git: 0a7e5f1f02aa - main - tcpdump: Update to 4.99.5
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 Sep 2024 19:35:10 UTC
The branch main has been updated by jrm:
URL: https://cgit.FreeBSD.org/src/commit/?id=0a7e5f1f02aad2ff5fff1c60f44c6975fd07e1d9
commit 0a7e5f1f02aad2ff5fff1c60f44c6975fd07e1d9
Merge: f1aaef47a01a 75d9de99aec2
Author: Joseph Mingrone <jrm@FreeBSD.org>
AuthorDate: 2024-09-23 19:23:25 +0000
Commit: Joseph Mingrone <jrm@FreeBSD.org>
CommitDate: 2024-09-23 19:23:25 +0000
tcpdump: Update to 4.99.5
Changes: https://git.tcpdump.org/tcpdump/blob/4a789712f187e3ac7b2c0044c3a3f8c71b83646e:/CHANGES
Obtained from: https://www.tcpdump.org/release/tcpdump-4.99.5.tar.xz
Sponsored by: The FreeBSD Foundation
contrib/tcpdump/CHANGES | 131 +-
contrib/tcpdump/CMakeLists.txt | 301 +-
contrib/tcpdump/CONTRIBUTING.md | 269 +-
contrib/tcpdump/CREDITS | 34 +-
contrib/tcpdump/INSTALL.md | 35 +-
contrib/tcpdump/Makefile.in | 98 +-
contrib/tcpdump/VERSION | 2 +-
contrib/tcpdump/addrtoname.c | 7 +-
contrib/tcpdump/addrtostr.c | 24 +-
contrib/tcpdump/af.c | 2 -
contrib/tcpdump/autogen.sh | 25 +
contrib/tcpdump/bpf_dump.c | 2 -
contrib/tcpdump/checksum.c | 39 +-
contrib/tcpdump/cmake/Modules/FindCRYPTO.cmake | 185 +-
contrib/tcpdump/cmakeconfig.h.in | 14 +-
contrib/tcpdump/config.guess | 62 +-
contrib/tcpdump/config.h.in | 27 +-
contrib/tcpdump/config.sub | 230 +-
contrib/tcpdump/configure | 7188 ++++++++++++++----------
contrib/tcpdump/configure.ac | 476 +-
contrib/tcpdump/cpack.c | 2 -
contrib/tcpdump/diag-control.h | 95 +-
contrib/tcpdump/doc/README.Win32.md | 200 -
contrib/tcpdump/doc/README.haiku.md | 33 +
contrib/tcpdump/doc/README.solaris.md | 5 +
contrib/tcpdump/extract.h | 2 +-
contrib/tcpdump/ftmacros.h | 2 +-
contrib/tcpdump/funcattrs.h | 5 +-
contrib/tcpdump/gmpls.c | 2 -
contrib/tcpdump/in_cksum.c | 2 -
contrib/tcpdump/install-sh | 689 ++-
contrib/tcpdump/instrument-functions.c | 250 +
contrib/tcpdump/interface.h | 2 +-
contrib/tcpdump/ip.h | 1 -
contrib/tcpdump/ipproto.c | 2 -
contrib/tcpdump/l2vpn.c | 2 -
contrib/tcpdump/machdep.c | 2 -
contrib/tcpdump/makemib | 2 +-
contrib/tcpdump/mib.h | 12 +-
contrib/tcpdump/missing/datalinks.c | 2 -
contrib/tcpdump/missing/dlnames.c | 2 -
contrib/tcpdump/missing/getopt_long.c | 3 +-
contrib/tcpdump/missing/getservent.c | 2 -
contrib/tcpdump/missing/snprintf.c | 2 -
contrib/tcpdump/missing/strlcat.c | 2 -
contrib/tcpdump/missing/strlcpy.c | 2 -
contrib/tcpdump/missing/strsep.c | 2 -
contrib/tcpdump/mkdep | 28 +-
contrib/tcpdump/nameser.h | 8 +-
contrib/tcpdump/netdissect-alloc.c | 2 -
contrib/tcpdump/netdissect.c | 16 +-
contrib/tcpdump/netdissect.h | 75 +-
contrib/tcpdump/nlpid.c | 2 -
contrib/tcpdump/ntp.c | 2 -
contrib/tcpdump/oui.c | 2 -
contrib/tcpdump/parsenfsfh.c | 53 +-
contrib/tcpdump/pflog.h | 45 +-
contrib/tcpdump/print-802_11.c | 62 +-
contrib/tcpdump/print-802_15_4.c | 32 +-
contrib/tcpdump/print-ah.c | 2 -
contrib/tcpdump/print-ahcp.c | 2 -
contrib/tcpdump/print-aodv.c | 2 -
contrib/tcpdump/print-aoe.c | 2 -
contrib/tcpdump/print-ap1394.c | 2 -
contrib/tcpdump/print-arcnet.c | 2 -
contrib/tcpdump/print-arista.c | 2 -
contrib/tcpdump/print-arp.c | 2 -
contrib/tcpdump/print-ascii.c | 8 +-
contrib/tcpdump/print-atalk.c | 2 -
contrib/tcpdump/print-atm.c | 4 +-
contrib/tcpdump/print-babel.c | 2 -
contrib/tcpdump/print-bcm-li.c | 2 -
contrib/tcpdump/print-beep.c | 2 -
contrib/tcpdump/print-bfd.c | 8 +-
contrib/tcpdump/print-bgp.c | 23 +-
contrib/tcpdump/print-bootp.c | 43 +-
contrib/tcpdump/print-brcmtag.c | 3 -
contrib/tcpdump/print-bt.c | 2 -
contrib/tcpdump/print-calm-fast.c | 2 -
contrib/tcpdump/print-carp.c | 5 +-
contrib/tcpdump/print-cdp.c | 10 +-
contrib/tcpdump/print-cfm.c | 2 -
contrib/tcpdump/print-chdlc.c | 2 -
contrib/tcpdump/print-cip.c | 2 -
contrib/tcpdump/print-cnfp.c | 2 -
contrib/tcpdump/print-dccp.c | 2 -
contrib/tcpdump/print-decnet.c | 2 -
contrib/tcpdump/print-dhcp6.c | 70 +-
contrib/tcpdump/print-domain.c | 12 +-
contrib/tcpdump/print-dsa.c | 2 -
contrib/tcpdump/print-dtp.c | 4 +-
contrib/tcpdump/print-dvmrp.c | 4 +-
contrib/tcpdump/print-eap.c | 3 +-
contrib/tcpdump/print-egp.c | 2 -
contrib/tcpdump/print-eigrp.c | 2 -
contrib/tcpdump/print-enc.c | 2 -
contrib/tcpdump/print-esp.c | 29 +-
contrib/tcpdump/print-ether.c | 6 +-
contrib/tcpdump/print-fddi.c | 5 +-
contrib/tcpdump/print-forces.c | 2 -
contrib/tcpdump/print-fr.c | 18 +-
contrib/tcpdump/print-frag6.c | 26 +-
contrib/tcpdump/print-ftp.c | 2 -
contrib/tcpdump/print-geneve.c | 2 -
contrib/tcpdump/print-geonet.c | 2 -
contrib/tcpdump/print-gre.c | 2 -
contrib/tcpdump/print-hncp.c | 2 -
contrib/tcpdump/print-hsrp.c | 2 -
contrib/tcpdump/print-http.c | 2 -
contrib/tcpdump/print-icmp.c | 2 -
contrib/tcpdump/print-icmp6.c | 15 +-
contrib/tcpdump/print-igmp.c | 2 -
contrib/tcpdump/print-igrp.c | 2 -
contrib/tcpdump/print-ip-demux.c | 2 -
contrib/tcpdump/print-ip.c | 68 +-
contrib/tcpdump/print-ip6.c | 45 +-
contrib/tcpdump/print-ip6opts.c | 2 -
contrib/tcpdump/print-ipcomp.c | 2 -
contrib/tcpdump/print-ipfc.c | 2 -
contrib/tcpdump/print-ipnet.c | 2 -
contrib/tcpdump/print-ipoib.c | 2 -
contrib/tcpdump/print-ipx.c | 6 +-
contrib/tcpdump/print-isakmp.c | 25 +-
contrib/tcpdump/print-isoclns.c | 34 +-
contrib/tcpdump/print-juniper.c | 5 +-
contrib/tcpdump/print-krb.c | 11 +-
contrib/tcpdump/print-l2tp.c | 2 -
contrib/tcpdump/print-lane.c | 2 -
contrib/tcpdump/print-ldp.c | 20 +-
contrib/tcpdump/print-lisp.c | 14 +-
contrib/tcpdump/print-llc.c | 2 -
contrib/tcpdump/print-lldp.c | 4 +-
contrib/tcpdump/print-lmp.c | 2 -
contrib/tcpdump/print-loopback.c | 5 +-
contrib/tcpdump/print-lspping.c | 2 -
contrib/tcpdump/print-lwapp.c | 2 -
contrib/tcpdump/print-lwres.c | 10 +-
contrib/tcpdump/print-m3ua.c | 2 -
contrib/tcpdump/print-macsec.c | 3 -
contrib/tcpdump/print-mobile.c | 2 -
contrib/tcpdump/print-mobility.c | 5 +-
contrib/tcpdump/print-mpcp.c | 2 -
contrib/tcpdump/print-mpls.c | 2 -
contrib/tcpdump/print-mptcp.c | 2 -
contrib/tcpdump/print-msdp.c | 2 -
contrib/tcpdump/print-msnlb.c | 2 -
contrib/tcpdump/print-nflog.c | 22 +-
contrib/tcpdump/print-nfs.c | 29 +-
contrib/tcpdump/print-nsh.c | 7 +-
contrib/tcpdump/print-ntp.c | 4 -
contrib/tcpdump/print-null.c | 2 -
contrib/tcpdump/print-olsr.c | 16 +-
contrib/tcpdump/print-openflow-1.0.c | 143 +-
contrib/tcpdump/print-openflow-1.3.c | 15 +-
contrib/tcpdump/print-openflow.c | 2 -
contrib/tcpdump/print-ospf.c | 10 +-
contrib/tcpdump/print-ospf6.c | 15 +-
contrib/tcpdump/print-otv.c | 2 -
contrib/tcpdump/print-pflog.c | 30 +-
contrib/tcpdump/print-pgm.c | 2 -
contrib/tcpdump/print-pim.c | 8 +-
contrib/tcpdump/print-pktap.c | 2 -
contrib/tcpdump/print-ppi.c | 2 -
contrib/tcpdump/print-ppp.c | 11 +-
contrib/tcpdump/print-pppoe.c | 2 -
contrib/tcpdump/print-pptp.c | 2 -
contrib/tcpdump/print-ptp.c | 45 +-
contrib/tcpdump/print-radius.c | 173 +-
contrib/tcpdump/print-raw.c | 2 -
contrib/tcpdump/print-realtek.c | 2 -
contrib/tcpdump/print-resp.c | 6 +-
contrib/tcpdump/print-rip.c | 46 +-
contrib/tcpdump/print-ripng.c | 2 -
contrib/tcpdump/print-rpki-rtr.c | 40 +-
contrib/tcpdump/print-rsvp.c | 2 -
contrib/tcpdump/print-rt6.c | 4 +-
contrib/tcpdump/print-rtsp.c | 2 -
contrib/tcpdump/print-rx.c | 4 +-
contrib/tcpdump/print-sctp.c | 7 +-
contrib/tcpdump/print-sflow.c | 8 +-
contrib/tcpdump/print-sip.c | 2 -
contrib/tcpdump/print-sl.c | 2 -
contrib/tcpdump/print-sll.c | 2 -
contrib/tcpdump/print-slow.c | 2 -
contrib/tcpdump/print-smb.c | 20 +-
contrib/tcpdump/print-smtp.c | 2 -
contrib/tcpdump/print-snmp.c | 12 +-
contrib/tcpdump/print-someip.c | 3 -
contrib/tcpdump/print-ssh.c | 2 -
contrib/tcpdump/print-stp.c | 5 +-
contrib/tcpdump/print-sunatm.c | 2 -
contrib/tcpdump/print-sunrpc.c | 2 -
contrib/tcpdump/print-symantec.c | 2 -
contrib/tcpdump/print-syslog.c | 5 +-
contrib/tcpdump/print-tcp.c | 64 +-
contrib/tcpdump/print-telnet.c | 4 +-
contrib/tcpdump/print-tftp.c | 2 -
contrib/tcpdump/print-timed.c | 2 -
contrib/tcpdump/print-tipc.c | 6 +-
contrib/tcpdump/print-token.c | 2 -
contrib/tcpdump/print-udld.c | 2 -
contrib/tcpdump/print-udp.c | 101 +-
contrib/tcpdump/print-unsupported.c | 2 -
contrib/tcpdump/print-usb.c | 14 +-
contrib/tcpdump/print-vjc.c | 2 -
contrib/tcpdump/print-vqp.c | 2 -
contrib/tcpdump/print-vrrp.c | 2 -
contrib/tcpdump/print-vsock.c | 2 -
contrib/tcpdump/print-vtp.c | 6 +-
contrib/tcpdump/print-vxlan-gpe.c | 2 -
contrib/tcpdump/print-vxlan.c | 2 -
contrib/tcpdump/print-wb.c | 2 -
contrib/tcpdump/print-whois.c | 2 -
contrib/tcpdump/print-zep.c | 10 +-
contrib/tcpdump/print-zephyr.c | 2 -
contrib/tcpdump/print-zeromq.c | 26 +-
contrib/tcpdump/print.c | 18 +-
contrib/tcpdump/signature.c | 2 -
contrib/tcpdump/smbutil.c | 19 +-
contrib/tcpdump/status-exit-codes.h | 1 -
contrib/tcpdump/strtoaddr.c | 2 -
contrib/tcpdump/tcp.h | 6 +-
contrib/tcpdump/tcpdump.1.in | 87 +-
contrib/tcpdump/tcpdump.c | 107 +-
contrib/tcpdump/udp.h | 14 +-
contrib/tcpdump/util-print.c | 67 +-
usr.sbin/tcpdump/tcpdump/config.h | 4 +-
227 files changed, 7690 insertions(+), 5092 deletions(-)
diff --cc contrib/tcpdump/CONTRIBUTING.md
index 26f226ebd973,000000000000..215e4c6831c4
mode 100644,000000..100644
--- a/contrib/tcpdump/CONTRIBUTING.md
+++ b/contrib/tcpdump/CONTRIBUTING.md
@@@ -1,191 -1,0 +1,394 @@@
+# Some Information for Contributors
+Thank you for considering to make a contribution to tcpdump! Please use the
+guidelines below to achieve the best results and experience for everyone.
+
+## How to report bugs and other problems
+**To report a security issue (segfault, buffer overflow, infinite loop, arbitrary
+code execution etc) please send an e-mail to security@tcpdump.org, do not use
+the bug tracker!**
+
+To report a non-security problem (failure to compile, incorrect output in the
+protocol printout, missing support for a particular protocol etc) please check
+first that it reproduces with the latest stable release of tcpdump and the latest
+stable release of libpcap. If it does, please check that the problem reproduces
+with the current git master branch of tcpdump and the current git master branch of
+libpcap. If it does (and it is not a security-related problem, otherwise see
+above), please navigate to the
+[bug tracker](https://github.com/the-tcpdump-group/tcpdump/issues)
+and check if the problem has already been reported. If it has not, please open
+a new issue and provide the following details:
+
+* tcpdump and libpcap version (`tcpdump --version`)
+* operating system name and version and any other details that may be relevant
+ (`uname -a`, compiler name and version, CPU type etc.)
+* custom `configure`/`cmake` flags, if any
+* statement of the problem
+* steps to reproduce
+
+Please note that if you know exactly how to solve the problem and the solution
+would not be too intrusive, it would be best to contribute some development time
+and to open a pull request instead as discussed below.
+
+Still not sure how to do? Feel free to
+[subscribe to the mailing list](https://www.tcpdump.org/#mailing-lists)
+and ask!
+
+
+## How to add new code and to update existing code
+
- 0) Check that there isn't a pull request already opened for the changes you
++1) Check that there isn't a pull request already opened for the changes you
+ intend to make.
+
- 1) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
++2) [Fork](https://help.github.com/articles/fork-a-repo/) the Tcpdump
+ [repository](https://github.com/the-tcpdump-group/tcpdump).
+
- 2) The easiest way to test your changes on multiple operating systems and
++3) The easiest way to test your changes on multiple operating systems and
+ architectures is to let the upstream CI test your pull request (more on
+ this below).
+
- 3) Setup your git working copy
++4) Setup your git working copy
+ ```
+ git clone https://github.com/<username>/tcpdump.git
+ cd tcpdump
+ git remote add upstream https://github.com/the-tcpdump-group/tcpdump
+ git fetch upstream
+ ```
+
- 4) Do a `touch .devel` in your working directory.
++5) Do a `touch .devel` in your working directory.
+ Currently, the effect is
+ * add (via `configure`, in `Makefile`) some warnings options (`-Wall`,
+ `-Wmissing-prototypes`, `-Wstrict-prototypes`, ...) to the compiler if it
+ supports these options,
+ * have the `Makefile` support `make depend` and the `configure` script run it.
+
- 5) Configure and build
++6) Configure and build
+ ```
+ ./configure && make -s && make check
+ ```
+
- 6) Add/update tests
++7) Add/update tests
+ The `tests` directory contains regression tests of the dissection of captured
+ packets. Those captured packets were saved running tcpdump with option
+ `-w sample.pcap`. Additional options, such as `-n`, are used to create relevant
+ and reproducible output; `-#` is used to indicate which particular packets
+ have output that differs. The tests are run with the `TZ` environment
+ variable set to `GMT0`, so that UTC, rather than the local time where the
+ tests are being run, is used when "local time" values are printed. The
+ actual test compares the current text output with the expected result
+ (`sample.out`) saved from a previous version.
+
+ Any new/updated fields in a dissector must be present in a `sample.pcap` file
+ and the corresponding output file.
+
+ Configuration is set in `tests/TESTLIST`.
+ Each line in this file has the following format:
+ ```
+ test-name sample.pcap sample.out tcpdump-options
+ ```
+
+ The `sample.out` file can be produced as follows:
+ ```
+ (cd tests && TZ=GMT0 ../tcpdump -# -n -r sample.pcap tcpdump-options > sample.out)
+ ```
+
+ Or, for convenience, use `./update-test.sh test-name`
+
+ It is often useful to have test outputs with different verbosity levels
+ (none, `-v`, `-vv`, `-vvv`, etc.) depending on the code.
+
- 7) Test using `make check` (current build options) and `./build_matrix.sh`
++8) Test using `make check` (current build options) and `./build_matrix.sh`
+ (a multitude of build options, build systems and compilers). If you can,
+ test on more than one operating system. Don't send a pull request until
+ all tests pass.
+
- 8) Try to rebase your commits to keep the history simple.
++9) Try to rebase your commits to keep the history simple.
+ ```
+ git fetch upstream
+ git rebase upstream/master
+ ```
+ (If the rebase fails and you cannot resolve, issue `git rebase --abort`
+ and ask for help in the pull request comment.)
+
- 9) Once 100% happy, put your work into your forked repository using `git push`.
++10) Once 100% happy, put your work into your forked repository using `git push`.
+
- 10) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
++11) [Initiate and send](https://help.github.com/articles/using-pull-requests/)
+ a pull request.
+ This will trigger the upstream repository CI tests.
+
+
+## Code style and generic remarks
- * A thorough reading of some other printers code is useful.
++1) A thorough reading of some other printers code is useful.
+
- * Put the normative reference if any as comments (RFC, etc.).
++2) To help learn how tcpdump works or to help debugging:
++ You can configure and build tcpdump with the instrumentation of functions:
++ ```
++ $ ./configure --enable-instrument-functions
++ $ make -s clean all
++ ```
++
++ This generates instrumentation calls for entry and exit to functions.
++ Just after function entry and just before function exit, these
++ profiling functions are called and print the function names with
++ indentation and call level.
++
++ If entering in a function, it prints also the calling function name with
++ file name and line number. There may be a small shift in the line number.
++
++ In some cases, with Clang 11, the file number is unknown (printed '??')
++ or the line number is unknown (printed '?'). In this case, use GCC.
++
++ If the environment variable INSTRUMENT is
++ - unset or set to an empty string, print nothing, like with no
++ instrumentation
++ - set to "all" or "a", print all the functions names
++ - set to "global" or "g", print only the global functions names
++
++ This allows to run:
++ ```
++ $ INSTRUMENT=a ./tcpdump ...
++ $ INSTRUMENT=g ./tcpdump ...
++ $ INSTRUMENT= ./tcpdump ...
++ ```
++ or
++ ```
++ $ export INSTRUMENT=global
++ $ ./tcpdump ...
++ ```
++
++ The library libbfd is used, therefore the binutils-dev package is required.
+
- * Put the format of packets/headers/options as comments if there is no
++3) Put the normative reference if any as comments (RFC, etc.).
++
++4) Put the format of packets/headers/options as comments if there is no
+ published normative reference.
+
- * The printer may receive incomplete packet in the buffer, truncated at any
++5) The printer may receive incomplete packet in the buffer, truncated at any
+ random position, for example by capturing with `-s size` option.
++ This means that an attempt to fetch packet data based on the expected
++ format of the packet may run the risk of overrunning the buffer.
++
++ Furthermore, if the packet is complete, but is not correctly formed,
++ that can also cause a printer to overrun the buffer, as it will be
++ fetching packet data based on the expected format of the packet.
++
++ Therefore, integral, IPv4 address, and octet sequence values should
++ be fetched using the `GET_*()` macros, which are defined in
++ `extract.h`.
++
+ If your code reads and decodes every byte of the protocol packet, then to
+ ensure proper and complete bounds checks it would be sufficient to read all
- packet data using the `GET_*()` macros, typically:
- ```
- GET_U_1(p)
- GET_S_1(p)
- GET_BE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
- GET_BE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
- ```
++ packet data using the `GET_*()` macros.
++
+ If your code uses the macros above only on some packet data, then the gaps
+ would have to be bounds-checked using the `ND_TCHECK_*()` macros:
+ ```
+ ND_TCHECK_n(p), n in { 1, 2, 3, 4, 5, 6, 7, 8, 16 }
+ ND_TCHECK_SIZE(p)
+ ND_TCHECK_LEN(p, l)
+ ```
- For the `ND_TCHECK_*` macros (if not already done):
++
++ where *p* points to the data not being decoded. For `ND_CHECK_n()`,
++ *n* is the length of the gap, in bytes. For `ND_CHECK_SIZE()`, the
++ length of the gap, in bytes, is the size of an item of the data type
++ to which *p* points. For `ND_CHECK_LEN()`, *l* is the length of the
++ gap, in bytes.
++
++ For the `GET_*()` and `ND_TCHECK_*` macros (if not already done):
+ * Assign: `ndo->ndo_protocol = "protocol";`
+ * Define: `ND_LONGJMP_FROM_TCHECK` before including `netdissect.h`
+ * Make sure that the intersection of `GET_*()` and `ND_TCHECK_*()` is minimal,
+ but at the same time their union covers all packet data in all cases.
+
+ You can test the code via:
+ ```
+ sudo ./tcpdump -s snaplen [-v][v][...] -i lo # in a terminal
+ sudo tcpreplay -i lo sample.pcap # in another terminal
+ ```
+ You should try several values for snaplen to do various truncation.
+
- * Do invalid packet checks in code: Think that your code can receive in input
++* The `GET_*()` macros that fetch integral values are:
++ ```
++ GET_U_1(p)
++ GET_S_1(p)
++ GET_BE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
++ GET_BE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
++ GET_LE_U_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
++ GET_LE_S_n(p), n in { 2, 3, 4, 5, 6, 7, 8 }
++ ```
++
++ where *p* points to the integral value in the packet buffer. The
++ macro returns the integral value at that location.
++
++ `U` indicates that an unsigned value is fetched; `S` indicates that a
++ signed value is fetched. For multi-byte values, `BE` indicates that
++ a big-endian value ("network byte order") is fetched, and `LE`
++ indicates that a little-endian value is fetched. *n* is the length,
++ in bytes, of the multi-byte integral value to be fetched.
++
++ In addition to the bounds checking the `GET_*()` macros perform,
++ using those macros has other advantages:
++
++ * tcpdump runs on both big-endian and little-endian systems, so
++ fetches of multi-byte integral values must be done in a fashion
++ that works regardless of the byte order of the machine running
++ tcpdump. The `GET_BE_*()` macros will fetch a big-endian value and
++ return a host-byte-order value on both big-endian and little-endian
++ machines, and the `GET_LE_*()` macros will fetch a little-endian
++ value and return a host-byte-order value on both big-endian and
++ little-endian machines.
++
++ * tcpdump runs on machines that do not support unaligned access to
++ multi-byte values, and packet values are not guaranteed to be
++ aligned on the proper boundary. The `GET_BE_*()` and `GET_LE_*()`
++ macros will fetch values even if they are not aligned on the proper
++ boundary.
++
++* The `GET_*()` macros that fetch IPv4 address values are:
++ ```
++ GET_IPV4_TO_HOST_ORDER(p)
++ GET_IPV4_TO_NETWORK_ORDER(p)
++ ```
++
++ where *p* points to the address in the packet buffer.
++ `GET_IPV4_TO_HOST_ORDER()` returns the address in the byte order of
++ the host that is running tcpdump; `GET_IPV4_TO_NETWORK_ORDER()`
++ returns it in network byte order.
++
++ Like the integral `GET_*()` macros, these macros work correctly on
++ both big-endian and little-endian machines and will fetch values even
++ if they are not aligned on the proper boundary.
++
++* The `GET_*()` macro that fetches an arbitrary sequences of bytes is:
++ ```
++ GET_CPY_BYTES(dst, p, len)
++ ```
++
++ where *dst* is the destination to which the sequence of bytes should
++ be copied, *p* points to the first byte of the sequence of bytes, and
++ *len* is the number of bytes to be copied. The bytes are copied in
++ the order in which they appear in the packet.
++
++* To fetch a network address and convert it to a printable string, use
++ the following `GET_*()` macros, defined in `addrtoname.h`, to
++ perform bounds checks to make sure the entire address is within the
++ buffer and to translate the address to a string to print:
++ ```
++ GET_IPADDR_STRING(p)
++ GET_IP6ADDR_STRING(p)
++ GET_MAC48_STRING(p)
++ GET_EUI64_STRING(p)
++ GET_EUI64LE_STRING(p)
++ GET_LINKADDR_STRING(p, type, len)
++ GET_ISONSAP_STRING(nsap, nsap_length)
++ ```
++
++ `GET_IPADDR_STRING()` fetches an IPv4 address pointed to by *p* and
++ returns a string that is either a host name, if the `-n` flag wasn't
++ specified and a host name could be found for the address, or the
++ standard XXX.XXX.XXX.XXX-style representation of the address.
++
++ `GET_IP6ADDR_STRING()` fetches an IPv6 address pointed to by *p* and
++ returns a string that is either a host name, if the `-n` flag wasn't
++ specified and a host name could be found for the address, or the
++ standard XXXX::XXXX-style representation of the address.
++
++ `GET_MAC48_STRING()` fetches a 48-bit MAC address (Ethernet, 802.11,
++ etc.) pointed to by *p* and returns a string that is either a host
++ name, if the `-n` flag wasn't specified and a host name could be
++ found in the ethers file for the address, or the standard
++ XX:XX:XX:XX:XX:XX-style representation of the address.
++
++ `GET_EUI64_STRING()` fetches a 64-bit EUI pointed to by *p* and
++ returns a string that is the standard XX:XX:XX:XX:XX:XX:XX:XX-style
++ representation of the address.
++
++ `GET_EUI64LE_STRING()` fetches a 64-bit EUI, in reverse byte order,
++ pointed to by *p* and returns a string that is the standard
++ XX:XX:XX:XX:XX:XX:XX:XX-style representation of the address.
++
++ `GET_LINKADDR_STRING()` fetches an octet string, of length *length*
++ and type *type*, pointed to by *p* and returns a string whose format
++ depends on the value of *type*:
++
++ * `LINKADDR_MAC48` - if the length is 6, the string has the same
++ value as `GET_MAC48_STRING()` would return for that address,
++ otherwise, the string is a sequence of XX:XX:... values for the bytes
++ of the address;
++
++ * `LINKADDR_FRELAY` - the string is "DLCI XXX", where XXX is the
++ DLCI, if the address is a valid Q.922 header, and an error indication
++ otherwise;
++
++ * `LINKADDR_EUI64`, `LINKADDR_ATM`, `LINKADDR_OTHER` -
++ the string is a sequence of XX:XX:... values for the bytes
++ of the address.
++
++6) When defining a structure corresponding to a packet or part of a
++ packet, so that a pointer to packet data can be cast to a pointer to
++ that structure and that structure pointer used to refer to fields in
++ the packet, use the `nd_*` types for the structure members.
++
++ Those types all are aligned only on a 1-byte boundary, so a
++ compiler will not assume that the structure is aligned on a boundary
++ stricter than one byte; there is no guarantee that fields in packets
++ are aligned on any particular boundary.
++
++ This means that all padding in the structure must be explicitly
++ declared as fields in the structure.
++
++ The `nd_*` types for integral values are:
++
++ * `nd_uintN_t`, for unsigned integral values, where *N* is the number
++ of bytes in the value.
++ * `nd_intN_t`, for signed integral values, where *N* is the number
++ of bytes in the value.
++
++ The `nd_*` types for IP addresses are:
++
++ * `nd_ipv4`, for IPv4 addresses;
++ * `nd_ipv6`, for IPv6 addresses.
++
++ The `nd_*` types for link-layer addresses are:
++
++ * `nd_mac48`, for MAC-48 (Ethernet, 802.11, etc.) addresses;
++ * `nd_eui64`, for EUI-64 values.
++
++ The `nd_*` type for a byte in a sequence of bytes is `nd_byte`; an
++ *N*-byte sequence should be declared as `nd_byte[N]`.
++
++7) Do invalid packet checks in code: Think that your code can receive in input
+ not only a valid packet but any arbitrary random sequence of octets (packet
+ * built malformed originally by the sender or by a fuzz tester,
+ * became corrupted in transit or for some other reason).
+
+ Print with: `nd_print_invalid(ndo); /* to print " (invalid)" */`
+
- * Use `struct tok` for indexed strings and print them with
++8) Use `struct tok` for indexed strings and print them with
+ `tok2str()` or `bittok2str()` (for flags).
++ All `struct tok` must end with `{ 0, NULL }`.
+
- * Avoid empty lines in output of printers.
++9) Avoid empty lines in output of printers.
+
- * A commit message must have:
++10) A commit message must have:
+ ```
+ First line: Capitalized short summary in the imperative (50 chars or less)
+
+ If the commit concerns a protocol, the summary line must start with
+ "protocol: ".
+
+ Body: Detailed explanatory text, if necessary. Fold it to approximately
+ 72 characters. There must be an empty line separating the summary from
+ the body.
+ ```
+
- * Avoid non-ASCII characters in code and commit messages.
++11) Avoid non-ASCII characters in code and commit messages.
+
- * Use the style of the modified sources.
++12) Use the style of the modified sources.
+
- * Don't mix declarations and code.
++13) Don't mix declarations and code.
+
- * Don't use `//` for comments.
- Not all C compilers accept C++/C99 comments by default.
++14) tcpdump requires a compiler that supports C99 or later, so C99
++ features may be used in code, but C11 or later features should not be
++ used.
+
- * Avoid trailing tabs/spaces
++15) Avoid trailing tabs/spaces
diff --cc contrib/tcpdump/autogen.sh
index 000000000000,000000000000..c84a6b5c5dd2
new file mode 100755
--- /dev/null
+++ b/contrib/tcpdump/autogen.sh
@@@ -1,0 -1,0 +1,25 @@@
++#!/bin/sh -e
++
++: "${AUTORECONF:=autoreconf}"
++
++AUTORECONFVERSION=`$AUTORECONF --version 2>&1 | grep "^autoreconf" | sed 's/.*) *//'`
++
++maj=`echo "$AUTORECONFVERSION" | cut -d. -f1`
++min=`echo "$AUTORECONFVERSION" | cut -d. -f2`
++# The minimum required version of autoconf is currently 2.69.
++if [ "$maj" = "" ] || [ "$min" = "" ] || \
++ [ "$maj" -lt 2 ] || { [ "$maj" -eq 2 ] && [ "$min" -lt 69 ]; }; then
++ cat >&2 <<-EOF
++ Please install the 'autoconf' package version 2.69 or later.
++ If version 2.69 or later is already installed and there is no
++ autoconf default, it may be necessary to set the AUTORECONF
++ environment variable to enable the one to use, like:
++ AUTORECONF=autoreconf-2.69 ./autogen.sh
++ or
++ AUTORECONF=autoreconf-2.71 ./autogen.sh
++ EOF
++ exit 1
++fi
++
++echo "$AUTORECONF identification: $AUTORECONFVERSION"
++"$AUTORECONF" -f
diff --cc contrib/tcpdump/config.guess
index 69188da73d74,000000000000..f6d217a49f8f
mode 100755,000000..100755
--- a/contrib/tcpdump/config.guess
+++ b/contrib/tcpdump/config.guess
@@@ -1,1774 -1,0 +1,1812 @@@
+#! /bin/sh
+# Attempt to guess a canonical system name.
- # Copyright 1992-2023 Free Software Foundation, Inc.
++# Copyright 1992-2024 Free Software Foundation, Inc.
+
+# shellcheck disable=SC2006,SC2268 # see below for rationale
+
- timestamp='2023-01-01'
++timestamp='2024-01-01'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program. This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+#
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
+#
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess
+#
+# Please send patches to <config-patches@gnu.org>.
+
+
+# The "shellcheck disable" line above the timestamp inhibits complaints
+# about features and limitations of the classic Bourne shell that were
+# superseded or lifted in POSIX. However, this script identifies a wide
+# variety of pre-POSIX systems that do not have POSIX shells at all, and
+# even some reasonably current systems (Solaris 10 as case-in-point) still
+# have a pre-POSIX /bin/sh.
+
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
- Output the configuration name of the system \`$me' is run on.
++Output the configuration name of the system '$me' is run on.
+
+Options:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
- Copyright 1992-2023 Free Software Foundation, Inc.
++Copyright 1992-2024 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
- Try \`$me --help' for more information."
++Try '$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+# Just in case it came from the environment.
+GUESS=
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
- # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
- # use `HOST_CC' if defined, but it is deprecated.
++# Historically, 'CC_FOR_BUILD' used to be named 'HOST_CC'. We still
++# use 'HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
+
+set_cc_for_build() {
+ # prevent multiple calls if $tmp is already set
+ test "$tmp" && return 0
+ : "${TMPDIR=/tmp}"
+ # shellcheck disable=SC2039,SC3028
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+ dummy=$tmp/dummy
+ case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+ ,,) echo "int x;" > "$dummy.c"
+ for driver in cc gcc c89 c99 ; do
+ if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+ CC_FOR_BUILD=$driver
+ break
+ fi
+ done
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+ esac
+}
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if test -f /.attbin/uname ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case $UNAME_SYSTEM in
+Linux|GNU|GNU/*)
+ LIBC=unknown
+
+ set_cc_for_build
+ cat <<-EOF > "$dummy.c"
++ #if defined(__ANDROID__)
++ LIBC=android
++ #else
+ #include <features.h>
+ #if defined(__UCLIBC__)
+ LIBC=uclibc
+ #elif defined(__dietlibc__)
+ LIBC=dietlibc
+ #elif defined(__GLIBC__)
+ LIBC=gnu
++ #elif defined(__LLVM_LIBC__)
++ LIBC=llvm
+ #else
+ #include <stdarg.h>
+ /* First heuristic to detect musl libc. */
+ #ifdef __DEFINED_va_list
+ LIBC=musl
+ #endif
+ #endif
++ #endif
+ EOF
+ cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
+ eval "$cc_set_libc"
+
+ # Second heuristic to detect musl libc.
+ if [ "$LIBC" = unknown ] &&
+ command -v ldd >/dev/null &&
+ ldd --version 2>&1 | grep -q ^musl; then
+ LIBC=musl
+ fi
+
+ # If the system lacks a compiler, then just pick glibc.
+ # We could probably try harder.
+ if [ "$LIBC" = unknown ]; then
+ LIBC=gnu
+ fi
+ ;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+ /sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+ /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \
+ echo unknown)`
+ case $UNAME_MACHINE_ARCH in
+ aarch64eb) machine=aarch64_be-unknown ;;
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ earmv*)
+ arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+ endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
+ machine=${arch}${endian}-unknown
+ ;;
+ *) machine=$UNAME_MACHINE_ARCH-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently (or will in the future) and ABI.
+ case $UNAME_MACHINE_ARCH in
+ earm*)
+ os=netbsdelf
+ ;;
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # Determine ABI tags.
+ case $UNAME_MACHINE_ARCH in
+ earm*)
+ expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+ abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case $UNAME_VERSION in
+ Debian*)
*** 5498 LINES SKIPPED ***