Date: Wed, 6 Dec 2017 02:21:11 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326613 - head/contrib/tcpdump Message-ID: <201712060221.vB62LBSK042767@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Wed Dec 6 02:21:11 2017 New Revision: 326613 URL: https://svnweb.freebsd.org/changeset/base/326613 Log: Update tcpdump to 4.9.2 It contains many fixes, including bounds checking, buffer overflows (in SLIP and bittok2str_internal), buffer over-reads, and infinite loops. One other notable change: Do not use getprotobynumber() for protocol name resolution. Do not do any protocol name resolution if -n is specified. Submitted by: gordon Reviewed by: delphij, emaste, glebius MFC after: 1 week Relnotes: Yes Security: CVE-2017-11108, CVE-2017-11541, CVE-2017-11542 Security: CVE-2017-11543, CVE-2017-12893, CVE-2017-12894 Security: CVE-2017-12895, CVE-2017-12896, CVE-2017-12897 Security: CVE-2017-12898, CVE-2017-12899, CVE-2017-12900 Security: CVE-2017-12901, CVE-2017-12902, CVE-2017-12985 Security: CVE-2017-12986, CVE-2017-12987, CVE-2017-12988 Security: CVE-2017-12989, CVE-2017-12990, CVE-2017-12991 Security: CVE-2017-12992, CVE-2017-12993, CVE-2017-12994 Security: CVE-2017-12995, CVE-2017-12996, CVE-2017-12997 Security: CVE-2017-12998, CVE-2017-12999, CVE-2017-13000 Security: CVE-2017-13001, CVE-2017-13002, CVE-2017-13003 Security: CVE-2017-13004, CVE-2017-13005, CVE-2017-13006 Security: CVE-2017-13007, CVE-2017-13008, CVE-2017-13009 Security: CVE-2017-13010, CVE-2017-13011, CVE-2017-13012 Security: CVE-2017-13013, CVE-2017-13014, CVE-2017-13015 Security: CVE-2017-13016, CVE-2017-13017, CVE-2017-13018 Security: CVE-2017-13019, CVE-2017-13020, CVE-2017-13021 Security: CVE-2017-13022, CVE-2017-13023, CVE-2017-13024 Security: CVE-2017-13025, CVE-2017-13026, CVE-2017-13027 Security: CVE-2017-13028, CVE-2017-13029, CVE-2017-13030 Security: CVE-2017-13031, CVE-2017-13032, CVE-2017-13033 Security: CVE-2017-13034, CVE-2017-13035, CVE-2017-13036 Security: CVE-2017-13037, CVE-2017-13038, CVE-2017-13039 Security: CVE-2017-13040, CVE-2017-13041, CVE-2017-13042 Security: CVE-2017-13043, CVE-2017-13044, CVE-2017-13045 Security: CVE-2017-13046, CVE-2017-13047, CVE-2017-13048 Security: CVE-2017-13049, CVE-2017-13050, CVE-2017-13051 Security: CVE-2017-13052, CVE-2017-13053, CVE-2017-13054 Security: CVE-2017-13055, CVE-2017-13687, CVE-2017-13688 Security: CVE-2017-13689, CVE-2017-13690, CVE-2017-13725 Differential Revision: https://reviews.freebsd.org/D12404 Added: head/contrib/tcpdump/funcattrs.h - copied unchanged from r323696, vendor/tcpdump/dist/funcattrs.h Modified: head/contrib/tcpdump/CHANGES head/contrib/tcpdump/CONTRIBUTING head/contrib/tcpdump/CREDITS head/contrib/tcpdump/INSTALL.txt head/contrib/tcpdump/Makefile.in head/contrib/tcpdump/PLATFORMS head/contrib/tcpdump/README.md head/contrib/tcpdump/VERSION head/contrib/tcpdump/addrtoname.c head/contrib/tcpdump/addrtoname.h head/contrib/tcpdump/addrtostr.c head/contrib/tcpdump/af.c head/contrib/tcpdump/af.h head/contrib/tcpdump/checksum.c head/contrib/tcpdump/config.h.in head/contrib/tcpdump/configure head/contrib/tcpdump/configure.in head/contrib/tcpdump/extract.h head/contrib/tcpdump/gmpls.c head/contrib/tcpdump/gmpls.h head/contrib/tcpdump/ip6.h head/contrib/tcpdump/ipproto.c head/contrib/tcpdump/ipproto.h head/contrib/tcpdump/l2vpn.c head/contrib/tcpdump/l2vpn.h head/contrib/tcpdump/netdissect-stdinc.h head/contrib/tcpdump/netdissect.h head/contrib/tcpdump/nlpid.c head/contrib/tcpdump/nlpid.h head/contrib/tcpdump/oui.c head/contrib/tcpdump/oui.h head/contrib/tcpdump/print-802_11.c head/contrib/tcpdump/print-802_15_4.c head/contrib/tcpdump/print-aodv.c head/contrib/tcpdump/print-arp.c head/contrib/tcpdump/print-atm.c head/contrib/tcpdump/print-beep.c head/contrib/tcpdump/print-bfd.c head/contrib/tcpdump/print-bgp.c head/contrib/tcpdump/print-bootp.c head/contrib/tcpdump/print-cfm.c head/contrib/tcpdump/print-chdlc.c head/contrib/tcpdump/print-cnfp.c head/contrib/tcpdump/print-decnet.c head/contrib/tcpdump/print-dhcp6.c head/contrib/tcpdump/print-domain.c head/contrib/tcpdump/print-eap.c head/contrib/tcpdump/print-eigrp.c head/contrib/tcpdump/print-esp.c head/contrib/tcpdump/print-ether.c head/contrib/tcpdump/print-fr.c head/contrib/tcpdump/print-frag6.c head/contrib/tcpdump/print-gre.c head/contrib/tcpdump/print-hncp.c head/contrib/tcpdump/print-icmp.c head/contrib/tcpdump/print-icmp6.c head/contrib/tcpdump/print-ip.c head/contrib/tcpdump/print-ip6.c head/contrib/tcpdump/print-ip6opts.c head/contrib/tcpdump/print-isakmp.c head/contrib/tcpdump/print-isoclns.c head/contrib/tcpdump/print-juniper.c head/contrib/tcpdump/print-l2tp.c head/contrib/tcpdump/print-ldp.c head/contrib/tcpdump/print-llc.c head/contrib/tcpdump/print-lldp.c head/contrib/tcpdump/print-lmp.c head/contrib/tcpdump/print-lspping.c head/contrib/tcpdump/print-m3ua.c head/contrib/tcpdump/print-mobility.c head/contrib/tcpdump/print-mpcp.c head/contrib/tcpdump/print-mpls.c head/contrib/tcpdump/print-mptcp.c head/contrib/tcpdump/print-nfs.c head/contrib/tcpdump/print-null.c head/contrib/tcpdump/print-olsr.c head/contrib/tcpdump/print-ospf6.c head/contrib/tcpdump/print-pgm.c head/contrib/tcpdump/print-pim.c head/contrib/tcpdump/print-pktap.c head/contrib/tcpdump/print-ppp.c head/contrib/tcpdump/print-radius.c head/contrib/tcpdump/print-resp.c head/contrib/tcpdump/print-ripng.c head/contrib/tcpdump/print-rpki-rtr.c head/contrib/tcpdump/print-rsvp.c head/contrib/tcpdump/print-rt6.c head/contrib/tcpdump/print-rx.c head/contrib/tcpdump/print-sip.c head/contrib/tcpdump/print-sl.c head/contrib/tcpdump/print-slow.c head/contrib/tcpdump/print-stp.c head/contrib/tcpdump/print-syslog.c head/contrib/tcpdump/print-telnet.c head/contrib/tcpdump/print-tftp.c head/contrib/tcpdump/print-vqp.c head/contrib/tcpdump/print-vtp.c head/contrib/tcpdump/print-wb.c head/contrib/tcpdump/print-zephyr.c head/contrib/tcpdump/print.c head/contrib/tcpdump/signature.c head/contrib/tcpdump/signature.h head/contrib/tcpdump/smbutil.c head/contrib/tcpdump/tcpdump.1.in head/contrib/tcpdump/tcpdump.c head/contrib/tcpdump/util-print.c Directory Properties: head/contrib/tcpdump/ (props changed) Modified: head/contrib/tcpdump/CHANGES ============================================================================== --- head/contrib/tcpdump/CHANGES Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/CHANGES Wed Dec 6 02:21:11 2017 (r326613) @@ -1,10 +1,119 @@ +Sunday September 3, 2017 denis@ovsienko.info + Summary for 4.9.2 tcpdump release + Do not use getprotobynumber() for protocol name resolution. Do not do + any protocol name resolution if -n is specified. + Improve errors detection in the test scripts. + Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. + Clean up IS-IS printing. + Fix buffer overflow vulnerabilities: + CVE-2017-11543 (SLIP) + CVE-2017-13011 (bittok2str_internal) + Fix infinite loop vulnerabilities: + CVE-2017-12989 (RESP) + CVE-2017-12990 (ISAKMP) + CVE-2017-12995 (DNS) + CVE-2017-12997 (LLDP) + Fix buffer over-read vulnerabilities: + CVE-2017-11541 (safeputs) + CVE-2017-11542 (PIMv1) + CVE-2017-12893 (SMB/CIFS) + CVE-2017-12894 (lookup_bytestring) + CVE-2017-12895 (ICMP) + CVE-2017-12896 (ISAKMP) + CVE-2017-12897 (ISO CLNS) + CVE-2017-12898 (NFS) + CVE-2017-12899 (DECnet) + CVE-2017-12900 (tok2strbuf) + CVE-2017-12901 (EIGRP) + CVE-2017-12902 (Zephyr) + CVE-2017-12985 (IPv6) + CVE-2017-12986 (IPv6 routing headers) + CVE-2017-12987 (IEEE 802.11) + CVE-2017-12988 (telnet) + CVE-2017-12991 (BGP) + CVE-2017-12992 (RIPng) + CVE-2017-12993 (Juniper) + CVE-2017-11542 (PIMv1) + CVE-2017-11541 (safeputs) + CVE-2017-12994 (BGP) + CVE-2017-12996 (PIMv2) + CVE-2017-12998 (ISO IS-IS) + CVE-2017-12999 (ISO IS-IS) + CVE-2017-13000 (IEEE 802.15.4) + CVE-2017-13001 (NFS) + CVE-2017-13002 (AODV) + CVE-2017-13003 (LMP) + CVE-2017-13004 (Juniper) + CVE-2017-13005 (NFS) + CVE-2017-13006 (L2TP) + CVE-2017-13007 (Apple PKTAP) + CVE-2017-13008 (IEEE 802.11) + CVE-2017-13009 (IPv6 mobility) + CVE-2017-13010 (BEEP) + CVE-2017-13012 (ICMP) + CVE-2017-13013 (ARP) + CVE-2017-13014 (White Board) + CVE-2017-13015 (EAP) + CVE-2017-11543 (SLIP) + CVE-2017-13016 (ISO ES-IS) + CVE-2017-13017 (DHCPv6) + CVE-2017-13018 (PGM) + CVE-2017-13019 (PGM) + CVE-2017-13020 (VTP) + CVE-2017-13021 (ICMPv6) + CVE-2017-13022 (IP) + CVE-2017-13023 (IPv6 mobility) + CVE-2017-13024 (IPv6 mobility) + CVE-2017-13025 (IPv6 mobility) + CVE-2017-13026 (ISO IS-IS) + CVE-2017-13027 (LLDP) + CVE-2017-13028 (BOOTP) + CVE-2017-13029 (PPP) + CVE-2017-13030 (PIM) + CVE-2017-13031 (IPv6 fragmentation header) + CVE-2017-13032 (RADIUS) + CVE-2017-13033 (VTP) + CVE-2017-13034 (PGM) + CVE-2017-13035 (ISO IS-IS) + CVE-2017-13036 (OSPFv3) + CVE-2017-13037 (IP) + CVE-2017-13038 (PPP) + CVE-2017-13039 (ISAKMP) + CVE-2017-13040 (MPTCP) + CVE-2017-13041 (ICMPv6) + CVE-2017-13042 (HNCP) + CVE-2017-13043 (BGP) + CVE-2017-13044 (HNCP) + CVE-2017-13045 (VQP) + CVE-2017-13046 (BGP) + CVE-2017-13047 (ISO ES-IS) + CVE-2017-13048 (RSVP) + CVE-2017-13049 (Rx) + CVE-2017-13050 (RPKI-Router) + CVE-2017-13051 (RSVP) + CVE-2017-13052 (CFM) + CVE-2017-13053 (BGP) + CVE-2017-13054 (LLDP) + CVE-2017-13055 (ISO IS-IS) + CVE-2017-13687 (Cisco HDLC) + CVE-2017-13688 (OLSR) + CVE-2017-13689 (IKEv1) + CVE-2017-13690 (IKEv2) + CVE-2017-13725 (IPv6 routing headers) + +Sunday July 23, 2017 denis@ovsienko.info + Summary for 4.9.1 tcpdump release + CVE-2017-11108/Fix bounds checking for STP. + Make assorted documentation updates and fix a few typos in tcpdump output. + Fixup -C for file size >2GB (GH #488). + Show AddressSanitizer presence in version output. + Fix a bug in test scripts (exposed in GH #613). + On FreeBSD adjust Capsicum capabilities for netmap. + On Linux fix a use-after-free when the requested interface does not exist. + Wednesday January 18, 2017 devel.fx.lebail@orange.fr Summary for 4.9.0 tcpdump release General updates: - Improve separation frontend/backend (tcpdump/libnetdissect) - Don't require IPv6 library support in order to support IPv6 addresses - Introduce data types to use for integral values in packet structures - Fix display of timestamps with -tt, -ttt and -ttttt options Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others (More information in the log with CVE-2016-* and CVE-2017-*) Change the way protocols print link-layer addresses (Fix heap overflows @@ -35,14 +144,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr Don't drop CAP_SYS_CHROOT before chrooting Fixes issue where statistics not reported when -G and -W options used - New printers supporting: - Generic Protocol Extension for VXLAN (VXLAN-GPE) - Home Networking Control Protocol (HNCP), RFCs 7787 and 7788 - Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets - Marvell Extended Distributed Switch Architecture header (MEDSA) - Network Service Header (NSH) - REdis Serialization Protocol (RESP) - Updated printers: 802.11: Beginnings of 11ac radiotap support 802.11: Check the Protected bit for management frames @@ -61,7 +162,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr ATM: Fix an incorrect bounds check BFD: Update specification from draft to RFC 5880 BFD: Update to print optional authentication field - BGP: Add decoding of ADD-PATH capability BGP: Add support for the AIGP attribute (RFC7311) BGP: Print LARGE_COMMUNITY Path Attribute BGP: Update BGP numbers from IANA; Print minor values for FSM notification @@ -78,7 +178,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr DTP: Improve packet integrity checks EGP: Fix bounds checks ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later - ESP: Handle OpenSSL 1.1.x Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow) Ethernet: Print the Length/Type field as length when needed FDDI: Fix -e output for FDDI @@ -87,7 +186,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr Geneve: Fix error message with invalid option length; Update list option classes HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS() - ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string IGMP: Add a length check IP: Add a bounds check (Fix a heap overflow) IP: Check before fetching the protocol version (Fix a heap overflow) @@ -115,7 +213,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks MPLS: "length" is now the *remaining* packet length MPLS: Add bounds and length checks (Fix a heap overflow) - NFS: Add a test that makes unaligned accesses NFS: Don't assume the ONC RPC header is nicely aligned NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault) NFS: Don't run past the end of an NFSv3 file handle @@ -130,7 +227,6 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr PGM: Print the formatted IP address, not the raw binary address, as a string PIM: Add some bounds checking (Fix a heap overflow) PIMv2: Fix checksumming of Register messages - PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer PPP: Add some bounds checks (Fix a heap overflow) PPP: Report invalid PAP AACK/ANAK packets Q.933: Add a missing bounds check @@ -171,16 +267,46 @@ Wednesday January 18, 2017 devel.fx.lebail@orange.fr UDLD: Fix an infinite loop UDP: Add a bounds check (Fix a heap overflow) UDP: Check against the packet length first - UDP: Don't do the DDP-over-UDP heuristic check up front VAT: Add some bounds checks VTP: Add a test on Mgmt Domain Name length VTP: Add bounds checks and filter out non-printable characters VXLAN: Add a bound check and a test case ZeroMQ: Fix an infinite loop -Tuesday April 14, 2015 guy@alum.mit.edu - Summary for 4.8.0 tcpdump release +Tuesday October 25, 2016 mcr@sandelman.ca + Summary for 4.8.1 tcpdump release Fix "-x" for Apple PKTAP and PPI packets + Improve separation frontend/backend (tcpdump/libnetdissect) + Fix display of timestamps with -tt, -ttt and -ttttt options + Add support for the Marvell Extended Distributed Switch Architecture header + Use PRIx64 to print a 64-bit number in hex. + Printer for HNCP (RFCs 7787 and 7788). + dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer. + RSVP: Add bounds and length checks + OSPF: Do more bounds checking + Handle OpenSSL 1.1.x. + Initial support for the REdis Serialization Protocol known as RESP. + Add printing function for Generic Protocol Extension for VXLAN + draft-ietf-nvo3-vxlan-gpe-01 + Network Service Header: draft-ietf-sfc-nsh-01 + Don't recompile the filter if the new file has the same DLT. + Pass an adjusted struct pcap_pkthdr to the sub-printer. + Add three test cases for already fixed CVEs + CVE-2014-8767: OLSR + CVE-2014-8768: Geonet + CVE-2014-8769: AODV + Don't do the DDP-over-UDP heuristic first: GitHub issue #499. + Use the new debugging routines in libpcap. + Harmonize TCP source or destination ports tests with UDP ones + Introduce data types to use for integral values in packet structures. + RSVP: Fix an infinite loop + Support of Type 3 and Type 4 LISP packets. + Don't require IPv6 library support in order to support IPv6 addresses. + Many many changes to support libnetdissect usage. + Add a test that makes unaligned accesses: GitHub issue #478. + add a DNSSEC test case: GH #445 and GH #467. + BGP: add decoding of ADD-PATH capability + fixes to LLC header printing, and RFC948-style IP packets Friday April 10, 2015 guy@alum.mit.edu Summary for 4.7.4 tcpdump release Modified: head/contrib/tcpdump/CONTRIBUTING ============================================================================== --- head/contrib/tcpdump/CONTRIBUTING Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/CONTRIBUTING Wed Dec 6 02:21:11 2017 (r326613) @@ -3,6 +3,44 @@ Some Information for Contributors You want to contribute to Tcpdump, Thanks! Please, read these lines. + +How to report bugs and other problems +------------------------------------- +To report a security issue (segfault, buffer overflow, infinite loop, arbitrary +code execution etc) please send an e-mail to security@tcpdump.org, do not use +the bug tracker! + +To report a non-security problem (failure to compile, incorrect output in the +protocol printout, missing support for a particular protocol etc) please check +first that it reproduces with the latest stable release of tcpdump and the latest +stable release of libpcap. If it does, please check that the problem reproduces +with the current git master branch of tcpdump and the current git master branch of +libpcap. If it does (and it is not a security-related problem, otherwise see +above), please navigate to https://github.com/the-tcpdump-group/tcpdump/issues +and check if the problem has already been reported. If it has not, please open +a new issue and provide the following details: + +* tcpdump and libpcap version (tcpdump --version) +* operating system name and version and any other details that may be relevant + (uname -a, compiler name and version, CPU type etc.) +* configure flags if any were used +* statement of the problem +* steps to reproduce + +Please note that if you know exactly how to solve the problem and the solution +would not be too intrusive, it would be best to contribute some development time +and open a pull request instead as discussed below. + +Still not sure how to do? Feel free to [subscribe](http://www.tcpdump.org/#mailing-lists) +to the mailing list tcpdump-workers@lists.tcpdump.org and ask! + + +How to add new code and to update existing code +----------------------------------------------- + +0) Check that there isn't a pull request already opened for the changes you + intend to make. + 1) Fork the Tcpdump repository on GitHub from https://github.com/the-tcpdump-group/tcpdump (See https://help.github.com/articles/fork-a-repo/) @@ -12,8 +50,11 @@ Please, read these lines. on Linux and OSX before sending pull requests. (See http://docs.travis-ci.com/user/getting-started/) -3) Clone your repository +3) Setup your git working copy git clone https://github.com/<username>/tcpdump.git + cd tcpdump + git remote add upstream https://github.com/the-tcpdump-group/tcpdump + git fetch upstream 4) Do a 'touch .devel' in your working directory. Currently, the effect is @@ -47,19 +88,26 @@ Please, read these lines. 7) Test with 'make check' Don't send a pull request if 'make check' gives failed tests. -8) Rebase your commits against upstream/master - (To keep linearity) +8) Try to rebase your commits to keep the history simple. + git rebase upstream/master + (If the rebase fails and you cannot resolve, issue "git rebase --abort" + and ask for help in the pull request comment.) -9) Initiate and send a pull request +9) Once 100% happy, put your work into your forked repository. + git push + +10) Initiate and send a pull request (See https://help.github.com/articles/using-pull-requests/) -Some remarks ------------- + +Code style and generic remarks +------------------------------ a) A thorough reading of some other printers code is useful. b) Put the normative reference if any as comments (RFC, etc.). -c) Put the format of packets/headers/options as comments. +c) Put the format of packets/headers/options as comments if there is no + published normative reference. d) The printer may receive incomplete packet in the buffer, truncated at any random position, for example by capturing with '-s size' option. Modified: head/contrib/tcpdump/CREDITS ============================================================================== --- head/contrib/tcpdump/CREDITS Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/CREDITS Wed Dec 6 02:21:11 2017 (r326613) @@ -5,7 +5,7 @@ The current maintainers: Denis Ovsienko <denis at ovsienko dot info> Fulvio Risso <risso at polito dot it> Guy Harris <guy at alum dot mit dot edu> - Hannes Gredler <hannes at juniper dot net> + Hannes Gredler <hannes at gredler dot at> Michael Richardson <mcr at sandelman dot ottawa dot on dot ca> Francois-Xavier Le Bail <fx dot lebail at yahoo dot com> @@ -39,6 +39,7 @@ Additional people who have contributed patches: Bjoern A. Zeeb <bzeeb at Zabbadoz dot NeT> Bram <tcpdump at mail dot wizbit dot be> Brent L. Bates <blbates at vigyan dot com> + Brian Carpenter <brian dot carpenter at gmail dot com> Brian Ginsbach <ginsbach at cray dot com> Bruce M. Simpson <bms at spc dot org> Carles Kishimoto Bisbe <ckishimo at ac dot upc dot es> @@ -54,6 +55,7 @@ Additional people who have contributed patches: Craig Rodrigues <rodrigc at mediaone dot net> Crist J. Clark <cjclark at alum dot mit dot edu> Daniel Hagerty <hag at ai dot mit dot edu> + Daniel Lee <Longinus00 at gmail dot com> Darren Reed <darrenr at reed dot wattle dot id dot au> David Binderman <d dot binderman at virgin dot net> David Horn <dhorn2000 at gmail dot com> @@ -85,6 +87,7 @@ Additional people who have contributed patches: Greg Stark <gsstark at mit dot edu> Hank Leininger <tcpdump-workers at progressive-comp dot com> Hannes Viertel <hviertel at juniper dot net> + Hanno Böck <hanno at hboeck dot de> Harry Raaymakers <harryr at connect dot com dot au> Heinz-Ado Arnolds <Ado dot Arnolds at dhm-systems dot de> Hendrik Scholz <hendrik at scholz dot net> @@ -111,6 +114,7 @@ Additional people who have contributed patches: Juliusz Chroboczek <jch at pps dot jussieu dot fr> Kaarthik Sivakumar <kaarthik at torrentnet dot com> Kaladhar Musunuru <kaladharm at sourceforge dot net> + Kamil Frankowicz <kontakt at frankowicz dot me> Karl Norby <karl-norby at sourceforge dot net> Kazushi Sugyo <sugyo at pb dot jp dot nec dot com> Kelly Carmichael <kcarmich at ipapp dot com> @@ -123,7 +127,6 @@ Additional people who have contributed patches: Larry Lile <lile at stdio dot com> Lennert Buytenhek <buytenh at gnu dot org> Loganaden Velvindron <logan at elandsys dot com> - Daniel Lee <Longinus00 at gmail dot com> Loris Degioanni <loris at netgroup-serv dot polito dot it> Love Hörnquist-Åstrand <lha at stacken dot kth dot se> Lucas C. Villa Real <lucasvr at us dot ibm dot com> @@ -166,6 +169,7 @@ Additional people who have contributed patches: Paolo Abeni <paolo dot abeni at email dot it> Pascal Hennequin <pascal dot hennequin at int-evry dot fr> Pasvorn Boonmark <boonmark at juniper dot net> + Patrik Lundquist <patrik dot lundquist at gmail dot com> Paul Ferrell <pflarr at sourceforge dot net> Paul Mundt <lethal at linux-sh dot org> Paul S. Traina <pst at freebsd dot org> Modified: head/contrib/tcpdump/INSTALL.txt ============================================================================== --- head/contrib/tcpdump/INSTALL.txt Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/INSTALL.txt Wed Dec 6 02:21:11 2017 (r326613) @@ -37,6 +37,7 @@ Please see "PLATFORMS" for notes about tested platform FILES ----- CHANGES - description of differences between releases +CONTRIBUTING - guidelines for contributing CREDITS - people that have helped tcpdump along INSTALL.txt - this file LICENSE - the license under which tcpdump is distributed Modified: head/contrib/tcpdump/Makefile.in ============================================================================== --- head/contrib/tcpdump/Makefile.in Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/Makefile.in Wed Dec 6 02:21:11 2017 (r326613) @@ -263,6 +263,7 @@ HDR = \ ether.h \ ethertype.h \ extract.h \ + funcattrs.h \ getopt_long.h \ gmpls.h \ gmt2local.h \ Modified: head/contrib/tcpdump/PLATFORMS ============================================================================== --- head/contrib/tcpdump/PLATFORMS Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/PLATFORMS Wed Dec 6 02:21:11 2017 (r326613) @@ -1,9 +1,16 @@ -== Tested platforms == -NetBSD 5.1/i386 (mcr - 2012/4/1) -Debian Linux (squeeze/i386) (mcr - 2012/4/1) +In many operating systems tcpdump is available as a native package or port, +which simplifies installation of updates and long-term maintenance. However, +the native packages are sometimes a few versions behind and to try a more +recent snapshot it will take to compile tcpdump from the source code. ---- -RedHat Linux 6.1/i386 (assar) -FreeBSD 2.2.8/i386 (itojun) +tcpdump compiles and works on at least the following platforms: - +* AIX +* FreeBSD +* HP-UX 11i +* Linux (any) with glibc (usually just works) +* Linux (any) with musl libc (sometimes fails to compile, please report any bugs) +* Mac OS X / macOS +* NetBSD +* OpenWrt +* Solaris Modified: head/contrib/tcpdump/README.md ============================================================================== --- head/contrib/tcpdump/README.md Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/README.md Wed Dec 6 02:21:11 2017 (r326613) @@ -3,25 +3,21 @@ [![Build Status](https://travis-ci.org/the-tcpdump-group/tcpdump.png)](https://travis-ci.org/the-tcpdump-group/tcpdump) -TCPDUMP 4.x.y -Now maintained by "The Tcpdump Group" -See www.tcpdump.org +To report a security issue please send an e-mail to security@tcpdump.org. -Please send inquiries/comments/reports to: +To report bugs and other problems, contribute patches, request a +feature, provide generic feedback etc please see the file +CONTRIBUTING in the tcpdump source tree root. -* tcpdump-workers@lists.tcpdump.org +TCPDUMP 4.x.y +Now maintained by "The Tcpdump Group" +See www.tcpdump.org Anonymous Git is available via: git clone git://bpf.tcpdump.org/tcpdump -Please submit patches by forking the branch on GitHub at: - -* http://github.com/the-tcpdump-group/tcpdump/tree/master - -and issuing a pull request. - -formerly from Lawrence Berkeley National Laboratory +formerly from Lawrence Berkeley National Laboratory Network Research Group <tcpdump@ee.lbl.gov> ftp://ftp.ee.lbl.gov/old/tcpdump.tar.Z (3.4) @@ -70,20 +66,6 @@ Another tool that tcpdump users might find useful is t It is a program that can be used to extract portions of tcpdump binary trace files. See the above distribution for further details and documentation. - -Problems, bugs, questions, desirable enhancements, etc. should be sent -to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support -requests, and feature requests may also be submitted on the GitHub issue -tracker for tcpdump at: - -* https://github.com/the-tcpdump-group/tcpdump/issues - -Source code contributions, etc. should be sent to the email address -above or submitted by forking the branch on GitHub at: - -* http://github.com/the-tcpdump-group/tcpdump/tree/master - -and issuing a pull request. Current versions can be found at www.tcpdump.org. Modified: head/contrib/tcpdump/VERSION ============================================================================== --- head/contrib/tcpdump/VERSION Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/VERSION Wed Dec 6 02:21:11 2017 (r326613) @@ -1 +1 @@ -4.9.0 +4.9.2 Modified: head/contrib/tcpdump/addrtoname.c ============================================================================== --- head/contrib/tcpdump/addrtoname.c Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/addrtoname.c Wed Dec 6 02:21:11 2017 (r326613) @@ -150,14 +150,24 @@ struct enamemem { u_short e_addr2; const char *e_name; u_char *e_nsap; /* used only for nsaptable[] */ -#define e_bs e_nsap /* for bytestringtable */ struct enamemem *e_nxt; }; static struct enamemem enametable[HASHNAMESIZE]; static struct enamemem nsaptable[HASHNAMESIZE]; -static struct enamemem bytestringtable[HASHNAMESIZE]; +struct bsnamemem { + u_short bs_addr0; + u_short bs_addr1; + u_short bs_addr2; + const char *bs_name; + u_char *bs_bytes; + unsigned int bs_nbytes; + struct bsnamemem *bs_nxt; +}; + +static struct bsnamemem bytestringtable[HASHNAMESIZE]; + struct protoidmem { uint32_t p_oui; u_short p_proto; @@ -342,7 +352,7 @@ getname6(netdissect_options *ndo, const u_char *ap) return (p->name); } -static const char hex[] = "0123456789abcdef"; +static const char hex[16] = "0123456789abcdef"; /* Find the hash node that corresponds the ether address 'ep' */ @@ -380,11 +390,11 @@ lookup_emem(netdissect_options *ndo, const u_char *ep) * with length 'nlen' */ -static inline struct enamemem * +static inline struct bsnamemem * lookup_bytestring(netdissect_options *ndo, register const u_char *bs, const unsigned int nlen) { - struct enamemem *tp; + struct bsnamemem *tp; register u_int i, j, k; if (nlen >= 6) { @@ -399,26 +409,28 @@ lookup_bytestring(netdissect_options *ndo, register co i = j = k = 0; tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)]; - while (tp->e_nxt) - if (tp->e_addr0 == i && - tp->e_addr1 == j && - tp->e_addr2 == k && - memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0) + while (tp->bs_nxt) + if (nlen == tp->bs_nbytes && + tp->bs_addr0 == i && + tp->bs_addr1 == j && + tp->bs_addr2 == k && + memcmp((const char *)bs, (const char *)(tp->bs_bytes), nlen) == 0) return tp; else - tp = tp->e_nxt; + tp = tp->bs_nxt; - tp->e_addr0 = i; - tp->e_addr1 = j; - tp->e_addr2 = k; + tp->bs_addr0 = i; + tp->bs_addr1 = j; + tp->bs_addr2 = k; - tp->e_bs = (u_char *) calloc(1, nlen + 1); - if (tp->e_bs == NULL) + tp->bs_bytes = (u_char *) calloc(1, nlen); + if (tp->bs_bytes == NULL) (*ndo->ndo_error)(ndo, "lookup_bytestring: calloc"); - memcpy(tp->e_bs, bs, nlen); - tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp)); - if (tp->e_nxt == NULL) + memcpy(tp->bs_bytes, bs, nlen); + tp->bs_nbytes = nlen; + tp->bs_nxt = (struct bsnamemem *)calloc(1, sizeof(*tp)); + if (tp->bs_nxt == NULL) (*ndo->ndo_error)(ndo, "lookup_bytestring: calloc"); return tp; @@ -445,11 +457,11 @@ lookup_nsap(netdissect_options *ndo, register const u_ tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)]; while (tp->e_nxt) - if (tp->e_addr0 == i && + if (nsap_length == tp->e_nsap[0] && + tp->e_addr0 == i && tp->e_addr1 == j && tp->e_addr2 == k && - tp->e_nsap[0] == nsap_length && - memcmp((const char *)&(nsap[1]), + memcmp((const char *)nsap, (char *)&(tp->e_nsap[1]), nsap_length) == 0) return tp; else @@ -549,12 +561,12 @@ le64addr_string(netdissect_options *ndo, const u_char const unsigned int len = 8; register u_int i; register char *cp; - register struct enamemem *tp; + register struct bsnamemem *tp; char buf[BUFSIZE]; tp = lookup_bytestring(ndo, ep, len); - if (tp->e_name) - return (tp->e_name); + if (tp->bs_name) + return (tp->bs_name); cp = buf; for (i = len; i > 0 ; --i) { @@ -566,11 +578,11 @@ le64addr_string(netdissect_options *ndo, const u_char *cp = '\0'; - tp->e_name = strdup(buf); - if (tp->e_name == NULL) + tp->bs_name = strdup(buf); + if (tp->bs_name == NULL) (*ndo->ndo_error)(ndo, "le64addr_string: strdup(buf)"); - return (tp->e_name); + return (tp->bs_name); } const char * @@ -579,7 +591,7 @@ linkaddr_string(netdissect_options *ndo, const u_char { register u_int i; register char *cp; - register struct enamemem *tp; + register struct bsnamemem *tp; if (len == 0) return ("<empty>"); @@ -591,11 +603,11 @@ linkaddr_string(netdissect_options *ndo, const u_char return (q922_string(ndo, ep, len)); tp = lookup_bytestring(ndo, ep, len); - if (tp->e_name) - return (tp->e_name); + if (tp->bs_name) + return (tp->bs_name); - tp->e_name = cp = (char *)malloc(len*3); - if (tp->e_name == NULL) + tp->bs_name = cp = (char *)malloc(len*3); + if (tp->bs_name == NULL) (*ndo->ndo_error)(ndo, "linkaddr_string: malloc"); *cp++ = hex[*ep >> 4]; *cp++ = hex[*ep++ & 0xf]; @@ -605,7 +617,7 @@ linkaddr_string(netdissect_options *ndo, const u_char *cp++ = hex[*ep++ & 0xf]; } *cp = '\0'; - return (tp->e_name); + return (tp->bs_name); } const char * Modified: head/contrib/tcpdump/addrtoname.h ============================================================================== --- head/contrib/tcpdump/addrtoname.h Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/addrtoname.h Wed Dec 6 02:21:11 2017 (r326613) @@ -33,7 +33,8 @@ enum { LINKADDR_ETHER, LINKADDR_FRELAY, LINKADDR_IEEE1394, - LINKADDR_ATM + LINKADDR_ATM, + LINKADDR_OTHER }; #define BUFSIZE 128 Modified: head/contrib/tcpdump/addrtostr.c ============================================================================== --- head/contrib/tcpdump/addrtostr.c Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/addrtostr.c Wed Dec 6 02:21:11 2017 (r326613) @@ -110,25 +110,24 @@ addrtostr6 (const void *src, char *dst, size_t size) size_t space_left, added_space; int snprintfed; struct { - long base; - long len; + int base; + int len; } best, cur; - u_long words [IN6ADDRSZ / INT16SZ]; + uint16_t words [IN6ADDRSZ / INT16SZ]; int i; /* Preprocess: * Copy the input (bytewise) array into a wordwise array. * Find the longest run of 0x00's in src[] for :: shorthanding. */ - memset (words, 0, sizeof(words)); - for (i = 0; i < IN6ADDRSZ; i++) - words[i/2] |= (srcaddr[i] << ((1 - (i % 2)) << 3)); + for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) + words[i] = (srcaddr[2*i] << 8) | srcaddr[2*i + 1]; best.len = 0; best.base = -1; cur.len = 0; cur.base = -1; - for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) + for (i = 0; i < (int)(IN6ADDRSZ / INT16SZ); i++) { if (words[i] == 0) { @@ -161,7 +160,7 @@ addrtostr6 (const void *src, char *dst, size_t size) *dp++ = c; \ space_left--; \ } - for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) + for (i = 0; i < (int)(IN6ADDRSZ / INT16SZ); i++) { /* Are we inside the best run of 0x00's? */ @@ -192,7 +191,7 @@ addrtostr6 (const void *src, char *dst, size_t size) space_left -= added_space; break; } - snprintfed = snprintf (dp, space_left, "%lx", words[i]); + snprintfed = snprintf (dp, space_left, "%x", words[i]); if (snprintfed < 0) return (NULL); if ((size_t) snprintfed >= space_left) Modified: head/contrib/tcpdump/af.c ============================================================================== --- head/contrib/tcpdump/af.c Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/af.c Wed Dec 6 02:21:11 2017 (r326613) @@ -12,7 +12,7 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ #ifdef HAVE_CONFIG_H Modified: head/contrib/tcpdump/af.h ============================================================================== --- head/contrib/tcpdump/af.h Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/af.h Wed Dec 6 02:21:11 2017 (r326613) @@ -12,7 +12,7 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ extern const struct tok af_values[]; Modified: head/contrib/tcpdump/checksum.c ============================================================================== --- head/contrib/tcpdump/checksum.c Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/checksum.c Wed Dec 6 02:21:11 2017 (r326613) @@ -14,7 +14,7 @@ * * miscellaneous checksumming routines * - * Original code by Hannes Gredler (hannes@juniper.net) + * Original code by Hannes Gredler (hannes@gredler.at) */ #ifdef HAVE_CONFIG_H Modified: head/contrib/tcpdump/config.h.in ============================================================================== --- head/contrib/tcpdump/config.h.in Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/config.h.in Wed Dec 6 02:21:11 2017 (r326613) @@ -34,6 +34,9 @@ /* Define to 1 if you have the `ether_ntohost' function. */ #undef HAVE_ETHER_NTOHOST +/* Define to 1 if you have the `EVP_CipherInit_ex' function. */ +#undef HAVE_EVP_CIPHERINIT_EX + /* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */ #undef HAVE_EVP_CIPHER_CTX_NEW Modified: head/contrib/tcpdump/configure ============================================================================== --- head/contrib/tcpdump/configure Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/configure Wed Dec 6 02:21:11 2017 (r326613) @@ -5801,7 +5801,7 @@ if test "x$ac_cv_func_pcap_loop" = xyes; then : else - as_fn_error $? "Report this to tcpdump-workers@lists.tcpdump.org, and include the + as_fn_error $? "This is a bug, please follow the guidelines in CONTRIBUTING and include the config.log file in your report. If you have downloaded libpcap from tcpdump.org, and built it yourself, please also include the config.log file from the libpcap source directory, the Makefile from the libpcap @@ -8116,17 +8116,32 @@ fi done # - # OK, do we have EVP_CIPHER_CTX_new? + # OK, then: + # + # 1) do we have EVP_CIPHER_CTX_new? # If so, we use it to allocate an # EVP_CIPHER_CTX, as EVP_CIPHER_CTX may be # opaque; otherwise, we allocate it ourselves. # - for ac_func in EVP_CIPHER_CTX_new + # 2) do we have EVP_CipherInit_ex()? + # If so, we use it, because we need to be + # able to make two "initialize the cipher" + # calls, one with the cipher and key, and + # one with the IV, and, as of OpenSSL 1.1, + # You Can't Do That with EVP_CipherInit(), + # because a call to EVP_CipherInit() will + # unconditionally clear the context, and + # if you don't supply a cipher, it'll + # clear the cipher, rendering the context + # unusable and causing a crash. + # + for ac_func in EVP_CIPHER_CTX_new EVP_CipherInit_ex do : - ac_fn_c_check_func "$LINENO" "EVP_CIPHER_CTX_new" "ac_cv_func_EVP_CIPHER_CTX_new" -if test "x$ac_cv_func_EVP_CIPHER_CTX_new" = xyes; then : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF -#define HAVE_EVP_CIPHER_CTX_NEW 1 +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi Modified: head/contrib/tcpdump/configure.in ============================================================================== --- head/contrib/tcpdump/configure.in Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/configure.in Wed Dec 6 02:21:11 2017 (r326613) @@ -935,12 +935,26 @@ if test "$want_libcrypto" != "no"; then if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then AC_CHECK_HEADERS(openssl/evp.h) # - # OK, do we have EVP_CIPHER_CTX_new? + # OK, then: + # + # 1) do we have EVP_CIPHER_CTX_new? # If so, we use it to allocate an # EVP_CIPHER_CTX, as EVP_CIPHER_CTX may be # opaque; otherwise, we allocate it ourselves. # - AC_CHECK_FUNCS(EVP_CIPHER_CTX_new) + # 2) do we have EVP_CipherInit_ex()? + # If so, we use it, because we need to be + # able to make two "initialize the cipher" + # calls, one with the cipher and key, and + # one with the IV, and, as of OpenSSL 1.1, + # You Can't Do That with EVP_CipherInit(), + # because a call to EVP_CipherInit() will + # unconditionally clear the context, and + # if you don't supply a cipher, it'll + # clear the cipher, rendering the context + # unusable and causing a crash. + # + AC_CHECK_FUNCS(EVP_CIPHER_CTX_new EVP_CipherInit_ex) fi ]) fi Modified: head/contrib/tcpdump/extract.h ============================================================================== --- head/contrib/tcpdump/extract.h Wed Dec 6 02:06:14 2017 (r326612) +++ head/contrib/tcpdump/extract.h Wed Dec 6 02:21:11 2017 (r326613) @@ -20,8 +20,48 @@ */ /* - * Macros to extract possibly-unaligned big-endian integral values. + * For 8-bit values; provided for the sake of completeness. Byte order + * isn't relevant, and alignment isn't an issue. */ +#define EXTRACT_8BITS(p) (*(p)) +#define EXTRACT_LE_8BITS(p) (*(p)) + +/* + * Inline functions or macros to extract possibly-unaligned big-endian + * integral values. + */ +#include "funcattrs.h" + +/* + * If we have versions of GCC or Clang that support an __attribute__ + * to say "if we're building with unsigned behavior sanitization, + * don't complain about undefined behavior in this function", we + * label these functions with that attribute - we *know* it's undefined + * in the C standard, but we *also* know it does what we want with + * the ISA we're targeting and the compiler we're using. + * + * For GCC 4.9.0 and later, we use __attribute__((no_sanitize_undefined)); + * pre-5.0 GCC doesn't have __has_attribute, and I'm not sure whether + * GCC or Clang first had __attribute__((no_sanitize(XXX)). + * + * For Clang, we check for __attribute__((no_sanitize(XXX)) with + * __has_attribute, as there are versions of Clang that support + * __attribute__((no_sanitize("undefined")) but don't support + * __attribute__((no_sanitize_undefined)). + * + * We define this here, rather than in funcattrs.h, because we + * only want it used here, we don't want it to be broadly used. + * (Any printer will get this defined, but this should at least + * make it harder for people to find.) + */ +#if defined(__GNUC__) && ((__GNUC__ * 100 + __GNUC_MINOR__) >= 409) +#define UNALIGNED_OK __attribute__((no_sanitize_undefined)) +#elif __has_attribute(no_sanitize) +#define UNALIGNED_OK __attribute__((no_sanitize("undefined"))) +#else +#define UNALIGNED_OK +#endif + #ifdef LBL_ALIGN /* * The processor doesn't natively handle unaligned loads. @@ -31,7 +71,7 @@ defined(__mips) || defined(__mips__)) /* - * This is a GCC-compatible compiler and we have __attribute__, which +* This is a GCC-compatible compiler and we have __attribute__, which * we assume that mean we have __attribute__((packed)), and this is * MIPS or Alpha, which has instructions that can help when doing * unaligned loads. @@ -88,19 +128,19 @@ typedef struct { uint32_t val; } __attribute__((packed)) unaligned_uint32_t; -static inline uint16_t +UNALIGNED_OK static inline uint16_t EXTRACT_16BITS(const void *p) { return ((uint16_t)ntohs(((const unaligned_uint16_t *)(p))->val)); } -static inline uint32_t +UNALIGNED_OK static inline uint32_t EXTRACT_32BITS(const void *p) { return ((uint32_t)ntohl(((const unaligned_uint32_t *)(p))->val)); } -static inline uint64_t +UNALIGNED_OK static inline uint64_t EXTRACT_64BITS(const void *p) { return ((uint64_t)(((uint64_t)ntohl(((const unaligned_uint32_t *)(p) + 0)->val)) << 32 | @@ -138,19 +178,19 @@ EXTRACT_64BITS(const void *p) * The processor natively handles unaligned loads, so we can just * cast the pointer and fetch through it. */ -static inline uint16_t +static inline uint16_t UNALIGNED_OK EXTRACT_16BITS(const void *p) { return ((uint16_t)ntohs(*(const uint16_t *)(p))); } -static inline uint32_t +static inline uint32_t UNALIGNED_OK EXTRACT_32BITS(const void *p) { return ((uint32_t)ntohl(*(const uint32_t *)(p))); } -static inline uint64_t +static inline uint64_t UNALIGNED_OK EXTRACT_64BITS(const void *p) { return ((uint64_t)(((uint64_t)ntohl(*((const uint32_t *)(p) + 0))) << 32 | @@ -193,7 +233,6 @@ EXTRACT_64BITS(const void *p) * Macros to extract possibly-unaligned little-endian integral values. * XXX - do loads on little-endian machines that support unaligned loads? */ -#define EXTRACT_LE_8BITS(p) (*(p)) #define EXTRACT_LE_16BITS(p) \ ((uint16_t)(((uint16_t)(*((const uint8_t *)(p) + 1)) << 8) | \ ((uint16_t)(*((const uint8_t *)(p) + 0)) << 0))) @@ -242,3 +281,6 @@ EXTRACT_64BITS(const void *p) #define ND_TTEST_64BITS(p) ND_TTEST2(*(p), 8) #define ND_TCHECK_64BITS(p) ND_TCHECK2(*(p), 8) + +#define ND_TTEST_128BITS(p) ND_TTEST2(*(p), 16) +#define ND_TCHECK_128BITS(p) ND_TCHECK2(*(p), 16) Copied: head/contrib/tcpdump/funcattrs.h (from r323696, vendor/tcpdump/dist/funcattrs.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/tcpdump/funcattrs.h Wed Dec 6 02:21:11 2017 (r326613, copy of r323696, vendor/tcpdump/dist/funcattrs.h) @@ -0,0 +1,122 @@ +/* -*- Mode: c; tab-width: 8; indent-tabs-mode: 1; c-basic-offset: 8; -*- */ +/* + * Copyright (c) 1993, 1994, 1995, 1996, 1997 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Computer Systems + * Engineering Group at Lawrence Berkeley Laboratory. + * 4. Neither the name of the University nor of the Laboratory may be used + * to endorse or promote products derived from this software without + * specific prior written permission. *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712060221.vB62LBSK042767>