At least as I read RFC 5996 section 3.14 and RFC 4303 section 2.4, if
the cipher has a block size of which the ciphertext's size must be a
multiple, the payload must be padded to make that happen, so the
ciphertext length must be a multiple of the block size. Instead of
allocating a buffer, copying the ciphertext to it, and padding it to the
block size, fail if its size isn't a multiple of the block size.
(Note also that the old padding code added a block's worth of padding to
the end of a ciphertext block that *was* a multiple of the cipher block
size; this might have caused problems.)
Don't use the undocumented EVP_Cipher(); the lack of documentation means
a lack of information about whatever requirements it might impose. Use
EVP_DecryptUpdate() instead.
Before calling it, use EVP_CIPHER_CTX_set_padding() to say "don't do
your own padding, this block is a multiple of the cipher block size".
Instead of using EVP_CipherInit() or EVP_CipherInit_ex(), use
EVP_DecryptInit() or EVP_DecryptInit_ex(). as we're always doing
decryption and never doing encryption - the extra parameter to
EVP_CipherInit() and EVP_CipherInit_ex() is always 0.
This may address GitHub issue #814.
It may also make it a bit easier to have the code use Common Crypto on
macOS (rather than requiring that OpenSSL be installed - macOS ships
with an OpenSSL shared library for binary compatibility with older
releases, but doesn't ship with the headers, because Apple wants you
using their crypto code) and use Cryptography API: Next Generation on
Windows (Vista/Server 2008 and later) (rather than requiring a Windows
build of OpenSSL).
(Hopefully this will all work with LibreSSL.)
The only function tcpdump used in libdnet was dnet_htoa(), which tries
to translate a binary DECnet address to a nodename through a lookup in
/etc/decnet.conf. The translation is slow and has a bug, so stop using
the function and remove the dependency on libdnet.
This makes tcpdump always print DECnet addresses in numeric format, if
anybody needs the translation back they are welcome to fix libdnet or
(more realistically) add an implementation of dnet_htoa() to the tcpdump
source code and use it.
(This is a forward-port of commit 9a6eb27 from tcpdump-4.9 to master.
Sadly, together with libdnet this change removes the fine work that Guy
had done in the master branch in commits ebf3f19 and 4ef8d63 to put
libdnet usage right whilst my original "do not use libdnet" commit was
aging in the pipeline.)
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
It looks like CMake after commit 3e9e2b6 started to use the newly added
missing/pcap_dump_ftell.c to make pcap_dump_ftell() available in tcpdump
if libpcap does not have it. However, autotools continued to use the
previously existing ./pcap_dump_ftell.c for the same purpose. Remove the
previously existing file and amend autotools files to cover
pcap_dump_ftell() the same way as the other functions in the missing/
directory files.
Amend missing/pcap_dump_ftell.c not to use pcap_dump_file(), as it may be
unavailable.
This has been tested to work with libpcap 0.6.1.
Index is displayed always, name only if available.
Warn about possible wrong interfaces when in reading mode
(pcap file can be displayed on a different host then where
was captured) [1].
See: GH the-tcpdump-group/libpcap#127
[1] https://lists.sandelman.ca/pipermail/tcpdump-workers/2018-July/001019.html
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Suggested-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Denis Ovsienko <denis@ovsienko.info>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not specified by a libpcap header that might have a different
layout in different pcap releases, it's specified on the list of
link-layer header types and must remain the same forever (except for
getting additional bits defined), so we don't need to pick it up from
libpcap.
This means we get to use tcpdump's nd_ types; do so.
It's not specified by a libpcap header that might have a different
layout in different pcap releases, it's specified on the list of
link-layer header types and must remain the same forever (except for
getting additional bits defined), so we don't need to pick it up from
libpcap.
This means we get to use tcpdump's nd_ types; do so.
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
If we don't have dnet_htoa(), we don't need any of the headers. Check
for them only if we have dnet_htoa().
Use AC_CHECK_DECL to see if netdnet/dnetdb.h declares dnet_htoa().
Check for netdnet/dn.h and, if we have it, check whether it declares
struct dn_naddr; if so, include it, rather than defining the structure
ourselves.
Don't define union etheraddr ourselves; we only need to define an
etheraddr typedef. That avoids colliding with a libdnet header
definition of union etheraddr. (When we use etheraddr, we care about
what's on the wire, and we don't rely on system headers to tell us
what's on the wire.)
We assume "not on Windows" means "on UN*X", which means we have alarm()
(we don't care about V6 and earlier; 1978 called, they want their UNIX
back). If somebody wants to support something that's neither UN*X nor
Windows, they'll need to contribute support, properly checking for that
other OS.
Some time between the mid 1980's and 1990 called; they want their
old-fashioned UNIX signal handling back. ANSI C has had signal handlers
returning void sincer, well, 1989, and POSIX has had sigaction() since
close to forever. No need to worry about really old UN*Xes here.
On Windows, it's also void (as per ANSI C); use signal().
If we have a libpcap with <pcap/pcap-inttypes.h>, include it, so that we
don't have to worry about definitions colliding if we later include a
pcap header file that includes pcap/pcap-inttypes.h.
Otherwise, do the same stuff pcap-inttypes.h does. This means that, on
UN*X, we require that there be an <inttypes.h> that defines everything
we need.
Don't bother doing checks that are no longer necessary as a result of
those changes.
Handle attributes for function pointers the same way we handle
attributes for functions, by explicitly checking for the compiler
version with #if rather than with a configure script check. That's one
fewer thing that, if you're not using autoconf, has to be done in some
other fashion.
While we're at it, put NORETURN in the right place to have it work with
Microsoft Visual Studio as well as various UN*X compilers.
The documentation claims that recent GCC is now better by default at
spotting cases of code flow falling through (which is true) and that it
avoids false positives by matching nearby source code comments with
regexps. However, the latter feature doesn't seem to work as reliably
as the manual describes it, so let's have a macro for this purpose.
Tested to work on:
* x86_64, Fedora 26, GCC 7.1.1 (w/__attribute__, w/fallthrough)
* x86_64, Ubuntu 16.04, GCC 5.4.0 (w/__attribute__, w/o fallthrough)
* x86_64, FreeBSD 11.0, CLang 3.8.0 (w/__attribute__, w/o fallthrough)
* SPARC, Solaris 10, SolStudio 12.4 (w/__attribute__, w/o fallthrough)
* SPARC, Solaris 10, SunStudio 11 (w/o __attribute__)
The patch allows tcpdump to run sandboxed and still do name resolution.
The code is obtained from FreeBSD tree, where it was developed by
Pawel Jakub Dawidek <pjd@FreeBSD.org>
Mariusz Zaborski <oshogbo@FreeBSD.org>
In 1.1.x, EVP_CIPHER_CTX is an opaque structure, so we can't declare it
on the stack.
Instead, if we don't have EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free()
in libcrypto, define our own versions, with the same signatures as the
ones in OpenSSL 1.1.x's libcrypto, and have the code use
EVP_CIPHER_CTX_new() to allocate the structure and EVP_CIPHER_CTX_free()
to free it.
Newer versions of libpcap, when configured to provide debugging
printouts for the filter expression parser or optimizer, provide
routines to set the "debug the parser" and "debug the optimizer" flags;
use them if the library has them. If the library doesn't have them, do
our best to try to use the older mechanisms for requesting debugging, if
present.
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
Do the case-insensitive comparisons in a locale-independent fashion that
only maps ASCII letters, in the standard English-language fashion; that
way, we don't get bitten by, for example, Turkish having separate "i
with dot" and "i without dot" letters, with lower-case "i with dot" being
mapped to upper-case "I with dot" rather than being mapped to "I".
If libpcap has pcap_set_immediate_mode(), then default to immediate mode
if we're printing packets to a terminal, and use immediate mode if
--immediate-mode is specified.
First, check for smi.h. If we don't have it, don't check for anything
else.
If we do have it, check for libsmi containing smiInit. If we don't have
it, don't check for anything else.
If we do have it, check, with our test program, whether we can use it.
If that succeeds, prepend -lsmi to LIBS, and set USE_LIBSMI. Otherwise,
don't do either of those.
Check, in source, *only* for USE_LIBSMI. If it's set, use libsmi,
otherwise don't - don't even include smi.h, even if we happened to have
found it, and don't print the libsmi version string.
Check for pcap_set_tstamp_precision() in the configure script and, if
it's not there, don't include the code that allows time stamp precisions
to be set.
Fixes GitHub issue #390.
Also, if all we do when checking for a function is set a HAVE_XXX
AC_CHECK_FUNC, as AC_CHECK_FUNCS will set the #define for you.
This requires us to check for it in the configure script and to include
a version of getopt_long() for the benefit of platforms that don't have
it; we pick up the FreeBSD version and tweak it a bit (eliminating some
features specific to the BSD version of getopt_long(), as we want to use
it only in a fashion portable to Linux/*BSD/Solaris/etc.)
We also get rid of the version of getopt() we supply for Windows in
favor of the version of getopt_long() we provide.
Some libpcap headers use them, and even if we change libpcap to use
uintN_t, we don't require that tcpdump 4.x go with libpcap 1.x - we
allow people to install the latest tcpdump even if they have an older
libpcap and don't want to install a newer one.
However, we now define them in terms of the C99 uintN_t types, rather
than trying to guess what's appropriate; using unsigned long long for
u_int64_t meant that, on some platforms, u_int64_t didn't match
PRI[doux]64, and using unsigned long obviously won't work on ILP32
platforms.
Also, we already had calls to the autoconf macros for C99 types; get rid
of the ones we added.
Also also, clean up a comment in tcpdump-stdinc.h.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Use the header file for information about LINKTYPE_NFLOG files.
Don't build the NFLOG printer if we don't have that header file.
Fix some checks for pcap/XXX.h header files to look for
"tcpdump-stdinc.h" rather than <tcpdump-stdinc.h>, so that we don't fail
to find that header.
AC_PROG_CC adds -g and -O2 to CFLAGS if you're using GCC; don't bother
adding either of them, or -O, ourselves if we're using GCC.
Add -O for all non-GCC compilers.
Don't assume we have <stdint.h>. Instead, use the AC_TYPE_ macros to
ensure we have the C99 intN_t and uintN_t types; we already include
<inttypes.h> in tcpdump-stdinc.h iff we have it.
Get rid of the structure declarations in openflow-1.0.h, as they have
zero-length arrays (not supported by all the compilers people might be
using) and as
1) they're only used in sizeof()
and
2) after each one there's an assertion to check that sizeof()
returns a specific numerical value
so, instead, just #define various _LEN items to those numerical values
and use them.
Add an openflow.h header with a #define for the length of the basic
header, and move the declaration of of10_header_body_print() there.
Some versions of Sun C support __attribute__ but don't support the
"unused" or "format" attributes - they don't fail, but they whine a lot.
They also support the "noreturn" attribute, but don't allow it to be
applied to function pointers, only to functions.
Check whether they can be used without warnings, and use them only if
they can.
