As it turns out, most FreeBSD/CMake tcpdump builds were emitting some
warnings. This was difficult to notice because make returned success
regardless of the warnings because the compiler never received -Werror
because there was no way to tell CMake to append any compiler flags at
the build time, but not at the buildsystem generation time. In other
words, the command "make CFLAGS=-Werror" had the same effect as just
"make".
Implement the desired behaviour with "cmake -DEXTRA_CFLAGS='xyz'" and
set the variable in build.sh when and as required. Reword the comment
for clarity and define two known exemptions.
Failed to start an instance: [...]
Number of vCPUs should be multiple of 2 if greater than 2, while 3.0 is
requested. Memory size for 3.0 vCPU instance should be between 2816MiB
and 19968MiB, while 2048MiB is requested.
...because the former uses PRINTFLIKE_FUNCPTR(). However, it didn't
have the #include. However, the problem was not visible because most
files that included netdissect.h also included (directly or through
another header) funcattrs.h beforehand. The only exceptions were the
following two files, which apparently have not been compiled anywhere
for a long time:
In file included from missing/strdup.c:38:
./netdissect.h:254:8: error: expected ':', ',', ';', '}' or
'__attribute__' before 'PRINTFLIKE_FUNCPTR'
In file included from missing/snprintf.c:45:
./netdissect.h:254:8: error: expected ':', ',', ';', '}' or
'__attribute__' before 'PRINTFLIKE_FUNCPTR'
Add the missing #include to netdissect.h to eliminate this space for
failure.
XL C 16.1.1 Community Edition for Linux generated three warnings for
every file:
In file included from ./tcpdump.c:155:
./netdissect.h:254:8: warning: 1540-2990 The attribute
"__attribute__((format(printf, 2, 3)))" is not supported. The
attribute is ignored.
PRINTFLIKE_FUNCPTR(2, 3);
^
./netdissect.h:259:10: warning: 1540-2990 The attribute
" __attribute__((format(printf, 3, 4)))" is not supported.
The attribute is ignored.
PRINTFLIKE_FUNCPTR(3, 4);
^
./netdissect.h:263:9: warning: 1540-2990 The attribute
" __attribute__((format(printf, 2, 3)))" is not supported. The
attribute is ignored.
PRINTFLIKE_FUNCPTR(2, 3);
^
As it turns out, this is a bug in the compiler. In compiler-tests.h
update ND_IS_AT_LEAST_XL_C_VERSION() to tell newer XL C versions. In
funcattrs.h exempt XL C 16.1 from PRINTFLIKE_FUNCPTR().
In the course of preparing these changes notice that XL C uses the Clang
block in diag-control.h (XL C mimics both Clang and GCC to some extent),
although the behaviour is different between the two compilers. Add a new
block for XL C there.
In build_common.sh add more comments to explain XL C quirks and detect
XL C for Linux too so it receives the right CFLAGS. Update CHANGES to
mention this and earlier improvements.
This way if an iteration includes a local libpcap, the latter is always
compiled with the same CC. This works around odd linking problems on
AIX 7 and Solaris 9 and 10 when one C compiler is GCC and the other is
the vendor's compiler, for example:
* GCC used for libpcap, XL C used for tcpdump:
ld: 0711-317 ERROR: Undefined symbol: .__udivdi3
ld: 0711-317 ERROR: Undefined symbol: .__umoddi3
* GCC used for libpcap, Sun C used for tcpdump:
Undefined first referenced
symbol in file
__ctzsi2 ../libpcap/libpcap.a(optimize.o)
__udivdi3 ../libpcap/libpcap.a(sf-pcapng.o)
__umoddi3 ../libpcap/libpcap.a(sf-pcapng.o)
ld: fatal: Symbol referencing errors. No output written to conftest
Similar issues associated with a mix of GCC and Clang had happened on
FreeBSD/AArch64 earlier (addressed in tcpslice commit 75b7771), and
still seem to happen on OpenBSD/AArch64. Hopefully removing the
toolchain mix from the problem space will make it easier to fix other
problems.
Call print_so_deps() just after "make install", so if dynamic linking
has failed for some reason, the failure to run tcpdump binary will not
prevent printing the details. Lose "tcpdump --version" because version
information is a part of "tcpdump -h" output.
-- Installing: /tmp/tcpdump_build_matrix.XXyKaiEo/bin/tcpdump
-- Set runtime path of "/tmp/tcpdump_build_matrix.XXyKaiEo/bin/tcpdump" to ""
-- Installing: /tmp/tcpdump_build_matrix.XXyKaiEo/share/man/man1/tcpdump.1
$ /tmp/tcpdump_build_matrix.XXyKaiEo/bin/tcpdump --version
ld.so.1: tcpdump: fatal: libpcap.so.1: open failed: No such file or directory
GCC 8.3.0 on AIX 7.1 produced a warning for every file that has a call
to nd_trunc_longjmp():
In file included from ./cpack.c:39:
./extract.h: In function 'nd_trunc_longjmp':
./extract.h:586:1: warning: 'noreturn' function does return
As far as longjmp(3) man page and <setjmp.h> header go, longjmp() is as
noreturn in AIX as everywhere else, but not in a way that GCC can tell.
Disabling -Wsuggest-attribute=noreturn and -Wmissing-noreturn had no
apparent effect, so instead of using diag-control.h add an infinite loop
on AIX to squelch the warning.
In build_common.sh add minimal heuristics to print_cc_version() to help
it run the right command; add cc_id() and cc_werr_cflags() to pick the
right CFLAGS for the current compiler instead of the previously
hard-coded "-Werror". Add some comments.
In build.sh remove the CFLAGS exemptions for AIX and Solaris 9 builds,
which are in a better shape now and can complete specific subsets of the
full matrix without a warning. Set CFLAGS from cc_werr_cflags() to make
the best effort to catch as many warnings as possible. Let's see how well
that works.
Sun C 5.9 does not support C99. GCC 4.6.4 recognizes -std=gnu99, but
does not support the z length modifier in printf(3). In either case 18
tests fail in the following manner:
< [...]: domain [length 0 < 12] (invalid)
---
> [...]: domain [length 0 < zu] (invalid)
Make these tests conditional and disable them when HAVE_NO_PRINTF_Z is
defined. Modify the Autoconf leg of the build process to define the
macro when printf() does not handle %zu as expected. The CMake leg looks
broken on Solaris 9 with 2.8.9 now, so leave it be for now.
That lets us completely control the program that's compiled with the
compiler flag we're testing, so we can make it a minimal program that
uses only prototype declarations and that therefore won't generate
warnings with some -W flags, e.g. -Wold-style-definition, and thus won't
falsely report those flags as unsupported.
It's not a documented feature, but it's what the documented
AC_LANG_WERROR has used for 13 years, and there's no push/pop mechanism
for AC_LANG_WERROR, so you can't ensure that "fail even on warnings"
will be applied *only* in AC_LBL_CHECK_COMPILER_OPT(), as that's what we
want. (If we can make sure that *no* compiler tests will produce
warnings, except for the ones we *want* to fail if they produce
warnings, we could just do AC_LANG_WERROR, but that might be tricky to
ensure in the general case.)
We do this because not all compilers have a command-line flag to force
all warnings, *including* warnings from unknown commad-line flags (I'm
looking at *you* IBM XL C!), so we have to have the test check to make
sure no warnings are produced (which, for AC_TRY_COMPILE(), means
"nothing is written to the standard output").
In addition, AC_TRY_COMPILE() generates a return; don't add one:
If we pass [return 0] to AC_TRY_COMPILE(), the test program it compiles
has two "return 0;" statements in a row, and one of the -W flags we
tests reports a warning for that.
We were testing whether a -W flag is supported by checking the standard
error of the compiler to see if *any* error/warning messages are
generated, and treating the flag as unsupported if any are, that meant
that -Wunreachable-code-return was be treated as unsupported even though
it *is* supported.
This should fix that. (I'm so glad autoconf makes this all so difficult
to do correctly....)
Apparently, it does not like pragmas in the middle of a statement:
./missing/getopt_long.c: In function 'getopt_internal':
./missing/getopt_long.c:572:3: error: 'else' without a previous 'if'
It's explicitly cheating in some places; just cast away the warnings.
Add a Clang version testing macro to compiler-tests.h.
Move the diagnostic control #defines from netdissect-stdinc.h to
diag-control.h, libpcap-style, so that they can be used by code that
doesn't use (or need) netdissect-stdinc.h. This also means that we can
limit the inclusion of diag-control.h, and the definition of those
Do them more libpcap-style, with separate DIAG_OFF/DIAG_ON pairs for
particular issues, rather than having DIAG_OFF() and DIAG_ON() macros
that take -W option names as arguments; that way, if we need to define
them for compilers that don't have the GCC/Clang syntax for those
pragmas, e.g. MSVC, we can do so.
Start using build_common.sh, make default assignments early and
uniformly, use Solaris-compatible command substitution and exports,
install bc on linux-amd64, deduplicate and reformat some long commands.
Run "make -s" without CFLAGS=-Werror when warnings are expected.
This implements initial support for AIX and Solaris in the tcpdump build
matrix scripts.
* AIX 7.1
M4='/opt/freeware/bin/m4' \
MATRIX_CC='gcc' \
MATRIX_CMAKE=no \
MATRIX_BUILD_LIBPCAP=yes \
./build_matrix.sh
* Solaris 9
MATRIX_CC=gcc \
MATRIX_CMAKE=no \
MATRIX_BUILD_LIBPCAP=no \
./build_matrix.sh
* Solaris 10 and 11
MATRIX_CC='gcc' \
MATRIX_CMAKE=no \
./build_matrix.sh
Solaris 9 has Perl 5.6.1, which does not support constant declaration
using a hash reference:
$ make check
./tests/TESTrun
Constant name 'HASH(0x2d8f0)' has invalid characters at ./tests/TESTrun
line 24
BEGIN failed--compilation aborted at ./tests/TESTrun line 24.
*** Error code 255
make: Fatal error: Command failed for target `check'
Declare one constant at a time to work around that and get "make check"
to start running tests (18 of which fail, but that's another issue).
That should squelch Coverity CIDs 1487524 and 1487523; it also means
that we convert the 2-byte fields from little-endian byte order to host
order, and also avoids issues with padding in the structures we use.
Support upper-case suffixes (K/M/G) as well as lower-case suffixes.
Make sure nothing *follows* the suffix.
We don't need to check for the suffix before parsing the number; the
parsing routines stop if they see a non-digit character.
Compiling user-provided source code and running the resulting binary
with sudo was a security problem, thus instead of fixing two no-op
blocks remove them altogether. If anyone later needs to debug features
that require higher privileges, they will need to come up with a better
solution. Simplify the debug output test condition and rephrase the
associated comment for clarity.
Running ldd on Linux only originates from the Travis CI setup, where the
OS was either Linux or macOS. However, ldd is available in BSD systems
too, and macOS seems to have its own tool for the same job.
In the case where the "From DS" bit is not set and the "To DS" bit is set
in the Frame Control Bitmask, the comment line in the corresponding if else
block was misleading that the "From DS" bit is set and the "To DS" bit is
not set.
