Add interface name, ifindex and IP address printing for Interface
Information Object, and use the newly-refactored object printing
to print the single object included in an RFC8335 PROBE message.
Include a test with several well-formed packets, and one test
with a truncated packet (truncated packet supplied by fuzzer).
First, find out where, if anywhere, ether_ntohost() is declare, *then*
test whether it's buggy - using code taken from addrtoname.c to figure
out what to include and, if there's nothing that works, how to work
around it.
(This means that a bunch of platforms will start using ether_ntohost().)
Grab the stuff from libpcap's configure script that looks for libssl
(and libcrypto) and adapt it to look for libcrypto.
his includes some macros to check using pkg-config (and other macros,
such as macros to save and restore CFLAGS, LIBS, and LDFLAGS; any
resemblance between their names and the cmake_push_check_state() and
cmake_pop_check_state() commands is *entirely* coincidental :-)).
Instead of checking for DES_cbc_encrypt(), which we don't use, to
determine whether the libcrypto we found is usable, check for
EVP_CIPHER_CTX_block_size(), which we *do* use. (We also check whether
the openssl/evp.h header exists; if it doesn't, we might have found the
libcrypto that Apple bundles with macOS, for which they do *NOT* provide
the header in newer versions of Xcode.) See also #1174.
This means that we don't need to check whether we have openssl/evp.h at
compile time - now, if we don't, we don't even set HAVE_LIBCRYPTO, so
there's no need to check HAVE_OPENSSL_EVP_H.
We do so for autotools, and we currently have separate ifdefs for
pcap_open and pcap_findalldevs_ex, rather than treating the presence of
pcap_open as an indication that we have the entire remote capture API
(the latter is what Wireshark does).
There appears to be no way to build tcpdump on macOS Ventura with Xcode
15 with the system libpcap and have the resulting program run without
getting an error due to failing to find pcap_open() or
pcap_findalldevs_ex() at startup.
In particular, there appears to be no way to use __builtin_available()
to protect accesses to the routines that showed up in Sonoma, so that
the run-time linker doesn't fail if the routine in question isn't
present. Perhaps it requires more compiler command-line arguments.
So, instead, only check for pcap_open() and pcap_findalldevs_ex() if 1)
this isn't macOS or 2) we're not building with the system libpcap.
Those might point to a directory with headers and libraries for an
installed version of libpcap; if we've already decided to use a local
version in the source tree next to us, don't put -I and -L flags from
--with-crypto in front of them, put those flags *after* what's already
in V_INCLS and LIBS.
Show its value and only dissect the payload as an Ethernet frame if it's
type 0, for Ethernet.
Add a test file for frame type 0, rename the existing file to
indicate that it uses the unknown frame type 7 (which ain't Ethernet),
and regenerate that file.
Identification examples: tcc-0.9.27, tcc-0.9.28rc
There are currently warnings such as:
print-802_11.c:3317: warning: assignment discards qualifiers from pointer
target type
print-esp.c:373: warning: function might return no value: 'ldp_pdu_print'
So use: TCPDUMP_TAINTED=yes
Works on linux-amd64.
Does not work on linux-armv7l with BUILD_LIBPCAP=yes / CMAKE=yes
(Segmentation fault, libpcap dynamically linked). Works with 0.9.28rc.
TinyCC can be found at https://bellard.org/tcc/,
https://repo.or.cz/r/tinycc.git or as package on some distros.
We already report a warning if the secret is too long; do so if there's
an invalid hex digit in the secret.
See
https://github.com/the-tcpdump-group/tcpdump/pull/1185#issuecomment-2119211162
While we're at it, put the length of the string, in hex-digit pairs,
into a size_t rather than an unsigned int, just in case (it's unlikely
that it will overflow a 32-bit unsigned integer, but...).
This lets us remove a bunch of configure-time and compile-time tests.
Update documentation to reflect this.
WinPcap 4.1.3 is based on libpcap 1.0, but doesn't export all of the new
APIs, so it won't work with code that uses any of the other APIs, which
tcpdump does, so don't test with WinPcap.
Some compilers might not understand the declaration of the ndo_error
member of an netdissect_options as pointing to a function that never
returns; add a /* NOTREACHED */ comment in case they recognize that as a
hint.
This change avoids adding a large number to the packet pointer and
overflow it.
It also avoids the differences between 32-bit and 64-bit printouts.
Example:
32-bit:
NFS request xid 1168185174 80 readdirplus fh / 1441792 bytes @ 1585267068834414592 [|nfs]
---
64-bit:
NFS request xid 1168185174 80 readdirplus [|nfs]
Add a test file.
Update a test output accordingly.
Print "[length < 0] (invalid)" when fragment length is negative.
In this case, e.g. when IPv6 payload length is zero, the 32-bit and
64-bit printouts were different.
Example:
32-bit:
frag (0x80000074:1280|4294967288)
---
64-bit:
frag (0x80000074:1280|18446744073709551608)
Add a test file.
Same result in config.h as with CMake.
Before:
#define NETINET_ETHER_H_DECLARES_ETHER_NTOHOST /**/
After:
#define NETINET_ETHER_H_DECLARES_ETHER_NTOHOST 1
[skip ci]
As Francois-Xavier points it out, my recent commit 5265743 in certain
contexts adds rather than removes compiler warnings:
cc: Sun C 5.12 SunOS_i386 Patch 148918-11 2017/12/13
"tcpdump.c", line 3267: warning: bad message tag: E_DEPRECATED_ATT
"tcpdump.c", line 3307: warning: bad message tag: E_DEPRECATED_ATT
Get Sun C versions right to fix that.
Fix an error on Solaris 10 like:
./mkdep: /opt/solarisstudio12.3/bin/cc -D_STDC_C99=: not found
When configure get some compiler option like:
checking for /opt/solarisstudio12.3/bin/cc option to accept ISO C99...
-D_STDC_C99=
Makefile will contain:
CC = /opt/solarisstudio12.3/bin/cc -D_STDC_C99=
And if we use '-c "$(CC)"' mkdep will set and try to run:
CC="/opt/solarisstudio12.3/bin/cc -D_STDC_C99=", which is incorrect.
Remove the quotes to allow mkdep to set CC with the compiler name and
set flags with the option.
print-sll.c uses HAVE_NET_IF_H, which does not always work right: the
header is in POSIX.1-2001, but the result of if_indextoname() is
irrelevant if the current OS is not Linux, in which case the packet was
captured on a different host because libpcap produces DLT_LINUX_SLL2 on
Linux only. The result can be irrelevant on Linux too, but this does
not have an easy solution.
To reduce the problem space, switch print-sll.c to check for __linux__
instead. In tcpdump.c print the warning about interface names only if
sll2_if_print() would print interface names. Since HAVE_NET_IF_H has no
purpose now, remove the checks for <net/if.h>.
Neither addrtoname.c nor extract.h nor netdissect.h nor print-sll.c
require the header anymore, so do not include it there. Add a missing
conditional include to netdissect.c.
On Windows in a struct timestamp, tv_sec is a long not a 64-bit time_t.
The problem shows:
listening on \Device\NPF_Loopback, link-type NULL (BSD loopback),
snapshot length 262144 bytes
1 [localtime() or gmtime() couldn't convert the date and time].052255
IP 10.0.0.10 > 224.0.0.251: igmp v2 report 224.0.0.251
2 [localtime() or gmtime() couldn't convert the date and time].792000
IP 10.0.0.10.138 > 10.0.0.255.138: NBT UDP PACKET(138)
The warnings with clang-cl were:
util-print.c(253,18): warning: incompatible pointer types passing
'const long *' to parameter of type 'const time_t *'
(aka 'const long long *') [-Wincompatible-pointer-types]
253 | tm = localtime(&tv->tv_sec);
| ^~~~~~~~~~~
util-print.c(255,15): warning: incompatible pointer types passing
'const long *' to parameter of type 'const time_t *'
(aka 'const long long *') [-Wincompatible-pointer-types]
255 | tm = gmtime(&tv->tv_sec);
| ^~~~~~~~~~~
