git: ec3da16d8bc1 - stable/14 - tcpdump: Update to 4.99.5

From: Joseph Mingrone <jrm_at_FreeBSD.org>
Date: Tue, 08 Oct 2024 00:31:52 UTC
The branch stable/14 has been updated by jrm:

URL: https://cgit.FreeBSD.org/src/commit/?id=ec3da16d8bc19ad90f04cc227fc8f409813c44f4

commit ec3da16d8bc19ad90f04cc227fc8f409813c44f4
Author:     Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2024-09-23 19:23:25 +0000
Commit:     Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2024-10-07 18:32:06 +0000

    tcpdump: Update to 4.99.5
    
    Changes:        https://git.tcpdump.org/tcpdump/blob/4a789712f187e3ac7b2c0044c3a3f8c71b83646e:/CHANGES
    Obtained from:  https://www.tcpdump.org/release/tcpdump-4.99.5.tar.xz
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 0a7e5f1f02aad2ff5fff1c60f44c6975fd07e1d9)
---
 contrib/tcpdump/CHANGES                        |  131 +-
 contrib/tcpdump/CMakeLists.txt                 |  301 +-
 contrib/tcpdump/CONTRIBUTING.md                |  269 +-
 contrib/tcpdump/CREDITS                        |   34 +-
 contrib/tcpdump/INSTALL.md                     |   35 +-
 contrib/tcpdump/Makefile.in                    |   98 +-
 contrib/tcpdump/VERSION                        |    2 +-
 contrib/tcpdump/addrtoname.c                   |    7 +-
 contrib/tcpdump/addrtostr.c                    |   24 +-
 contrib/tcpdump/af.c                           |    2 -
 contrib/tcpdump/autogen.sh                     |   25 +
 contrib/tcpdump/bpf_dump.c                     |    2 -
 contrib/tcpdump/checksum.c                     |   39 +-
 contrib/tcpdump/cmake/Modules/FindCRYPTO.cmake |  185 +-
 contrib/tcpdump/cmakeconfig.h.in               |   14 +-
 contrib/tcpdump/config.guess                   |   62 +-
 contrib/tcpdump/config.h.in                    |   27 +-
 contrib/tcpdump/config.sub                     |  230 +-
 contrib/tcpdump/configure                      | 7188 ++++++++++++++----------
 contrib/tcpdump/configure.ac                   |  476 +-
 contrib/tcpdump/cpack.c                        |    2 -
 contrib/tcpdump/diag-control.h                 |   95 +-
 contrib/tcpdump/doc/README.Win32.md            |  200 -
 contrib/tcpdump/doc/README.haiku.md            |   33 +
 contrib/tcpdump/doc/README.solaris.md          |    5 +
 contrib/tcpdump/extract.h                      |    2 +-
 contrib/tcpdump/ftmacros.h                     |    2 +-
 contrib/tcpdump/funcattrs.h                    |    5 +-
 contrib/tcpdump/gmpls.c                        |    2 -
 contrib/tcpdump/in_cksum.c                     |    2 -
 contrib/tcpdump/install-sh                     |  689 ++-
 contrib/tcpdump/instrument-functions.c         |  250 +
 contrib/tcpdump/interface.h                    |    2 +-
 contrib/tcpdump/ip.h                           |    1 -
 contrib/tcpdump/ipproto.c                      |    2 -
 contrib/tcpdump/l2vpn.c                        |    2 -
 contrib/tcpdump/machdep.c                      |    2 -
 contrib/tcpdump/makemib                        |    2 +-
 contrib/tcpdump/mib.h                          |   12 +-
 contrib/tcpdump/missing/datalinks.c            |    2 -
 contrib/tcpdump/missing/dlnames.c              |    2 -
 contrib/tcpdump/missing/getopt_long.c          |    3 +-
 contrib/tcpdump/missing/getservent.c           |    2 -
 contrib/tcpdump/missing/snprintf.c             |    2 -
 contrib/tcpdump/missing/strlcat.c              |    2 -
 contrib/tcpdump/missing/strlcpy.c              |    2 -
 contrib/tcpdump/missing/strsep.c               |    2 -
 contrib/tcpdump/mkdep                          |   28 +-
 contrib/tcpdump/nameser.h                      |    8 +-
 contrib/tcpdump/netdissect-alloc.c             |    2 -
 contrib/tcpdump/netdissect.c                   |   16 +-
 contrib/tcpdump/netdissect.h                   |   75 +-
 contrib/tcpdump/nlpid.c                        |    2 -
 contrib/tcpdump/ntp.c                          |    2 -
 contrib/tcpdump/oui.c                          |    2 -
 contrib/tcpdump/parsenfsfh.c                   |   53 +-
 contrib/tcpdump/pflog.h                        |   45 +-
 contrib/tcpdump/print-802_11.c                 |   62 +-
 contrib/tcpdump/print-802_15_4.c               |   32 +-
 contrib/tcpdump/print-ah.c                     |    2 -
 contrib/tcpdump/print-ahcp.c                   |    2 -
 contrib/tcpdump/print-aodv.c                   |    2 -
 contrib/tcpdump/print-aoe.c                    |    2 -
 contrib/tcpdump/print-ap1394.c                 |    2 -
 contrib/tcpdump/print-arcnet.c                 |    2 -
 contrib/tcpdump/print-arista.c                 |    2 -
 contrib/tcpdump/print-arp.c                    |    2 -
 contrib/tcpdump/print-ascii.c                  |    8 +-
 contrib/tcpdump/print-atalk.c                  |    2 -
 contrib/tcpdump/print-atm.c                    |    4 +-
 contrib/tcpdump/print-babel.c                  |    2 -
 contrib/tcpdump/print-bcm-li.c                 |    2 -
 contrib/tcpdump/print-beep.c                   |    2 -
 contrib/tcpdump/print-bfd.c                    |    8 +-
 contrib/tcpdump/print-bgp.c                    |   23 +-
 contrib/tcpdump/print-bootp.c                  |   43 +-
 contrib/tcpdump/print-brcmtag.c                |    3 -
 contrib/tcpdump/print-bt.c                     |    2 -
 contrib/tcpdump/print-calm-fast.c              |    2 -
 contrib/tcpdump/print-carp.c                   |    5 +-
 contrib/tcpdump/print-cdp.c                    |   10 +-
 contrib/tcpdump/print-cfm.c                    |    2 -
 contrib/tcpdump/print-chdlc.c                  |    2 -
 contrib/tcpdump/print-cip.c                    |    2 -
 contrib/tcpdump/print-cnfp.c                   |    2 -
 contrib/tcpdump/print-dccp.c                   |    2 -
 contrib/tcpdump/print-decnet.c                 |    2 -
 contrib/tcpdump/print-dhcp6.c                  |   70 +-
 contrib/tcpdump/print-domain.c                 |   12 +-
 contrib/tcpdump/print-dsa.c                    |    2 -
 contrib/tcpdump/print-dtp.c                    |    4 +-
 contrib/tcpdump/print-dvmrp.c                  |    4 +-
 contrib/tcpdump/print-eap.c                    |    3 +-
 contrib/tcpdump/print-egp.c                    |    2 -
 contrib/tcpdump/print-eigrp.c                  |    2 -
 contrib/tcpdump/print-enc.c                    |    2 -
 contrib/tcpdump/print-esp.c                    |   29 +-
 contrib/tcpdump/print-ether.c                  |    6 +-
 contrib/tcpdump/print-fddi.c                   |    5 +-
 contrib/tcpdump/print-forces.c                 |    2 -
 contrib/tcpdump/print-fr.c                     |   18 +-
 contrib/tcpdump/print-frag6.c                  |   26 +-
 contrib/tcpdump/print-ftp.c                    |    2 -
 contrib/tcpdump/print-geneve.c                 |    2 -
 contrib/tcpdump/print-geonet.c                 |    2 -
 contrib/tcpdump/print-gre.c                    |    2 -
 contrib/tcpdump/print-hncp.c                   |    2 -
 contrib/tcpdump/print-hsrp.c                   |    2 -
 contrib/tcpdump/print-http.c                   |    2 -
 contrib/tcpdump/print-icmp.c                   |    2 -
 contrib/tcpdump/print-icmp6.c                  |   15 +-
 contrib/tcpdump/print-igmp.c                   |    2 -
 contrib/tcpdump/print-igrp.c                   |    2 -
 contrib/tcpdump/print-ip-demux.c               |    2 -
 contrib/tcpdump/print-ip.c                     |   68 +-
 contrib/tcpdump/print-ip6.c                    |   45 +-
 contrib/tcpdump/print-ip6opts.c                |    2 -
 contrib/tcpdump/print-ipcomp.c                 |    2 -
 contrib/tcpdump/print-ipfc.c                   |    2 -
 contrib/tcpdump/print-ipnet.c                  |    2 -
 contrib/tcpdump/print-ipoib.c                  |    2 -
 contrib/tcpdump/print-ipx.c                    |    6 +-
 contrib/tcpdump/print-isakmp.c                 |   25 +-
 contrib/tcpdump/print-isoclns.c                |   34 +-
 contrib/tcpdump/print-juniper.c                |    5 +-
 contrib/tcpdump/print-krb.c                    |   11 +-
 contrib/tcpdump/print-l2tp.c                   |    2 -
 contrib/tcpdump/print-lane.c                   |    2 -
 contrib/tcpdump/print-ldp.c                    |   20 +-
 contrib/tcpdump/print-lisp.c                   |   14 +-
 contrib/tcpdump/print-llc.c                    |    2 -
 contrib/tcpdump/print-lldp.c                   |    4 +-
 contrib/tcpdump/print-lmp.c                    |    2 -
 contrib/tcpdump/print-loopback.c               |    5 +-
 contrib/tcpdump/print-lspping.c                |    2 -
 contrib/tcpdump/print-lwapp.c                  |    2 -
 contrib/tcpdump/print-lwres.c                  |   10 +-
 contrib/tcpdump/print-m3ua.c                   |    2 -
 contrib/tcpdump/print-macsec.c                 |    3 -
 contrib/tcpdump/print-mobile.c                 |    2 -
 contrib/tcpdump/print-mobility.c               |    5 +-
 contrib/tcpdump/print-mpcp.c                   |    2 -
 contrib/tcpdump/print-mpls.c                   |    2 -
 contrib/tcpdump/print-mptcp.c                  |    2 -
 contrib/tcpdump/print-msdp.c                   |    2 -
 contrib/tcpdump/print-msnlb.c                  |    2 -
 contrib/tcpdump/print-nflog.c                  |   22 +-
 contrib/tcpdump/print-nfs.c                    |   29 +-
 contrib/tcpdump/print-nsh.c                    |    7 +-
 contrib/tcpdump/print-ntp.c                    |    4 -
 contrib/tcpdump/print-null.c                   |    2 -
 contrib/tcpdump/print-olsr.c                   |   16 +-
 contrib/tcpdump/print-openflow-1.0.c           |  143 +-
 contrib/tcpdump/print-openflow-1.3.c           |   15 +-
 contrib/tcpdump/print-openflow.c               |    2 -
 contrib/tcpdump/print-ospf.c                   |   10 +-
 contrib/tcpdump/print-ospf6.c                  |   15 +-
 contrib/tcpdump/print-otv.c                    |    2 -
 contrib/tcpdump/print-pflog.c                  |   30 +-
 contrib/tcpdump/print-pgm.c                    |    2 -
 contrib/tcpdump/print-pim.c                    |    8 +-
 contrib/tcpdump/print-pktap.c                  |    2 -
 contrib/tcpdump/print-ppi.c                    |    2 -
 contrib/tcpdump/print-ppp.c                    |   11 +-
 contrib/tcpdump/print-pppoe.c                  |    2 -
 contrib/tcpdump/print-pptp.c                   |    2 -
 contrib/tcpdump/print-ptp.c                    |   45 +-
 contrib/tcpdump/print-radius.c                 |  173 +-
 contrib/tcpdump/print-raw.c                    |    2 -
 contrib/tcpdump/print-realtek.c                |    2 -
 contrib/tcpdump/print-resp.c                   |    6 +-
 contrib/tcpdump/print-rip.c                    |   46 +-
 contrib/tcpdump/print-ripng.c                  |    2 -
 contrib/tcpdump/print-rpki-rtr.c               |   40 +-
 contrib/tcpdump/print-rsvp.c                   |    2 -
 contrib/tcpdump/print-rt6.c                    |    4 +-
 contrib/tcpdump/print-rtsp.c                   |    2 -
 contrib/tcpdump/print-rx.c                     |    4 +-
 contrib/tcpdump/print-sctp.c                   |    7 +-
 contrib/tcpdump/print-sflow.c                  |    8 +-
 contrib/tcpdump/print-sip.c                    |    2 -
 contrib/tcpdump/print-sl.c                     |    2 -
 contrib/tcpdump/print-sll.c                    |    2 -
 contrib/tcpdump/print-slow.c                   |    2 -
 contrib/tcpdump/print-smb.c                    |   20 +-
 contrib/tcpdump/print-smtp.c                   |    2 -
 contrib/tcpdump/print-snmp.c                   |   12 +-
 contrib/tcpdump/print-someip.c                 |    3 -
 contrib/tcpdump/print-ssh.c                    |    2 -
 contrib/tcpdump/print-stp.c                    |    5 +-
 contrib/tcpdump/print-sunatm.c                 |    2 -
 contrib/tcpdump/print-sunrpc.c                 |    2 -
 contrib/tcpdump/print-symantec.c               |    2 -
 contrib/tcpdump/print-syslog.c                 |    5 +-
 contrib/tcpdump/print-tcp.c                    |   64 +-
 contrib/tcpdump/print-telnet.c                 |    4 +-
 contrib/tcpdump/print-tftp.c                   |    2 -
 contrib/tcpdump/print-timed.c                  |    2 -
 contrib/tcpdump/print-tipc.c                   |    6 +-
 contrib/tcpdump/print-token.c                  |    2 -
 contrib/tcpdump/print-udld.c                   |    2 -
 contrib/tcpdump/print-udp.c                    |  101 +-
 contrib/tcpdump/print-unsupported.c            |    2 -
 contrib/tcpdump/print-usb.c                    |   14 +-
 contrib/tcpdump/print-vjc.c                    |    2 -
 contrib/tcpdump/print-vqp.c                    |    2 -
 contrib/tcpdump/print-vrrp.c                   |    2 -
 contrib/tcpdump/print-vsock.c                  |    2 -
 contrib/tcpdump/print-vtp.c                    |    6 +-
 contrib/tcpdump/print-vxlan-gpe.c              |    2 -
 contrib/tcpdump/print-vxlan.c                  |    2 -
 contrib/tcpdump/print-wb.c                     |    2 -
 contrib/tcpdump/print-whois.c                  |    2 -
 contrib/tcpdump/print-zep.c                    |   10 +-
 contrib/tcpdump/print-zephyr.c                 |    2 -
 contrib/tcpdump/print-zeromq.c                 |   26 +-
 contrib/tcpdump/print.c                        |   18 +-
 contrib/tcpdump/signature.c                    |    2 -
 contrib/tcpdump/smbutil.c                      |   19 +-
 contrib/tcpdump/status-exit-codes.h            |    1 -
 contrib/tcpdump/strtoaddr.c                    |    2 -
 contrib/tcpdump/tcp.h                          |    6 +-
 contrib/tcpdump/tcpdump.1.in                   |   87 +-
 contrib/tcpdump/tcpdump.c                      |  107 +-
 contrib/tcpdump/udp.h                          |   14 +-
 contrib/tcpdump/util-print.c                   |   67 +-
 usr.sbin/tcpdump/tcpdump/config.h              |    4 +-
 227 files changed, 7690 insertions(+), 5092 deletions(-)

diff --git a/contrib/tcpdump/CHANGES b/contrib/tcpdump/CHANGES
index 33ced66dd826..b63d1eb658d3 100644
--- a/contrib/tcpdump/CHANGES
+++ b/contrib/tcpdump/CHANGES
@@ -1,3 +1,128 @@
+Friday, August 30, 2024 / The Tcpdump Group
+  Summary for 4.99.5 tcpdump release
+    Refine protocol decoding for:
+      Arista: Use the test .pcap file from pull request #955 (HwInfo).
+      BGP: Fix an undefined behavior when it tries to parse a too-short packet.
+      CARP: Print the protocol name before any GET_().
+      CDP: only hex-dump unknown TLVs in verbose mode.
+      DHCP: parse the SZTP redirect tag.
+      DHCPv6: client-id/server-id DUID type 2 correction; parse the user class,
+        boot file URL, and SZTP redirect options; add DUID-UUID printing
+        (RFC6355).
+      DNS: Detect and correctly handle too-short URI RRs.
+      EAP: Assign ndo_protocol in the eap_print() function.
+      ESP: Don't use EVP_add_cipher_alias() (fixes building on OpenBSD 7.5).
+      Frame Relay (Multilink): Fix the Timestamp Information Element printing.
+      ICMPv6: Fix printing the Home Agent Address Discovery Reply Message.
+      IEEE 802.11: no need for an element ID in the structures for IEs, make
+        the length in the IE structures a u_int, include the "TA" field while
+        printing Block Ack Control frame.
+      IP: Enable TSO (TCP Segmentation Offload) support; fix printing invalid
+        cases as invalid, not truncated; use ND_ICHECKMSG_ZU() to test the
+        header length.
+      IPv6: Fix printing invalid cases as invalid, not truncated; use
+        ND_ICHECKMSG_U() to print an invalid version.
+      IPv6: Fix invalid 32-bit versus 64-bit printouts of fragment headers.
+      ISAKMP: Fix printing Delete payload SPI when size is zero.
+      Kerberos: Print the protocol name, remove a redundant bounds check.
+      lwres: Fix an undefined behavior in pointer arithmetic.
+      OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of
+          some lengths, and fix handling of snapend.
+      TCP: Test ports < 1024 in port order to select the printer.
+      UDP: Move source port equal BCM_LI_PORT to bottom of long if else chain.
+      UDP: Test ports < 1024 in port order to select the printer.
+      LDP: Add missing fields of the Common Session Parameters TLV and fix the
+        offset for the A&D bits.
+      NFLOG: Use correct AF code points on all OSes.
+      NFS: Avoid printing non-ASCII characters.
+      OSPF: Pad TLVs in LS_OPAQUE_TYPE_RI to multiples of 4 bytes.
+      OSPF: Update LS-Ack printing not to run off the end of the packet.
+      OSPF6: Fix an undefined behavior.
+      pflog: use nd_ types in struct pfloghdr.
+      PPP: Check if there is some data to hexdump.
+      PPP: Remove an extra colon before LCP Callback Operation.
+      Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397;
+        Note: This problem does not affect any tcpdump release.
+      PTP: Fix spelling of type SIGNALING, Parse major and minor version
+        correctly, Print majorSdoId field instead of just the first bit.
+      RIP: Make a couple trivial protocol updates.
+      RPKI-Router: Refine length and bounds checks.
+      RX: Use the "%Y-%m-%d" date format.
+      smbutil.c: Use the "%Y-%m-%d" date format.
+      SNMP: Fix two undefined behaviors.
+      Text protocols: Fix printing truncation if it is not the case.
+      ZEP: Use the "%Y-%m-%d" date format.
+      ZMTP: Replace custom code with bittok2str().
+    User interface:
+      Print the supported time stamp types (-J) to stdout instead of stderr.
+      Print the list of data link types (-L) to stdout instead of stderr.
+      Use symmetrical quotation characters in error messages.
+      Update --version option to print 32/64-bit build and time_t size.
+      Improve error messages for invalid interface indexes specified
+        with -i.
+      Support "3des" as an alias for "des_ede3_cbc" even if the crypto
+        library doesn't support adding aliases.
+    Source code:
+      tcpdump: Fix a memory leak.
+      child_cleanup: reap as many child processes as possible.
+      Ignore failures when setting the default "any" device DLL to LINUX_SLL2.
+      Fix for backends which doesn't support capsicum.
+      Update ND_BYTES_BETWEEN() macro for better accuracy.
+      Update ND_BYTES_AVAILABLE_AFTER() macro for better accuracy.
+      Introduce new ND_ICHECK*() macros to deduplicate more code.
+      Skip privilege dropping when using -Z root on --with-user builds.
+      Add a nd_printjn() function.
+      Make nd_trunc_longjmp() not static inline.
+      Include <time.h> from netdissect.h.
+      Remove init_crc10_table() and the entourage.
+      Initialize tzcode early.
+      Capsicum support: Fix a 'not defined' macro error.
+      Update the "Error converting time" tests for packet times.
+      Fix warnings when building for 32-bit and defining _TIME_BITS=64.
+      Free interface list just before exiting where it wasn't being
+        freed.
+    Building and testing:
+      Add a configure option to help debugging (--enable-instrument-functions).
+      At build time require a proof of suitable snprintf(3) implementation in
+        libc (and document Solaris 9 as unsupported because of that).
+      Makefile.in: Add two "touch .devel" commands in the releasecheck target.
+      Autoconf: Get --with-user and --with-chroot right.
+      Autoconf: Fix --static-pcap-only test on Solaris 10.
+      Autoconf: Add some warning flags for clang 13 or newer.
+      Autoconf: Update config.{guess,sub}, timestamps 2024-01-01.
+      Autoconf: Add autogen.sh, remove configure and config.h.in and put
+        these generated files in the release tarball.
+      Autoconf: Update the install-sh script to the 2020-11-14.01 version.
+      configure: Apply autoupdate 2.69.
+      CMake: improve the comment before project(tcpdump C).
+      Do not require vsnprintf().
+      tests: Use the -tttt option, by default, for the tests.
+      Autoconf, CMake: Get the size of a void * and a time_t.
+      Fix propagation of cc_werr_cflags() output.
+      Makefile.in: Fix the depend target.
+      mkdep: Exit with a non-zero status if a command fails.
+      Autoconf: use V_INCLS to update the list of include search paths.
+      Autoconf: don't put anything before -I and -L flags for local libpcap.
+      Autoconf, CMake: work around an Xcode 15+ issue.
+      Autoconf, CMake: use pkg-config and Homebrew when looking for
+        libcrypto.
+      Fix Sun C invocation from CMake.
+      mkdep: Use TMPDIR if it is set and not null.
+      Add initial support for building with TinyCC.
+      Makefile.in: Use the variable MAKE instead of the make command.
+      Makefile.in: Add instrumentation configuration in releasecheck target.
+      Make various improvements to the TESTrun script.
+      Untangle detection of pcap_findalldevs().
+      Autoconf: don't use egrep, use $EGREP.
+      Autoconf: check for gethostbyaddr(), not gethostbyname().
+      Autoconf, CMake: search for gethostbyaddr() in libnetwork.
+      Make illumos build warning-free.
+    Documentation:
+      Fixed errors in doc/README.Win32.md and renamed it to README.windows.md.
+      Make various improvements to the man page.
+      Add initial README file for Haiku.
+      Make various improvements to CONTRIBUTING.md.
+
 Friday, April 7, 2023 / The Tcpdump Group
   Summary for 4.99.4 tcpdump release
     Source code:
@@ -184,7 +309,7 @@ Wednesday, June 9, 2021 by gharris
       Fix "make clean" for out-of-tree autotools builds
       CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
     Documentation:
-      man: Update a reference as www.cifs.org is gone. [skip ci]
+      man: Update a reference as www.cifs.org is gone.
       man: Update DNS sections
     Solaris:
       Fix a compile error with Sun C
@@ -913,7 +1038,7 @@ Wed.	April 25, 2007. ken@xelerance.com.  Summary for 3.9.6 tcpdump release
 	 RFC 4340.
 	Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
 	Add support for Multiple-STP as per 802.1s
-	Add support for the cisco propriatry 'dynamic trunking protocol'
+	Add support for the cisco proprietary 'dynamic trunking protocol'
 	Add support for the cisco proprietary VTP protocol
 	Update dhcp6 options table as per IETF standardization activities
 
@@ -1687,7 +1812,7 @@ v2.0.1 Sun Jan 26 21:10:10 PDT
 - Ultrix 4.0 is supported (also thanks to Jeff Mogul).
 
 - IBM RT and Stanford Enetfilter support has been added by
-  Rayan Zachariassen <rayan@canet.ca>.  Tcpdump has been tested under
+  Rayan Zachariassen <rayan@canet.ca>.  tcpdump has been tested under
   both the vanilla Enetfilter interface, and the extended interface
   (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
 
diff --git a/contrib/tcpdump/CMakeLists.txt b/contrib/tcpdump/CMakeLists.txt
index 9495b5d4c234..f9071295eff1 100644
--- a/contrib/tcpdump/CMakeLists.txt
+++ b/contrib/tcpdump/CMakeLists.txt
@@ -2,21 +2,26 @@ if(WIN32)
     #
     # We need 3.12 or later, so that we can set policy CMP0074; see
     # below.
+    #
     cmake_minimum_required(VERSION 3.12)
 else(WIN32)
     #
-    # For now, require only 2.8.6, just in case somebody is
-    # configuring with CMake on a "long-term support" version
-    # of some OS and that version supplies an older version of
-    # CMake.
+    # For now:
+    #
+    #  if this is a version of CMake less than 3.5, require only
+    #  2.8.12, just in case somebody is configuring with CMake
+    #  on a "long-term support" version # of some OS and that
+    #  version supplies an older version of CMake;
     #
-    # If this is ever updated to CMake 3.1 or later, remove the
-    # stuff in cmake/Modules/FindPCAP.cmake that appends subdirectories
-    # of directories from CMAKE_PREFIX_PATH to the PKG_CONFIG_PATH
-    # environment variable when running pkg-config, to make sure
-    # it finds any .pc file from there.
+    #  otherwise, require 3.5, so we don't get messages warning
+    #  that support for versions of CMake lower than 3.5 is
+    #  deprecated.
     #
-    cmake_minimum_required(VERSION 2.8.12)
+    if(CMAKE_VERSION VERSION_LESS "3.5")
+        cmake_minimum_required(VERSION 2.8.12)
+    else()
+        cmake_minimum_required(VERSION 3.5)
+    endif()
 endif(WIN32)
 
 #
@@ -77,7 +82,7 @@ endif()
 # If, for whatever reason, directories in which we search for external
 # libraries, other than the standard system library directories, are
 # added to the executable's rpath in the build process, we most
-# defintely want them in the installed image's rpath if they are
+# definitely want them in the installed image's rpath if they are
 # necessary in order to find the libraries at run time.
 #
 set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
@@ -85,7 +90,13 @@ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
 set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules)
 
 #
-# OK, this is a royal pain.
+# We explicitly indicate what languages are used in tcpdump to avoid
+# checking for a C++ compiler.
+#
+# One reason to avoid that check is that there's no need to waste
+# configuration time performing it.
+#
+# Another reason is that:
 #
 # CMake will try to determine the sizes of some data types, including
 # void *, early in the process of configuration; apparently, it's done
@@ -111,11 +122,88 @@ set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules)
 # building 32-bit, the size for C++ will win, and, again, hilarity
 # will ensue.
 #
-# So we *explicitly* state that only C is used; there is currently no
-# C++ code in tcpdump.
-#
 project(tcpdump C)
 
+#
+# Export the size of void * as SIZEOF_VOID_P so that it can be
+# tested with #if.
+#
+set(SIZEOF_VOID_P "${CMAKE_SIZEOF_VOID_P}")
+
+#
+# Show the bit width for which we're compiling.
+# This can help debug problems if you're dealing with a compiler that
+# defaults to generating 32-bit code even when running on a 64-bit
+# platform, and where that platform may provide only 64-bit versions of
+# libraries that we might use (looking at *you*, Oracle Studio!).
+#
+if(CMAKE_SIZEOF_VOID_P EQUAL 4)
+  message(STATUS "Building 32-bit")
+elseif(CMAKE_SIZEOF_VOID_P EQUAL 8)
+  message(STATUS "Building 64-bit")
+endif()
+
+#
+# Solaris pkg-config is annoying.  For at least one package (D-Bus, I'm
+# looking at *you*!), there are separate include files for 32-bit and
+# 64-bit builds (I guess using "unsigned long long" as a 64-bit integer
+# type on a 64-bit build is like crossing the beams or something), and
+# there are two separate .pc files, so if we're doing a 32-bit build we
+# should make sure we look in /usr/lib/pkgconfig for .pc files and if
+# we're doing a 64-bit build we should make sure we look in
+# /usr/lib/amd64/pkgconfig for .pc files.
+#
+if(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND CMAKE_SYSTEM_VERSION MATCHES "5[.][0-9.]*")
+    #
+    # Note: string(REPLACE) does not appear to support using ENV{...}
+    # as an argument, so we set a variable and then use set() to set
+    # the environment variable.
+    #
+    if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+        #
+        # 64-bit build.  If /usr/lib/pkgconfig appears in the path,
+        # prepend /usr/lib/amd64/pkgconfig to it; otherwise,
+        # put /usr/lib/amd64 at the end.
+        #
+        if((NOT DEFINED ENV{PKG_CONFIG_PATH}) OR "$ENV{PKG_CONFIG_PATH}" EQUAL "")
+            #
+            # Not set, or empty.  Set it to /usr/lib/amd64/pkgconfig.
+            #
+            set(fixed_path "/usr/lib/amd64/pkgconfig")
+        elseif("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/pkgconfig")
+            #
+            # It contains /usr/lib/pkgconfig.  Prepend
+            # /usr/lib/amd64/pkgconfig to /usr/lib/pkgconfig.
+            #
+            string(REPLACE "/usr/lib/pkgconfig"
+                "/usr/lib/amd64/pkgconfig:/usr/lib/pkgconfig"
+                fixed_path "$ENV{PKG_CONFIG_PATH}")
+        else()
+            #
+            # Not empty, but doesn't contain /usr/lib/pkgconfig.
+            # Append /usr/lib/amd64/pkgconfig to it.
+            #
+            set(fixed_path "$ENV{PKG_CONFIG_PATH}:/usr/lib/amd64/pkgconfig")
+        endif()
+        set(ENV{PKG_CONFIG_PATH} "${fixed_path}")
+    elseif(CMAKE_SIZEOF_VOID_P EQUAL 4)
+        #
+        # 32-bit build.  If /usr/amd64/lib/pkgconfig appears in the path,
+        # prepend /usr/lib/pkgconfig to it.
+        #
+        if("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/amd64/pkgconfig")
+            #
+            # It contains /usr/lib/amd64/pkgconfig.  Prepend
+            # /usr/lib/pkgconfig to /usr/lib/amd64/pkgconfig.
+            #
+            string(REPLACE "/usr/lib/amd64/pkgconfig"
+                "/usr/lib/pkgconfig:/usr/lib/amd64/pkgconfig"
+                fixed_path "$ENV{PKG_CONFIG_PATH}")
+            set(ENV{PKG_CONFIG_PATH} "${fixed_path}")
+        endif()
+    endif()
+endif()
+
 #
 # For checking if a compiler flag works and adding it if it does.
 #
@@ -266,8 +354,6 @@ file(STRINGS ${tcpdump_SOURCE_DIR}/VERSION
 # Project settings
 ######################################
 
-add_definitions(-DHAVE_CONFIG_H)
-
 include_directories(
     ${CMAKE_CURRENT_BINARY_DIR}
     ${tcpdump_SOURCE_DIR}
@@ -320,10 +406,17 @@ include(CheckStructHasMember)
 include(CheckVariableExists)
 include(CheckTypeSize)
 
+#
+# Get the size of a time_t, to know whether it's 32-bit or 64-bit.
+#
+cmake_push_check_state()
+set(CMAKE_EXTRA_INCLUDE_FILES time.h)
+check_type_size("time_t" SIZEOF_TIME_T)
+cmake_pop_check_state()
+
 #
 # Header files.
 #
-check_include_file(fcntl.h HAVE_FCNTL_H)
 check_include_file(rpc/rpc.h HAVE_RPC_RPC_H)
 check_include_file(net/if.h HAVE_NET_IF_H)
 if(HAVE_RPC_RPC_H)
@@ -368,7 +461,12 @@ else(WIN32)
             if(LIBNSL_HAS_GETHOSTBYADDR)
                 set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} nsl)
             else(LIBNSL_HAS_GETHOSTBYADDR)
-                message(FATAL_ERROR "gethostbyaddr is required, but wasn't found")
+                check_library_exists(network gethostbyaddr "" LIBNETWORK_HAS_GETHOSTBYADDR)
+                if(LIBNETWORK_HAS_GETHOSTBYADDR)
+                    set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} network)
+                else(LIBNETWORK_HAS_GETHOSTBYADDR)
+                    message(FATAL_ERROR "gethostbyaddr is required, but wasn't found")
+                endif(LIBNETWORK_HAS_GETHOSTBYADDR)
             endif(LIBNSL_HAS_GETHOSTBYADDR)
         endif(LIBSOCKET_HAS_GETHOSTBYADDR)
     endif(NOT STDLIBS_HAVE_GETHOSTBYADDR)
@@ -396,20 +494,68 @@ endif(STDLIBS_HAVE_GETSERVENT)
 cmake_pop_check_state()
 
 #
-# Make sure we have vsnprintf() and snprintf(); we require them.
-# We use check_symbol_exists(), as they aren't necessarily external
-# functions - in Visual Studio, for example, they're inline functions
-# calling a common external function.
+# Make sure we have snprintf(); we require it.
+# We use check_symbol_exists(), as it isn't necessarily an external
+# function - in Visual Studio, for example, it is an inline function
+# calling an external function.
 #
-check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
-if(NOT HAVE_VSNPRINTF)
-    message(FATAL_ERROR "vsnprintf() is required but wasn't found")
-endif(NOT HAVE_VSNPRINTF)
 check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
 if(NOT HAVE_SNPRINTF)
     message(FATAL_ERROR "snprintf() is required but wasn't found")
 endif()
 
+#
+# Require a proof of suitable snprintf(3), same as in Autoconf.
+#
+include(CheckCSourceRuns)
+check_c_source_runs("
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+#include <sys/types.h>
+
+int main()
+{
+  char buf[100];
+  uint64_t t = (uint64_t)1 << 32;
+
+  snprintf(buf, sizeof(buf), \"%zu\", sizeof(buf));
+  if (strncmp(buf, \"100\", sizeof(buf)))
+    return 1;
+
+  snprintf(buf, sizeof(buf), \"%zd\", -sizeof(buf));
+  if (strncmp(buf, \"-100\", sizeof(buf)))
+    return 2;
+
+  snprintf(buf, sizeof(buf), \"%\" PRId64, -t);
+  if (strncmp(buf, \"-4294967296\", sizeof(buf)))
+    return 3;
+
+  snprintf(buf, sizeof(buf), \"0o%\" PRIo64, t);
+  if (strncmp(buf, \"0o40000000000\", sizeof(buf)))
+    return 4;
+
+  snprintf(buf, sizeof(buf), \"0x%\" PRIx64, t);
+  if (strncmp(buf, \"0x100000000\", sizeof(buf)))
+    return 5;
+
+  snprintf(buf, sizeof(buf), \"%\" PRIu64, t);
+  if (strncmp(buf, \"4294967296\", sizeof(buf)))
+    return 6;
+
+  return 0;
+}
+
+"
+    SUITABLE_SNPRINTF
+)
+if(NOT SUITABLE_SNPRINTF)
+    message(FATAL_ERROR
+"The snprintf(3) implementation in this libc is not suitable,
+tcpdump would not work correctly even if it managed to compile."
+    )
+endif()
+
 check_function_exists(getopt_long HAVE_GETOPT_LONG)
 check_function_exists(setlinebuf HAVE_SETLINEBUF)
 #
@@ -618,6 +764,14 @@ set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS})
 #
 check_include_file(pcap/pcap-inttypes.h HAVE_PCAP_PCAP_INTTYPES_H)
 
+#
+# At compile time HAVE_PCAP_FINDALLDEVS depends on HAVE_PCAP_IF_T.
+#
+cmake_push_check_state()
+set(CMAKE_EXTRA_INCLUDE_FILES pcap.h)
+check_type_size(pcap_if_t PCAP_IF_T)
+cmake_pop_check_state()
+
 #
 # Check for various functions in libpcap/WinPcap/Npcap.
 #
@@ -707,19 +861,6 @@ endif(HAVE_PCAP_CREATE)
 # if we have them.
 #
 check_function_exists(pcap_findalldevs HAVE_PCAP_FINDALLDEVS)
-if(HAVE_PCAP_FINDALLDEVS)
-    #
-    # Check for libpcap having pcap_findalldevs() but the pcap.h header
-    # not having pcap_if_t; some versions of Mac OS X shipped with pcap.h
-    # from 0.6 and libpcap 0.8, so that libpcap had pcap_findalldevs but
-    # pcap.h didn't have pcap_if_t.
-    #
-    cmake_push_check_state()
-    set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS})
-    set(CMAKE_EXTRA_INCLUDE_FILES pcap.h)
-    check_type_size(pcap_if_t PCAP_IF_T)
-    cmake_pop_check_state()
-endif(HAVE_PCAP_FINDALLDEVS)
 check_function_exists(pcap_dump_flush HAVE_PCAP_DUMP_FLUSH)
 check_function_exists(pcap_lib_version HAVE_PCAP_LIB_VERSION)
 if(NOT HAVE_PCAP_LIB_VERSION)
@@ -728,8 +869,56 @@ endif(NOT HAVE_PCAP_LIB_VERSION)
 check_function_exists(pcap_setdirection HAVE_PCAP_SETDIRECTION)
 check_function_exists(pcap_set_immediate_mode HAVE_PCAP_SET_IMMEDIATE_MODE)
 check_function_exists(pcap_dump_ftell64 HAVE_PCAP_DUMP_FTELL64)
-check_function_exists(pcap_open HAVE_PCAP_OPEN)
-check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX)
+#
+# macOS Sonoma's libpcap includes stub versions of the remote-
+# capture APIs.  They are exported as "weakly linked symbols".
+#
+# Xcode 15 offers only a macOS Sonoma SDK, which has a .tbd
+# file for libpcap that claims it includes those APIs.  (Newer
+# versions of macOS don't provide the system shared libraries,
+# they only provide the dyld shared cache containing those
+# libraries, so the OS provides SDKs that include a .tbd file
+# to use when linking.)
+#
+# This means that check_function_exists() will think that
+# the remote-capture APIs are present, including pcap_open()
+# and pcap_findalldevs_ex().
+#
+# However, they are *not* present in macOS Ventura and earlier,
+# which means that building on Ventura with Xcode 15 produces
+# executables that fail to start because one of those APIs
+# isn't found in the system libpcap.
+#
+# Protecting calls to those APIs with __builtin_available()
+# does not prevent this, because the libpcap header files
+# in the Sonoma SDK mark them as being first available
+# in macOS 10.13, just like all the other routines introduced
+# in libpcap 1.9, even though they're only available if libpcap
+# is built with remote capture enabled or stub routines are
+# provided.  (A fix to enable this has been checked into the
+# libpcap repository, and may end up in a later version of
+# the SDK.)
+#
+# Given all that, and given that the versions of the
+# remote-capture APIs in Sonoma are stubs that always fail,
+# there doesn't seem to be any point in checking for pcap_open()
+# and pcap_findalldevs_ex() if we're linking against the Apple libpcap.
+#
+# However, if we're *not* linking against the Apple libpcap,
+# we should check for it, so that we can use it if it's present.
+#
+# So we check for pcap_open() and pcap_findalldevs_ex() if 1) this isn't
+# macOS or 2) the the libpcap we found is not a system library, meaning
+# that its path begins neither with /usr/lib (meaning it's a system
+# dylib) nor /Application/Xcode.app (meaning it's a file in
+# the Xcode SDK).
+#
+if(NOT APPLE OR NOT
+   (PCAP_LIBRARIES MATCHES "/usr/lib/.*" OR
+    PCAP_LIBRARIES MATCHES "/Application/Xcode.app/.*"))
+    check_function_exists(pcap_open HAVE_PCAP_OPEN)
+    check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX)
+endif()
 
 #
 # On Windows, check for pcap_wsockinit(); if we don't have it, check for
@@ -787,11 +976,6 @@ endif(WITH_SMI)
 if(WITH_CRYPTO)
     find_package(CRYPTO)
     if(CRYPTO_FOUND)
-        #
-        # Check for some headers and functions.
-        #
-        check_include_file(openssl/evp.h HAVE_OPENSSL_EVP_H)
-
         #
         # 1) do we have EVP_CIPHER_CTX_new?
         # If so, we use it to allocate an EVP_CIPHER_CTX, as
@@ -958,9 +1142,9 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel)
         # We do *not* care whether a structure had padding added at
         # the end because of __declspec(align) - *we* don't use
         # __declspec(align), because the only structures whose layout
-        # we precisely specify are those that get overlayed on packet
+        # we precisely specify are those that get overlaid on packet
         # data, and in those every element is an array of octets so
-        # that we have full control over the size and aligmnet, and,
+        # that we have full control over the size and alignment, and,
         # apparently, jmp_buf has such a declaration on x86, meaning
         # that everything that includes netdissect.h, i.e. almost every
         # file in tcpdump, gets a warning.
@@ -979,12 +1163,19 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel)
         check_and_add_compiler_option(-Wmissing-prototypes)
         check_and_add_compiler_option(-Wmissing-variable-declarations)
         check_and_add_compiler_option(-Wold-style-definition)
-        check_and_add_compiler_option(-Wpedantic)
+        if(NOT CMAKE_C_COMPILER_ID MATCHES "Sun")
+            # In Sun C versions that implement GCC compatibility "-Wpedantic"
+            # means the same as "-pedantic".  The latter is mutually exclusive
+            # with several other options.  One of those is "-xc99", which has
+            # already been set for Sun C above.
+            check_and_add_compiler_option(-Wpedantic)
+        endif()
         check_and_add_compiler_option(-Wpointer-arith)
         check_and_add_compiler_option(-Wpointer-sign)
         check_and_add_compiler_option(-Wshadow)
         check_and_add_compiler_option(-Wsign-compare)
         check_and_add_compiler_option(-Wstrict-prototypes)
+        check_and_add_compiler_option(-Wundef)
         check_and_add_compiler_option(-Wunreachable-code-return)
         check_and_add_compiler_option(-Wused-but-marked-unused)
         check_and_add_compiler_option(-Wwrite-strings)
@@ -998,9 +1189,13 @@ endif()
 # usage: cmake -DEXTRA_CFLAGS='-Wall -Wextra -Werror' ...
 #
 if(NOT "${EXTRA_CFLAGS}" STREQUAL "")
-    foreach(_extra_cflag ${EXTRA_CFLAGS})
-        check_and_add_compiler_option("${_extra_cflag}")
-    endforeach(_extra_cflag)
+    # The meaning of EXTRA_CFLAGS is "use the exact specified options, or the
+    # build risks failing to fail", not "try every specified option, omit those
+    # that do not work and use the rest".  Thus use add_compile_options(), not
+    # foreach()/check_and_add_compiler_option().  Another reason to do that is
+    # that the effect lasts in testprogs/ and testprogs/fuzz/.
+    string(REPLACE " " ";" _extra_cflags_list ${EXTRA_CFLAGS})
+    add_compile_options(${_extra_cflags_list})
     message(STATUS "Added extra compile options (${EXTRA_CFLAGS})")
 endif()
 
diff --git a/contrib/tcpdump/CONTRIBUTING.md b/contrib/tcpdump/CONTRIBUTING.md
index 26f226ebd973..215e4c6831c4 100644
--- a/contrib/tcpdump/CONTRIBUTING.md
+++ b/contrib/tcpdump/CONTRIBUTING.md
@@ -36,17 +36,17 @@ and ask!
 
 ## How to add new code and to update existing code
 
-0) Check that there isn't a pull request already opened for the changes you
+1) Check that there isn't a pull request already opened for the changes you
    intend to make.
 
-1) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
+2) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
    [repository](https://github.com/the-tcpdump-group/tcpdump).
 
-2) The easiest way to test your changes on multiple operating systems and
+3) The easiest way to test your changes on multiple operating systems and
    architectures is to let the upstream CI test your pull request (more on
    this below).
 
-3) Setup your git working copy
+4) Setup your git working copy
    ```
    git clone https://github.com/<username>/tcpdump.git
    cd tcpdump
@@ -54,19 +54,19 @@ and ask!
    git fetch upstream
    ```
 
-4) Do a `touch .devel` in your working directory.
+5) Do a `touch .devel` in your working directory.
    Currently, the effect is
    * add (via `configure`, in `Makefile`) some warnings options (`-Wall`,
      `-Wmissing-prototypes`, `-Wstrict-prototypes`, ...) to the compiler if it
      supports these options,
    * have the `Makefile` support `make depend` and the `configure` script run it.
 
-5) Configure and build
+6) Configure and build
    ```
    ./configure && make -s && make check
    ```
 
-6) Add/update tests
+7) Add/update tests
    The `tests` directory contains regression tests of the dissection of captured
    packets.  Those captured packets were saved running tcpdump with option
    `-w sample.pcap`.  Additional options, such as `-n`, are used to create relevant
@@ -96,12 +96,12 @@ and ask!
    It is often useful to have test outputs with different verbosity levels
    (none, `-v`, `-vv`, `-vvv`, etc.) depending on the code.
 
-7) Test using `make check` (current build options) and `./build_matrix.sh`
+8) Test using `make check` (current build options) and `./build_matrix.sh`
    (a multitude of build options, build systems and compilers). If you can,
    test on more than one operating system. Don't send a pull request until
    all tests pass.
 
-8) Try to rebase your commits to keep the history simple.
+9) Try to rebase your commits to keep the history simple.
    ```
    git fetch upstream
    git rebase upstream/master
@@ -109,32 +109,76 @@ and ask!
    (If the rebase fails and you cannot resolve, issue `git rebase --abort`
    and ask for help in the pull request comment.)
 
-9) Once 100% happy, put your work into your forked repository using `git push`.
+10) Once 100% happy, put your work into your forked repository using `git push`.
 
-10) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
+11) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
     a pull request.
     This will trigger the upstream repository CI tests.
 
 
 ## Code style and generic remarks
-*  A thorough reading of some other printers code is useful.
+1) A thorough reading of some other printers code is useful.
 
-*  Put the normative reference if any as comments (RFC, etc.).
+2) To help learn how tcpdump works or to help debugging:
+   You can configure and build tcpdump with the instrumentation of functions:
+   ```
+   $ ./configure --enable-instrument-functions
+   $ make -s clean all
+   ```
+
+   This generates instrumentation calls for entry and exit to functions.
+   Just after function entry and just before function exit, these
+   profiling functions are called and print the function names with
+   indentation and call level.
+
+   If entering in a function, it prints also the calling function name with
+   file name and line number. There may be a small shift in the line number.
+
+   In some cases, with Clang 11, the file number is unknown (printed '??')
+   or the line number is unknown (printed '?'). In this case, use GCC.
+
+   If the environment variable INSTRUMENT is
+   - unset or set to an empty string, print nothing, like with no
+     instrumentation
+   - set to "all" or "a", print all the functions names
+   - set to "global" or "g", print only the global functions names
+
+   This allows to run:
+   ```
+   $ INSTRUMENT=a ./tcpdump ...
+   $ INSTRUMENT=g ./tcpdump ...
+   $ INSTRUMENT= ./tcpdump ...
+   ```
+   or
+   ```
+   $ export INSTRUMENT=global
+   $ ./tcpdump ...
+   ```
+
+   The library libbfd is used, therefore the binutils-dev package is required.
 
-*  Put the format of packets/headers/options as comments if there is no
+3) Put the normative reference if any as comments (RFC, etc.).
+
+4) Put the format of packets/headers/options as comments if there is no
    published normative reference.
 
-*  The printer may receive incomplete packet in the buffer, truncated at any
+5) The printer may receive incomplete packet in the buffer, truncated at any
    random position, for example by capturing with `-s size` option.
+   This means that an attempt to fetch packet data based on the expected
+   format of the packet may run the risk of overrunning the buffer.
+
+   Furthermore, if the packet is complete, but is not correctly formed,
+   that can also cause a printer to overrun the buffer, as it will be
+   fetching packet data based on the expected format of the packet.
+
+   Therefore, integral, IPv4 address, and octet sequence values should
+   be fetched using the `GET_*()` macros, which are defined in
+   `extract.h`.
+
    If your code reads and decodes every byte of the protocol packet, then to
    ensure proper and complete bounds checks it would be sufficient to read all
-   packet data using the `GET_*()` macros, typically:
-   ```
-   GET_U_1(p)
-   GET_S_1(p)
-   GET_BE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
-   GET_BE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
*** 22507 LINES SKIPPED ***