_type == IP_TTL) {
++				if (cmsg->cmsg_len < sizeof(int))
++					continue;
++				ttl = *(int *) CMSG_DATA(cmsg);
++			} else if (cmsg->cmsg_type == IP_RETOPTS) {
++				opts = (__u8 *) CMSG_DATA(cmsg);
++				optlen = cmsg->cmsg_len;
++			}
++		}
+ 	}
+ 
+ 	/* Now the ICMP part */
+@@ -716,7 +784,7 @@ parse_reply(struct msghdr *msg, int cc, 
+ 			return 1;			/* 'Twas not our ECHO */
+ 		if (gather_statistics((__u8*)icp, sizeof(*icp), cc,
+ 				      ntohs(icp->un.echo.sequence),
+-				      ip->ttl, 0, tv, pr_addr(from->sin_addr.s_addr),
++				      ttl, 0, tv, pr_addr(from->sin_addr.s_addr),
+ 				      pr_echo_reply))
+ 			return 0;
+ 	} else {
+@@ -807,7 +875,7 @@ parse_reply(struct msghdr *msg, int cc, 
+ 	}
+ 
+ 	if (!(options & F_FLOOD)) {
+-		pr_options(buf + sizeof(struct iphdr), hlen);
++		pr_options(opts, optlen + sizeof(struct iphdr));
+ 
+ 		if (options & F_AUDIBLE)
+ 			putchar('\a');
+@@ -916,8 +984,7 @@ void pr_icmph(__u8 type, __u8 code, __u3
+ 			printf("Redirect, Bad Code: %d", code);
+ 			break;
+ 		}
+-		if (icp)
+-			printf("(New nexthop: %s)\n", pr_addr(icp->un.gateway));
++		printf("(New nexthop: %s)\n", pr_addr(icp ? icp->un.gateway : info));
+ 		if (icp && (options & F_VERBOSE))
+ 			pr_iph((struct iphdr*)(icp + 1));
+ 		break;
+@@ -1217,7 +1284,7 @@ void install_filter(void)
+ 		insns
+ 	};
+ 
+-	if (once)
++	if (once || using_ping_socket)
+ 		return;
+ 	once = 1;
+ 
+--- iputils-s20101006/ping_common.c
++++ iputils-s20101006/ping_common.c
+@@ -515,7 +515,8 @@ void setup(int icmp_sock)
+ 			*p++ = i;
+ 	}
+ 
+-	ident = htons(getpid() & 0xFFFF);
++	if (!ident)
++		ident = htons(getpid() & 0xFFFF);
+ 
+ 	set_signal(SIGINT, sigexit);
+ 	set_signal(SIGALRM, sigexit);
diff --git a/net-misc/iputils/iputils-20101006-r2.ebuild b/net-misc/iputils/iputils-20101006-r2.ebuild
new file mode 100644
index 000000000000..ace5a8c68d57
--- /dev/null
+++ b/net-misc/iputils/iputils-20101006-r2.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/iputils-20101006-r2.ebuild,v 1.1 2011/11/09 22:34:11 vapier Exp $
+
+# For released versions, we precompile the man/html pages and store
+# them in a tarball on our mirrors.  This avoids ugly issues while
+# building stages, and when the jade/sgml packages are broken (which
+# seems to be more common than would be nice).
+
+EAPI="2"
+
+inherit flag-o-matic eutils toolchain-funcs
+if [[ ${PV} == "99999999" ]] ; then
+	EGIT_REPO_URI="git://www.linux-ipv6.org/gitroot/iputils"
+	inherit git-2
+else
+	SRC_URI="http://www.skbuff.net/iputils/iputils-s${PV}.tar.bz2
+		mirror://gentoo/iputils-s${PV}-manpages.tar.bz2"
+	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux"
+fi
+
+DESCRIPTION="Network monitoring tools including ping and ping6"
+HOMEPAGE="http://www.linux-foundation.org/en/Net:Iputils"
+
+LICENSE="BSD"
+SLOT="0"
+IUSE="doc idn ipv6 SECURITY_HAZARD ssl static"
+
+RDEPEND="!net-misc/rarpd
+	ssl? ( dev-libs/openssl )
+	idn? ( net-dns/libidn )"
+DEPEND="${RDEPEND}
+	virtual/os-headers"
+if [[ ${PV} == "99999999" ]] ; then
+	DEPEND+="
+		app-text/openjade
+		dev-perl/SGMLSpm
+		app-text/docbook-sgml-dtd
+		app-text/docbook-sgml-utils
+	"
+fi
+
+S=${WORKDIR}/${PN}-s${PV}
+
+src_prepare() {
+	epatch "${FILESDIR}"/021109-uclibc-no-ether_ntohost.patch
+	epatch "${FILESDIR}"/${PN}-20100418-openssl.patch #335436
+	epatch "${FILESDIR}"/${PN}-20100418-so_mark.patch #335347
+	epatch "${FILESDIR}"/${PN}-20100418-makefile.patch
+	epatch "${FILESDIR}"/${PN}-20100418-proper-libs.patch #332703
+	epatch "${FILESDIR}"/${PN}-20100418-printf-size.patch
+	epatch "${FILESDIR}"/${PN}-20100418-aliasing.patch
+	epatch "${FILESDIR}"/${PN}-20071127-kernel-ifaddr.patch
+	epatch "${FILESDIR}"/${PN}-20070202-idn.patch #218638
+	epatch "${FILESDIR}"/${PN}-20071127-infiniband.patch #377687
+	epatch "${FILESDIR}"/${PN}-20101006-owl-pingsock.diff
+	use SECURITY_HAZARD && epatch "${FILESDIR}"/${PN}-20071127-nonroot-floodping.patch
+	use static && append-ldflags -static
+	use ssl && append-cppflags -DHAVE_OPENSSL
+	use ipv6 || sed -i -e 's:IPV6_TARGETS=:#IPV6_TARGETS=:' Makefile
+	export IDN=$(use idn && echo yes)
+}
+
+src_compile() {
+	tc-export CC
+	emake || die
+
+	if [[ ${PV} == "99999999" ]] ; then
+		emake -j1 html man || die
+	fi
+}
+
+src_install() {
+	into /
+	dobin ping || die
+	use ipv6 && dobin ping6
+	dosbin arping || die
+	into /usr
+	dosbin tracepath || die
+	use ipv6 && dosbin trace{path,route}6
+	dosbin clockdiff rarpd rdisc ipg tftpd || die
+
+	fperms 4711 /bin/ping
+	use ipv6 && fperms 4711 /bin/ping6 /usr/sbin/traceroute6
+
+	dodoc INSTALL RELNOTES
+	use ipv6 \
+		&& dosym ping.8 /usr/share/man/man8/ping6.8 \
+		|| rm -f doc/*6.8
+	rm -f doc/setkey.8
+	doman doc/*.8
+
+	use doc && dohtml doc/*.html
+}
diff --git a/net-misc/iputils/iputils-99999999.ebuild b/net-misc/iputils/iputils-99999999.ebuild
index 44546cfe1ed8..5207736b8d17 100644
--- a/net-misc/iputils/iputils-99999999.ebuild
+++ b/net-misc/iputils/iputils-99999999.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/iputils-99999999.ebuild,v 1.5 2011/09/21 09:01:28 mgorny Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/iputils/iputils-99999999.ebuild,v 1.6 2011/11/09 22:34:11 vapier Exp $
 
 # For released versions, we precompile the man/html pages and store
 # them in a tarball on our mirrors.  This avoids ugly issues while
@@ -53,6 +53,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-20071127-kernel-ifaddr.patch
 	epatch "${FILESDIR}"/${PN}-20070202-idn.patch #218638
 	epatch "${FILESDIR}"/${PN}-20071127-infiniband.patch #377687
+	epatch "${FILESDIR}"/${PN}-20101006-owl-pingsock.diff
 	use SECURITY_HAZARD && epatch "${FILESDIR}"/${PN}-20071127-nonroot-floodping.patch
 	use static && append-ldflags -static
 	use ssl && append-cppflags -DHAVE_OPENSSL