From ac9b3dcd8acaf63244e99a20d24ca8b1d4e37b7b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 15:58:26 +0000 Subject: import tcpdump-4.5.1-3.el7 --- diff --git a/SOURCES/0001-Introduce-time-stamp-precision.patch b/SOURCES/0001-Introduce-time-stamp-precision.patch new file mode 100644 index 0000000..7fb4edf --- /dev/null +++ b/SOURCES/0001-Introduce-time-stamp-precision.patch @@ -0,0 +1,184 @@ +From 9784ac1d98ae256e9e9f1830e7bab3b6bc20ec6c Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 19 Mar 2014 14:14:25 +0100 +Subject: [PATCH 1/4] Introduce --time-stamp-precision + +A while ago we introduced new API in libpcap which made possible to +request time stamps with higher precision (nanoseconds). This commit +aims to move things forward and implement missing bits. It introduces +new long option --time-stamp-precision. Note that there is no equivalent +short option. + +When used for a live capture tcpdump will ask the kernel for time stamp +with desired precision and tcpdump will print fraction part of the time +stamp using respective format. We currently support only microsecond and +nanosecond precision. In the future we might support even more granular +time stamp precision, but we should be fine to support only +microseconds and nanoseconds for now. libpcap doesn't provide anything +else at the moment anyway. + +When used in combination with -r/-w options then we obtain time stamps +appropriately scaled up or down from libpcap. Also note that distinct +magic number is used for savefiles containing nanosecond time stamps. + +(cherry picked from commit 52b27d11fc50ebc4f1fc54b53fd9437d62dd7f4a) + +Conflicts: + netdissect.h + tcpdump.c +--- + netdissect.h | 1 + + tcpdump.1.in | 9 +++++++++ + tcpdump.c | 41 +++++++++++++++++++++++++++++++++++++++-- + util.c | 9 ++++++--- + 4 files changed, 55 insertions(+), 5 deletions(-) + +diff --git a/netdissect.h b/netdissect.h +index 4fd4726..e0146e7 100644 +--- a/netdissect.h ++++ b/netdissect.h +@@ -123,6 +123,7 @@ struct netdissect_options { + time_t ndo_Gflag_time; /* The last time_t the dump file was rotated. */ + int ndo_Wflag; /* recycle output files after this number of files */ + int ndo_WflagChars; ++ int ndo_tstamp_precision; /* requested time stamp precision */ + int ndo_Hflag; /* dissect 802.11s draft mesh standard */ + int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */ + const char *ndo_dltname; +diff --git a/tcpdump.1.in b/tcpdump.1.in +index a5a0e28..6083474 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -399,6 +399,15 @@ List the supported time stamp types for the interface and exit. If the + time stamp type cannot be set for the interface, no time stamp types are + listed. + .TP ++.BI \-\-time\-stamp\-precision= tstamp_precision ++.PD ++Set the time stamp precision for the capture to ++\fItstamp_precision\fP. Currently supported are microseconds and ++nanoseconds. Note that availability of high precision time stamps (nanoseconds) ++and their actual accuracy is platform and HW dependent. Also note that when ++writing captures to the savefile, distinct magic number is used to distinguish ++savefiles which contains time stamps in nanoseconds. ++.TP + .B \-K + Don't attempt to verify IP, TCP, or UDP checksums. This is useful for + interfaces that perform some or all of those checksum calculation in +diff --git a/tcpdump.c b/tcpdump.c +index 79db6d7..444e1e3 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -73,6 +73,7 @@ extern int SIZE_BUF; + #include + #include + #endif /* WIN32 */ ++#include + + /* capabilities convinience library */ + #ifdef HAVE_CAP_NG_H +@@ -529,6 +530,12 @@ show_dlts_and_exit(const char *device, pcap_t *pd) + #define P_FLAG + #endif + ++#define OPTION_TSTAMP_PRECISION 130 ++ ++static struct option longopts[] = { ++ { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION}, ++}; ++ + #ifndef WIN32 + /* Drop root privileges and chroot if necessary */ + static void +@@ -682,6 +689,18 @@ get_next_file(FILE *VFile, char *ptr) + return ret; + } + ++static int ++tstamp_precision_from_string(const char *precision) ++{ ++ if (strncmp(precision, "nano", strlen("nano")) == 0) ++ return PCAP_TSTAMP_PRECISION_NANO; ++ ++ if (strncmp(precision, "micro", strlen("micro")) == 0) ++ return PCAP_TSTAMP_PRECISION_MICRO; ++ ++ return -EINVAL; ++} ++ + int + main(int argc, char **argv) + { +@@ -747,7 +766,7 @@ main(int argc, char **argv) + #endif + + while ( +- (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1) ++ (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:", longopts, NULL)) != -1) + switch (op) { + + case 'a': +@@ -1128,6 +1147,12 @@ main(int argc, char **argv) + } + break; + ++ case OPTION_TSTAMP_PRECISION: ++ gndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg); ++ if (gndo->ndo_tstamp_precision < 0) ++ error("unsupported time stamp precision"); ++ break; ++ + default: + usage(); + /* NOTREACHED */ +@@ -1213,7 +1238,12 @@ main(int argc, char **argv) + RFileName = VFileLine; + } + +- pd = pcap_open_offline(RFileName, ebuf); ++ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) ++ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_NANO, ebuf); ++ else ++ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_MICRO, ebuf); ++ ++ + if (pd == NULL) + error("%s", ebuf); + dlt = pcap_datalink(pd); +@@ -1262,6 +1292,13 @@ main(int argc, char **argv) + if (Jflag) + show_tstamp_types_and_exit(device, pd); + #endif ++ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) { ++ status = pcap_set_tstamp_precision(pd, PCAP_TSTAMP_PRECISION_NANO); ++ if (status != 0) ++ error("%s: Can't set nanosecond time stamp precision: %s", ++ device, pcap_statustostr(status)); ++ } ++ + /* + * Is this an interface that supports monitor mode? + */ +diff --git a/util.c b/util.c +index a2ef36d..6bc05c0 100644 +--- a/util.c ++++ b/util.c +@@ -146,9 +146,12 @@ fn_printzp(register const u_char *s, register u_int n, + char * + ts_format(register int sec, register int usec) + { +- static char buf[sizeof("00:00:00.000000")]; +- (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d.%06u", +- sec / 3600, (sec % 3600) / 60, sec % 60, usec); ++ static char buf[sizeof("00:00:00.000000000")]; ++ const char *format = gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO ? ++ "%02d:%02d:%02d.%09u" : "%02d:%02d:%02d.%06u"; ++ ++ snprintf(buf, sizeof(buf), format, ++ sec / 3600, (sec % 3600) / 60, sec % 60, usec); + + return buf; + } +-- +2.4.3 + diff --git a/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch b/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch new file mode 100644 index 0000000..bc507fb --- /dev/null +++ b/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch @@ -0,0 +1,50 @@ +From 3699eaccf3e0833604d74fcd483152972721869a Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Wed, 25 Jun 2014 11:45:29 -0700 +Subject: [PATCH 2/4] Give more details for --time-stamp-precision. + +(cherry picked from commit e76768c97a70934b8f3a41fe2df705c61a924a47) + +[msekleta: replaced .LP with .IP to fix indentation of paragraphs] +--- + tcpdump.1.in | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/tcpdump.1.in b/tcpdump.1.in +index 6083474..4f0648c 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -400,13 +400,23 @@ time stamp type cannot be set for the interface, no time stamp types are + listed. + .TP + .BI \-\-time\-stamp\-precision= tstamp_precision +-.PD +-Set the time stamp precision for the capture to +-\fItstamp_precision\fP. Currently supported are microseconds and +-nanoseconds. Note that availability of high precision time stamps (nanoseconds) +-and their actual accuracy is platform and HW dependent. Also note that when +-writing captures to the savefile, distinct magic number is used to distinguish +-savefiles which contains time stamps in nanoseconds. ++When capturing, set the time stamp precision for the capture to ++\fItstamp_precision\fP. Note that availability of high precision time ++stamps (nanoseconds) and their actual accuracy is platform and hardware ++dependent. Also note that when writing captures made with nanosecond ++accuracy to a savefile, the time stamps are written with nanosecond ++resolution, and the file is written with a different magic number, to ++indicate that the time stamps are in seconds and nanoseconds; not all ++programs that read pcap savefiles will be able to read those captures. ++.IP ++When reading a savefile, convert time stamps to the precision specified ++by \fItimestamp_precision\fP, and display them with that resolution. If ++the precision specified is less than the precision of time stamps in the ++file, the conversion will lose precision. ++.IP ++The supported values for \fItimestamp_precision\fP are \fBmicro\fP for ++microsecond resolution and \fBnano\fP for nanosecond resolution. The ++default is microsecond resolution. + .TP + .B \-K + Don't attempt to verify IP, TCP, or UDP checksums. This is useful for +-- +2.4.3 + diff --git a/SOURCES/0003-Check-for-TLV-length-too-small.patch b/SOURCES/0003-Check-for-TLV-length-too-small.patch new file mode 100644 index 0000000..9c85e94 --- /dev/null +++ b/SOURCES/0003-Check-for-TLV-length-too-small.patch @@ -0,0 +1,57 @@ +From 009b632b5c7cf5151699b660a4c885ba57f9f836 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Thu, 14 Aug 2014 17:14:32 -0700 +Subject: [PATCH 3/4] Check for TLV length too small. + +The TLV length includes the T and the L, so it must be at least 4. + +This means we don't need the "avoid infinite loop" check later; that +check was wrong, as per GitHub issue #401 and #402; this fixes #402, +which has a different patch for that bug. + +(cherry picked from commit 5511e8f79f0ac96671bab23223397881eba8b806) + +[msekleta: replaced ND_PRINT by printfs] +--- + print-cdp.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/print-cdp.c b/print-cdp.c +index 152b2f9..5a0eaea 100644 +--- a/print-cdp.c ++++ b/print-cdp.c +@@ -111,6 +111,21 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) + goto trunc; + type = EXTRACT_16BITS(tptr); + len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */ ++ ++ if (len < 4) { ++ if (vflag) ++ printf("\n\t%s (0x%02x), length: %u byte%s (too short)", ++ tok2str(cdp_tlv_values,"unknown field type", type), ++ type, ++ len, ++ PLURAL_SUFFIX(len)); /* plural */ ++ else ++ printf(", %s TLV length %u too short", ++ tok2str(cdp_tlv_values,"unknown field type", type), ++ len); ++ break; ++ } ++ + tptr += 4; + len -= 4; + +@@ -222,9 +237,6 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) + break; + } + } +- /* avoid infinite loop */ +- if (len == 0) +- break; + tptr = tptr+len; + } + if (vflag < 1) +-- +2.4.3 + diff --git a/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch b/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch new file mode 100644 index 0000000..ba81646 --- /dev/null +++ b/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch @@ -0,0 +1,79 @@ +From b49ff8d0b6ab53d95f3b4b97d889926f70112ae4 Mon Sep 17 00:00:00 2001 +From: Jamie Bainbridge +Date: Thu, 14 Aug 2014 20:47:57 +1000 +Subject: [PATCH 4/4] Print checksum in hex, and print the actual checksum, + plus cleanup + +(cherry picked from commit 24007a9a1249ed8733ff0039812ba92544a38bbe) + +Conflicts: + print-cdp.c +--- + print-cdp.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/print-cdp.c b/print-cdp.c +index 5a0eaea..0f44ba6 100644 +--- a/print-cdp.c ++++ b/print-cdp.c +@@ -44,6 +44,8 @@ static const char rcsid[] _U_ = + #include "nlpid.h" + + #define CDP_HEADER_LEN 4 ++#define CDP_HEADER_LEN 4 ++#define CDP_HEADER_OFFSET 2 + + static const struct tok cdp_tlv_values[] = { + { 0x01, "Device-ID"}, +@@ -102,15 +104,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) + goto trunc; + printf("CDPv%u, ttl: %us", *tptr, *(tptr+1)); + if (vflag) +- printf(", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length); ++ printf(", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET), length); + tptr += CDP_HEADER_LEN; + + while (tptr < (pptr+length)) { + +- if (!TTEST2(*tptr, 4)) /* read out Type and Length */ ++ if (!TTEST2(*tptr, CDP_HEADER_LEN)) /* read out Type and Length */ + goto trunc; + type = EXTRACT_16BITS(tptr); +- len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */ ++ len = EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET); /* object length includes the 4 bytes header length */ + + if (len < 4) { + if (vflag) +@@ -126,8 +128,8 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) + break; + } + +- tptr += 4; +- len -= 4; ++ tptr += CDP_HEADER_LEN; ++ len -= CDP_HEADER_LEN; + + if (!TTEST2(*tptr, len)) + goto trunc; +@@ -184,15 +186,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) + break; + case 0x08: /* Protocol Hello Option - not documented */ + break; +- case 0x09: /* VTP Mgmt Domain - not documented */ ++ case 0x09: /* VTP Mgmt Domain - CDPv2 */ + printf("'"); + fn_printn(tptr, len, NULL); + printf("'"); + break; +- case 0x0a: /* Native VLAN ID - not documented */ ++ case 0x0a: /* Native VLAN ID - CDPv2 */ + printf("%d",EXTRACT_16BITS(tptr)); + break; +- case 0x0b: /* Duplex - not documented */ ++ case 0x0b: /* Duplex - CDPv2 */ + printf("%s", *(tptr) ? "full": "half"); + break; + +-- +2.4.3 + diff --git a/SPECS/tcpdump.spec b/SPECS/tcpdump.spec index 078bf38..7e32478 100644 --- a/SPECS/tcpdump.spec +++ b/SPECS/tcpdump.spec @@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 Version: 4.5.1 -Release: 2%{?dist} +Release: 3%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet @@ -20,6 +20,10 @@ Patch4: tcpdump-4.4.0-eperm.patch Patch5: tcpslice-1.2a3-time.patch Patch6: tcpslice-CVS.20010207-bpf.patch Patch7: tcpslice-1.2a3-dateformat.patch +Patch8: 0001-Introduce-time-stamp-precision.patch +Patch9: 0002-Give-more-details-for-time-stamp-precision.patch +Patch10: 0003-Check-for-TLV-length-too-small.patch +Patch11: 0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch %define tcpslice_dir tcpslice-1.2a3 @@ -38,6 +42,10 @@ Install tcpdump if you need a program to monitor network traffic. %patch2 -p1 -b .icmp6msec %patch3 -p1 -b .gethostby %patch4 -p1 -b .eperm +%patch8 -p1 -b .tstamp +%patch9 -p1 -b .tstamp-details +%patch10 -p1 -b .cdp +%patch11 -p1 -b .cdp-checksum pushd %{tcpslice_dir} %patch5 -p1 -b .time @@ -95,6 +103,10 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Thu Jun 18 2015 Michal Sekletar - 14:4.5.1-3 +- add support for nano second timestamps (#1151406) +- fix cdp dissector, allow zero-length data frames (#1231246) + * Fri Jan 24 2014 Daniel Mach - 14:4.5.1-2 - Mass rebuild 2014-01-24