tcpdump source code has not been using struct in6_addr since commit
0c9cfdc in 2019, so lose the conditional structure declaration, which is
a no-op.
Since commit de7c619 in 2015 netdissect-stdinc.h on Windows defines
HAVE_OS_IPV6_SUPPORT if AF_INET6 if defined, which makes it equivalent
to AF_INET6. On Unix-like systems taking struct in6_addr out of scope
would make HAVE_OS_IPV6_SUPPORT equivalent to AF_INET6, thus after
removing struct in6_addr remove HAVE_OS_IPV6_SUPPORT together with
Autoconf and CMake checks that define it. Leave an unrelated CMake
workaround in place for later debugging.
On Windows do not define AF_INET6 if it is not defined, which makes
AF_INET6 a universal indicator of the OS IPv6 support on all supported
OSes. The few remaining use cases that genuinely need AF_INET6 use it
to make OS API calls, so if the macro is not defined, it most likely
means such an API call in the best case would return just a well-formed
error status. With this in mind, in win32_gethostbyaddr() and
ip6addr_string() guard all IPv6-specific code with #ifdef AF_INET6. In
tcpdump.c add a comment to note why a guard is not required for
Casper-specific conditional code that uses AF_INET6.
This way when the OS does not support IPv6, IPv6 addresses will not
resolve to names, which is expected. Other than that, tcpdump should be
able to process IPv6 addresses the usual way regardless if the OS would
be able to process the packets with these addresses.
libpcap has been using strdup() for a long time too, but never
substituted it under the assumption the function is available in all
supported OSes, see libpcap commit cb71eef from 2006. The only
exception to that is Windows, which can have a different name for the
function, but both libpcap and tcpdump for that already use a separate
workaround, which does not involve the substitution.
Let's take this as a proof that strdup() substitution in tcpdump is dead
code, and remove it.
It's specified by the C90 standard (and, as I remember, by the C89
standard, although I no longer have my paper copy); no need to worry
about ancient environments that lack it, and we have some cases where we
call it in code not protected by #ifdef HAVE_STRFTIME/#endif and haven't
seen any reports of problems.
Don't pad the pflog header with BPF_WORDALIGN(); round up to a multiple
of 4, instead, as that's what all but FreeBSD do, and FreeBSD used to do
that and should go back to doing so (kern/261566).
Don't rely on the OS's pflog include files to define direction types,
reason types, action types, or the layout of the header; instead, define
them ourselves in a header of our own, with #ifs to select the ones that
are only on some platforms. That way, it'll handle some fields and
field values (the ones common to all OSes with pflog) on all OSes, even
ones without pflog.
That also expands the set of direction, reason, and action codes to what
various *BSDs and Darwin support.
Also, handle all the different AF_INET6 values in various *BSDs and
Darwin.
At least as I read RFC 5996 section 3.14 and RFC 4303 section 2.4, if
the cipher has a block size of which the ciphertext's size must be a
multiple, the payload must be padded to make that happen, so the
ciphertext length must be a multiple of the block size. Instead of
allocating a buffer, copying the ciphertext to it, and padding it to the
block size, fail if its size isn't a multiple of the block size.
(Note also that the old padding code added a block's worth of padding to
the end of a ciphertext block that *was* a multiple of the cipher block
size; this might have caused problems.)
Don't use the undocumented EVP_Cipher(); the lack of documentation means
a lack of information about whatever requirements it might impose. Use
EVP_DecryptUpdate() instead.
Before calling it, use EVP_CIPHER_CTX_set_padding() to say "don't do
your own padding, this block is a multiple of the cipher block size".
Instead of using EVP_CipherInit() or EVP_CipherInit_ex(), use
EVP_DecryptInit() or EVP_DecryptInit_ex(). as we're always doing
decryption and never doing encryption - the extra parameter to
EVP_CipherInit() and EVP_CipherInit_ex() is always 0.
This may address GitHub issue #814.
It may also make it a bit easier to have the code use Common Crypto on
macOS (rather than requiring that OpenSSL be installed - macOS ships
with an OpenSSL shared library for binary compatibility with older
releases, but doesn't ship with the headers, because Apple wants you
using their crypto code) and use Cryptography API: Next Generation on
Windows (Vista/Server 2008 and later) (rather than requiring a Windows
build of OpenSSL).
(Hopefully this will all work with LibreSSL.)
The only function tcpdump used in libdnet was dnet_htoa(), which tries
to translate a binary DECnet address to a nodename through a lookup in
/etc/decnet.conf. The translation is slow and has a bug, so stop using
the function and remove the dependency on libdnet.
This makes tcpdump always print DECnet addresses in numeric format, if
anybody needs the translation back they are welcome to fix libdnet or
(more realistically) add an implementation of dnet_htoa() to the tcpdump
source code and use it.
(This is a forward-port of commit 9a6eb27 from tcpdump-4.9 to master.
Sadly, together with libdnet this change removes the fine work that Guy
had done in the master branch in commits ebf3f19 and 4ef8d63 to put
libdnet usage right whilst my original "do not use libdnet" commit was
aging in the pipeline.)
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
Index is displayed always, name only if available.
Warn about possible wrong interfaces when in reading mode
(pcap file can be displayed on a different host then where
was captured) [1].
See: GH the-tcpdump-group/libpcap#127
[1] https://lists.sandelman.ca/pipermail/tcpdump-workers/2018-July/001019.html
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Suggested-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Denis Ovsienko <denis@ovsienko.info>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
