Site Navigation

Date:      Wed, 8 Jun 2016 23:22:59 +0000 (UTC)
From:      Mariusz Zaborski <oshogbo@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r301705 - head/contrib/tcpdump
Message-ID:  <201606082322.u58NMxj2065171@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: oshogbo
Date: Wed Jun  8 23:22:59 2016
New Revision: 301705
URL: https://svnweb.freebsd.org/changeset/base/301705

Log:
  The code responsible for opening and rotating pcap files is independent
  of Capser and should use openat(2) unconditionally on FreeBSD.
  openat(2) is mandatory when sandboxed with Capsicum, but still works
  in the absence of Capsicum.
  
  Reviewed by:	AllanJude

Modified:
  head/contrib/tcpdump/tcpdump.c

Modified: head/contrib/tcpdump/tcpdump.c
==============================================================================
--- head/contrib/tcpdump/tcpdump.c	Wed Jun  8 23:17:30 2016	(r301704)
+++ head/contrib/tcpdump/tcpdump.c	Wed Jun  8 23:22:59 2016	(r301705)
@@ -86,6 +86,7 @@ extern int SIZE_BUF;
 #ifdef __FreeBSD__
 #include <sys/capsicum.h>
 #include <sys/sysctl.h>
+#include <libgen.h>
 #endif /* __FreeBSD__ */
 #ifdef HAVE_CASPER
 #include <libcasper.h>
@@ -95,7 +96,6 @@ extern int SIZE_BUF;
 #include <sys/ioccom.h>
 #include <net/bpf.h>
 #include <fcntl.h>
-#include <libgen.h>
 #endif	/* HAVE_CASPER */
 #include <pcap.h>
 #include <signal.h>
@@ -484,7 +484,7 @@ struct dump_info {
 	char	*CurrentFileName;
 	pcap_t	*pd;
 	pcap_dumper_t *p;
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 	int	dirfd;
 #endif
 };
@@ -967,7 +967,7 @@ tstamp_precision_to_string(int precision
 }
 #endif
 
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 /*
  * Ensure that, on a dump file's descriptor, we have all the rights
  * necessary to make the standard I/O library work with an fdopen()ed
@@ -1067,9 +1067,9 @@ main(int argc, char **argv)
 #endif
 	int status;
 	FILE *VFile;
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 	cap_rights_t rights;
-#endif	/* HAVE_CASPER */
+#endif	/* !__FreeBSD__ */
 	int cansandbox;
 
 #ifdef WIN32
@@ -1968,11 +1968,11 @@ main(int argc, char **argv)
 #endif /* HAVE_LIBCAP_NG */
 		if (p == NULL)
 			error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 		set_dumper_capsicum_rights(p);
 #endif
 		if (Cflag != 0 || Gflag != 0) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			dumpinfo.WFileName = strdup(basename(WFileName));
 			dumpinfo.dirfd = open(dirname(WFileName),
 			    O_DIRECTORY | O_RDONLY);
@@ -1990,7 +1990,7 @@ main(int argc, char **argv)
 			    errno != ENOSYS) {
 				error("unable to limit dump descriptor fcntls");
 			}
-#else	/* !HAVE_CASPER */
+#else	/* !__FreeBSD__ */
 			dumpinfo.WFileName = WFileName;
 #endif
 			callback = dump_packet_and_trunc;
@@ -2325,7 +2325,7 @@ dump_packet_and_trunc(u_char *user, cons
 
 		/* If the time is greater than the specified window, rotate */
 		if (t - Gflag_time >= Gflag) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			FILE *fp;
 			int fd;
 #endif
@@ -2383,7 +2383,7 @@ dump_packet_and_trunc(u_char *user, cons
 			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
 			capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			fd = openat(dump_info->dirfd,
 			    dump_info->CurrentFileName,
 			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
@@ -2397,7 +2397,7 @@ dump_packet_and_trunc(u_char *user, cons
 				    dump_info->CurrentFileName);
 			}
 			dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else	/* !HAVE_CASPER */
+#else	/* !__FreeBSD__ */
 			dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2406,7 +2406,7 @@ dump_packet_and_trunc(u_char *user, cons
 #endif /* HAVE_LIBCAP_NG */
 			if (dump_info->p == NULL)
 				error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			set_dumper_capsicum_rights(dump_info->p);
 #endif
 		}
@@ -2423,7 +2423,7 @@ dump_packet_and_trunc(u_char *user, cons
 		if (size == -1)
 			error("ftell fails on output file");
 		if (size > Cflag) {
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			FILE *fp;
 			int fd;
 #endif
@@ -2455,7 +2455,7 @@ dump_packet_and_trunc(u_char *user, cons
 			capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE);
 			capng_apply(CAPNG_SELECT_BOTH);
 #endif /* HAVE_LIBCAP_NG */
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			fd = openat(dump_info->dirfd, dump_info->CurrentFileName,
 			    O_CREAT | O_WRONLY | O_TRUNC, 0644);
 			if (fd < 0) {
@@ -2468,7 +2468,7 @@ dump_packet_and_trunc(u_char *user, cons
 				    dump_info->CurrentFileName);
 			}
 			dump_info->p = pcap_dump_fopen(dump_info->pd, fp);
-#else	/* !HAVE_CASPER */
+#else	/* !__FreeBSD__ */
 			dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName);
 #endif
 #ifdef HAVE_LIBCAP_NG
@@ -2477,7 +2477,7 @@ dump_packet_and_trunc(u_char *user, cons
 #endif /* HAVE_LIBCAP_NG */
 			if (dump_info->p == NULL)
 				error("%s", pcap_geterr(pd));
-#ifdef HAVE_CASPER
+#ifdef __FreeBSD__
 			set_dumper_capsicum_rights(dump_info->p);
 #endif
 		}

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606082322.u58NMxj2065171>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact