Date: Wed, 29 Jan 2025 19:33:32 GMT From: Joseph Mingrone <jrm@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: e5258a079df3 - stable/13 - tpcdump: Update to 4.99.4 Message-ID: <202501291933.50TJXWCH039771@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by jrm: URL: https://cgit.FreeBSD.org/src/commit/?id=e5258a079df39bc40ccfd96e107784f9252170ac commit e5258a079df39bc40ccfd96e107784f9252170ac Author: Joseph Mingrone <jrm@FreeBSD.org> AuthorDate: 2023-06-07 02:21:27 +0000 Commit: Joseph Mingrone <jrm@FreeBSD.org> CommitDate: 2025-01-29 19:29:29 +0000 tpcdump: Update to 4.99.4 Prior to this MFC, the stable/13 tcpdump was at version 4.9.3, which was released over five years ago. Several CVEs have been identified in that version. For a detailed list, see https://www.tcpdump.org/public-cve-list.txt. Reviewed by: kp (print-pf changes) Sponsored by: The FreeBSD Foundation (cherry picked from commit 1cdec2832d051ddcb1417f3f2601e6212aff2613) (cherry picked from commit ee67461e56828dd1f8de165947ba83f6d9148a87) (cherry picked from commit a75d93a74d55d371876f5444075de4ecd685297f) (cherry picked from commit 171a7bbfc04885150401ab64d96793373a8b2061) (cherry picked from commit 1ad8d2ee1f7dec1d747ec955a68fbbb362958315) (cherry picked from commit 7e0a7ef95fac1183854cab662bd9afa4647422d6) (cherry picked from commit 85247ee6a2ba1c2dd0053e9be9055efa4be1438e) Commit 1cdec2832d051ddcb1417f3f2601e6212aff2613 has been adapted for stable/13. Changes to usr.sbin/ndp/ndp_netlink.c have been omitted because 91fbe0819bb9 (ndp: convert ndp(8) to netlink) has not been MFCed. Commit ee67461e56828dd1f8de165947ba83f6d9148a87 has been adapted for stable/13. Most modifications were required because 4bf98559d9d6fa7c3571d26ed6f2b18823e3a30b was not MFCed to stable/13. Also incorporate a small change from 4848eb3af2a91b133c4b70cb9b71dd92ffec7f46 to fix the build. --- contrib/tcpdump/CHANGES | 289 +- contrib/tcpdump/CMakeLists.txt | 1371 ++++++++ contrib/tcpdump/CONTRIBUTING | 151 - contrib/tcpdump/CONTRIBUTING.md | 191 ++ contrib/tcpdump/CREDITS | 149 +- contrib/tcpdump/{INSTALL.txt => INSTALL.md} | 61 +- contrib/tcpdump/LICENSE | 6 +- contrib/tcpdump/Makefile.in | 230 +- contrib/tcpdump/PLATFORMS | 16 - contrib/tcpdump/README | 1 - contrib/tcpdump/README.md | 100 +- contrib/tcpdump/VERSION | 2 +- contrib/tcpdump/addrtoname.c | 493 +-- contrib/tcpdump/addrtoname.h | 86 +- contrib/tcpdump/addrtostr.c | 12 +- contrib/tcpdump/af.c | 4 +- contrib/tcpdump/af.h | 2 +- contrib/tcpdump/ah.h | 46 +- contrib/tcpdump/appletalk.h | 60 +- contrib/tcpdump/ascii_strcasecmp.c | 6 +- contrib/tcpdump/atime.awk | 2 +- contrib/tcpdump/bpf_dump.c | 5 +- contrib/tcpdump/chdlc.h | 2 +- contrib/tcpdump/checksum.c | 10 +- contrib/tcpdump/cmake/Modules/FindCRYPTO.cmake | 24 + contrib/tcpdump/cmake/Modules/FindPCAP.cmake | 462 +++ contrib/tcpdump/cmake/Modules/FindSMI.cmake | 24 + contrib/tcpdump/cmake_uninstall.cmake.in | 21 + contrib/tcpdump/cmakeconfig.h.in | 290 ++ contrib/tcpdump/compiler-tests.h | 196 ++ contrib/tcpdump/config.guess | 1516 +++++---- contrib/tcpdump/config.h.in | 170 +- contrib/tcpdump/config.sub | 1705 +++++----- contrib/tcpdump/configure | 3794 +++++++++++---------- contrib/tcpdump/configure.ac | 508 +-- contrib/tcpdump/cpack.c | 103 +- contrib/tcpdump/cpack.h | 33 +- contrib/tcpdump/diag-control.h | 186 + contrib/tcpdump/doc/README.NetBSD.md | 22 + contrib/tcpdump/doc/README.Win32.md | 200 ++ contrib/tcpdump/doc/README.aix.md | 17 + contrib/tcpdump/doc/README.solaris.md | 41 + contrib/tcpdump/ethertype.h | 32 +- contrib/tcpdump/extract.h | 754 ++++- contrib/tcpdump/{ether.h => fptype.c} | 35 +- contrib/tcpdump/fptype.h | 34 + contrib/tcpdump/ftmacros.h | 127 + contrib/tcpdump/funcattrs.h | 110 +- contrib/tcpdump/getservent.h | 67 + contrib/tcpdump/gmpls.c | 4 +- contrib/tcpdump/gmt2local.c | 66 - contrib/tcpdump/gmt2local.h | 25 - contrib/tcpdump/in_cksum.c | 12 +- contrib/tcpdump/interface.h | 18 +- contrib/tcpdump/ip.h | 6 +- contrib/tcpdump/ip6.h | 91 +- contrib/tcpdump/ipproto.c | 10 +- contrib/tcpdump/ipproto.h | 15 +- contrib/tcpdump/l2vpn.c | 8 +- contrib/tcpdump/machdep.c | 24 +- contrib/tcpdump/missing/datalinks.c | 2 +- contrib/tcpdump/missing/dlnames.c | 5 +- contrib/tcpdump/missing/getopt_long.c | 30 +- contrib/tcpdump/{ => missing}/getopt_long.h | 6 +- contrib/tcpdump/missing/getservent.c | 143 + contrib/tcpdump/missing/pcap_dump_ftell.c | 46 + contrib/tcpdump/missing/snprintf.c | 119 +- contrib/tcpdump/missing/strlcat.c | 8 +- contrib/tcpdump/missing/strlcpy.c | 8 +- contrib/tcpdump/missing/strsep.c | 6 +- contrib/tcpdump/mkdep | 50 +- contrib/tcpdump/mpls.h | 6 +- contrib/tcpdump/nameser.h | 187 +- contrib/tcpdump/netdissect-alloc.c | 64 + contrib/tcpdump/netdissect-alloc.h | 32 + contrib/tcpdump/netdissect-ctype.h | 56 + contrib/tcpdump/netdissect-stdinc.h | 375 +- contrib/tcpdump/netdissect.c | 159 +- contrib/tcpdump/netdissect.h | 599 ++-- contrib/tcpdump/nfs.h | 169 +- contrib/tcpdump/nfsfh.h | 2 +- contrib/tcpdump/nlpid.c | 4 +- contrib/tcpdump/ntp.c | 74 + contrib/tcpdump/{vfprintf.c => ntp.h} | 58 +- contrib/tcpdump/openflow.h | 51 +- contrib/tcpdump/ospf.h | 154 +- contrib/tcpdump/oui.c | 33 +- contrib/tcpdump/oui.h | 32 +- contrib/tcpdump/parsenfsfh.c | 162 +- contrib/tcpdump/pcap_dump_ftell.c | 31 - contrib/tcpdump/pflog.h | 152 + contrib/tcpdump/ppp.h | 8 +- contrib/tcpdump/print-802_11.c | 1769 +++++----- contrib/tcpdump/print-802_15_4.c | 2603 +++++++++++++- contrib/tcpdump/print-ah.c | 57 +- contrib/tcpdump/print-ahcp.c | 283 +- contrib/tcpdump/print-aodv.c | 388 ++- contrib/tcpdump/print-aoe.c | 257 +- contrib/tcpdump/print-ap1394.c | 46 +- contrib/tcpdump/print-arcnet.c | 162 +- contrib/tcpdump/print-arista.c | 165 + contrib/tcpdump/print-arp.c | 261 +- contrib/tcpdump/print-ascii.c | 126 +- contrib/tcpdump/print-atalk.c | 462 +-- contrib/tcpdump/print-atm.c | 193 +- contrib/tcpdump/print-babel.c | 504 ++- contrib/tcpdump/print-bcm-li.c | 130 + contrib/tcpdump/print-beep.c | 23 +- contrib/tcpdump/print-bfd.c | 215 +- contrib/tcpdump/print-bgp.c | 4326 +++++++++++++----------- contrib/tcpdump/print-bootp.c | 569 ++-- contrib/tcpdump/print-brcmtag.c | 151 + contrib/tcpdump/print-bt.c | 44 +- contrib/tcpdump/print-calm-fast.c | 52 +- contrib/tcpdump/print-carp.c | 37 +- contrib/tcpdump/print-cdp.c | 596 ++-- contrib/tcpdump/print-cfm.c | 310 +- contrib/tcpdump/print-chdlc.c | 94 +- contrib/tcpdump/print-cip.c | 47 +- contrib/tcpdump/print-cnfp.c | 456 +-- contrib/tcpdump/print-dccp.c | 365 +- contrib/tcpdump/print-decnet.c | 680 ++-- contrib/tcpdump/print-dhcp6.c | 373 +- contrib/tcpdump/print-domain.c | 941 ++++-- contrib/tcpdump/print-dsa.c | 219 ++ contrib/tcpdump/print-dtp.c | 86 +- contrib/tcpdump/print-dvmrp.c | 341 +- contrib/tcpdump/print-eap.c | 277 +- contrib/tcpdump/print-egp.c | 224 +- contrib/tcpdump/print-eigrp.c | 472 +-- contrib/tcpdump/print-enc.c | 94 +- contrib/tcpdump/print-esp.c | 544 +-- contrib/tcpdump/print-ether.c | 496 ++- contrib/tcpdump/print-fddi.c | 93 +- contrib/tcpdump/print-forces.c | 761 ++--- contrib/tcpdump/print-fr.c | 386 +-- contrib/tcpdump/print-frag6.c | 38 +- contrib/tcpdump/print-ftp.c | 11 +- contrib/tcpdump/print-geneve.c | 81 +- contrib/tcpdump/print-geonet.c | 123 +- contrib/tcpdump/print-gre.c | 210 +- contrib/tcpdump/print-hncp.c | 331 +- contrib/tcpdump/print-hsrp.c | 88 +- contrib/tcpdump/print-http.c | 11 +- contrib/tcpdump/print-icmp.c | 523 +-- contrib/tcpdump/print-icmp6.c | 1383 ++++---- contrib/tcpdump/print-igmp.c | 232 +- contrib/tcpdump/print-igrp.c | 126 +- contrib/tcpdump/print-ip-demux.c | 237 ++ contrib/tcpdump/print-ip.c | 575 +--- contrib/tcpdump/print-ip6.c | 413 ++- contrib/tcpdump/print-ip6opts.c | 188 +- contrib/tcpdump/print-ipcomp.c | 31 +- contrib/tcpdump/print-ipfc.c | 50 +- contrib/tcpdump/print-ipnet.c | 51 +- contrib/tcpdump/print-ipoib.c | 125 + contrib/tcpdump/print-ipx.c | 193 +- contrib/tcpdump/print-isakmp.c | 1425 ++++---- contrib/tcpdump/print-isoclns.c | 2757 ++++++++------- contrib/tcpdump/print-juniper.c | 823 +++-- contrib/tcpdump/print-krb.c | 113 +- contrib/tcpdump/print-l2tp.c | 303 +- contrib/tcpdump/print-lane.c | 52 +- contrib/tcpdump/print-ldp.c | 304 +- contrib/tcpdump/print-lisp.c | 158 +- contrib/tcpdump/print-llc.c | 124 +- contrib/tcpdump/print-lldp.c | 651 ++-- contrib/tcpdump/print-lmp.c | 601 ++-- contrib/tcpdump/print-loopback.c | 81 +- contrib/tcpdump/print-lspping.c | 546 ++- contrib/tcpdump/print-lwapp.c | 172 +- contrib/tcpdump/print-lwres.c | 428 ++- contrib/tcpdump/print-m3ua.c | 96 +- contrib/tcpdump/print-macsec.c | 256 ++ contrib/tcpdump/print-medsa.c | 196 -- contrib/tcpdump/print-mobile.c | 35 +- contrib/tcpdump/print-mobility.c | 170 +- contrib/tcpdump/print-mpcp.c | 146 +- contrib/tcpdump/print-mpls.c | 108 +- contrib/tcpdump/print-mptcp.c | 279 +- contrib/tcpdump/print-msdp.c | 64 +- contrib/tcpdump/print-msnlb.c | 27 +- contrib/tcpdump/print-nflog.c | 177 +- contrib/tcpdump/print-nfs.c | 1419 ++++---- contrib/tcpdump/print-nsh.c | 233 +- contrib/tcpdump/print-ntp.c | 473 ++- contrib/tcpdump/print-null.c | 45 +- contrib/tcpdump/print-olsr.c | 285 +- contrib/tcpdump/print-openflow-1.0.c | 2478 ++++++-------- contrib/tcpdump/print-openflow-1.3.c | 1209 +++++++ contrib/tcpdump/print-openflow.c | 214 +- contrib/tcpdump/print-ospf.c | 773 ++--- contrib/tcpdump/print-ospf6.c | 515 ++- contrib/tcpdump/print-otv.c | 36 +- contrib/tcpdump/print-pflog.c | 188 +- contrib/tcpdump/print-pfsync.c | 140 +- contrib/tcpdump/print-pgm.c | 543 ++- contrib/tcpdump/print-pim.c | 667 ++-- contrib/tcpdump/print-pktap.c | 94 +- contrib/tcpdump/print-ppi.c | 108 +- contrib/tcpdump/print-ppp.c | 869 ++--- contrib/tcpdump/print-pppoe.c | 81 +- contrib/tcpdump/print-pptp.c | 731 ++-- contrib/tcpdump/print-ptp.c | 634 ++++ contrib/tcpdump/print-radius.c | 881 ++++- contrib/tcpdump/print-raw.c | 12 +- contrib/tcpdump/print-realtek.c | 248 ++ contrib/tcpdump/print-resp.c | 114 +- contrib/tcpdump/print-rip.c | 425 ++- contrib/tcpdump/print-ripng.c | 125 +- contrib/tcpdump/print-rpki-rtr.c | 147 +- contrib/tcpdump/print-rrcp.c | 129 - contrib/tcpdump/print-rsvp.c | 1179 ++++--- contrib/tcpdump/print-rt6.c | 96 +- contrib/tcpdump/print-rtsp.c | 11 +- contrib/tcpdump/print-rx.c | 1411 ++++---- contrib/tcpdump/print-sctp.c | 382 +-- contrib/tcpdump/print-sflow.c | 725 ++-- contrib/tcpdump/print-sip.c | 8 +- contrib/tcpdump/print-sl.c | 161 +- contrib/tcpdump/print-sll.c | 316 +- contrib/tcpdump/print-slow.c | 363 +- contrib/tcpdump/print-smb.c | 759 ++--- contrib/tcpdump/print-smtp.c | 11 +- contrib/tcpdump/print-snmp.c | 399 ++- contrib/tcpdump/print-someip.c | 142 + contrib/tcpdump/print-ssh.c | 99 + contrib/tcpdump/print-stp.c | 349 +- contrib/tcpdump/print-sunatm.c | 26 +- contrib/tcpdump/print-sunrpc.c | 85 +- contrib/tcpdump/print-symantec.c | 52 +- contrib/tcpdump/print-syslog.c | 72 +- contrib/tcpdump/print-tcp.c | 508 +-- contrib/tcpdump/print-telnet.c | 81 +- contrib/tcpdump/print-tftp.c | 71 +- contrib/tcpdump/print-timed.c | 111 +- contrib/tcpdump/print-tipc.c | 181 +- contrib/tcpdump/print-token.c | 94 +- contrib/tcpdump/print-udld.c | 115 +- contrib/tcpdump/print-udp.c | 563 +-- contrib/tcpdump/print-unsupported.c | 34 + contrib/tcpdump/print-usb.c | 186 +- contrib/tcpdump/print-vjc.c | 34 +- contrib/tcpdump/print-vqp.c | 107 +- contrib/tcpdump/print-vrrp.c | 101 +- contrib/tcpdump/print-vsock.c | 262 ++ contrib/tcpdump/print-vtp.c | 181 +- contrib/tcpdump/print-vxlan-gpe.c | 67 +- contrib/tcpdump/print-vxlan.c | 41 +- contrib/tcpdump/print-wb.c | 365 +- contrib/tcpdump/print-whois.c | 31 + contrib/tcpdump/print-zep.c | 181 + contrib/tcpdump/print-zephyr.c | 128 +- contrib/tcpdump/print-zeromq.c | 83 +- contrib/tcpdump/print.c | 414 ++- contrib/tcpdump/print.h | 5 +- contrib/tcpdump/rpc_auth.h | 11 +- contrib/tcpdump/rpc_msg.h | 24 +- contrib/tcpdump/rpl.h | 174 - contrib/tcpdump/setsignal.c | 90 - contrib/tcpdump/setsignal.h | 25 - contrib/tcpdump/signature.c | 26 +- contrib/tcpdump/slcompress.h | 4 +- contrib/tcpdump/smb.h | 6 +- contrib/tcpdump/smbutil.c | 535 +-- contrib/tcpdump/status-exit-codes.h | 32 + contrib/tcpdump/stime.awk | 2 +- contrib/tcpdump/strtoaddr.c | 20 +- contrib/tcpdump/tcp.h | 29 +- contrib/tcpdump/tcpdump.1.in | 364 +- contrib/tcpdump/tcpdump.c | 1234 +++++-- contrib/tcpdump/timeval-operations.h | 23 +- contrib/tcpdump/udp.h | 118 +- contrib/tcpdump/util-print.c | 614 ++-- contrib/tcpdump/varattrs.h | 59 + usr.sbin/ndp/Makefile | 6 +- usr.sbin/ndp/ndp.c | 20 +- usr.sbin/tcpdump/tcpdump/Makefile | 25 +- usr.sbin/tcpdump/tcpdump/config.h | 205 +- 279 files changed, 47721 insertions(+), 32997 deletions(-) diff --git a/contrib/tcpdump/CHANGES b/contrib/tcpdump/CHANGES index f09be3446a62..33ced66dd826 100644 --- a/contrib/tcpdump/CHANGES +++ b/contrib/tcpdump/CHANGES @@ -1,3 +1,264 @@ +Friday, April 7, 2023 / The Tcpdump Group + Summary for 4.99.4 tcpdump release + Source code: + Fix spaces before tabs in indentation. + Updated printers: + LSP ping: Fix "Unused value" warnings from Coverity. + CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. + DNS: sync resource types with IANA. + ICMPv6: Update the output to show a RPL DAO field name. + Geneve: Fix the Geneve UDP port test. + Building and testing: + Require at least autoconf 2.69. + Don't check for strftime(), as it's in C90 and beyond. + Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. + Documentation: + man: Document TCP flag names better. + +Thursday, January 12, 2023 / The Tcpdump Group + Summary for 4.99.3 tcpdump release + Updated printers: + PTP: Use the proper values for the control field and print un-allocated + values for the message field as "Reserved" instead of "none". + Source code: + smbutil.c: Replace obsolete function call (asctime) + Building and testing: + cmake: Update the minimum required version to 2.8.12 (except Windows). + CI: Introduce and use TCPDUMP_CMAKE_TAINTED. + Makefile.in: Add the releasecheck target. + Makefile.in: Add "make -s install" in the releasecheck target. + Cirrus CI: Run the "make releasecheck" command in the Linux task. + Makefile.in: Add the whitespacecheck target. + Cirrus CI: Run the "make whitespacecheck" command in the Linux task. + Address all shellcheck warnings in update-test.sh. + Makefile.in: Get rid of a remain of gnuc.h. + Documentation: + Reformat the installation notes (INSTALL.txt) in Markdown. + Convert CONTRIBUTING to Markdown. + CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. + Add a README file for NetBSD. + Fix CMake build to set man page section numbers in tcpdump.1 + +Saturday, December 31, 2022 / The Tcpdump Group + Summary for 4.99.2 tcpdump release + Updated printers: + BGP: Update cease notification decoding to RFC 9003. + BGP: decode BGP link-bandwidth extended community properly. + BGP: Fix parsing the AIGP attribute + BGP: make sure the path attributes don't go past the end of the packet. + BGP: Shutdown message can be up to 255 bytes length according to rfc9003 + DSA: correctly determine VID. + EAP: fix some length checks and output issues. + 802.11: Fix the misleading comment regarding "From DS", "To DS" Frame + Control Flags. + 802.11: Fetch the CF and TIM IEs a field at a time. + 802.15.4, BGP, LISP: fix some length checks, compiler warnings, + and undefined behavior warnings. + PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all + OSes. + RRCP: support more Realtek protocols than just RRCP. + MPLS: show the EXP field as TC, as per RFC 5462. + ICMP: redo MPLS Extension code as general ICMP Extension code. + VQP: Do not print unknown error codes twice. + Juniper: Add some bounds checks. + Juniper: Don't treat known DLT_ types as "Unknown". + lwres: Fix a length check, update a variable type. + EAP: Fix some undefined behaviors at runtime. + Ethernet: Rework the length checks, add a length check. + IPX: Add two length checks. + Zephyr: Avoid printing non-ASCII characters. + VRRP: Print the protocol name before any GET_(). + DCCP: Get rid of trailing commas in lists. + Juniper: Report invalid packets as invalid, not truncated. + IPv6: Remove an obsolete code in an always-false #if wrapper. + ISAKMP: Use GET_U_1() to replace a direct dereference. + RADIUS: Use GET_U_1() to replace a direct dereference. + TCP: Fix an invalid check. + RESP: Fix an invalid check. + RESP: Remove an unnecessary test. + Arista: Refine the output format and print HwInfo. + sFlow: add support for IPv6 agent, add a length check. + VRRP: add support for IPv6. + OSPF: Update to match the Router Properties registry. + OSPF: Remove two unnecessary dereferences. + OSPF: Add support bit Nt RFC3101. + OSPFv3: Remove two unnecessary dereferences. + ICMPv6: Fix output for Router Renumbering messages. + ICMPv6: Fix the Node Information flags. + ICMPv6: Remove an unused macro and extra blank lines. + ICMPv6: Add a length check in the rpl_dio_print() function. + ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function. + IPv6: Add some checks for the Hop-by-Hop Options header + IPv6: Add a check for the Jumbo Payload Hop-by-Hop option. + NFS: Fix the format for printing an unsigned int + PTP: fix printing of the correction fields + PTP: Use ND_LCHECK_U for checking invalid length. + WHOIS: Add its own printer source file and printer function + MPTCP: print length before subtype inside MPTCP options + ESP: Add a workaround to a "use-of-uninitialized-value". + PPP: Add tests to avoid incorrectly re-entering ppp_hdlc(). + PPP: Don't process further if protocol is unknown (-e option). + PPP: Change the pointer to packet data. + ZEP: Add three length checks. + Add some const qualifiers. + Building and testing: + Update config.guess and config.sub. + Use AS_HELP_STRING macro instead of AC_HELP_STRING. + Handle some Autoconf/make errors better. + Fix an error when cross-compiling. + Use "git archive" for the "make releasetar" process. + Remove the release candidate rcX targets. + Mend "make check" on Solaris 9 with Autoconf. + Address assorted compiler warnings. + Fix auto-enabling of Capsicum on FreeBSD with Autoconf. + Treat "msys" as Windows for test exit statuses. + Clean up some help messages in configure. + Use unified diff by default. + Remove awk code from mkdep. + Fix configure test errors with Clang 15 + CMake: Prevent stripping of the RPATH on installation. + AppVeyor CI: update Npcap site, update to 1.12 SDK. + Cirrus CI: Use the same configuration as for the main branch. + CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs. + Remove four test files (They are now in the libpcap tests directory). + On Solaris, for 64-bit builds, use the 64-bit pcap-config. + Tell CMake not to check for a C++ compiler. + CMake: Add a way to request -Werror and equivalents. + configure: Special-case macOS /usr/bin/pcap-config as we do in CMake. + configure: Use pcap-config --static-pcap-only if available. + configure: Use ac_c_werror_flag to force unknown compiler flags to fail. + configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing + flags. + Run the test that fails on OpenBSD only if we're not on OpenBSD. + Source code: + Fix some snapend-changing routines to protect against pointer + underflow. + Use __func__ from C99 in some function calls. + Memory allocator: Update nd_add_alloc_list() to a static function. + addrtoname.c: Fix two invalid tests. + Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main(). + Add some comments about "don't use GET_IP6ADDR_STRING()". + Assign ndo->ndo_packetp in pretty_print_packet(). + Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros. + Update tok2strbuf() to a static function. + netdissect.h: Keep the link-layer dissectors names sorted. + setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP) + to avoid corrupting binary pcap output. + Use __builtin_unreachable(). + Fail if nd_push_buffer() or nd_push_snaplen() fails. + Improve code style and fix many typos. + Documentation: + Some man page cleanups. + Update the print interface for the packet count to stdout. + Note that we require compilers to support at least some of C99. + Update AIX and Solaris-related specifics. + INSTALL.txt: Add doc/README.*, delete the deleted win32 directory. + Update README.md and README.Win32.md. + Update some comments with new RFC numbers. + +Wednesday, June 9, 2021 by gharris + Summary for 4.99.1 tcpdump release + Source code: + Squelch some compiler warnings + ICMP: Update the snapend for some nested IP packets. + MACsec: Update the snapend thus the ICV field is not payload + for the caller. + EIGRP: Fix packet header fields + SMB: Disable printer by default in CMake builds + OLSR: Print the protocol name even if the packet is invalid + MSDP: Print ": " before the protocol name + ESP: Remove padding, padding length and next header from the buffer + DHCPv6: Update the snapend for nested DHCPv6 packets + OpenFlow 1.0: Get snapend right for nested frames. + TCP: Update the snapend before decoding a MPTCP option + Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks + ForCES: Refine SPARSEDATA-TLV length check. + ASCII/hex: Use nd_trunc_longjmp() in truncation cases + GeoNet: Add a ND_TCHECK_LEN() call + Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). + BGP: Fix overwrites of global 'astostr' temporary buffer + ARP: fix overwrites of static buffer in q922_string(). + Frame Relay: have q922_string() handle errors better. + Building and testing: + Rebuild configure script when building release + Fix "make clean" for out-of-tree autotools builds + CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. + Documentation: + man: Update a reference as www.cifs.org is gone. [skip ci] + man: Update DNS sections + Solaris: + Fix a compile error with Sun C + +Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. + Summary for 4.99.0 tcpdump release + CVE-2018-16301: For the -F option handle large input files safely. + Improve the contents, wording and formatting of the man page. + Print unsupported link-layer protocol packets in hex. + Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, + Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand + (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch + Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, + ZigBee Encapsulation Protocol (ZEP). + Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, + ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, + NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, + VXLAN-GPE. + User interface: + Make SLL2 the default for Linux "any" pseudo-device. + Add --micro and --nano shorthands. + Add --count to print a counter only instead of decoding. + Add --print, to cause packet printing even with -w. + Add support for remote capture if libpcap supports it. + Display the "wireless" flag and connection status. + Flush the output packet buffer on a SIGUSR2. + Add the snapshot length to the "reading from file ..." message. + Fix local time printing (DST offset in timestamps). + Allow -C arguments > 2^31-1 GB if they can fit into a long. + Handle very large -f files by rejecting them. + Report periodic stats only when safe to do so. + Print the number of packets captured only as often as necessary. + With no -s, or with -s 0, don't specify the snapshot length with newer + versions of libpcap. + Improve version and usage message printing. + Building and testing: + Install into bindir, not sbindir. + autoconf: replace --with-system-libpcap with --disable-local-libpcap. + Require the compiler to support C99. + Better detect and use various C compilers and their features. + Add CMake as the second build system. + Make out-of-tree builds more reliable. + Use pkg-config to detect libpcap if available. + Improve Windows support. + Add more tests and improve the scripts that run them. + Test both with "normal" and "x87" floating-point. + Eliminate dependency on libdnet. + FreeBSD: + Print a proper error message about monitor mode VAP. + Use libcasper if available. + Fix failure to capture on RDMA device. + Include the correct capsicum header. + Source code: + Start the transition to longjmp() for packet truncation handling. + Introduce new helper functions, including GET_*(), nd_print_protocol(), + nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. + Put integer signedness right in many cases. + Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix + alignment issues, especially on SPARC. + Fix many C compiler, Coverity, UBSan and cppcheck warnings. + Fix issues detected with AddressSanitizer. + Remove many workarounds for older compilers and OSes. + Add a sanity check on packet header length. + Add and remove plenty of bounds checks. + Clean up pcap_findalldevs() call to find the first interface. + Use a short timeout, rather than immediate mode, for text output. + Handle DLT_ENC files *not* written on the same OS and byte-order host. + Add, and use, macros to do locale-independent case mapping. + Use a table instead of getprotobynumber(). + Get rid of ND_UNALIGNED and ND_TCHECK(). + Make roundup2() generally available. + Resync SMI list against Wireshark. + Fix many typos. + Friday, September 20, 2019, by mcr@sandelman.ca A huge thank you to Denis, Francois-Xavier and Guy who did much of the heavy lifting. Summary for 4.9.3 tcpdump release @@ -21,7 +282,6 @@ Friday, September 20, 2019, by mcr@sandelman.ca CVE-2018-14882 (RPL) CVE-2018-16227 (802.11) CVE-2018-16229 (DCCP) - CVE-2018-16301 (was fixed in libpcap) CVE-2018-16230 (BGP) CVE-2018-16452 (SMB) CVE-2018-16300 (BGP) @@ -66,8 +326,6 @@ Sunday September 3, 2017 denis@ovsienko.info CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) - CVE-2017-11542 (PIMv1) - CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) @@ -393,7 +651,7 @@ Wednesday Jul. 2, 2014 mcr@sandelman.ca a number of unaligned access faults fixed -A flag does not consider CR to be printable anymore fx.lebail took over coverity baby sitting - default snapshot size increased to 256K for accomodate USB captures + default snapshot size increased to 256K for accommodate USB captures WARNING: this release contains a lot of very worthwhile code churn. Wednesday Jan. 15, 2014 guy@alum.mit.edu @@ -533,7 +791,7 @@ Tue. July 20, 2010. guy@alum.mit.edu. Summary for 4.1.2 tcpdump release If -U is specified, flush the file after creating it, so it's not zero-length - Fix TCP flags output description, and some typoes, in the man + Fix TCP flags output description, and some typos, in the man page Add a -h flag, and only attempt to recognize 802.11s mesh headers if it's set @@ -617,7 +875,7 @@ Mon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump relea Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release - NFS: Print unsigned values as such. + NFS: Print unsigned values as such. RX: parse safely. BGP: fixes for IPv6-less builds. 801.1ag: use standard codepoint. @@ -628,7 +886,7 @@ Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release NFS: from NetBSD; don't interpret the reply as a possible NFS reply if it got MSG_DENIED. BGP: don't print TLV values that didn't fit, from www.digit-labs.org. - revised INSTALL.txt about libpcap dependancy. + revised INSTALL.txt about libpcap dependency. Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release Update man page to reflect changes to libpcap @@ -648,7 +906,7 @@ Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release Add support for CFM Link-trace msg, Link-trace-Reply msg, Sender-ID tlv, private tlv, port, interface status Add support for unidirectional link detection as per - http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt + https://tools.ietf.org/id/draft-foschiano-udld-02.txt Add support for the olsr protocol as per RFC 3626 plus the LQ extensions from olsr.org Add support for variable-length checksum in DCCP, as per section 9 of @@ -689,7 +947,7 @@ Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release Lots of minor cosmetic changes to output printers -Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release +Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release Decoder support for more Juniper link-layer types Fix a potential buffer overflow (although it can't occur in practice). @@ -708,14 +966,14 @@ Mon. September 19, 2005. ken@xelerance.com. Summary for 3.9.4 tcpdump release those TLVs as system IDs, not as node IDs. Support for DCCP. -Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release +Tue. July 5, 2005. ken@xelerance.com. Summary for 3.9.3 tcpdump release Option to chroot() when dropping privs Fixes for compiling on nearly every platform, including improved 64bit support Many new testcases Support for sending packets - Many compliation fixes on most platforms + Many compilation fixes on most platforms Fixes for recent version of GCC to eliminate warnings Improved Unicode support @@ -753,7 +1011,7 @@ Tue. March 30, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.3 release Mon. March 29, 2004. mcr@sandelman.ottawa.on.ca. Summary for 3.8.2 release Fixes for print-isakmp.c CVE: CAN-2004-0183, CAN-2004-0184 - http://www.rapid7.com/advisories/R7-0017.html + https://web.archive.org/web/20160328035955/https://www.rapid7.com/resources/advisories/R7-0017.jsp IP-over-IEEE1394 printing. some MINGW32 changes. updates for autoconf 2.5 @@ -826,7 +1084,6 @@ Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release 2.100.3 to be misrepresented as 4.20.3 . Monday, January 21, 2002. mcr@sandelman.ottawa.on.ca. Summary for 3.7 release -see http://www.tcpdump.org/cvs-log/2002-01-21.10:16:48.html for commit log. keyword "ipx" added. Better OSI/802.2 support on Linux. IEEE 802.11 support, from clenahan@fortresstech.com, achirica@ttd.net. @@ -894,7 +1151,7 @@ Tuesday January 9, 2001. mcr@sandelman.ottawa.on.ca. Summary for 3.6 release libpcap changes provide for exchanging capture files between systems. Save files now have well known PACKET_ values instead of - depending upon system dependant mappings of DLT_* types. + depending upon system dependent mappings of DLT_* types. Support for computing/checking IP and UDP/TCP checksums. @@ -1205,7 +1462,7 @@ v3.1 Thu Jun 13 20:59:32 PDT 1996 - Print out a little more information for sun rpc packets. -- Add suport for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). +- Add support for Kerberos 4 thanks to John Hawkinson (jhawk@mit.edu). - Fixed the Fix EXTRACT_SHORT() and EXTRACT_LONG() macros (which were wrong on little endian machines). @@ -1370,7 +1627,7 @@ v2.2 Fri May 22 17:19:41 PDT 1992 v2.1 Tue Jan 28 11:00:14 PST 1992 -- Internal release (never publically exported). +- Internal release (never publicly exported). v2.0.1 Sun Jan 26 21:10:10 PDT diff --git a/contrib/tcpdump/CMakeLists.txt b/contrib/tcpdump/CMakeLists.txt new file mode 100644 index 000000000000..9495b5d4c234 --- /dev/null +++ b/contrib/tcpdump/CMakeLists.txt @@ -0,0 +1,1371 @@ +if(WIN32) + # + # We need 3.12 or later, so that we can set policy CMP0074; see + # below. + cmake_minimum_required(VERSION 3.12) +else(WIN32) + # + # For now, require only 2.8.6, just in case somebody is + # configuring with CMake on a "long-term support" version + # of some OS and that version supplies an older version of + # CMake. + # + # If this is ever updated to CMake 3.1 or later, remove the + # stuff in cmake/Modules/FindPCAP.cmake that appends subdirectories + # of directories from CMAKE_PREFIX_PATH to the PKG_CONFIG_PATH + # environment variable when running pkg-config, to make sure + # it finds any .pc file from there. + # + cmake_minimum_required(VERSION 2.8.12) +endif(WIN32) + +# +# We want find_path() and find_library() to honor {packagename}_ROOT, +# as that appears to be the standard way to say "hey, look here for +# this package" from the command line. +# +if(POLICY CMP0074) + cmake_policy(SET CMP0074 NEW) +endif() + +# +# OK, this is a pain. +# +# When building on NetBSD, with a libpcap installed from pkgsrc, +# a -Wl,-rpath,/usr/pkg/lib option is added to the options when +# linking tcpdump. This puts /usr/pkg/lib into the run-time path. +# +# However, by default, CMake adds a rule to the install CMake script +# a CMake command (using an undocumented subcommand of file()) that +# strips /usr/pkg/lib *out* of the run-time path; the message in the +# output for the "install" target is +# +# -- Set runtime path of "{target-directory}/tcpdump" to "" +# +# I am not certain what the rationale is for doing this, but a +# *consequence* of this is that, when you run the installed tcpdump, +# it fails to find libpcap.so: +# +# $ {target-directory}/tcpdump -h +# {target-directory}/tcpdump: Shared object "libpcap.so.0" not found +# +# It also appears to be the case that, on Ubuntu 22.04, FreeBSD 12, +# DragonFly BSD 5.8, OpenBSD 6.6, and Solaris 11.4, +# +# On Ubuntu and Solaris, even if you have a libpcap in /usr/local, you +# have to provide not only -I/usr/local/include and -L/usr/local/lib, +# you also must provide -Wl,-rpath,/usr/local/lib in order to have +# the run-time linker look in /usr/local/lib for libpcap. If it's not +# specified, then, if the shared library major version number of the +# libpcap in /usr/lib is the same as the shared major version number +# of the libpcap in /usr/local/lib, the run-time linker will find the +# libpcap in /usr/lib; if the versions are different, the run-time +# linker will fail to find the libpcap in /usr/lib, so the program will +# fail to run. +# +# We suppress this by setting CMAKE_INSTALL_RPATH_USE_LINK_PATH to TRUE; +# as the documentation for that variable says: +# +# Add paths to linker search and installed rpath. +# +# CMAKE_INSTALL_RPATH_USE_LINK_PATH is a boolean that if set to True +# will append to the runtime search path (rpath) of installed +# binaries any directories outside the project that are in the linker +# search path or contain linked library files. The directories are +# appended after the value of the INSTALL_RPATH target property. +# +# If, for whatever reason, directories in which we search for external +# libraries, other than the standard system library directories, are +# added to the executable's rpath in the build process, we most +# defintely want them in the installed image's rpath if they are +# necessary in order to find the libraries at run time. +# +set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) + +set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/Modules) + +# +# OK, this is a royal pain. +# +# CMake will try to determine the sizes of some data types, including +# void *, early in the process of configuration; apparently, it's done +# as part of processing the project() command. +# +# At least as of CMake 2.8.6, it does so by checking the size of +# "void *" in C, setting CMAKE_C_SIZEOF_DATA_PTR based on that, +# setting CMAKE_SIZEOF_VOID_P to that, and then checking the size +# of "void *" in C++, setting CMAKE_CXX_SIZEOF_DATA_PTR based on +# that, and then setting CMAKE_SIZEOF_VOID_P to *that*. +# +# The compile tests include whatever C flags may have been provided +# to CMake in the CFLAGS and CXXFLAGS environment variables. +# +# If you set an architecture flag such as -m32 or -m64 in CFLAGS +# but *not* in CXXFLAGS, the size for C++ will win, and hilarity +# will ensue. +# +# Or if, at least on Solaris, you have a newer version of GCC +# installed, but *not* a newer version of G++, and you have Oracle +# Studio installed, it will find GCC, which will default to building +# 64-bit, and Oracle Studio's C++ compiler, which will default to +# building 32-bit, the size for C++ will win, and, again, hilarity +# will ensue. +# +# So we *explicitly* state that only C is used; there is currently no +# C++ code in tcpdump. +# +project(tcpdump C) + +# +# For checking if a compiler flag works and adding it if it does. +# +include(CheckCCompilerFlag) +macro(check_and_add_compiler_option _option) + message(STATUS "Checking C compiler flag ${_option}") + string(REPLACE "=" "-" _temp_option_variable ${_option}) + string(REGEX REPLACE "^-" "" _option_variable ${_temp_option_variable}) + check_c_compiler_flag("${_option}" ${_option_variable}) + if(${${_option_variable}}) + set(C_ADDITIONAL_FLAGS "${C_ADDITIONAL_FLAGS} ${_option}") + endif() +endmacro() + +# +# If we're building with Visual Studio, we require Visual Studio 2015, +# in order to get sufficient C99 compatibility. Check for that. +# +# If not, try the appropriate flag for the compiler to enable C99 +# features. +# +set(C_ADDITIONAL_FLAGS "") +if(MSVC) + if(MSVC_VERSION LESS 1900) + message(FATAL_ERROR "Visual Studio 2015 or later is required") + endif() + + # + # Treat source files as being in UTF-8 with MSVC if it's not using + # the Clang front end. + # We assume that UTF-8 source is OK with other compilers and with + # MSVC if it's using the Clang front end. + # + if(NOT ${CMAKE_C_COMPILER} MATCHES "clang*") + set(C_ADDITIONAL_FLAGS "${C_ADDITIONAL_FLAGS} /utf-8") + endif(NOT ${CMAKE_C_COMPILER} MATCHES "clang*") +else(MSVC) + # + # Try to enable as many C99 features as we can. + # At minimum, we want C++/C99-style // comments. + # + # Newer versions of compilers might default to supporting C99, but + # older versions may require a special flag. + # + # Prior to CMake 3.1, setting CMAKE_C_STANDARD will not have any effect, + # so, unless and until we require CMake 3.1 or later, we have to do it + # ourselves on pre-3.1 CMake, so we just do it ourselves on all versions + # of CMake. + # + # Note: with CMake 3.1 through 3.5, the only compilers for which CMake + # handles CMAKE_C_STANDARD are GCC and Clang. 3.6 adds support only + # for Intel C; 3.9 adds support for PGI C, Sun C, and IBM XL C, and + # 3.10 adds support for Cray C and IAR C, but no version of CMake has + # support for HP C. Therefore, even if we use CMAKE_C_STANDARD with + # compilers for which CMake supports it, we may still have to do it + # ourselves on other compilers. + # + # See the CMake documentation for the CMAKE_<LANG>_COMPILER_ID variables + # for a list of compiler IDs. + # + # XXX - this just tests whether the option works and adds it if it does. + # We don't test whether it's necessary in order to get the C99 features + # that we use; if we ever have a user who tries to compile with a compiler + # that can't be made to support those features, we can add a test to make + # sure we actually *have* C99 support. + # + if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR + CMAKE_C_COMPILER_ID MATCHES "Clang") + check_and_add_compiler_option("-std=gnu99") + elseif(CMAKE_C_COMPILER_ID MATCHES "XL") + # + # We want support for extensions picked up for GNU C compatibility, + # so we use -qlanglvl=extc99. + # + check_and_add_compiler_option("-qlanglvl=extc99") + elseif(CMAKE_C_COMPILER_ID MATCHES "HP") + check_and_add_compiler_option("-AC99") + elseif(CMAKE_C_COMPILER_ID MATCHES "Sun") + check_and_add_compiler_option("-xc99") + elseif(CMAKE_C_COMPILER_ID MATCHES "Intel") + check_and_add_compiler_option("-c99") + endif() +endif(MSVC) + +set(LIBRARY_NAME netdissect) + +################################################################### +# Parameters +################################################################### + +option(WITH_SMI "Build with libsmi, if available" ON) +option(WITH_CRYPTO "Build with OpenSSL/libressl libcrypto, if available" ON) +option(WITH_CAPSICUM "Build with Capsicum security functions, if available" ON) +option(WITH_CAP_NG "Use libcap-ng, if available" ON) +option(ENABLE_SMB "Build with the SMB dissector" OFF) + +# +# String parameters. Neither of them are set, initially; only if the +# user explicitly configures them are they set. +# +# WITH_CHROOT is STRING, not PATH, as the directory need not exist +# when CMake is run. +# +set(WITH_CHROOT CACHE STRING + "Directory to which to chroot when dropping privileges") +set(WITH_USER CACHE STRING + "User to whom to set the UID when dropping privileges") + +# +# By default, build universal with the appropriate set of architectures +# for the OS on which we're doing the build. +# +if(APPLE AND "${CMAKE_OSX_ARCHITECTURES}" STREQUAL "") + # + # Get the major version of Darwin. + # + string(REGEX MATCH "^([0-9]+)" SYSTEM_VERSION_MAJOR "${CMAKE_SYSTEM_VERSION}") + + if(SYSTEM_VERSION_MAJOR EQUAL 9) + # + # Leopard. Build for x86 and 32-bit PowerPC, with + # x86 first. (That's what Apple does.) + # + set(CMAKE_OSX_ARCHITECTURES "i386;ppc") + elseif(SYSTEM_VERSION_MAJOR EQUAL 10) + # + # Snow Leopard. Build for x86-64 and x86, with + # x86-64 first. (That's what Apple does.) + # + set(CMAKE_OSX_ARCHITECTURES "x86_64;i386") + endif() +endif() + +################################################################### +# Versioning +################################################################### + +# Get, parse, format and set tcpdump's version string from +# [tcpdump_root]/VERSION for later use. + +# Get MAJOR, MINOR, PATCH & SUFFIX +file(STRINGS ${tcpdump_SOURCE_DIR}/VERSION *** 126631 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501291933.50TJXWCH039771>