git: ec3da16d8bc1 - stable/14 - tcpdump: Update to 4.99.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Oct 2024 00:31:52 UTC
The branch stable/14 has been updated by jrm: URL: https://cgit.FreeBSD.org/src/commit/?id=ec3da16d8bc19ad90f04cc227fc8f409813c44f4 commit ec3da16d8bc19ad90f04cc227fc8f409813c44f4 Author: Joseph Mingrone <jrm@FreeBSD.org> AuthorDate: 2024-09-23 19:23:25 +0000 Commit: Joseph Mingrone <jrm@FreeBSD.org> CommitDate: 2024-10-07 18:32:06 +0000 tcpdump: Update to 4.99.5 Changes: https://git.tcpdump.org/tcpdump/blob/4a789712f187e3ac7b2c0044c3a3f8c71b83646e:/CHANGES Obtained from: https://www.tcpdump.org/release/tcpdump-4.99.5.tar.xz Sponsored by: The FreeBSD Foundation (cherry picked from commit 0a7e5f1f02aad2ff5fff1c60f44c6975fd07e1d9) --- contrib/tcpdump/CHANGES | 131 +- contrib/tcpdump/CMakeLists.txt | 301 +- contrib/tcpdump/CONTRIBUTING.md | 269 +- contrib/tcpdump/CREDITS | 34 +- contrib/tcpdump/INSTALL.md | 35 +- contrib/tcpdump/Makefile.in | 98 +- contrib/tcpdump/VERSION | 2 +- contrib/tcpdump/addrtoname.c | 7 +- contrib/tcpdump/addrtostr.c | 24 +- contrib/tcpdump/af.c | 2 - contrib/tcpdump/autogen.sh | 25 + contrib/tcpdump/bpf_dump.c | 2 - contrib/tcpdump/checksum.c | 39 +- contrib/tcpdump/cmake/Modules/FindCRYPTO.cmake | 185 +- contrib/tcpdump/cmakeconfig.h.in | 14 +- contrib/tcpdump/config.guess | 62 +- contrib/tcpdump/config.h.in | 27 +- contrib/tcpdump/config.sub | 230 +- contrib/tcpdump/configure | 7188 ++++++++++++++---------- contrib/tcpdump/configure.ac | 476 +- contrib/tcpdump/cpack.c | 2 - contrib/tcpdump/diag-control.h | 95 +- contrib/tcpdump/doc/README.Win32.md | 200 - contrib/tcpdump/doc/README.haiku.md | 33 + contrib/tcpdump/doc/README.solaris.md | 5 + contrib/tcpdump/extract.h | 2 +- contrib/tcpdump/ftmacros.h | 2 +- contrib/tcpdump/funcattrs.h | 5 +- contrib/tcpdump/gmpls.c | 2 - contrib/tcpdump/in_cksum.c | 2 - contrib/tcpdump/install-sh | 689 ++- contrib/tcpdump/instrument-functions.c | 250 + contrib/tcpdump/interface.h | 2 +- contrib/tcpdump/ip.h | 1 - contrib/tcpdump/ipproto.c | 2 - contrib/tcpdump/l2vpn.c | 2 - contrib/tcpdump/machdep.c | 2 - contrib/tcpdump/makemib | 2 +- contrib/tcpdump/mib.h | 12 +- contrib/tcpdump/missing/datalinks.c | 2 - contrib/tcpdump/missing/dlnames.c | 2 - contrib/tcpdump/missing/getopt_long.c | 3 +- contrib/tcpdump/missing/getservent.c | 2 - contrib/tcpdump/missing/snprintf.c | 2 - contrib/tcpdump/missing/strlcat.c | 2 - contrib/tcpdump/missing/strlcpy.c | 2 - contrib/tcpdump/missing/strsep.c | 2 - contrib/tcpdump/mkdep | 28 +- contrib/tcpdump/nameser.h | 8 +- contrib/tcpdump/netdissect-alloc.c | 2 - contrib/tcpdump/netdissect.c | 16 +- contrib/tcpdump/netdissect.h | 75 +- contrib/tcpdump/nlpid.c | 2 - contrib/tcpdump/ntp.c | 2 - contrib/tcpdump/oui.c | 2 - contrib/tcpdump/parsenfsfh.c | 53 +- contrib/tcpdump/pflog.h | 45 +- contrib/tcpdump/print-802_11.c | 62 +- contrib/tcpdump/print-802_15_4.c | 32 +- contrib/tcpdump/print-ah.c | 2 - contrib/tcpdump/print-ahcp.c | 2 - contrib/tcpdump/print-aodv.c | 2 - contrib/tcpdump/print-aoe.c | 2 - contrib/tcpdump/print-ap1394.c | 2 - contrib/tcpdump/print-arcnet.c | 2 - contrib/tcpdump/print-arista.c | 2 - contrib/tcpdump/print-arp.c | 2 - contrib/tcpdump/print-ascii.c | 8 +- contrib/tcpdump/print-atalk.c | 2 - contrib/tcpdump/print-atm.c | 4 +- contrib/tcpdump/print-babel.c | 2 - contrib/tcpdump/print-bcm-li.c | 2 - contrib/tcpdump/print-beep.c | 2 - contrib/tcpdump/print-bfd.c | 8 +- contrib/tcpdump/print-bgp.c | 23 +- contrib/tcpdump/print-bootp.c | 43 +- contrib/tcpdump/print-brcmtag.c | 3 - contrib/tcpdump/print-bt.c | 2 - contrib/tcpdump/print-calm-fast.c | 2 - contrib/tcpdump/print-carp.c | 5 +- contrib/tcpdump/print-cdp.c | 10 +- contrib/tcpdump/print-cfm.c | 2 - contrib/tcpdump/print-chdlc.c | 2 - contrib/tcpdump/print-cip.c | 2 - contrib/tcpdump/print-cnfp.c | 2 - contrib/tcpdump/print-dccp.c | 2 - contrib/tcpdump/print-decnet.c | 2 - contrib/tcpdump/print-dhcp6.c | 70 +- contrib/tcpdump/print-domain.c | 12 +- contrib/tcpdump/print-dsa.c | 2 - contrib/tcpdump/print-dtp.c | 4 +- contrib/tcpdump/print-dvmrp.c | 4 +- contrib/tcpdump/print-eap.c | 3 +- contrib/tcpdump/print-egp.c | 2 - contrib/tcpdump/print-eigrp.c | 2 - contrib/tcpdump/print-enc.c | 2 - contrib/tcpdump/print-esp.c | 29 +- contrib/tcpdump/print-ether.c | 6 +- contrib/tcpdump/print-fddi.c | 5 +- contrib/tcpdump/print-forces.c | 2 - contrib/tcpdump/print-fr.c | 18 +- contrib/tcpdump/print-frag6.c | 26 +- contrib/tcpdump/print-ftp.c | 2 - contrib/tcpdump/print-geneve.c | 2 - contrib/tcpdump/print-geonet.c | 2 - contrib/tcpdump/print-gre.c | 2 - contrib/tcpdump/print-hncp.c | 2 - contrib/tcpdump/print-hsrp.c | 2 - contrib/tcpdump/print-http.c | 2 - contrib/tcpdump/print-icmp.c | 2 - contrib/tcpdump/print-icmp6.c | 15 +- contrib/tcpdump/print-igmp.c | 2 - contrib/tcpdump/print-igrp.c | 2 - contrib/tcpdump/print-ip-demux.c | 2 - contrib/tcpdump/print-ip.c | 68 +- contrib/tcpdump/print-ip6.c | 45 +- contrib/tcpdump/print-ip6opts.c | 2 - contrib/tcpdump/print-ipcomp.c | 2 - contrib/tcpdump/print-ipfc.c | 2 - contrib/tcpdump/print-ipnet.c | 2 - contrib/tcpdump/print-ipoib.c | 2 - contrib/tcpdump/print-ipx.c | 6 +- contrib/tcpdump/print-isakmp.c | 25 +- contrib/tcpdump/print-isoclns.c | 34 +- contrib/tcpdump/print-juniper.c | 5 +- contrib/tcpdump/print-krb.c | 11 +- contrib/tcpdump/print-l2tp.c | 2 - contrib/tcpdump/print-lane.c | 2 - contrib/tcpdump/print-ldp.c | 20 +- contrib/tcpdump/print-lisp.c | 14 +- contrib/tcpdump/print-llc.c | 2 - contrib/tcpdump/print-lldp.c | 4 +- contrib/tcpdump/print-lmp.c | 2 - contrib/tcpdump/print-loopback.c | 5 +- contrib/tcpdump/print-lspping.c | 2 - contrib/tcpdump/print-lwapp.c | 2 - contrib/tcpdump/print-lwres.c | 10 +- contrib/tcpdump/print-m3ua.c | 2 - contrib/tcpdump/print-macsec.c | 3 - contrib/tcpdump/print-mobile.c | 2 - contrib/tcpdump/print-mobility.c | 5 +- contrib/tcpdump/print-mpcp.c | 2 - contrib/tcpdump/print-mpls.c | 2 - contrib/tcpdump/print-mptcp.c | 2 - contrib/tcpdump/print-msdp.c | 2 - contrib/tcpdump/print-msnlb.c | 2 - contrib/tcpdump/print-nflog.c | 22 +- contrib/tcpdump/print-nfs.c | 29 +- contrib/tcpdump/print-nsh.c | 7 +- contrib/tcpdump/print-ntp.c | 4 - contrib/tcpdump/print-null.c | 2 - contrib/tcpdump/print-olsr.c | 16 +- contrib/tcpdump/print-openflow-1.0.c | 143 +- contrib/tcpdump/print-openflow-1.3.c | 15 +- contrib/tcpdump/print-openflow.c | 2 - contrib/tcpdump/print-ospf.c | 10 +- contrib/tcpdump/print-ospf6.c | 15 +- contrib/tcpdump/print-otv.c | 2 - contrib/tcpdump/print-pflog.c | 30 +- contrib/tcpdump/print-pgm.c | 2 - contrib/tcpdump/print-pim.c | 8 +- contrib/tcpdump/print-pktap.c | 2 - contrib/tcpdump/print-ppi.c | 2 - contrib/tcpdump/print-ppp.c | 11 +- contrib/tcpdump/print-pppoe.c | 2 - contrib/tcpdump/print-pptp.c | 2 - contrib/tcpdump/print-ptp.c | 45 +- contrib/tcpdump/print-radius.c | 173 +- contrib/tcpdump/print-raw.c | 2 - contrib/tcpdump/print-realtek.c | 2 - contrib/tcpdump/print-resp.c | 6 +- contrib/tcpdump/print-rip.c | 46 +- contrib/tcpdump/print-ripng.c | 2 - contrib/tcpdump/print-rpki-rtr.c | 40 +- contrib/tcpdump/print-rsvp.c | 2 - contrib/tcpdump/print-rt6.c | 4 +- contrib/tcpdump/print-rtsp.c | 2 - contrib/tcpdump/print-rx.c | 4 +- contrib/tcpdump/print-sctp.c | 7 +- contrib/tcpdump/print-sflow.c | 8 +- contrib/tcpdump/print-sip.c | 2 - contrib/tcpdump/print-sl.c | 2 - contrib/tcpdump/print-sll.c | 2 - contrib/tcpdump/print-slow.c | 2 - contrib/tcpdump/print-smb.c | 20 +- contrib/tcpdump/print-smtp.c | 2 - contrib/tcpdump/print-snmp.c | 12 +- contrib/tcpdump/print-someip.c | 3 - contrib/tcpdump/print-ssh.c | 2 - contrib/tcpdump/print-stp.c | 5 +- contrib/tcpdump/print-sunatm.c | 2 - contrib/tcpdump/print-sunrpc.c | 2 - contrib/tcpdump/print-symantec.c | 2 - contrib/tcpdump/print-syslog.c | 5 +- contrib/tcpdump/print-tcp.c | 64 +- contrib/tcpdump/print-telnet.c | 4 +- contrib/tcpdump/print-tftp.c | 2 - contrib/tcpdump/print-timed.c | 2 - contrib/tcpdump/print-tipc.c | 6 +- contrib/tcpdump/print-token.c | 2 - contrib/tcpdump/print-udld.c | 2 - contrib/tcpdump/print-udp.c | 101 +- contrib/tcpdump/print-unsupported.c | 2 - contrib/tcpdump/print-usb.c | 14 +- contrib/tcpdump/print-vjc.c | 2 - contrib/tcpdump/print-vqp.c | 2 - contrib/tcpdump/print-vrrp.c | 2 - contrib/tcpdump/print-vsock.c | 2 - contrib/tcpdump/print-vtp.c | 6 +- contrib/tcpdump/print-vxlan-gpe.c | 2 - contrib/tcpdump/print-vxlan.c | 2 - contrib/tcpdump/print-wb.c | 2 - contrib/tcpdump/print-whois.c | 2 - contrib/tcpdump/print-zep.c | 10 +- contrib/tcpdump/print-zephyr.c | 2 - contrib/tcpdump/print-zeromq.c | 26 +- contrib/tcpdump/print.c | 18 +- contrib/tcpdump/signature.c | 2 - contrib/tcpdump/smbutil.c | 19 +- contrib/tcpdump/status-exit-codes.h | 1 - contrib/tcpdump/strtoaddr.c | 2 - contrib/tcpdump/tcp.h | 6 +- contrib/tcpdump/tcpdump.1.in | 87 +- contrib/tcpdump/tcpdump.c | 107 +- contrib/tcpdump/udp.h | 14 +- contrib/tcpdump/util-print.c | 67 +- usr.sbin/tcpdump/tcpdump/config.h | 4 +- 227 files changed, 7690 insertions(+), 5092 deletions(-) diff --git a/contrib/tcpdump/CHANGES b/contrib/tcpdump/CHANGES index 33ced66dd826..b63d1eb658d3 100644 --- a/contrib/tcpdump/CHANGES +++ b/contrib/tcpdump/CHANGES @@ -1,3 +1,128 @@ +Friday, August 30, 2024 / The Tcpdump Group + Summary for 4.99.5 tcpdump release + Refine protocol decoding for: + Arista: Use the test .pcap file from pull request #955 (HwInfo). + BGP: Fix an undefined behavior when it tries to parse a too-short packet. + CARP: Print the protocol name before any GET_(). + CDP: only hex-dump unknown TLVs in verbose mode. + DHCP: parse the SZTP redirect tag. + DHCPv6: client-id/server-id DUID type 2 correction; parse the user class, + boot file URL, and SZTP redirect options; add DUID-UUID printing + (RFC6355). + DNS: Detect and correctly handle too-short URI RRs. + EAP: Assign ndo_protocol in the eap_print() function. + ESP: Don't use EVP_add_cipher_alias() (fixes building on OpenBSD 7.5). + Frame Relay (Multilink): Fix the Timestamp Information Element printing. + ICMPv6: Fix printing the Home Agent Address Discovery Reply Message. + IEEE 802.11: no need for an element ID in the structures for IEs, make + the length in the IE structures a u_int, include the "TA" field while + printing Block Ack Control frame. + IP: Enable TSO (TCP Segmentation Offload) support; fix printing invalid + cases as invalid, not truncated; use ND_ICHECKMSG_ZU() to test the + header length. + IPv6: Fix printing invalid cases as invalid, not truncated; use + ND_ICHECKMSG_U() to print an invalid version. + IPv6: Fix invalid 32-bit versus 64-bit printouts of fragment headers. + ISAKMP: Fix printing Delete payload SPI when size is zero. + Kerberos: Print the protocol name, remove a redundant bounds check. + lwres: Fix an undefined behavior in pointer arithmetic. + OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of + some lengths, and fix handling of snapend. + TCP: Test ports < 1024 in port order to select the printer. + UDP: Move source port equal BCM_LI_PORT to bottom of long if else chain. + UDP: Test ports < 1024 in port order to select the printer. + LDP: Add missing fields of the Common Session Parameters TLV and fix the + offset for the A&D bits. + NFLOG: Use correct AF code points on all OSes. + NFS: Avoid printing non-ASCII characters. + OSPF: Pad TLVs in LS_OPAQUE_TYPE_RI to multiples of 4 bytes. + OSPF: Update LS-Ack printing not to run off the end of the packet. + OSPF6: Fix an undefined behavior. + pflog: use nd_ types in struct pfloghdr. + PPP: Check if there is some data to hexdump. + PPP: Remove an extra colon before LCP Callback Operation. + Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397; + Note: This problem does not affect any tcpdump release. + PTP: Fix spelling of type SIGNALING, Parse major and minor version + correctly, Print majorSdoId field instead of just the first bit. + RIP: Make a couple trivial protocol updates. + RPKI-Router: Refine length and bounds checks. + RX: Use the "%Y-%m-%d" date format. + smbutil.c: Use the "%Y-%m-%d" date format. + SNMP: Fix two undefined behaviors. + Text protocols: Fix printing truncation if it is not the case. + ZEP: Use the "%Y-%m-%d" date format. + ZMTP: Replace custom code with bittok2str(). + User interface: + Print the supported time stamp types (-J) to stdout instead of stderr. + Print the list of data link types (-L) to stdout instead of stderr. + Use symmetrical quotation characters in error messages. + Update --version option to print 32/64-bit build and time_t size. + Improve error messages for invalid interface indexes specified + with -i. + Support "3des" as an alias for "des_ede3_cbc" even if the crypto + library doesn't support adding aliases. + Source code: + tcpdump: Fix a memory leak. + child_cleanup: reap as many child processes as possible. + Ignore failures when setting the default "any" device DLL to LINUX_SLL2. + Fix for backends which doesn't support capsicum. + Update ND_BYTES_BETWEEN() macro for better accuracy. + Update ND_BYTES_AVAILABLE_AFTER() macro for better accuracy. + Introduce new ND_ICHECK*() macros to deduplicate more code. + Skip privilege dropping when using -Z root on --with-user builds. + Add a nd_printjn() function. + Make nd_trunc_longjmp() not static inline. + Include <time.h> from netdissect.h. + Remove init_crc10_table() and the entourage. + Initialize tzcode early. + Capsicum support: Fix a 'not defined' macro error. + Update the "Error converting time" tests for packet times. + Fix warnings when building for 32-bit and defining _TIME_BITS=64. + Free interface list just before exiting where it wasn't being + freed. + Building and testing: + Add a configure option to help debugging (--enable-instrument-functions). + At build time require a proof of suitable snprintf(3) implementation in + libc (and document Solaris 9 as unsupported because of that). + Makefile.in: Add two "touch .devel" commands in the releasecheck target. + Autoconf: Get --with-user and --with-chroot right. + Autoconf: Fix --static-pcap-only test on Solaris 10. + Autoconf: Add some warning flags for clang 13 or newer. + Autoconf: Update config.{guess,sub}, timestamps 2024-01-01. + Autoconf: Add autogen.sh, remove configure and config.h.in and put + these generated files in the release tarball. + Autoconf: Update the install-sh script to the 2020-11-14.01 version. + configure: Apply autoupdate 2.69. + CMake: improve the comment before project(tcpdump C). + Do not require vsnprintf(). + tests: Use the -tttt option, by default, for the tests. + Autoconf, CMake: Get the size of a void * and a time_t. + Fix propagation of cc_werr_cflags() output. + Makefile.in: Fix the depend target. + mkdep: Exit with a non-zero status if a command fails. + Autoconf: use V_INCLS to update the list of include search paths. + Autoconf: don't put anything before -I and -L flags for local libpcap. + Autoconf, CMake: work around an Xcode 15+ issue. + Autoconf, CMake: use pkg-config and Homebrew when looking for + libcrypto. + Fix Sun C invocation from CMake. + mkdep: Use TMPDIR if it is set and not null. + Add initial support for building with TinyCC. + Makefile.in: Use the variable MAKE instead of the make command. + Makefile.in: Add instrumentation configuration in releasecheck target. + Make various improvements to the TESTrun script. + Untangle detection of pcap_findalldevs(). + Autoconf: don't use egrep, use $EGREP. + Autoconf: check for gethostbyaddr(), not gethostbyname(). + Autoconf, CMake: search for gethostbyaddr() in libnetwork. + Make illumos build warning-free. + Documentation: + Fixed errors in doc/README.Win32.md and renamed it to README.windows.md. + Make various improvements to the man page. + Add initial README file for Haiku. + Make various improvements to CONTRIBUTING.md. + Friday, April 7, 2023 / The Tcpdump Group Summary for 4.99.4 tcpdump release Source code: @@ -184,7 +309,7 @@ Wednesday, June 9, 2021 by gharris Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: - man: Update a reference as www.cifs.org is gone. [skip ci] + man: Update a reference as www.cifs.org is gone. man: Update DNS sections Solaris: Fix a compile error with Sun C @@ -913,7 +1038,7 @@ Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release RFC 4340. Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree Add support for Multiple-STP as per 802.1s - Add support for the cisco propriatry 'dynamic trunking protocol' + Add support for the cisco proprietary 'dynamic trunking protocol' Add support for the cisco proprietary VTP protocol Update dhcp6 options table as per IETF standardization activities @@ -1687,7 +1812,7 @@ v2.0.1 Sun Jan 26 21:10:10 PDT - Ultrix 4.0 is supported (also thanks to Jeff Mogul). - IBM RT and Stanford Enetfilter support has been added by - Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under + Rayan Zachariassen <rayan@canet.ca>. tcpdump has been tested under both the vanilla Enetfilter interface, and the extended interface (#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter. diff --git a/contrib/tcpdump/CMakeLists.txt b/contrib/tcpdump/CMakeLists.txt index 9495b5d4c234..f9071295eff1 100644 --- a/contrib/tcpdump/CMakeLists.txt +++ b/contrib/tcpdump/CMakeLists.txt @@ -2,21 +2,26 @@ if(WIN32) # # We need 3.12 or later, so that we can set policy CMP0074; see # below. + # cmake_minimum_required(VERSION 3.12) else(WIN32) # - # For now, require only 2.8.6, just in case somebody is - # configuring with CMake on a "long-term support" version - # of some OS and that version supplies an older version of - # CMake. + # For now: + # + # if this is a version of CMake less than 3.5, require only + # 2.8.12, just in case somebody is configuring with CMake + # on a "long-term support" version # of some OS and that + # version supplies an older version of CMake; # - # If this is ever updated to CMake 3.1 or later, remove the - # stuff in cmake/Modules/FindPCAP.cmake that appends subdirectories - # of directories from CMAKE_PREFIX_PATH to the PKG_CONFIG_PATH - # environment variable when running pkg-config, to make sure - # it finds any .pc file from there. + # otherwise, require 3.5, so we don't get messages warning + # that support for versions of CMake lower than 3.5 is + # deprecated. # - cmake_minimum_required(VERSION 2.8.12) + if(CMAKE_VERSION VERSION_LESS "3.5") + cmake_minimum_required(VERSION 2.8.12) + else() + cmake_minimum_required(VERSION 3.5) + endif() endif(WIN32) # @@ -77,7 +82,7 @@ endif() # If, for whatever reason, directories in which we search for external # libraries, other than the standard system library directories, are # added to the executable's rpath in the build process, we most -# defintely want them in the installed image's rpath if they are +# definitely want them in the installed image's rpath if they are # necessary in order to find the libraries at run time. # set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) @@ -85,7 +90,13 @@ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules) # -# OK, this is a royal pain. +# We explicitly indicate what languages are used in tcpdump to avoid +# checking for a C++ compiler. +# +# One reason to avoid that check is that there's no need to waste +# configuration time performing it. +# +# Another reason is that: # # CMake will try to determine the sizes of some data types, including # void *, early in the process of configuration; apparently, it's done @@ -111,11 +122,88 @@ set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules) # building 32-bit, the size for C++ will win, and, again, hilarity # will ensue. # -# So we *explicitly* state that only C is used; there is currently no -# C++ code in tcpdump. -# project(tcpdump C) +# +# Export the size of void * as SIZEOF_VOID_P so that it can be +# tested with #if. +# +set(SIZEOF_VOID_P "${CMAKE_SIZEOF_VOID_P}") + +# +# Show the bit width for which we're compiling. +# This can help debug problems if you're dealing with a compiler that +# defaults to generating 32-bit code even when running on a 64-bit +# platform, and where that platform may provide only 64-bit versions of +# libraries that we might use (looking at *you*, Oracle Studio!). +# +if(CMAKE_SIZEOF_VOID_P EQUAL 4) + message(STATUS "Building 32-bit") +elseif(CMAKE_SIZEOF_VOID_P EQUAL 8) + message(STATUS "Building 64-bit") +endif() + +# +# Solaris pkg-config is annoying. For at least one package (D-Bus, I'm +# looking at *you*!), there are separate include files for 32-bit and +# 64-bit builds (I guess using "unsigned long long" as a 64-bit integer +# type on a 64-bit build is like crossing the beams or something), and +# there are two separate .pc files, so if we're doing a 32-bit build we +# should make sure we look in /usr/lib/pkgconfig for .pc files and if +# we're doing a 64-bit build we should make sure we look in +# /usr/lib/amd64/pkgconfig for .pc files. +# +if(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND CMAKE_SYSTEM_VERSION MATCHES "5[.][0-9.]*") + # + # Note: string(REPLACE) does not appear to support using ENV{...} + # as an argument, so we set a variable and then use set() to set + # the environment variable. + # + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + # + # 64-bit build. If /usr/lib/pkgconfig appears in the path, + # prepend /usr/lib/amd64/pkgconfig to it; otherwise, + # put /usr/lib/amd64 at the end. + # + if((NOT DEFINED ENV{PKG_CONFIG_PATH}) OR "$ENV{PKG_CONFIG_PATH}" EQUAL "") + # + # Not set, or empty. Set it to /usr/lib/amd64/pkgconfig. + # + set(fixed_path "/usr/lib/amd64/pkgconfig") + elseif("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/pkgconfig") + # + # It contains /usr/lib/pkgconfig. Prepend + # /usr/lib/amd64/pkgconfig to /usr/lib/pkgconfig. + # + string(REPLACE "/usr/lib/pkgconfig" + "/usr/lib/amd64/pkgconfig:/usr/lib/pkgconfig" + fixed_path "$ENV{PKG_CONFIG_PATH}") + else() + # + # Not empty, but doesn't contain /usr/lib/pkgconfig. + # Append /usr/lib/amd64/pkgconfig to it. + # + set(fixed_path "$ENV{PKG_CONFIG_PATH}:/usr/lib/amd64/pkgconfig") + endif() + set(ENV{PKG_CONFIG_PATH} "${fixed_path}") + elseif(CMAKE_SIZEOF_VOID_P EQUAL 4) + # + # 32-bit build. If /usr/amd64/lib/pkgconfig appears in the path, + # prepend /usr/lib/pkgconfig to it. + # + if("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/amd64/pkgconfig") + # + # It contains /usr/lib/amd64/pkgconfig. Prepend + # /usr/lib/pkgconfig to /usr/lib/amd64/pkgconfig. + # + string(REPLACE "/usr/lib/amd64/pkgconfig" + "/usr/lib/pkgconfig:/usr/lib/amd64/pkgconfig" + fixed_path "$ENV{PKG_CONFIG_PATH}") + set(ENV{PKG_CONFIG_PATH} "${fixed_path}") + endif() + endif() +endif() + # # For checking if a compiler flag works and adding it if it does. # @@ -266,8 +354,6 @@ file(STRINGS ${tcpdump_SOURCE_DIR}/VERSION # Project settings ###################################### -add_definitions(-DHAVE_CONFIG_H) - include_directories( ${CMAKE_CURRENT_BINARY_DIR} ${tcpdump_SOURCE_DIR} @@ -320,10 +406,17 @@ include(CheckStructHasMember) include(CheckVariableExists) include(CheckTypeSize) +# +# Get the size of a time_t, to know whether it's 32-bit or 64-bit. +# +cmake_push_check_state() +set(CMAKE_EXTRA_INCLUDE_FILES time.h) +check_type_size("time_t" SIZEOF_TIME_T) +cmake_pop_check_state() + # # Header files. # -check_include_file(fcntl.h HAVE_FCNTL_H) check_include_file(rpc/rpc.h HAVE_RPC_RPC_H) check_include_file(net/if.h HAVE_NET_IF_H) if(HAVE_RPC_RPC_H) @@ -368,7 +461,12 @@ else(WIN32) if(LIBNSL_HAS_GETHOSTBYADDR) set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} nsl) else(LIBNSL_HAS_GETHOSTBYADDR) - message(FATAL_ERROR "gethostbyaddr is required, but wasn't found") + check_library_exists(network gethostbyaddr "" LIBNETWORK_HAS_GETHOSTBYADDR) + if(LIBNETWORK_HAS_GETHOSTBYADDR) + set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} network) + else(LIBNETWORK_HAS_GETHOSTBYADDR) + message(FATAL_ERROR "gethostbyaddr is required, but wasn't found") + endif(LIBNETWORK_HAS_GETHOSTBYADDR) endif(LIBNSL_HAS_GETHOSTBYADDR) endif(LIBSOCKET_HAS_GETHOSTBYADDR) endif(NOT STDLIBS_HAVE_GETHOSTBYADDR) @@ -396,20 +494,68 @@ endif(STDLIBS_HAVE_GETSERVENT) cmake_pop_check_state() # -# Make sure we have vsnprintf() and snprintf(); we require them. -# We use check_symbol_exists(), as they aren't necessarily external -# functions - in Visual Studio, for example, they're inline functions -# calling a common external function. +# Make sure we have snprintf(); we require it. +# We use check_symbol_exists(), as it isn't necessarily an external +# function - in Visual Studio, for example, it is an inline function +# calling an external function. # -check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF) -if(NOT HAVE_VSNPRINTF) - message(FATAL_ERROR "vsnprintf() is required but wasn't found") -endif(NOT HAVE_VSNPRINTF) check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF) if(NOT HAVE_SNPRINTF) message(FATAL_ERROR "snprintf() is required but wasn't found") endif() +# +# Require a proof of suitable snprintf(3), same as in Autoconf. +# +include(CheckCSourceRuns) +check_c_source_runs(" +#include <stdio.h> +#include <string.h> +#include <inttypes.h> +#include <sys/types.h> + +int main() +{ + char buf[100]; + uint64_t t = (uint64_t)1 << 32; + + snprintf(buf, sizeof(buf), \"%zu\", sizeof(buf)); + if (strncmp(buf, \"100\", sizeof(buf))) + return 1; + + snprintf(buf, sizeof(buf), \"%zd\", -sizeof(buf)); + if (strncmp(buf, \"-100\", sizeof(buf))) + return 2; + + snprintf(buf, sizeof(buf), \"%\" PRId64, -t); + if (strncmp(buf, \"-4294967296\", sizeof(buf))) + return 3; + + snprintf(buf, sizeof(buf), \"0o%\" PRIo64, t); + if (strncmp(buf, \"0o40000000000\", sizeof(buf))) + return 4; + + snprintf(buf, sizeof(buf), \"0x%\" PRIx64, t); + if (strncmp(buf, \"0x100000000\", sizeof(buf))) + return 5; + + snprintf(buf, sizeof(buf), \"%\" PRIu64, t); + if (strncmp(buf, \"4294967296\", sizeof(buf))) + return 6; + + return 0; +} + +" + SUITABLE_SNPRINTF +) +if(NOT SUITABLE_SNPRINTF) + message(FATAL_ERROR +"The snprintf(3) implementation in this libc is not suitable, +tcpdump would not work correctly even if it managed to compile." + ) +endif() + check_function_exists(getopt_long HAVE_GETOPT_LONG) check_function_exists(setlinebuf HAVE_SETLINEBUF) # @@ -618,6 +764,14 @@ set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS}) # check_include_file(pcap/pcap-inttypes.h HAVE_PCAP_PCAP_INTTYPES_H) +# +# At compile time HAVE_PCAP_FINDALLDEVS depends on HAVE_PCAP_IF_T. +# +cmake_push_check_state() +set(CMAKE_EXTRA_INCLUDE_FILES pcap.h) +check_type_size(pcap_if_t PCAP_IF_T) +cmake_pop_check_state() + # # Check for various functions in libpcap/WinPcap/Npcap. # @@ -707,19 +861,6 @@ endif(HAVE_PCAP_CREATE) # if we have them. # check_function_exists(pcap_findalldevs HAVE_PCAP_FINDALLDEVS) -if(HAVE_PCAP_FINDALLDEVS) - # - # Check for libpcap having pcap_findalldevs() but the pcap.h header - # not having pcap_if_t; some versions of Mac OS X shipped with pcap.h - # from 0.6 and libpcap 0.8, so that libpcap had pcap_findalldevs but - # pcap.h didn't have pcap_if_t. - # - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS}) - set(CMAKE_EXTRA_INCLUDE_FILES pcap.h) - check_type_size(pcap_if_t PCAP_IF_T) - cmake_pop_check_state() -endif(HAVE_PCAP_FINDALLDEVS) check_function_exists(pcap_dump_flush HAVE_PCAP_DUMP_FLUSH) check_function_exists(pcap_lib_version HAVE_PCAP_LIB_VERSION) if(NOT HAVE_PCAP_LIB_VERSION) @@ -728,8 +869,56 @@ endif(NOT HAVE_PCAP_LIB_VERSION) check_function_exists(pcap_setdirection HAVE_PCAP_SETDIRECTION) check_function_exists(pcap_set_immediate_mode HAVE_PCAP_SET_IMMEDIATE_MODE) check_function_exists(pcap_dump_ftell64 HAVE_PCAP_DUMP_FTELL64) -check_function_exists(pcap_open HAVE_PCAP_OPEN) -check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX) +# +# macOS Sonoma's libpcap includes stub versions of the remote- +# capture APIs. They are exported as "weakly linked symbols". +# +# Xcode 15 offers only a macOS Sonoma SDK, which has a .tbd +# file for libpcap that claims it includes those APIs. (Newer +# versions of macOS don't provide the system shared libraries, +# they only provide the dyld shared cache containing those +# libraries, so the OS provides SDKs that include a .tbd file +# to use when linking.) +# +# This means that check_function_exists() will think that +# the remote-capture APIs are present, including pcap_open() +# and pcap_findalldevs_ex(). +# +# However, they are *not* present in macOS Ventura and earlier, +# which means that building on Ventura with Xcode 15 produces +# executables that fail to start because one of those APIs +# isn't found in the system libpcap. +# +# Protecting calls to those APIs with __builtin_available() +# does not prevent this, because the libpcap header files +# in the Sonoma SDK mark them as being first available +# in macOS 10.13, just like all the other routines introduced +# in libpcap 1.9, even though they're only available if libpcap +# is built with remote capture enabled or stub routines are +# provided. (A fix to enable this has been checked into the +# libpcap repository, and may end up in a later version of +# the SDK.) +# +# Given all that, and given that the versions of the +# remote-capture APIs in Sonoma are stubs that always fail, +# there doesn't seem to be any point in checking for pcap_open() +# and pcap_findalldevs_ex() if we're linking against the Apple libpcap. +# +# However, if we're *not* linking against the Apple libpcap, +# we should check for it, so that we can use it if it's present. +# +# So we check for pcap_open() and pcap_findalldevs_ex() if 1) this isn't +# macOS or 2) the the libpcap we found is not a system library, meaning +# that its path begins neither with /usr/lib (meaning it's a system +# dylib) nor /Application/Xcode.app (meaning it's a file in +# the Xcode SDK). +# +if(NOT APPLE OR NOT + (PCAP_LIBRARIES MATCHES "/usr/lib/.*" OR + PCAP_LIBRARIES MATCHES "/Application/Xcode.app/.*")) + check_function_exists(pcap_open HAVE_PCAP_OPEN) + check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX) +endif() # # On Windows, check for pcap_wsockinit(); if we don't have it, check for @@ -787,11 +976,6 @@ endif(WITH_SMI) if(WITH_CRYPTO) find_package(CRYPTO) if(CRYPTO_FOUND) - # - # Check for some headers and functions. - # - check_include_file(openssl/evp.h HAVE_OPENSSL_EVP_H) - # # 1) do we have EVP_CIPHER_CTX_new? # If so, we use it to allocate an EVP_CIPHER_CTX, as @@ -958,9 +1142,9 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel) # We do *not* care whether a structure had padding added at # the end because of __declspec(align) - *we* don't use # __declspec(align), because the only structures whose layout - # we precisely specify are those that get overlayed on packet + # we precisely specify are those that get overlaid on packet # data, and in those every element is an array of octets so - # that we have full control over the size and aligmnet, and, + # that we have full control over the size and alignment, and, # apparently, jmp_buf has such a declaration on x86, meaning # that everything that includes netdissect.h, i.e. almost every # file in tcpdump, gets a warning. @@ -979,12 +1163,19 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel) check_and_add_compiler_option(-Wmissing-prototypes) check_and_add_compiler_option(-Wmissing-variable-declarations) check_and_add_compiler_option(-Wold-style-definition) - check_and_add_compiler_option(-Wpedantic) + if(NOT CMAKE_C_COMPILER_ID MATCHES "Sun") + # In Sun C versions that implement GCC compatibility "-Wpedantic" + # means the same as "-pedantic". The latter is mutually exclusive + # with several other options. One of those is "-xc99", which has + # already been set for Sun C above. + check_and_add_compiler_option(-Wpedantic) + endif() check_and_add_compiler_option(-Wpointer-arith) check_and_add_compiler_option(-Wpointer-sign) check_and_add_compiler_option(-Wshadow) check_and_add_compiler_option(-Wsign-compare) check_and_add_compiler_option(-Wstrict-prototypes) + check_and_add_compiler_option(-Wundef) check_and_add_compiler_option(-Wunreachable-code-return) check_and_add_compiler_option(-Wused-but-marked-unused) check_and_add_compiler_option(-Wwrite-strings) @@ -998,9 +1189,13 @@ endif() # usage: cmake -DEXTRA_CFLAGS='-Wall -Wextra -Werror' ... # if(NOT "${EXTRA_CFLAGS}" STREQUAL "") - foreach(_extra_cflag ${EXTRA_CFLAGS}) - check_and_add_compiler_option("${_extra_cflag}") - endforeach(_extra_cflag) + # The meaning of EXTRA_CFLAGS is "use the exact specified options, or the + # build risks failing to fail", not "try every specified option, omit those + # that do not work and use the rest". Thus use add_compile_options(), not + # foreach()/check_and_add_compiler_option(). Another reason to do that is + # that the effect lasts in testprogs/ and testprogs/fuzz/. + string(REPLACE " " ";" _extra_cflags_list ${EXTRA_CFLAGS}) + add_compile_options(${_extra_cflags_list}) message(STATUS "Added extra compile options (${EXTRA_CFLAGS})") endif() diff --git a/contrib/tcpdump/CONTRIBUTING.md b/contrib/tcpdump/CONTRIBUTING.md index 26f226ebd973..215e4c6831c4 100644 --- a/contrib/tcpdump/CONTRIBUTING.md +++ b/contrib/tcpdump/CONTRIBUTING.md @@ -36,17 +36,17 @@ and ask! ## How to add new code and to update existing code -0) Check that there isn't a pull request already opened for the changes you +1) Check that there isn't a pull request already opened for the changes you intend to make. -1) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump +2) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump [repository](https://github.com/the-tcpdump-group/tcpdump). -2) The easiest way to test your changes on multiple operating systems and +3) The easiest way to test your changes on multiple operating systems and architectures is to let the upstream CI test your pull request (more on this below). -3) Setup your git working copy +4) Setup your git working copy ``` git clone https://github.com/<username>/tcpdump.git cd tcpdump @@ -54,19 +54,19 @@ and ask! git fetch upstream ``` -4) Do a `touch .devel` in your working directory. +5) Do a `touch .devel` in your working directory. Currently, the effect is * add (via `configure`, in `Makefile`) some warnings options (`-Wall`, `-Wmissing-prototypes`, `-Wstrict-prototypes`, ...) to the compiler if it supports these options, * have the `Makefile` support `make depend` and the `configure` script run it. -5) Configure and build +6) Configure and build ``` ./configure && make -s && make check ``` -6) Add/update tests +7) Add/update tests The `tests` directory contains regression tests of the dissection of captured packets. Those captured packets were saved running tcpdump with option `-w sample.pcap`. Additional options, such as `-n`, are used to create relevant @@ -96,12 +96,12 @@ and ask! It is often useful to have test outputs with different verbosity levels (none, `-v`, `-vv`, `-vvv`, etc.) depending on the code. -7) Test using `make check` (current build options) and `./build_matrix.sh` +8) Test using `make check` (current build options) and `./build_matrix.sh` (a multitude of build options, build systems and compilers). If you can, test on more than one operating system. Don't send a pull request until all tests pass. -8) Try to rebase your commits to keep the history simple. +9) Try to rebase your commits to keep the history simple. ``` git fetch upstream git rebase upstream/master @@ -109,32 +109,76 @@ and ask! (If the rebase fails and you cannot resolve, issue `git rebase --abort` and ask for help in the pull request comment.) -9) Once 100% happy, put your work into your forked repository using `git push`. +10) Once 100% happy, put your work into your forked repository using `git push`. -10) [Initiate and send](https://help.github.com/articles/using-pull-requests/) +11) [Initiate and send](https://help.github.com/articles/using-pull-requests/) a pull request. This will trigger the upstream repository CI tests. ## Code style and generic remarks -* A thorough reading of some other printers code is useful. +1) A thorough reading of some other printers code is useful. -* Put the normative reference if any as comments (RFC, etc.). +2) To help learn how tcpdump works or to help debugging: + You can configure and build tcpdump with the instrumentation of functions: + ``` + $ ./configure --enable-instrument-functions + $ make -s clean all + ``` + + This generates instrumentation calls for entry and exit to functions. + Just after function entry and just before function exit, these + profiling functions are called and print the function names with + indentation and call level. + + If entering in a function, it prints also the calling function name with + file name and line number. There may be a small shift in the line number. + + In some cases, with Clang 11, the file number is unknown (printed '??') + or the line number is unknown (printed '?'). In this case, use GCC. + + If the environment variable INSTRUMENT is + - unset or set to an empty string, print nothing, like with no + instrumentation + - set to "all" or "a", print all the functions names + - set to "global" or "g", print only the global functions names + + This allows to run: + ``` + $ INSTRUMENT=a ./tcpdump ... + $ INSTRUMENT=g ./tcpdump ... + $ INSTRUMENT= ./tcpdump ... + ``` + or + ``` + $ export INSTRUMENT=global + $ ./tcpdump ... + ``` + + The library libbfd is used, therefore the binutils-dev package is required. -* Put the format of packets/headers/options as comments if there is no +3) Put the normative reference if any as comments (RFC, etc.). + +4) Put the format of packets/headers/options as comments if there is no published normative reference. -* The printer may receive incomplete packet in the buffer, truncated at any +5) The printer may receive incomplete packet in the buffer, truncated at any random position, for example by capturing with `-s size` option. + This means that an attempt to fetch packet data based on the expected + format of the packet may run the risk of overrunning the buffer. + + Furthermore, if the packet is complete, but is not correctly formed, + that can also cause a printer to overrun the buffer, as it will be + fetching packet data based on the expected format of the packet. + + Therefore, integral, IPv4 address, and octet sequence values should + be fetched using the `GET_*()` macros, which are defined in + `extract.h`. + If your code reads and decodes every byte of the protocol packet, then to ensure proper and complete bounds checks it would be sufficient to read all - packet data using the `GET_*()` macros, typically: - ``` - GET_U_1(p) - GET_S_1(p) - GET_BE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 } - GET_BE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 } *** 22507 LINES SKIPPED ***