git: 094f44ea0358 - stable/13 - tcpdump: Update to 4.99.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Jan 2025 19:33:37 UTC
The branch stable/13 has been updated by jrm:
URL: https://cgit.FreeBSD.org/src/commit/?id=094f44ea03589a64a831627ae10980697cc66423
commit 094f44ea03589a64a831627ae10980697cc66423
Author: Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2024-09-23 19:23:25 +0000
Commit: Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2025-01-29 19:29:29 +0000
tcpdump: Update to 4.99.5
Reviewed by: kp (changes related to pf)
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 0a7e5f1f02aad2ff5fff1c60f44c6975fd07e1d9)
(cherry picked from commit d72f87c0fd1418bdb814594ea8fc76a202f7d5c6)
---
contrib/tcpdump/CHANGES | 131 +-
contrib/tcpdump/CMakeLists.txt | 301 +-
contrib/tcpdump/CONTRIBUTING.md | 269 +-
contrib/tcpdump/CREDITS | 34 +-
contrib/tcpdump/INSTALL.md | 35 +-
contrib/tcpdump/Makefile.in | 98 +-
contrib/tcpdump/VERSION | 2 +-
contrib/tcpdump/addrtoname.c | 7 +-
contrib/tcpdump/addrtostr.c | 24 +-
contrib/tcpdump/af.c | 2 -
contrib/tcpdump/autogen.sh | 25 +
contrib/tcpdump/bpf_dump.c | 2 -
contrib/tcpdump/checksum.c | 39 +-
contrib/tcpdump/cmake/Modules/FindCRYPTO.cmake | 185 +-
contrib/tcpdump/cmakeconfig.h.in | 14 +-
contrib/tcpdump/config.guess | 62 +-
contrib/tcpdump/config.h.in | 27 +-
contrib/tcpdump/config.sub | 230 +-
contrib/tcpdump/configure | 7188 ++++++++++++++----------
contrib/tcpdump/configure.ac | 476 +-
contrib/tcpdump/cpack.c | 2 -
contrib/tcpdump/diag-control.h | 95 +-
contrib/tcpdump/doc/README.Win32.md | 200 -
contrib/tcpdump/doc/README.haiku.md | 33 +
contrib/tcpdump/doc/README.solaris.md | 5 +
contrib/tcpdump/extract.h | 2 +-
contrib/tcpdump/ftmacros.h | 2 +-
contrib/tcpdump/funcattrs.h | 5 +-
contrib/tcpdump/gmpls.c | 2 -
contrib/tcpdump/in_cksum.c | 2 -
contrib/tcpdump/install-sh | 689 ++-
contrib/tcpdump/instrument-functions.c | 250 +
contrib/tcpdump/interface.h | 2 +-
contrib/tcpdump/ip.h | 1 -
contrib/tcpdump/ipproto.c | 2 -
contrib/tcpdump/l2vpn.c | 2 -
contrib/tcpdump/machdep.c | 2 -
contrib/tcpdump/makemib | 2 +-
contrib/tcpdump/mib.h | 12 +-
contrib/tcpdump/missing/datalinks.c | 2 -
contrib/tcpdump/missing/dlnames.c | 2 -
contrib/tcpdump/missing/getopt_long.c | 3 +-
contrib/tcpdump/missing/getservent.c | 2 -
contrib/tcpdump/missing/snprintf.c | 2 -
contrib/tcpdump/missing/strlcat.c | 2 -
contrib/tcpdump/missing/strlcpy.c | 2 -
contrib/tcpdump/missing/strsep.c | 2 -
contrib/tcpdump/mkdep | 28 +-
contrib/tcpdump/nameser.h | 8 +-
contrib/tcpdump/netdissect-alloc.c | 2 -
contrib/tcpdump/netdissect.c | 16 +-
contrib/tcpdump/netdissect.h | 75 +-
contrib/tcpdump/nlpid.c | 2 -
contrib/tcpdump/ntp.c | 2 -
contrib/tcpdump/oui.c | 2 -
contrib/tcpdump/parsenfsfh.c | 53 +-
contrib/tcpdump/pflog.h | 45 +-
contrib/tcpdump/print-802_11.c | 62 +-
contrib/tcpdump/print-802_15_4.c | 32 +-
contrib/tcpdump/print-ah.c | 2 -
contrib/tcpdump/print-ahcp.c | 2 -
contrib/tcpdump/print-aodv.c | 2 -
contrib/tcpdump/print-aoe.c | 2 -
contrib/tcpdump/print-ap1394.c | 2 -
contrib/tcpdump/print-arcnet.c | 2 -
contrib/tcpdump/print-arista.c | 2 -
contrib/tcpdump/print-arp.c | 2 -
contrib/tcpdump/print-ascii.c | 8 +-
contrib/tcpdump/print-atalk.c | 2 -
contrib/tcpdump/print-atm.c | 4 +-
contrib/tcpdump/print-babel.c | 2 -
contrib/tcpdump/print-bcm-li.c | 2 -
contrib/tcpdump/print-beep.c | 2 -
contrib/tcpdump/print-bfd.c | 8 +-
contrib/tcpdump/print-bgp.c | 23 +-
contrib/tcpdump/print-bootp.c | 43 +-
contrib/tcpdump/print-brcmtag.c | 3 -
contrib/tcpdump/print-bt.c | 2 -
contrib/tcpdump/print-calm-fast.c | 2 -
contrib/tcpdump/print-carp.c | 5 +-
contrib/tcpdump/print-cdp.c | 10 +-
contrib/tcpdump/print-cfm.c | 2 -
contrib/tcpdump/print-chdlc.c | 2 -
contrib/tcpdump/print-cip.c | 2 -
contrib/tcpdump/print-cnfp.c | 2 -
contrib/tcpdump/print-dccp.c | 2 -
contrib/tcpdump/print-decnet.c | 2 -
contrib/tcpdump/print-dhcp6.c | 70 +-
contrib/tcpdump/print-domain.c | 12 +-
contrib/tcpdump/print-dsa.c | 2 -
contrib/tcpdump/print-dtp.c | 4 +-
contrib/tcpdump/print-dvmrp.c | 4 +-
contrib/tcpdump/print-eap.c | 3 +-
contrib/tcpdump/print-egp.c | 2 -
contrib/tcpdump/print-eigrp.c | 2 -
contrib/tcpdump/print-enc.c | 2 -
contrib/tcpdump/print-esp.c | 29 +-
contrib/tcpdump/print-ether.c | 6 +-
contrib/tcpdump/print-fddi.c | 5 +-
contrib/tcpdump/print-forces.c | 2 -
contrib/tcpdump/print-fr.c | 18 +-
contrib/tcpdump/print-frag6.c | 26 +-
contrib/tcpdump/print-ftp.c | 2 -
contrib/tcpdump/print-geneve.c | 2 -
contrib/tcpdump/print-geonet.c | 2 -
contrib/tcpdump/print-gre.c | 2 -
contrib/tcpdump/print-hncp.c | 2 -
contrib/tcpdump/print-hsrp.c | 2 -
contrib/tcpdump/print-http.c | 2 -
contrib/tcpdump/print-icmp.c | 2 -
contrib/tcpdump/print-icmp6.c | 15 +-
contrib/tcpdump/print-igmp.c | 2 -
contrib/tcpdump/print-igrp.c | 2 -
contrib/tcpdump/print-ip-demux.c | 2 -
contrib/tcpdump/print-ip.c | 68 +-
contrib/tcpdump/print-ip6.c | 45 +-
contrib/tcpdump/print-ip6opts.c | 2 -
contrib/tcpdump/print-ipcomp.c | 2 -
contrib/tcpdump/print-ipfc.c | 2 -
contrib/tcpdump/print-ipnet.c | 2 -
contrib/tcpdump/print-ipoib.c | 2 -
contrib/tcpdump/print-ipx.c | 6 +-
contrib/tcpdump/print-isakmp.c | 25 +-
contrib/tcpdump/print-isoclns.c | 34 +-
contrib/tcpdump/print-juniper.c | 5 +-
contrib/tcpdump/print-krb.c | 11 +-
contrib/tcpdump/print-l2tp.c | 2 -
contrib/tcpdump/print-lane.c | 2 -
contrib/tcpdump/print-ldp.c | 20 +-
contrib/tcpdump/print-lisp.c | 14 +-
contrib/tcpdump/print-llc.c | 2 -
contrib/tcpdump/print-lldp.c | 4 +-
contrib/tcpdump/print-lmp.c | 2 -
contrib/tcpdump/print-loopback.c | 5 +-
contrib/tcpdump/print-lspping.c | 2 -
contrib/tcpdump/print-lwapp.c | 2 -
contrib/tcpdump/print-lwres.c | 10 +-
contrib/tcpdump/print-m3ua.c | 2 -
contrib/tcpdump/print-macsec.c | 3 -
contrib/tcpdump/print-mobile.c | 2 -
contrib/tcpdump/print-mobility.c | 5 +-
contrib/tcpdump/print-mpcp.c | 2 -
contrib/tcpdump/print-mpls.c | 2 -
contrib/tcpdump/print-mptcp.c | 2 -
contrib/tcpdump/print-msdp.c | 2 -
contrib/tcpdump/print-msnlb.c | 2 -
contrib/tcpdump/print-nflog.c | 22 +-
contrib/tcpdump/print-nfs.c | 29 +-
contrib/tcpdump/print-nsh.c | 7 +-
contrib/tcpdump/print-ntp.c | 4 -
contrib/tcpdump/print-null.c | 2 -
contrib/tcpdump/print-olsr.c | 16 +-
contrib/tcpdump/print-openflow-1.0.c | 143 +-
contrib/tcpdump/print-openflow-1.3.c | 15 +-
contrib/tcpdump/print-openflow.c | 2 -
contrib/tcpdump/print-ospf.c | 10 +-
contrib/tcpdump/print-ospf6.c | 15 +-
contrib/tcpdump/print-otv.c | 2 -
contrib/tcpdump/print-pflog.c | 30 +-
contrib/tcpdump/print-pgm.c | 2 -
contrib/tcpdump/print-pim.c | 8 +-
contrib/tcpdump/print-pktap.c | 2 -
contrib/tcpdump/print-ppi.c | 2 -
contrib/tcpdump/print-ppp.c | 11 +-
contrib/tcpdump/print-pppoe.c | 2 -
contrib/tcpdump/print-pptp.c | 2 -
contrib/tcpdump/print-ptp.c | 45 +-
contrib/tcpdump/print-radius.c | 173 +-
contrib/tcpdump/print-raw.c | 2 -
contrib/tcpdump/print-realtek.c | 2 -
contrib/tcpdump/print-resp.c | 6 +-
contrib/tcpdump/print-rip.c | 46 +-
contrib/tcpdump/print-ripng.c | 2 -
contrib/tcpdump/print-rpki-rtr.c | 40 +-
contrib/tcpdump/print-rsvp.c | 2 -
contrib/tcpdump/print-rt6.c | 4 +-
contrib/tcpdump/print-rtsp.c | 2 -
contrib/tcpdump/print-rx.c | 4 +-
contrib/tcpdump/print-sctp.c | 7 +-
contrib/tcpdump/print-sflow.c | 8 +-
contrib/tcpdump/print-sip.c | 2 -
contrib/tcpdump/print-sl.c | 2 -
contrib/tcpdump/print-sll.c | 2 -
contrib/tcpdump/print-slow.c | 2 -
contrib/tcpdump/print-smb.c | 20 +-
contrib/tcpdump/print-smtp.c | 2 -
contrib/tcpdump/print-snmp.c | 12 +-
contrib/tcpdump/print-someip.c | 3 -
contrib/tcpdump/print-ssh.c | 2 -
contrib/tcpdump/print-stp.c | 5 +-
contrib/tcpdump/print-sunatm.c | 2 -
contrib/tcpdump/print-sunrpc.c | 2 -
contrib/tcpdump/print-symantec.c | 2 -
contrib/tcpdump/print-syslog.c | 5 +-
contrib/tcpdump/print-tcp.c | 64 +-
contrib/tcpdump/print-telnet.c | 4 +-
contrib/tcpdump/print-tftp.c | 2 -
contrib/tcpdump/print-timed.c | 2 -
contrib/tcpdump/print-tipc.c | 6 +-
contrib/tcpdump/print-token.c | 2 -
contrib/tcpdump/print-udld.c | 2 -
contrib/tcpdump/print-udp.c | 101 +-
contrib/tcpdump/print-unsupported.c | 2 -
contrib/tcpdump/print-usb.c | 14 +-
contrib/tcpdump/print-vjc.c | 2 -
contrib/tcpdump/print-vqp.c | 2 -
contrib/tcpdump/print-vrrp.c | 2 -
contrib/tcpdump/print-vsock.c | 2 -
contrib/tcpdump/print-vtp.c | 6 +-
contrib/tcpdump/print-vxlan-gpe.c | 2 -
contrib/tcpdump/print-vxlan.c | 2 -
contrib/tcpdump/print-wb.c | 2 -
contrib/tcpdump/print-whois.c | 2 -
contrib/tcpdump/print-zep.c | 10 +-
contrib/tcpdump/print-zephyr.c | 2 -
contrib/tcpdump/print-zeromq.c | 26 +-
contrib/tcpdump/print.c | 18 +-
contrib/tcpdump/signature.c | 2 -
contrib/tcpdump/smbutil.c | 19 +-
contrib/tcpdump/status-exit-codes.h | 1 -
contrib/tcpdump/strtoaddr.c | 2 -
contrib/tcpdump/tcp.h | 6 +-
contrib/tcpdump/tcpdump.1.in | 87 +-
contrib/tcpdump/tcpdump.c | 107 +-
contrib/tcpdump/udp.h | 14 +-
contrib/tcpdump/util-print.c | 67 +-
usr.sbin/tcpdump/tcpdump/config.h | 4 +-
227 files changed, 7690 insertions(+), 5092 deletions(-)
diff --git a/contrib/tcpdump/CHANGES b/contrib/tcpdump/CHANGES
index 33ced66dd826..b63d1eb658d3 100644
--- a/contrib/tcpdump/CHANGES
+++ b/contrib/tcpdump/CHANGES
@@ -1,3 +1,128 @@
+Friday, August 30, 2024 / The Tcpdump Group
+ Summary for 4.99.5 tcpdump release
+ Refine protocol decoding for:
+ Arista: Use the test .pcap file from pull request #955 (HwInfo).
+ BGP: Fix an undefined behavior when it tries to parse a too-short packet.
+ CARP: Print the protocol name before any GET_().
+ CDP: only hex-dump unknown TLVs in verbose mode.
+ DHCP: parse the SZTP redirect tag.
+ DHCPv6: client-id/server-id DUID type 2 correction; parse the user class,
+ boot file URL, and SZTP redirect options; add DUID-UUID printing
+ (RFC6355).
+ DNS: Detect and correctly handle too-short URI RRs.
+ EAP: Assign ndo_protocol in the eap_print() function.
+ ESP: Don't use EVP_add_cipher_alias() (fixes building on OpenBSD 7.5).
+ Frame Relay (Multilink): Fix the Timestamp Information Element printing.
+ ICMPv6: Fix printing the Home Agent Address Discovery Reply Message.
+ IEEE 802.11: no need for an element ID in the structures for IEs, make
+ the length in the IE structures a u_int, include the "TA" field while
+ printing Block Ack Control frame.
+ IP: Enable TSO (TCP Segmentation Offload) support; fix printing invalid
+ cases as invalid, not truncated; use ND_ICHECKMSG_ZU() to test the
+ header length.
+ IPv6: Fix printing invalid cases as invalid, not truncated; use
+ ND_ICHECKMSG_U() to print an invalid version.
+ IPv6: Fix invalid 32-bit versus 64-bit printouts of fragment headers.
+ ISAKMP: Fix printing Delete payload SPI when size is zero.
+ Kerberos: Print the protocol name, remove a redundant bounds check.
+ lwres: Fix an undefined behavior in pointer arithmetic.
+ OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of
+ some lengths, and fix handling of snapend.
+ TCP: Test ports < 1024 in port order to select the printer.
+ UDP: Move source port equal BCM_LI_PORT to bottom of long if else chain.
+ UDP: Test ports < 1024 in port order to select the printer.
+ LDP: Add missing fields of the Common Session Parameters TLV and fix the
+ offset for the A&D bits.
+ NFLOG: Use correct AF code points on all OSes.
+ NFS: Avoid printing non-ASCII characters.
+ OSPF: Pad TLVs in LS_OPAQUE_TYPE_RI to multiples of 4 bytes.
+ OSPF: Update LS-Ack printing not to run off the end of the packet.
+ OSPF6: Fix an undefined behavior.
+ pflog: use nd_ types in struct pfloghdr.
+ PPP: Check if there is some data to hexdump.
+ PPP: Remove an extra colon before LCP Callback Operation.
+ Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397;
+ Note: This problem does not affect any tcpdump release.
+ PTP: Fix spelling of type SIGNALING, Parse major and minor version
+ correctly, Print majorSdoId field instead of just the first bit.
+ RIP: Make a couple trivial protocol updates.
+ RPKI-Router: Refine length and bounds checks.
+ RX: Use the "%Y-%m-%d" date format.
+ smbutil.c: Use the "%Y-%m-%d" date format.
+ SNMP: Fix two undefined behaviors.
+ Text protocols: Fix printing truncation if it is not the case.
+ ZEP: Use the "%Y-%m-%d" date format.
+ ZMTP: Replace custom code with bittok2str().
+ User interface:
+ Print the supported time stamp types (-J) to stdout instead of stderr.
+ Print the list of data link types (-L) to stdout instead of stderr.
+ Use symmetrical quotation characters in error messages.
+ Update --version option to print 32/64-bit build and time_t size.
+ Improve error messages for invalid interface indexes specified
+ with -i.
+ Support "3des" as an alias for "des_ede3_cbc" even if the crypto
+ library doesn't support adding aliases.
+ Source code:
+ tcpdump: Fix a memory leak.
+ child_cleanup: reap as many child processes as possible.
+ Ignore failures when setting the default "any" device DLL to LINUX_SLL2.
+ Fix for backends which doesn't support capsicum.
+ Update ND_BYTES_BETWEEN() macro for better accuracy.
+ Update ND_BYTES_AVAILABLE_AFTER() macro for better accuracy.
+ Introduce new ND_ICHECK*() macros to deduplicate more code.
+ Skip privilege dropping when using -Z root on --with-user builds.
+ Add a nd_printjn() function.
+ Make nd_trunc_longjmp() not static inline.
+ Include <time.h> from netdissect.h.
+ Remove init_crc10_table() and the entourage.
+ Initialize tzcode early.
+ Capsicum support: Fix a 'not defined' macro error.
+ Update the "Error converting time" tests for packet times.
+ Fix warnings when building for 32-bit and defining _TIME_BITS=64.
+ Free interface list just before exiting where it wasn't being
+ freed.
+ Building and testing:
+ Add a configure option to help debugging (--enable-instrument-functions).
+ At build time require a proof of suitable snprintf(3) implementation in
+ libc (and document Solaris 9 as unsupported because of that).
+ Makefile.in: Add two "touch .devel" commands in the releasecheck target.
+ Autoconf: Get --with-user and --with-chroot right.
+ Autoconf: Fix --static-pcap-only test on Solaris 10.
+ Autoconf: Add some warning flags for clang 13 or newer.
+ Autoconf: Update config.{guess,sub}, timestamps 2024-01-01.
+ Autoconf: Add autogen.sh, remove configure and config.h.in and put
+ these generated files in the release tarball.
+ Autoconf: Update the install-sh script to the 2020-11-14.01 version.
+ configure: Apply autoupdate 2.69.
+ CMake: improve the comment before project(tcpdump C).
+ Do not require vsnprintf().
+ tests: Use the -tttt option, by default, for the tests.
+ Autoconf, CMake: Get the size of a void * and a time_t.
+ Fix propagation of cc_werr_cflags() output.
+ Makefile.in: Fix the depend target.
+ mkdep: Exit with a non-zero status if a command fails.
+ Autoconf: use V_INCLS to update the list of include search paths.
+ Autoconf: don't put anything before -I and -L flags for local libpcap.
+ Autoconf, CMake: work around an Xcode 15+ issue.
+ Autoconf, CMake: use pkg-config and Homebrew when looking for
+ libcrypto.
+ Fix Sun C invocation from CMake.
+ mkdep: Use TMPDIR if it is set and not null.
+ Add initial support for building with TinyCC.
+ Makefile.in: Use the variable MAKE instead of the make command.
+ Makefile.in: Add instrumentation configuration in releasecheck target.
+ Make various improvements to the TESTrun script.
+ Untangle detection of pcap_findalldevs().
+ Autoconf: don't use egrep, use $EGREP.
+ Autoconf: check for gethostbyaddr(), not gethostbyname().
+ Autoconf, CMake: search for gethostbyaddr() in libnetwork.
+ Make illumos build warning-free.
+ Documentation:
+ Fixed errors in doc/README.Win32.md and renamed it to README.windows.md.
+ Make various improvements to the man page.
+ Add initial README file for Haiku.
+ Make various improvements to CONTRIBUTING.md.
+
Friday, April 7, 2023 / The Tcpdump Group
Summary for 4.99.4 tcpdump release
Source code:
@@ -184,7 +309,7 @@ Wednesday, June 9, 2021 by gharris
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
- man: Update a reference as www.cifs.org is gone. [skip ci]
+ man: Update a reference as www.cifs.org is gone.
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
@@ -913,7 +1038,7 @@ Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release
RFC 4340.
Add support for per-VLAN spanning tree and per-VLAN rapid spanning tree
Add support for Multiple-STP as per 802.1s
- Add support for the cisco propriatry 'dynamic trunking protocol'
+ Add support for the cisco proprietary 'dynamic trunking protocol'
Add support for the cisco proprietary VTP protocol
Update dhcp6 options table as per IETF standardization activities
@@ -1687,7 +1812,7 @@ v2.0.1 Sun Jan 26 21:10:10 PDT
- Ultrix 4.0 is supported (also thanks to Jeff Mogul).
- IBM RT and Stanford Enetfilter support has been added by
- Rayan Zachariassen <rayan@canet.ca>. Tcpdump has been tested under
+ Rayan Zachariassen <rayan@canet.ca>. tcpdump has been tested under
both the vanilla Enetfilter interface, and the extended interface
(#ifdef'd by IBMRTPC) present in the MERIT version of the Enetfilter.
diff --git a/contrib/tcpdump/CMakeLists.txt b/contrib/tcpdump/CMakeLists.txt
index 9495b5d4c234..f9071295eff1 100644
--- a/contrib/tcpdump/CMakeLists.txt
+++ b/contrib/tcpdump/CMakeLists.txt
@@ -2,21 +2,26 @@ if(WIN32)
#
# We need 3.12 or later, so that we can set policy CMP0074; see
# below.
+ #
cmake_minimum_required(VERSION 3.12)
else(WIN32)
#
- # For now, require only 2.8.6, just in case somebody is
- # configuring with CMake on a "long-term support" version
- # of some OS and that version supplies an older version of
- # CMake.
+ # For now:
+ #
+ # if this is a version of CMake less than 3.5, require only
+ # 2.8.12, just in case somebody is configuring with CMake
+ # on a "long-term support" version # of some OS and that
+ # version supplies an older version of CMake;
#
- # If this is ever updated to CMake 3.1 or later, remove the
- # stuff in cmake/Modules/FindPCAP.cmake that appends subdirectories
- # of directories from CMAKE_PREFIX_PATH to the PKG_CONFIG_PATH
- # environment variable when running pkg-config, to make sure
- # it finds any .pc file from there.
+ # otherwise, require 3.5, so we don't get messages warning
+ # that support for versions of CMake lower than 3.5 is
+ # deprecated.
#
- cmake_minimum_required(VERSION 2.8.12)
+ if(CMAKE_VERSION VERSION_LESS "3.5")
+ cmake_minimum_required(VERSION 2.8.12)
+ else()
+ cmake_minimum_required(VERSION 3.5)
+ endif()
endif(WIN32)
#
@@ -77,7 +82,7 @@ endif()
# If, for whatever reason, directories in which we search for external
# libraries, other than the standard system library directories, are
# added to the executable's rpath in the build process, we most
-# defintely want them in the installed image's rpath if they are
+# definitely want them in the installed image's rpath if they are
# necessary in order to find the libraries at run time.
#
set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
@@ -85,7 +90,13 @@ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules)
#
-# OK, this is a royal pain.
+# We explicitly indicate what languages are used in tcpdump to avoid
+# checking for a C++ compiler.
+#
+# One reason to avoid that check is that there's no need to waste
+# configuration time performing it.
+#
+# Another reason is that:
#
# CMake will try to determine the sizes of some data types, including
# void *, early in the process of configuration; apparently, it's done
@@ -111,11 +122,88 @@ set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules)
# building 32-bit, the size for C++ will win, and, again, hilarity
# will ensue.
#
-# So we *explicitly* state that only C is used; there is currently no
-# C++ code in tcpdump.
-#
project(tcpdump C)
+#
+# Export the size of void * as SIZEOF_VOID_P so that it can be
+# tested with #if.
+#
+set(SIZEOF_VOID_P "${CMAKE_SIZEOF_VOID_P}")
+
+#
+# Show the bit width for which we're compiling.
+# This can help debug problems if you're dealing with a compiler that
+# defaults to generating 32-bit code even when running on a 64-bit
+# platform, and where that platform may provide only 64-bit versions of
+# libraries that we might use (looking at *you*, Oracle Studio!).
+#
+if(CMAKE_SIZEOF_VOID_P EQUAL 4)
+ message(STATUS "Building 32-bit")
+elseif(CMAKE_SIZEOF_VOID_P EQUAL 8)
+ message(STATUS "Building 64-bit")
+endif()
+
+#
+# Solaris pkg-config is annoying. For at least one package (D-Bus, I'm
+# looking at *you*!), there are separate include files for 32-bit and
+# 64-bit builds (I guess using "unsigned long long" as a 64-bit integer
+# type on a 64-bit build is like crossing the beams or something), and
+# there are two separate .pc files, so if we're doing a 32-bit build we
+# should make sure we look in /usr/lib/pkgconfig for .pc files and if
+# we're doing a 64-bit build we should make sure we look in
+# /usr/lib/amd64/pkgconfig for .pc files.
+#
+if(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND CMAKE_SYSTEM_VERSION MATCHES "5[.][0-9.]*")
+ #
+ # Note: string(REPLACE) does not appear to support using ENV{...}
+ # as an argument, so we set a variable and then use set() to set
+ # the environment variable.
+ #
+ if(CMAKE_SIZEOF_VOID_P EQUAL 8)
+ #
+ # 64-bit build. If /usr/lib/pkgconfig appears in the path,
+ # prepend /usr/lib/amd64/pkgconfig to it; otherwise,
+ # put /usr/lib/amd64 at the end.
+ #
+ if((NOT DEFINED ENV{PKG_CONFIG_PATH}) OR "$ENV{PKG_CONFIG_PATH}" EQUAL "")
+ #
+ # Not set, or empty. Set it to /usr/lib/amd64/pkgconfig.
+ #
+ set(fixed_path "/usr/lib/amd64/pkgconfig")
+ elseif("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/pkgconfig")
+ #
+ # It contains /usr/lib/pkgconfig. Prepend
+ # /usr/lib/amd64/pkgconfig to /usr/lib/pkgconfig.
+ #
+ string(REPLACE "/usr/lib/pkgconfig"
+ "/usr/lib/amd64/pkgconfig:/usr/lib/pkgconfig"
+ fixed_path "$ENV{PKG_CONFIG_PATH}")
+ else()
+ #
+ # Not empty, but doesn't contain /usr/lib/pkgconfig.
+ # Append /usr/lib/amd64/pkgconfig to it.
+ #
+ set(fixed_path "$ENV{PKG_CONFIG_PATH}:/usr/lib/amd64/pkgconfig")
+ endif()
+ set(ENV{PKG_CONFIG_PATH} "${fixed_path}")
+ elseif(CMAKE_SIZEOF_VOID_P EQUAL 4)
+ #
+ # 32-bit build. If /usr/amd64/lib/pkgconfig appears in the path,
+ # prepend /usr/lib/pkgconfig to it.
+ #
+ if("$ENV{PKG_CONFIG_PATH}" MATCHES "/usr/lib/amd64/pkgconfig")
+ #
+ # It contains /usr/lib/amd64/pkgconfig. Prepend
+ # /usr/lib/pkgconfig to /usr/lib/amd64/pkgconfig.
+ #
+ string(REPLACE "/usr/lib/amd64/pkgconfig"
+ "/usr/lib/pkgconfig:/usr/lib/amd64/pkgconfig"
+ fixed_path "$ENV{PKG_CONFIG_PATH}")
+ set(ENV{PKG_CONFIG_PATH} "${fixed_path}")
+ endif()
+ endif()
+endif()
+
#
# For checking if a compiler flag works and adding it if it does.
#
@@ -266,8 +354,6 @@ file(STRINGS ${tcpdump_SOURCE_DIR}/VERSION
# Project settings
######################################
-add_definitions(-DHAVE_CONFIG_H)
-
include_directories(
${CMAKE_CURRENT_BINARY_DIR}
${tcpdump_SOURCE_DIR}
@@ -320,10 +406,17 @@ include(CheckStructHasMember)
include(CheckVariableExists)
include(CheckTypeSize)
+#
+# Get the size of a time_t, to know whether it's 32-bit or 64-bit.
+#
+cmake_push_check_state()
+set(CMAKE_EXTRA_INCLUDE_FILES time.h)
+check_type_size("time_t" SIZEOF_TIME_T)
+cmake_pop_check_state()
+
#
# Header files.
#
-check_include_file(fcntl.h HAVE_FCNTL_H)
check_include_file(rpc/rpc.h HAVE_RPC_RPC_H)
check_include_file(net/if.h HAVE_NET_IF_H)
if(HAVE_RPC_RPC_H)
@@ -368,7 +461,12 @@ else(WIN32)
if(LIBNSL_HAS_GETHOSTBYADDR)
set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} nsl)
else(LIBNSL_HAS_GETHOSTBYADDR)
- message(FATAL_ERROR "gethostbyaddr is required, but wasn't found")
+ check_library_exists(network gethostbyaddr "" LIBNETWORK_HAS_GETHOSTBYADDR)
+ if(LIBNETWORK_HAS_GETHOSTBYADDR)
+ set(TCPDUMP_LINK_LIBRARIES ${TCPDUMP_LINK_LIBRARIES} network)
+ else(LIBNETWORK_HAS_GETHOSTBYADDR)
+ message(FATAL_ERROR "gethostbyaddr is required, but wasn't found")
+ endif(LIBNETWORK_HAS_GETHOSTBYADDR)
endif(LIBNSL_HAS_GETHOSTBYADDR)
endif(LIBSOCKET_HAS_GETHOSTBYADDR)
endif(NOT STDLIBS_HAVE_GETHOSTBYADDR)
@@ -396,20 +494,68 @@ endif(STDLIBS_HAVE_GETSERVENT)
cmake_pop_check_state()
#
-# Make sure we have vsnprintf() and snprintf(); we require them.
-# We use check_symbol_exists(), as they aren't necessarily external
-# functions - in Visual Studio, for example, they're inline functions
-# calling a common external function.
+# Make sure we have snprintf(); we require it.
+# We use check_symbol_exists(), as it isn't necessarily an external
+# function - in Visual Studio, for example, it is an inline function
+# calling an external function.
#
-check_symbol_exists(vsnprintf "stdio.h" HAVE_VSNPRINTF)
-if(NOT HAVE_VSNPRINTF)
- message(FATAL_ERROR "vsnprintf() is required but wasn't found")
-endif(NOT HAVE_VSNPRINTF)
check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF)
if(NOT HAVE_SNPRINTF)
message(FATAL_ERROR "snprintf() is required but wasn't found")
endif()
+#
+# Require a proof of suitable snprintf(3), same as in Autoconf.
+#
+include(CheckCSourceRuns)
+check_c_source_runs("
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+#include <sys/types.h>
+
+int main()
+{
+ char buf[100];
+ uint64_t t = (uint64_t)1 << 32;
+
+ snprintf(buf, sizeof(buf), \"%zu\", sizeof(buf));
+ if (strncmp(buf, \"100\", sizeof(buf)))
+ return 1;
+
+ snprintf(buf, sizeof(buf), \"%zd\", -sizeof(buf));
+ if (strncmp(buf, \"-100\", sizeof(buf)))
+ return 2;
+
+ snprintf(buf, sizeof(buf), \"%\" PRId64, -t);
+ if (strncmp(buf, \"-4294967296\", sizeof(buf)))
+ return 3;
+
+ snprintf(buf, sizeof(buf), \"0o%\" PRIo64, t);
+ if (strncmp(buf, \"0o40000000000\", sizeof(buf)))
+ return 4;
+
+ snprintf(buf, sizeof(buf), \"0x%\" PRIx64, t);
+ if (strncmp(buf, \"0x100000000\", sizeof(buf)))
+ return 5;
+
+ snprintf(buf, sizeof(buf), \"%\" PRIu64, t);
+ if (strncmp(buf, \"4294967296\", sizeof(buf)))
+ return 6;
+
+ return 0;
+}
+
+"
+ SUITABLE_SNPRINTF
+)
+if(NOT SUITABLE_SNPRINTF)
+ message(FATAL_ERROR
+"The snprintf(3) implementation in this libc is not suitable,
+tcpdump would not work correctly even if it managed to compile."
+ )
+endif()
+
check_function_exists(getopt_long HAVE_GETOPT_LONG)
check_function_exists(setlinebuf HAVE_SETLINEBUF)
#
@@ -618,6 +764,14 @@ set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS})
#
check_include_file(pcap/pcap-inttypes.h HAVE_PCAP_PCAP_INTTYPES_H)
+#
+# At compile time HAVE_PCAP_FINDALLDEVS depends on HAVE_PCAP_IF_T.
+#
+cmake_push_check_state()
+set(CMAKE_EXTRA_INCLUDE_FILES pcap.h)
+check_type_size(pcap_if_t PCAP_IF_T)
+cmake_pop_check_state()
+
#
# Check for various functions in libpcap/WinPcap/Npcap.
#
@@ -707,19 +861,6 @@ endif(HAVE_PCAP_CREATE)
# if we have them.
#
check_function_exists(pcap_findalldevs HAVE_PCAP_FINDALLDEVS)
-if(HAVE_PCAP_FINDALLDEVS)
- #
- # Check for libpcap having pcap_findalldevs() but the pcap.h header
- # not having pcap_if_t; some versions of Mac OS X shipped with pcap.h
- # from 0.6 and libpcap 0.8, so that libpcap had pcap_findalldevs but
- # pcap.h didn't have pcap_if_t.
- #
- cmake_push_check_state()
- set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIRS})
- set(CMAKE_EXTRA_INCLUDE_FILES pcap.h)
- check_type_size(pcap_if_t PCAP_IF_T)
- cmake_pop_check_state()
-endif(HAVE_PCAP_FINDALLDEVS)
check_function_exists(pcap_dump_flush HAVE_PCAP_DUMP_FLUSH)
check_function_exists(pcap_lib_version HAVE_PCAP_LIB_VERSION)
if(NOT HAVE_PCAP_LIB_VERSION)
@@ -728,8 +869,56 @@ endif(NOT HAVE_PCAP_LIB_VERSION)
check_function_exists(pcap_setdirection HAVE_PCAP_SETDIRECTION)
check_function_exists(pcap_set_immediate_mode HAVE_PCAP_SET_IMMEDIATE_MODE)
check_function_exists(pcap_dump_ftell64 HAVE_PCAP_DUMP_FTELL64)
-check_function_exists(pcap_open HAVE_PCAP_OPEN)
-check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX)
+#
+# macOS Sonoma's libpcap includes stub versions of the remote-
+# capture APIs. They are exported as "weakly linked symbols".
+#
+# Xcode 15 offers only a macOS Sonoma SDK, which has a .tbd
+# file for libpcap that claims it includes those APIs. (Newer
+# versions of macOS don't provide the system shared libraries,
+# they only provide the dyld shared cache containing those
+# libraries, so the OS provides SDKs that include a .tbd file
+# to use when linking.)
+#
+# This means that check_function_exists() will think that
+# the remote-capture APIs are present, including pcap_open()
+# and pcap_findalldevs_ex().
+#
+# However, they are *not* present in macOS Ventura and earlier,
+# which means that building on Ventura with Xcode 15 produces
+# executables that fail to start because one of those APIs
+# isn't found in the system libpcap.
+#
+# Protecting calls to those APIs with __builtin_available()
+# does not prevent this, because the libpcap header files
+# in the Sonoma SDK mark them as being first available
+# in macOS 10.13, just like all the other routines introduced
+# in libpcap 1.9, even though they're only available if libpcap
+# is built with remote capture enabled or stub routines are
+# provided. (A fix to enable this has been checked into the
+# libpcap repository, and may end up in a later version of
+# the SDK.)
+#
+# Given all that, and given that the versions of the
+# remote-capture APIs in Sonoma are stubs that always fail,
+# there doesn't seem to be any point in checking for pcap_open()
+# and pcap_findalldevs_ex() if we're linking against the Apple libpcap.
+#
+# However, if we're *not* linking against the Apple libpcap,
+# we should check for it, so that we can use it if it's present.
+#
+# So we check for pcap_open() and pcap_findalldevs_ex() if 1) this isn't
+# macOS or 2) the the libpcap we found is not a system library, meaning
+# that its path begins neither with /usr/lib (meaning it's a system
+# dylib) nor /Application/Xcode.app (meaning it's a file in
+# the Xcode SDK).
+#
+if(NOT APPLE OR NOT
+ (PCAP_LIBRARIES MATCHES "/usr/lib/.*" OR
+ PCAP_LIBRARIES MATCHES "/Application/Xcode.app/.*"))
+ check_function_exists(pcap_open HAVE_PCAP_OPEN)
+ check_function_exists(pcap_findalldevs_ex HAVE_PCAP_FINDALLDEVS_EX)
+endif()
#
# On Windows, check for pcap_wsockinit(); if we don't have it, check for
@@ -787,11 +976,6 @@ endif(WITH_SMI)
if(WITH_CRYPTO)
find_package(CRYPTO)
if(CRYPTO_FOUND)
- #
- # Check for some headers and functions.
- #
- check_include_file(openssl/evp.h HAVE_OPENSSL_EVP_H)
-
#
# 1) do we have EVP_CIPHER_CTX_new?
# If so, we use it to allocate an EVP_CIPHER_CTX, as
@@ -958,9 +1142,9 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel)
# We do *not* care whether a structure had padding added at
# the end because of __declspec(align) - *we* don't use
# __declspec(align), because the only structures whose layout
- # we precisely specify are those that get overlayed on packet
+ # we precisely specify are those that get overlaid on packet
# data, and in those every element is an array of octets so
- # that we have full control over the size and aligmnet, and,
+ # that we have full control over the size and alignment, and,
# apparently, jmp_buf has such a declaration on x86, meaning
# that everything that includes netdissect.h, i.e. almost every
# file in tcpdump, gets a warning.
@@ -979,12 +1163,19 @@ if(EXISTS ${CMAKE_SOURCE_DIR}/.devel OR EXISTS ${CMAKE_BINARY_DIR}/.devel)
check_and_add_compiler_option(-Wmissing-prototypes)
check_and_add_compiler_option(-Wmissing-variable-declarations)
check_and_add_compiler_option(-Wold-style-definition)
- check_and_add_compiler_option(-Wpedantic)
+ if(NOT CMAKE_C_COMPILER_ID MATCHES "Sun")
+ # In Sun C versions that implement GCC compatibility "-Wpedantic"
+ # means the same as "-pedantic". The latter is mutually exclusive
+ # with several other options. One of those is "-xc99", which has
+ # already been set for Sun C above.
+ check_and_add_compiler_option(-Wpedantic)
+ endif()
check_and_add_compiler_option(-Wpointer-arith)
check_and_add_compiler_option(-Wpointer-sign)
check_and_add_compiler_option(-Wshadow)
check_and_add_compiler_option(-Wsign-compare)
check_and_add_compiler_option(-Wstrict-prototypes)
+ check_and_add_compiler_option(-Wundef)
check_and_add_compiler_option(-Wunreachable-code-return)
check_and_add_compiler_option(-Wused-but-marked-unused)
check_and_add_compiler_option(-Wwrite-strings)
@@ -998,9 +1189,13 @@ endif()
# usage: cmake -DEXTRA_CFLAGS='-Wall -Wextra -Werror' ...
#
if(NOT "${EXTRA_CFLAGS}" STREQUAL "")
- foreach(_extra_cflag ${EXTRA_CFLAGS})
- check_and_add_compiler_option("${_extra_cflag}")
- endforeach(_extra_cflag)
+ # The meaning of EXTRA_CFLAGS is "use the exact specified options, or the
+ # build risks failing to fail", not "try every specified option, omit those
+ # that do not work and use the rest". Thus use add_compile_options(), not
+ # foreach()/check_and_add_compiler_option(). Another reason to do that is
+ # that the effect lasts in testprogs/ and testprogs/fuzz/.
+ string(REPLACE " " ";" _extra_cflags_list ${EXTRA_CFLAGS})
+ add_compile_options(${_extra_cflags_list})
message(STATUS "Added extra compile options (${EXTRA_CFLAGS})")
endif()
diff --git a/contrib/tcpdump/CONTRIBUTING.md b/contrib/tcpdump/CONTRIBUTING.md
index 26f226ebd973..215e4c6831c4 100644
--- a/contrib/tcpdump/CONTRIBUTING.md
+++ b/contrib/tcpdump/CONTRIBUTING.md
@@ -36,17 +36,17 @@ and ask!
## How to add new code and to update existing code
-0) Check that there isn't a pull request already opened for the changes you
+1) Check that there isn't a pull request already opened for the changes you
intend to make.
-1) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
+2) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
[repository](https://github.com/the-tcpdump-group/tcpdump).
-2) The easiest way to test your changes on multiple operating systems and
+3) The easiest way to test your changes on multiple operating systems and
architectures is to let the upstream CI test your pull request (more on
this below).
-3) Setup your git working copy
+4) Setup your git working copy
```
git clone https://github.com/<username>/tcpdump.git
cd tcpdump
@@ -54,19 +54,19 @@ and ask!
git fetch upstream
```
-4) Do a `touch .devel` in your working directory.
+5) Do a `touch .devel` in your working directory.
Currently, the effect is
* add (via `configure`, in `Makefile`) some warnings options (`-Wall`,
`-Wmissing-prototypes`, `-Wstrict-prototypes`, ...) to the compiler if it
supports these options,
* have the `Makefile` support `make depend` and the `configure` script run it.
-5) Configure and build
+6) Configure and build
```
./configure && make -s && make check
```
-6) Add/update tests
+7) Add/update tests
The `tests` directory contains regression tests of the dissection of captured
packets. Those captured packets were saved running tcpdump with option
`-w sample.pcap`. Additional options, such as `-n`, are used to create relevant
@@ -96,12 +96,12 @@ and ask!
It is often useful to have test outputs with different verbosity levels
(none, `-v`, `-vv`, `-vvv`, etc.) depending on the code.
-7) Test using `make check` (current build options) and `./build_matrix.sh`
+8) Test using `make check` (current build options) and `./build_matrix.sh`
(a multitude of build options, build systems and compilers). If you can,
test on more than one operating system. Don't send a pull request until
all tests pass.
-8) Try to rebase your commits to keep the history simple.
+9) Try to rebase your commits to keep the history simple.
```
git fetch upstream
git rebase upstream/master
@@ -109,32 +109,76 @@ and ask!
(If the rebase fails and you cannot resolve, issue `git rebase --abort`
and ask for help in the pull request comment.)
-9) Once 100% happy, put your work into your forked repository using `git push`.
+10) Once 100% happy, put your work into your forked repository using `git push`.
-10) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
+11) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
a pull request.
This will trigger the upstream repository CI tests.
## Code style and generic remarks
-* A thorough reading of some other printers code is useful.
+1) A thorough reading of some other printers code is useful.
-* Put the normative reference if any as comments (RFC, etc.).
+2) To help learn how tcpdump works or to help debugging:
+ You can configure and build tcpdump with the instrumentation of functions:
+ ```
+ $ ./configure --enable-instrument-functions
+ $ make -s clean all
+ ```
+
+ This generates instrumentation calls for entry and exit to functions.
+ Just after function entry and just before function exit, these
+ profiling functions are called and print the function names with
+ indentation and call level.
+
+ If entering in a function, it prints also the calling function name with
+ file name and line number. There may be a small shift in the line number.
+
+ In some cases, with Clang 11, the file number is unknown (printed '??')
+ or the line number is unknown (printed '?'). In this case, use GCC.
+
+ If the environment variable INSTRUMENT is
+ - unset or set to an empty string, print nothing, like with no
+ instrumentation
+ - set to "all" or "a", print all the functions names
+ - set to "global" or "g", print only the global functions names
+
+ This allows to run:
+ ```
+ $ INSTRUMENT=a ./tcpdump ...
+ $ INSTRUMENT=g ./tcpdump ...
+ $ INSTRUMENT= ./tcpdump ...
+ ```
+ or
+ ```
+ $ export INSTRUMENT=global
+ $ ./tcpdump ...
+ ```
+
+ The library libbfd is used, therefore the binutils-dev package is required.
-* Put the format of packets/headers/options as comments if there is no
+3) Put the normative reference if any as comments (RFC, etc.).
+
+4) Put the format of packets/headers/options as comments if there is no
published normative reference.
-* The printer may receive incomplete packet in the buffer, truncated at any
+5) The printer may receive incomplete packet in the buffer, truncated at any
random position, for example by capturing with `-s size` option.
+ This means that an attempt to fetch packet data based on the expected
+ format of the packet may run the risk of overrunning the buffer.
+
+ Furthermore, if the packet is complete, but is not correctly formed,
+ that can also cause a printer to overrun the buffer, as it will be
+ fetching packet data based on the expected format of the packet.
+
+ Therefore, integral, IPv4 address, and octet sequence values should
+ be fetched using the `GET_*()` macros, which are defined in
+ `extract.h`.
+
If your code reads and decodes every byte of the protocol packet, then to
ensure proper and complete bounds checks it would be sufficient to read all
- packet data using the `GET_*()` macros, typically:
- ```
- GET_U_1(p)
- GET_S_1(p)
- GET_BE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
- GET_BE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
*** 22507 LINES SKIPPED ***