pinger_8cc_source.html

/*

 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors

 *

 * Squid software is distributed under GPLv2+ license and includes

 * contributions from numerous individuals and organizations.

 * Please see the COPYING and CONTRIBUTORS files for details.

 */


/* DEBUG: section 42    ICMP Pinger program */


#define SQUID_HELPER 1


#include "squid.h"

#include "debug/Stream.h"


#if USE_ICMP


#include "base/Stopwatch.h"

#include "base/TextException.h"

#include "compat/select.h"

#include "compat/socket.h"

#include "Icmp4.h"

#include "Icmp6.h"

#include "IcmpPinger.h"

#include "ip/tools.h"

#include "time/gadgets.h"


#if HAVE_SYS_CAPABILITY_H

#include <sys/capability.h>

#endif


#if _SQUID_WINDOWS_


#include <process.h>


#include "fde.h"


/* windows uses the control socket for feedback to squid */

#define LINK_TO_SQUID squid_link


// windows still requires WSAFD but there are too many dependency problems

// to just link to win32.cc where it is normally defined.


int

Win32__WSAFDIsSet(int fd, fd_set FAR * set)

{

    fde *F = &fd_table[fd];

    SOCKET s = F->win32.handle;


    return __WSAFDIsSet(s, set);

}


#else


/* non-windows use STDOUT for feedback to squid */

#define LINK_TO_SQUID   1


#endif  /* _SQUID_WINDOWS_ */


using namespace std::literals::chrono_literals;

static const auto PingerTimeout = 10s;


// ICMP Engines are declared global here so they can call each other easily.

IcmpPinger control;

Icmp4 icmp4;

Icmp6 icmp6;


int icmp_pkts_sent = 0;


static std::ostream &


TerminationReason(std::ostream &os)

{

    if (std::current_exception())

        os << CurrentException;

    else

        os << "An undetermined failure";

    return os;

}


static void


OnTerminate()

{

    // ignore recursive calls to avoid termination loops

    static bool terminating = false;

    if (terminating)

        return;

    terminating = true;


    debugs(1, DBG_CRITICAL, "FATAL: " << TerminationReason);


    control.Close(); // TODO: Here and elsewhere, rely on IcmpPinger class destructor instead.

    Debug::PrepareToDie();

    abort();

}


int


main(int, char **)

{

    // TODO: Apply this try/catch-less approach to address SquidMainSafe() XXX.

    (void)std::set_terminate(&OnTerminate);


    fd_set R;

    int max_fd = 0;


    /*

     * cevans - do this first. It grabs a raw socket. After this we can

     * drop privs

     */

    int icmp4_worker = -1;

    int icmp6_worker = -1;

    int squid_link = -1;


    Debug::NameThisHelper("pinger");


    getCurrentTime();


    // determine IPv4 or IPv6 capabilities before using sockets.

    Ip::ProbeTransport();


    debugs(42, DBG_CRITICAL, "Initialising ICMP pinger ...");


    icmp4_worker = icmp4.Open();

    if (icmp4_worker < 0) {

        debugs(42, DBG_CRITICAL, "ERROR: Unable to start ICMP pinger.");

    }

    max_fd = max(max_fd, icmp4_worker);


#if USE_IPV6

    icmp6_worker = icmp6.Open();

    if (icmp6_worker <0 ) {

        debugs(42, DBG_CRITICAL, "ERROR: Unable to start ICMPv6 pinger.");

    }

    max_fd = max(max_fd, icmp6_worker);

#endif


    if (icmp4_worker < 0 && icmp6_worker < 0) {

        debugs(42, DBG_CRITICAL, "FATAL: Unable to open any ICMP sockets.");

        exit(EXIT_FAILURE);

    }


    if ( (squid_link = control.Open()) < 0) {

        debugs(42, DBG_CRITICAL, "FATAL: Unable to setup Pinger control sockets.");

        icmp4.Close();

        icmp6.Close();

        exit(EXIT_FAILURE); // fatal error if the control channel fails.

    }

    max_fd = max(max_fd, squid_link);


    if (setgid(getgid()) < 0) {

        int xerrno = errno;

        debugs(42, DBG_CRITICAL, "FATAL: setgid(" << getgid() << ") failed: " << xstrerr(xerrno));

        icmp4.Close();

        icmp6.Close();

        exit(EXIT_FAILURE);

    }

    if (setuid(getuid()) < 0) {

        int xerrno = errno;

        debugs(42, DBG_CRITICAL, "FATAL: setuid(" << getuid() << ") failed: " << xstrerr(xerrno));

        icmp4.Close();

        icmp6.Close();

        exit(EXIT_FAILURE);

    }


#if HAVE_LIBCAP

    // Drop remaining capabilities (if installed as non-setuid setcap cap_net_raw=ep).

    // If pinger binary was installed setuid root, setuid() above already dropped all

    // capabilities, and this is no-op.

    cap_t caps;

    caps = cap_init();

    if (!caps) {

        int xerrno = errno;

        debugs(42, DBG_CRITICAL, "FATAL: cap_init() failed: " << xstrerr(xerrno));

        icmp4.Close();

        icmp6.Close();

        exit(EXIT_FAILURE);

    } else {

        if (cap_set_proc(caps) != 0) {

            int xerrno = errno;

            // cap_set_proc(cap_init()) is expected to never fail

            debugs(42, DBG_CRITICAL, "FATAL: cap_set_proc(none) failed: " << xstrerr(xerrno));

            cap_free(caps);

            icmp4.Close();

            icmp6.Close();

            exit(EXIT_FAILURE);

        }

        cap_free(caps);

    }

#endif


    for (;;) {

        struct timeval tv;

        tv.tv_sec = std::chrono::seconds(PingerTimeout).count();

        tv.tv_usec = 0;

        FD_ZERO(&R);

        if (icmp4_worker >= 0) {

            FD_SET(icmp4_worker, &R);

        }

        if (icmp6_worker >= 0) {

            FD_SET(icmp6_worker, &R);

        }


        FD_SET(squid_link, &R);

        Stopwatch timer;

        timer.resume();

        const auto x = xselect(max_fd+1, &R, nullptr, nullptr, &tv);

        getCurrentTime();


        if (x < 0) {

            int xerrno = errno;

            debugs(42, DBG_CRITICAL, "FATAL: select()==" << x << ", ERR: " << xstrerr(xerrno));

            control.Close();

            exit(EXIT_FAILURE);

        }


        if (FD_ISSET(squid_link, &R)) {

            control.Recv();

        }


        if (icmp6_worker >= 0 && FD_ISSET(icmp6_worker, &R)) {

            icmp6.Recv();

        }

        if (icmp4_worker >= 0 && FD_ISSET(icmp4_worker, &R)) {

            icmp4.Recv();

        }


        const auto delay = std::chrono::duration_cast<std::chrono::seconds>(timer.total());

        if (delay >= PingerTimeout) {

            if (xsend(LINK_TO_SQUID, &tv, 0, 0) < 0) {

                debugs(42, DBG_CRITICAL, "Closing. No requests in last " << delay.count() << " seconds.");

                control.Close();

                exit(EXIT_FAILURE);

            }

        }

    }


    /* NOTREACHED */

    return EXIT_SUCCESS;

}


#else /* !USE_ICMP */


#include <ostream>

int

main(int, char *argv[])

{

    std::cerr << argv[0] << ": ICMP support not compiled in." << std::endl;

    return EXIT_FAILURE;

}


#endif /* USE_ICMP */


Icmp4.h

Icmp6.h

IcmpPinger.h

Stopwatch.h

CurrentException
std::ostream & CurrentException(std::ostream &os)
prints active (i.e., thrown but not yet handled) exception
Definition TextException.cc:88

TextException.h

Debug::PrepareToDie
static void PrepareToDie()
Definition debug.cc:563

Debug::NameThisHelper
static void NameThisHelper(const char *name)
Definition debug.cc:384

Icmp4
Definition Icmp4.h:127

Icmp4::Recv
void Recv(void) override
Handle ICMP responses.
Definition Icmp4.cc:160

Icmp4::Open
int Open() override
Start pinger helper and initiate control channel.
Definition Icmp4.cc:68

Icmp6
Definition Icmp6.h:46

Icmp6::Open
int Open() override
Start pinger helper and initiate control channel.
Definition Icmp6.cc:100

Icmp6::Recv
void Recv(void) override
Definition Icmp6.cc:200

IcmpPinger
Definition IcmpPinger.h:19

IcmpPinger::Recv
void Recv(void) override
Handle ICMP requests from squid, passing to helpers.
Definition IcmpPinger.cc:170

IcmpPinger::Close
void Close() override
Shutdown pinger helper and control channel.
Definition IcmpPinger.cc:154

IcmpPinger::Open
int Open() override
Start and initiate control channel to squid.
Definition IcmpPinger.cc:48

Icmp::Close
virtual void Close()
Shutdown pinger helper and control channel.
Definition Icmp.cc:26

Stopwatch
Definition Stopwatch.h:19

Stopwatch::total
Clock::duration total() const
Definition Stopwatch.cc:22

Stopwatch::resume
void resume()
Definition Stopwatch.cc:31

fde
Definition fde.h:52

max
A const & max(A const &lhs, A const &rhs)
Definition compat_shared.h:124

Stream.h

debugs
#define debugs(SECTION, LEVEL, CONTENT)
Definition Stream.h:192

DBG_CRITICAL
#define DBG_CRITICAL
Definition Stream.h:37

fde.h

fd_table
#define fd_table
Definition fde.h:189

tools.h

main
int main()
Definition kerberos_ldap_group.cc:492

Ip::ProbeTransport
void ProbeTransport(void)
Probe to discover IPv6 capabilities.

control
IcmpPinger control
pinger helper contains one of these as a global object.
Definition pinger.cc:93

icmp_pkts_sent
int icmp_pkts_sent
Definition pinger.cc:97

LINK_TO_SQUID
#define LINK_TO_SQUID
Definition pinger.cc:85

OnTerminate
static void OnTerminate()
Definition pinger.cc:111

PingerTimeout
static const auto PingerTimeout
Definition pinger.cc:90

icmp6
Icmp6 icmp6
pinger helper contains one of these as a global object.
Definition pinger.cc:95

TerminationReason
static std::ostream & TerminationReason(std::ostream &os)
reports std::terminate() cause (e.g., an uncaught or prohibited exception)
Definition pinger.cc:101

icmp4
Icmp4 icmp4
pinger helper contains one of these as a global object.
Definition pinger.cc:94

select.h

xselect
int xselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, struct timeval *timeout)
POSIX select(2) equivalent.
Definition select.h:22

socket.h

xsend
ssize_t xsend(int socketFd, const void *buf, size_t bufLength, int flags)
POSIX send(2) equivalent.
Definition socket.h:110

squid.h

getCurrentTime
time_t getCurrentTime() STUB_RETVAL(0) int tvSubUsec(struct timeval

gadgets.h

xstrerr
const char * xstrerr(int error)
Definition xstrerror.cc:83