In the last couple years it had been proved that any decoder can
potentially have buffer overflows, hence let's not emphasize one of them
more than the others.
Apparently, the test for pcap_dump_ftell() cannot succeed if the test
program isn't linked with libpcap, this depending on the output of
pcap-config. That's why all pcap_* function checks come after the
pcap-config check.
This explains why in my working copy a ./configure build of the previous
commit tree with the master branch of libpcap found that the function
was "missing" and tried to substitute it with the local implementation
and eventually failed trying to link with libpcap that actually had the
function.
However, this does not explain why all 32 Travis CI builds of the same
tree passed, including the builds that used autotools.
It looks like CMake after commit 3e9e2b6 started to use the newly added
missing/pcap_dump_ftell.c to make pcap_dump_ftell() available in tcpdump
if libpcap does not have it. However, autotools continued to use the
previously existing ./pcap_dump_ftell.c for the same purpose. Remove the
previously existing file and amend autotools files to cover
pcap_dump_ftell() the same way as the other functions in the missing/
directory files.
Amend missing/pcap_dump_ftell.c not to use pcap_dump_file(), as it may be
unavailable.
This has been tested to work with libpcap 0.6.1.
Index is displayed always, name only if available.
Warn about possible wrong interfaces when in reading mode
(pcap file can be displayed on a different host then where
was captured) [1].
See: GH the-tcpdump-group/libpcap#127
[1] https://lists.sandelman.ca/pipermail/tcpdump-workers/2018-July/001019.html
Signed-off-by: Petr Vorel <pvorel@suse.cz>
Suggested-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Denis Ovsienko <denis@ovsienko.info>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's not specified by a libpcap header that might have a different
layout in different pcap releases, it's specified on the list of
link-layer header types and must remain the same forever (except for
getting additional bits defined), so we don't need to pick it up from
libpcap.
This means we get to use tcpdump's nd_ types; do so.
It's not specified by a libpcap header that might have a different
layout in different pcap releases, it's specified on the list of
link-layer header types and must remain the same forever (except for
getting additional bits defined), so we don't need to pick it up from
libpcap.
This means we get to use tcpdump's nd_ types; do so.
We only use it in addrtoname.c to declare ether_ntohost(), so there's no
need to check for it unless we have ether_ntohost() and there's no other
header that declares it.
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make tcpdump reflect that.
While we're at it, uppdate to use "macOS" as the name of Apple's
UNIX-for-Macs, as appropriate (don't use it for versions that were still
called Mac OS X or OS X).
Use AC_PROG_CC_C99, to try to get the appropriate flags to make C99 the
C version for which we compile. (XXX - should we fail if we don't get
support for C99?)
If we don't have dnet_htoa(), we don't need any of the headers. Check
for them only if we have dnet_htoa().
Use AC_CHECK_DECL to see if netdnet/dnetdb.h declares dnet_htoa().
Check for netdnet/dn.h and, if we have it, check whether it declares
struct dn_naddr; if so, include it, rather than defining the structure
ourselves.
Don't define union etheraddr ourselves; we only need to define an
etheraddr typedef. That avoids colliding with a libdnet header
definition of union etheraddr. (When we use etheraddr, we care about
what's on the wire, and we don't rely on system headers to tell us
what's on the wire.)
We have four possibilities:
1) local library, with a pcap-config;
2) local library, without a pcap-config;
3) installed library, with a pcap-config;
4) installed library, without a pcap-config.
If we have a local library, i.e. one in ../libpcap{whatever}, we:
add -I flags to the C compiler flags to point it at whatever
directories in ../libpcap{whatever};
add ../libpcap{whatever}/libpcap.a to $LIBS and:
if it has a pcap-config, we use it, with --additional-libraries,
to find the additional libraries with which we need to link;
otherwise, we do the usual OS-dependent hacks to try to figure
out with what additional flags we need to link;
and add them to $LIBS after libpcap.a.
If we have an installed library:
if it has a pcap-config we use it, with --cflags, to find what flags
to add to the C compiler flags, and use it, with --libs, to see what
flags to add to $LIBS;
if it doesn't have a pcap-config, we search for -lpcap and, if that
succeeds, we assume the headers are under /usr/local/include or
/usr/include, search for them there, and, if we don't find pcap.h
there, we look for it in a pcap subdirectory under there, and add
the appropriate -I flag to the C compiler flags, and then do the
usual OS-dependent hacks to try to figure out with what additional
flags we need to link.
While we're at it, we do the libdlpi check only on Solaris, as part of
"the usual OS-dependent hacks".
We assume "not on Windows" means "on UN*X", which means we have alarm()
(we don't care about V6 and earlier; 1978 called, they want their UNIX
back). If somebody wants to support something that's neither UN*X nor
Windows, they'll need to contribute support, properly checking for that
other OS.
Use the two-argument version of AC_INIT() - which requires autoconf 2.64
or later, so require that as a minimum - and get the version string from
the VERSION file. Use AC_CONFIG_SRCDIR() to say that the source
directory needs tcpdump.c; the two-argument version of AC_INIT() doesn't
do that.
This means that we no longer have a version.c file.
Some time between the mid 1980's and 1990 called; they want their
old-fashioned UNIX signal handling back. ANSI C has had signal handlers
returning void sincer, well, 1989, and POSIX has had sigaction() since
close to forever. No need to worry about really old UN*Xes here.
On Windows, it's also void (as per ANSI C); use signal().
If we have a libpcap with <pcap/pcap-inttypes.h>, include it, so that we
don't have to worry about definitions colliding if we later include a
pcap header file that includes pcap/pcap-inttypes.h.
Otherwise, do the same stuff pcap-inttypes.h does. This means that, on
UN*X, we require that there be an <inttypes.h> that defines everything
we need.
Don't bother doing checks that are no longer necessary as a result of
those changes.
Handle attributes for function pointers the same way we handle
attributes for functions, by explicitly checking for the compiler
version with #if rather than with a configure script check. That's one
fewer thing that, if you're not using autoconf, has to be done in some
other fashion.
While we're at it, put NORETURN in the right place to have it work with
Microsoft Visual Studio as well as various UN*X compilers.
The documentation claims that recent GCC is now better by default at
spotting cases of code flow falling through (which is true) and that it
avoids false positives by matching nearby source code comments with
regexps. However, the latter feature doesn't seem to work as reliably
as the manual describes it, so let's have a macro for this purpose.
Tested to work on:
* x86_64, Fedora 26, GCC 7.1.1 (w/__attribute__, w/fallthrough)
* x86_64, Ubuntu 16.04, GCC 5.4.0 (w/__attribute__, w/o fallthrough)
* x86_64, FreeBSD 11.0, CLang 3.8.0 (w/__attribute__, w/o fallthrough)
* SPARC, Solaris 10, SolStudio 12.4 (w/__attribute__, w/o fallthrough)
* SPARC, Solaris 10, SunStudio 11 (w/o __attribute__)
Provide better detailed guidelines in CONTRIBUTING and update a number
of other files to refer to that file so that the directions are now
more uniform.
The patch allows tcpdump to run sandboxed and still do name resolution.
The code is obtained from FreeBSD tree, where it was developed by
Pawel Jakub Dawidek <pjd@FreeBSD.org>
Mariusz Zaborski <oshogbo@FreeBSD.org>
Avoid 'Undefined symbol _mcount' with some Solaris compilers.
The '-pedantic' option is unknown to the comiler, but by coincidence
starts with a '-p' (gather performance data). When a file is compiled
with '-p' but is linked without '-p', 'Undefined symbol _mcount' occurs.
Add support for an argument to --with-crypto, so that if you have one
version of libcrypto installed under /usr and another version installed
under /usr/local, you can force tcpdump to be built with the /usr/local
version.
Also, refer both to OpenSSL and libressl in comments and messages.
In 1.1.x, EVP_CIPHER_CTX is an opaque structure, so we can't declare it
on the stack.
Instead, if we don't have EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free()
in libcrypto, define our own versions, with the same signatures as the
ones in OpenSSL 1.1.x's libcrypto, and have the code use
EVP_CIPHER_CTX_new() to allocate the structure and EVP_CIPHER_CTX_free()
to free it.
Newer versions of libpcap, when configured to provide debugging
printouts for the filter expression parser or optimizer, provide
routines to set the "debug the parser" and "debug the optimizer" flags;
use them if the library has them. If the library doesn't have them, do
our best to try to use the older mechanisms for requesting debugging, if
present.
