/*
- * $Id$
- *
- * DEBUG: section 42 ICMP Pinger program
- * AUTHOR: Duane Wessels
- *
- * SQUID Web Proxy Cache http://www.squid-cache.org/
- * ----------------------------------------------------------
- *
- * Squid is the result of efforts by numerous individuals from
- * the Internet community; see the CONTRIBUTORS file for full
- * details. Many organizations have provided support for Squid's
- * development; see the SPONSORS file for full details. Squid is
- * Copyrighted (C) 2001 by the Regents of the University of
- * California; see the COPYRIGHT file for full details. Squid
- * incorporates software developed and/or copyrighted by other
- * sources; see the CREDITS file for full details.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
*
+ * Squid software is distributed under GPLv2+ license and includes
+ * contributions from numerous individuals and organizations.
+ * Please see the COPYING and CONTRIBUTORS files for details.
*/
+/* DEBUG: section 42 ICMP Pinger program */
+
#define SQUID_HELPER 1
/**
* ICP_OP_MISS_NOFETCH for sites which it cannot ping.
*/
-#include "squid-old.h"
+#include "squid.h"
+#include "Debug.h"
#include "SquidTime.h"
#if USE_ICMP
#include "Icmp4.h"
#include "Icmp6.h"
#include "IcmpPinger.h"
+#include "ip/tools.h"
-#if _SQUID_MSWIN_
+#if _SQUID_WINDOWS_
#if HAVE_WINSOCK2_H
#include <winsock2.h>
#define PINGER_TIMEOUT 10
/* non-windows use STDOUT for feedback to squid */
-#define LINK_TO_SQUID 1
+#define LINK_TO_SQUID 1
-#endif /* _SQUID_MSWIN_ */
+#endif /* _SQUID_WINDOWS_ */
// ICMP Engines are declared global here so they can call each other easily.
IcmpPinger control;
getCurrentTime();
+ // determine IPv4 or IPv6 capabilities before using sockets.
+ Ip::ProbeTransport();
+
_db_init(NULL, debug_args);
- debugs(42, 0, "pinger: Initialising ICMP pinger ...");
+ debugs(42, DBG_CRITICAL, "pinger: Initialising ICMP pinger ...");
icmp4_worker = icmp4.Open();
if (icmp4_worker < 0) {
- debugs(42, 0, "pinger: Unable to start ICMP pinger.");
+ debugs(42, DBG_CRITICAL, "pinger: Unable to start ICMP pinger.");
}
max_fd = max(max_fd, icmp4_worker);
#if USE_IPV6
icmp6_worker = icmp6.Open();
if (icmp6_worker <0 ) {
- debugs(42, 0, "pinger: Unable to start ICMPv6 pinger.");
+ debugs(42, DBG_CRITICAL, "pinger: Unable to start ICMPv6 pinger.");
}
max_fd = max(max_fd, icmp6_worker);
#endif
/** abort if neither worker could open a socket. */
if (icmp4_worker < 0 && icmp6_worker < 0) {
- debugs(42, 0, "FATAL: pinger: Unable to open any ICMP sockets.");
- exit(1);
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to open any ICMP sockets.");
+ exit(EXIT_FAILURE);
}
if ( (squid_link = control.Open()) < 0) {
- debugs(42, 0, "FATAL: pinger: Unable to setup Pinger control sockets.");
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to setup Pinger control sockets.");
icmp4.Close();
icmp6.Close();
- exit(1); // fatal error if the control channel fails.
+ exit(EXIT_FAILURE); // fatal error if the control channel fails.
}
max_fd = max(max_fd, squid_link);
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()) < 0) {
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: setgid(" << getgid() << ") failed: " << xstrerr(xerrno));
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ }
+ if (setuid(getuid()) < 0) {
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: setuid(" << getuid() << ") failed: " << xstrerr(xerrno));
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ }
+
+#if USE_LIBCAP
+ // Drop remaining capabilities (if installed as non-setuid setcap cap_net_raw=ep).
+ // If pinger binary was installed setuid root, setuid() above already dropped all
+ // capabilities, and this is no-op.
+ cap_t caps;
+ caps = cap_init();
+ if (!caps) {
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_init() failed: " << xstrerr(xerrno));
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ } else {
+ if (cap_set_proc(caps) != 0) {
+ int xerrno = errno;
+ // cap_set_proc(cap_init()) is expected to never fail
+ debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_set_proc(none) failed: " << xstrerr(xerrno));
+ cap_free(caps);
+ icmp4.Close();
+ icmp6.Close();
+ exit(EXIT_FAILURE);
+ }
+ cap_free(caps);
+ }
+#endif
last_check_time = squid_curtime;
}
FD_SET(squid_link, &R);
- x = select(10, &R, NULL, NULL, &tv);
+ x = select(max_fd+1, &R, NULL, NULL, &tv);
getCurrentTime();
if (x < 0) {
- debugs(42, 0, HERE << " FATAL Shutdown. select()==" << x << ", ERR: " << xstrerror());
+ int xerrno = errno;
+ debugs(42, DBG_CRITICAL, HERE << " FATAL Shutdown. select()==" << x << ", ERR: " << xstrerr(xerrno));
control.Close();
- exit(1);
+ exit(EXIT_FAILURE);
}
if (FD_ISSET(squid_link, &R)) {
if (PINGER_TIMEOUT + last_check_time < squid_curtime) {
if (send(LINK_TO_SQUID, &tv, 0, 0) < 0) {
- debugs(42, 0, "pinger: Closing. No requests in last " << PINGER_TIMEOUT << " seconds.");
+ debugs(42, DBG_CRITICAL, "pinger: Closing. No requests in last " << PINGER_TIMEOUT << " seconds.");
control.Close();
- exit(1);
+ exit(EXIT_FAILURE);
}
last_check_time = squid_curtime;
}
/* NOTREACHED */
- return 0;
+ return EXIT_SUCCESS;
}
-#else
-#include <stdio.h>
+#else /* !USE_ICMP */
+
+#include <ostream>
int
main(int argc, char *argv[])
{
- fprintf(stderr, "%s: ICMP support not compiled in.\n", argv[0]);
- return 1;
+ std::cerr << argv[0] << ": ICMP support not compiled in." << std::endl;
+ return EXIT_FAILURE;
}
#endif /* USE_ICMP */
+