diff --git a/.gitignore b/.gitignore index 83ac48e..1141b51 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/tcpdump-4.5.1.tar.gz +SOURCES/tcpdump-4.9.0.tar.gz SOURCES/tcpslice-1.2a3.tar.gz diff --git a/.tcpdump.metadata b/.tcpdump.metadata index b278621..223998b 100644 --- a/.tcpdump.metadata +++ b/.tcpdump.metadata @@ -1,2 +1,2 @@ -46d5ec107c6a1b262ad8da799f74c5d01cce8815 SOURCES/tcpdump-4.5.1.tar.gz +2c4193685edb1040506a9ec0f15cd85825085697 SOURCES/tcpdump-4.9.0.tar.gz 98790301cb1bf4399a95153bc62d49b3f5808994 SOURCES/tcpslice-1.2a3.tar.gz diff --git a/SOURCES/0001-Introduce-time-stamp-precision.patch b/SOURCES/0001-Introduce-time-stamp-precision.patch deleted file mode 100644 index 7fb4edf..0000000 --- a/SOURCES/0001-Introduce-time-stamp-precision.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 9784ac1d98ae256e9e9f1830e7bab3b6bc20ec6c Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 19 Mar 2014 14:14:25 +0100 -Subject: [PATCH 1/4] Introduce --time-stamp-precision - -A while ago we introduced new API in libpcap which made possible to -request time stamps with higher precision (nanoseconds). This commit -aims to move things forward and implement missing bits. It introduces -new long option --time-stamp-precision. Note that there is no equivalent -short option. - -When used for a live capture tcpdump will ask the kernel for time stamp -with desired precision and tcpdump will print fraction part of the time -stamp using respective format. We currently support only microsecond and -nanosecond precision. In the future we might support even more granular -time stamp precision, but we should be fine to support only -microseconds and nanoseconds for now. libpcap doesn't provide anything -else at the moment anyway. - -When used in combination with -r/-w options then we obtain time stamps -appropriately scaled up or down from libpcap. Also note that distinct -magic number is used for savefiles containing nanosecond time stamps. - -(cherry picked from commit 52b27d11fc50ebc4f1fc54b53fd9437d62dd7f4a) - -Conflicts: - netdissect.h - tcpdump.c ---- - netdissect.h | 1 + - tcpdump.1.in | 9 +++++++++ - tcpdump.c | 41 +++++++++++++++++++++++++++++++++++++++-- - util.c | 9 ++++++--- - 4 files changed, 55 insertions(+), 5 deletions(-) - -diff --git a/netdissect.h b/netdissect.h -index 4fd4726..e0146e7 100644 ---- a/netdissect.h -+++ b/netdissect.h -@@ -123,6 +123,7 @@ struct netdissect_options { - time_t ndo_Gflag_time; /* The last time_t the dump file was rotated. */ - int ndo_Wflag; /* recycle output files after this number of files */ - int ndo_WflagChars; -+ int ndo_tstamp_precision; /* requested time stamp precision */ - int ndo_Hflag; /* dissect 802.11s draft mesh standard */ - int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */ - const char *ndo_dltname; -diff --git a/tcpdump.1.in b/tcpdump.1.in -index a5a0e28..6083474 100644 ---- a/tcpdump.1.in -+++ b/tcpdump.1.in -@@ -399,6 +399,15 @@ List the supported time stamp types for the interface and exit. If the - time stamp type cannot be set for the interface, no time stamp types are - listed. - .TP -+.BI \-\-time\-stamp\-precision= tstamp_precision -+.PD -+Set the time stamp precision for the capture to -+\fItstamp_precision\fP. Currently supported are microseconds and -+nanoseconds. Note that availability of high precision time stamps (nanoseconds) -+and their actual accuracy is platform and HW dependent. Also note that when -+writing captures to the savefile, distinct magic number is used to distinguish -+savefiles which contains time stamps in nanoseconds. -+.TP - .B \-K - Don't attempt to verify IP, TCP, or UDP checksums. This is useful for - interfaces that perform some or all of those checksum calculation in -diff --git a/tcpdump.c b/tcpdump.c -index 79db6d7..444e1e3 100644 ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -73,6 +73,7 @@ extern int SIZE_BUF; - #include - #include - #endif /* WIN32 */ -+#include - - /* capabilities convinience library */ - #ifdef HAVE_CAP_NG_H -@@ -529,6 +530,12 @@ show_dlts_and_exit(const char *device, pcap_t *pd) - #define P_FLAG - #endif - -+#define OPTION_TSTAMP_PRECISION 130 -+ -+static struct option longopts[] = { -+ { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION}, -+}; -+ - #ifndef WIN32 - /* Drop root privileges and chroot if necessary */ - static void -@@ -682,6 +689,18 @@ get_next_file(FILE *VFile, char *ptr) - return ret; - } - -+static int -+tstamp_precision_from_string(const char *precision) -+{ -+ if (strncmp(precision, "nano", strlen("nano")) == 0) -+ return PCAP_TSTAMP_PRECISION_NANO; -+ -+ if (strncmp(precision, "micro", strlen("micro")) == 0) -+ return PCAP_TSTAMP_PRECISION_MICRO; -+ -+ return -EINVAL; -+} -+ - int - main(int argc, char **argv) - { -@@ -747,7 +766,7 @@ main(int argc, char **argv) - #endif - - while ( -- (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1) -+ (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:", longopts, NULL)) != -1) - switch (op) { - - case 'a': -@@ -1128,6 +1147,12 @@ main(int argc, char **argv) - } - break; - -+ case OPTION_TSTAMP_PRECISION: -+ gndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg); -+ if (gndo->ndo_tstamp_precision < 0) -+ error("unsupported time stamp precision"); -+ break; -+ - default: - usage(); - /* NOTREACHED */ -@@ -1213,7 +1238,12 @@ main(int argc, char **argv) - RFileName = VFileLine; - } - -- pd = pcap_open_offline(RFileName, ebuf); -+ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) -+ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_NANO, ebuf); -+ else -+ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_MICRO, ebuf); -+ -+ - if (pd == NULL) - error("%s", ebuf); - dlt = pcap_datalink(pd); -@@ -1262,6 +1292,13 @@ main(int argc, char **argv) - if (Jflag) - show_tstamp_types_and_exit(device, pd); - #endif -+ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) { -+ status = pcap_set_tstamp_precision(pd, PCAP_TSTAMP_PRECISION_NANO); -+ if (status != 0) -+ error("%s: Can't set nanosecond time stamp precision: %s", -+ device, pcap_statustostr(status)); -+ } -+ - /* - * Is this an interface that supports monitor mode? - */ -diff --git a/util.c b/util.c -index a2ef36d..6bc05c0 100644 ---- a/util.c -+++ b/util.c -@@ -146,9 +146,12 @@ fn_printzp(register const u_char *s, register u_int n, - char * - ts_format(register int sec, register int usec) - { -- static char buf[sizeof("00:00:00.000000")]; -- (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d.%06u", -- sec / 3600, (sec % 3600) / 60, sec % 60, usec); -+ static char buf[sizeof("00:00:00.000000000")]; -+ const char *format = gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO ? -+ "%02d:%02d:%02d.%09u" : "%02d:%02d:%02d.%06u"; -+ -+ snprintf(buf, sizeof(buf), format, -+ sec / 3600, (sec % 3600) / 60, sec % 60, usec); - - return buf; - } --- -2.4.3 - diff --git a/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch new file mode 100644 index 0000000..c5e54ae --- /dev/null +++ b/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch @@ -0,0 +1,26 @@ +From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:34:24 +0200 +Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from + ICMPv6 as milliseconds + +--- + print-icmp6.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/print-icmp6.c b/print-icmp6.c +index 7fe639d..cfaa2df 100644 +--- a/print-icmp6.c ++++ b/print-icmp6.c +@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo, + p = (const struct nd_router_advert *)dp; + ND_TCHECK(p->nd_ra_retransmit); + ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ +- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", ++ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", + (u_int)p->nd_ra_curhoplimit, + bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), + get_rtpref(p->nd_ra_flags_reserved), +-- +2.9.3 + diff --git a/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch b/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch deleted file mode 100644 index bc507fb..0000000 --- a/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3699eaccf3e0833604d74fcd483152972721869a Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Wed, 25 Jun 2014 11:45:29 -0700 -Subject: [PATCH 2/4] Give more details for --time-stamp-precision. - -(cherry picked from commit e76768c97a70934b8f3a41fe2df705c61a924a47) - -[msekleta: replaced .LP with .IP to fix indentation of paragraphs] ---- - tcpdump.1.in | 24 +++++++++++++++++------- - 1 file changed, 17 insertions(+), 7 deletions(-) - -diff --git a/tcpdump.1.in b/tcpdump.1.in -index 6083474..4f0648c 100644 ---- a/tcpdump.1.in -+++ b/tcpdump.1.in -@@ -400,13 +400,23 @@ time stamp type cannot be set for the interface, no time stamp types are - listed. - .TP - .BI \-\-time\-stamp\-precision= tstamp_precision --.PD --Set the time stamp precision for the capture to --\fItstamp_precision\fP. Currently supported are microseconds and --nanoseconds. Note that availability of high precision time stamps (nanoseconds) --and their actual accuracy is platform and HW dependent. Also note that when --writing captures to the savefile, distinct magic number is used to distinguish --savefiles which contains time stamps in nanoseconds. -+When capturing, set the time stamp precision for the capture to -+\fItstamp_precision\fP. Note that availability of high precision time -+stamps (nanoseconds) and their actual accuracy is platform and hardware -+dependent. Also note that when writing captures made with nanosecond -+accuracy to a savefile, the time stamps are written with nanosecond -+resolution, and the file is written with a different magic number, to -+indicate that the time stamps are in seconds and nanoseconds; not all -+programs that read pcap savefiles will be able to read those captures. -+.IP -+When reading a savefile, convert time stamps to the precision specified -+by \fItimestamp_precision\fP, and display them with that resolution. If -+the precision specified is less than the precision of time stamps in the -+file, the conversion will lose precision. -+.IP -+The supported values for \fItimestamp_precision\fP are \fBmicro\fP for -+microsecond resolution and \fBnano\fP for nanosecond resolution. The -+default is microsecond resolution. - .TP - .B \-K - Don't attempt to verify IP, TCP, or UDP checksums. This is useful for --- -2.4.3 - diff --git a/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch new file mode 100644 index 0000000..28bce58 --- /dev/null +++ b/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -0,0 +1,106 @@ +From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:12:46 +0200 +Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr + +--- + addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 46 insertions(+), 2 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index 6975b71..949acb7 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -220,7 +220,6 @@ static uint32_t f_localnet; + const char * + getname(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + uint32_t addr; + struct hnamemem *p; + +@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap) + */ + if (!ndo->ndo_nflag && + (addr & f_netmask) == f_localnet) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin_family = AF_INET; ++ sa.sin_addr.s_addr = addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, 4, AF_INET); + if (hp) { + char *dotp; +@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + p->name = strdup(intoa(addr)); + if (p->name == NULL) +@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap) + const char * + getname6(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + union { + struct in6_addr addr; + struct for_hash_addr { +@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap) + * Do not print names if -n was given. + */ + if (!ndo->ndo_nflag) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in6 sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin6_family = AF_INET6; ++ sa.sin6_addr = addr.addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); + if (hp) { + char *dotp; +@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf)); + p->name = strdup(cp); +-- +2.9.3 + diff --git a/SOURCES/0003-Check-for-TLV-length-too-small.patch b/SOURCES/0003-Check-for-TLV-length-too-small.patch deleted file mode 100644 index 9c85e94..0000000 --- a/SOURCES/0003-Check-for-TLV-length-too-small.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 009b632b5c7cf5151699b660a4c885ba57f9f836 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Thu, 14 Aug 2014 17:14:32 -0700 -Subject: [PATCH 3/4] Check for TLV length too small. - -The TLV length includes the T and the L, so it must be at least 4. - -This means we don't need the "avoid infinite loop" check later; that -check was wrong, as per GitHub issue #401 and #402; this fixes #402, -which has a different patch for that bug. - -(cherry picked from commit 5511e8f79f0ac96671bab23223397881eba8b806) - -[msekleta: replaced ND_PRINT by printfs] ---- - print-cdp.c | 18 +++++++++++++++--- - 1 file changed, 15 insertions(+), 3 deletions(-) - -diff --git a/print-cdp.c b/print-cdp.c -index 152b2f9..5a0eaea 100644 ---- a/print-cdp.c -+++ b/print-cdp.c -@@ -111,6 +111,21 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) - goto trunc; - type = EXTRACT_16BITS(tptr); - len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */ -+ -+ if (len < 4) { -+ if (vflag) -+ printf("\n\t%s (0x%02x), length: %u byte%s (too short)", -+ tok2str(cdp_tlv_values,"unknown field type", type), -+ type, -+ len, -+ PLURAL_SUFFIX(len)); /* plural */ -+ else -+ printf(", %s TLV length %u too short", -+ tok2str(cdp_tlv_values,"unknown field type", type), -+ len); -+ break; -+ } -+ - tptr += 4; - len -= 4; - -@@ -222,9 +237,6 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) - break; - } - } -- /* avoid infinite loop */ -- if (len == 0) -- break; - tptr = tptr+len; - } - if (vflag < 1) --- -2.4.3 - diff --git a/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch b/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch deleted file mode 100644 index ba81646..0000000 --- a/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch +++ /dev/null @@ -1,79 +0,0 @@ -From b49ff8d0b6ab53d95f3b4b97d889926f70112ae4 Mon Sep 17 00:00:00 2001 -From: Jamie Bainbridge -Date: Thu, 14 Aug 2014 20:47:57 +1000 -Subject: [PATCH 4/4] Print checksum in hex, and print the actual checksum, - plus cleanup - -(cherry picked from commit 24007a9a1249ed8733ff0039812ba92544a38bbe) - -Conflicts: - print-cdp.c ---- - print-cdp.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/print-cdp.c b/print-cdp.c -index 5a0eaea..0f44ba6 100644 ---- a/print-cdp.c -+++ b/print-cdp.c -@@ -44,6 +44,8 @@ static const char rcsid[] _U_ = - #include "nlpid.h" - - #define CDP_HEADER_LEN 4 -+#define CDP_HEADER_LEN 4 -+#define CDP_HEADER_OFFSET 2 - - static const struct tok cdp_tlv_values[] = { - { 0x01, "Device-ID"}, -@@ -102,15 +104,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) - goto trunc; - printf("CDPv%u, ttl: %us", *tptr, *(tptr+1)); - if (vflag) -- printf(", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length); -+ printf(", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET), length); - tptr += CDP_HEADER_LEN; - - while (tptr < (pptr+length)) { - -- if (!TTEST2(*tptr, 4)) /* read out Type and Length */ -+ if (!TTEST2(*tptr, CDP_HEADER_LEN)) /* read out Type and Length */ - goto trunc; - type = EXTRACT_16BITS(tptr); -- len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */ -+ len = EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET); /* object length includes the 4 bytes header length */ - - if (len < 4) { - if (vflag) -@@ -126,8 +128,8 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) - break; - } - -- tptr += 4; -- len -= 4; -+ tptr += CDP_HEADER_LEN; -+ len -= CDP_HEADER_LEN; - - if (!TTEST2(*tptr, len)) - goto trunc; -@@ -184,15 +186,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen) - break; - case 0x08: /* Protocol Hello Option - not documented */ - break; -- case 0x09: /* VTP Mgmt Domain - not documented */ -+ case 0x09: /* VTP Mgmt Domain - CDPv2 */ - printf("'"); - fn_printn(tptr, len, NULL); - printf("'"); - break; -- case 0x0a: /* Native VLAN ID - not documented */ -+ case 0x0a: /* Native VLAN ID - CDPv2 */ - printf("%d",EXTRACT_16BITS(tptr)); - break; -- case 0x0b: /* Duplex - not documented */ -+ case 0x0b: /* Duplex - CDPv2 */ - printf("%s", *(tptr) ? "full": "half"); - break; - --- -2.4.3 - diff --git a/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch new file mode 100644 index 0000000..d6973ac --- /dev/null +++ b/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch @@ -0,0 +1,88 @@ +From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:43:04 +0200 +Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3 + +--- + tcpslice-1.2a3/search.c | 22 +++++++++++++++------- + tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++ + 2 files changed, 35 insertions(+), 7 deletions(-) + +diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c +index 1e2d051..23aa105 100644 +--- a/tcpslice-1.2a3/search.c ++++ b/tcpslice-1.2a3/search.c +@@ -53,7 +53,7 @@ static const char rcsid[] = + /* Size of a packet header in bytes; easier than typing the sizeof() all + * the time ... + */ +-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) ++#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) + + extern int snaplen; + +@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time + static void + extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) + { +- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); ++ struct pcap_sf_pkthdr hdri; ++ ++ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); + + if ( pcap_is_swapped( p ) ) + { +- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); +- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); +- hdr->len = SWAPLONG(hdr->len); +- hdr->caplen = SWAPLONG(hdr->caplen); ++ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); ++ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); ++ hdr->len = SWAPLONG(hdri.len); ++ hdr->caplen = SWAPLONG(hdri.caplen); ++ } ++ else ++ { ++ hdr->ts.tv_sec = hdri.ts.tv_sec; ++ hdr->ts.tv_usec = hdri.ts.tv_usec; ++ hdr->len = hdri.len; ++ hdr->caplen = hdri.caplen; + } +- + /* + * From bpf/libpcap/savefile.c: + * +diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h +index de4a01c..9dcd1a1 100644 +--- a/tcpslice-1.2a3/tcpslice.h ++++ b/tcpslice-1.2a3/tcpslice.h +@@ -20,6 +20,26 @@ + */ + + ++#include ++/* #include */ ++ ++/* ++ * This is a timeval as stored in disk in a dumpfile. ++ * It has to use the same types everywhere, independent of the actual ++ * `struct timeval' ++ */ ++ ++struct pcap_timeval { ++ bpf_int32 tv_sec; /* seconds */ ++ bpf_int32 tv_usec; /* microseconds */ ++}; ++ ++struct pcap_sf_pkthdr { ++ struct pcap_timeval ts; /* time stamp */ ++ bpf_u_int32 caplen; /* length of portion present */ ++ bpf_u_int32 len; /* length this packet (off wire) */ ++}; ++ + time_t gwtm2secs( struct tm *tm ); + + int sf_find_end( struct pcap *p, struct timeval *first_timestamp, +-- +2.9.3 + diff --git a/SOURCES/0005-tcpslice-remove-unneeded-include.patch b/SOURCES/0005-tcpslice-remove-unneeded-include.patch new file mode 100644 index 0000000..2413575 --- /dev/null +++ b/SOURCES/0005-tcpslice-remove-unneeded-include.patch @@ -0,0 +1,26 @@ +From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:06:54 +0200 +Subject: [PATCH 5/8] tcpslice: remove unneeded include + +net/bpf.h doesn't exist on Linux. +--- + tcpslice-1.2a3/tcpslice.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index e73d76f..895e54f 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -35,8 +35,6 @@ static const char rcsid[] = + #include + #include + +-#include +- + #include + #ifdef HAVE_FCNTL_H + #include +-- +2.9.3 + diff --git a/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch new file mode 100644 index 0000000..60efc1c --- /dev/null +++ b/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch @@ -0,0 +1,27 @@ +From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:19:44 +0200 +Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL + +--- + tcpslice-1.2a3/tcpslice.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index 895e54f..a91439b 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr) + + while (isdigit(*t_stop)) + ++t_stop; +- if (! t_stop) ++ ++ if (!(*t_stop)) ++ /* we've reached end of string -> bad date format */ + error("bad date format %s, problem starting at %s", + time_string, t_start); + +-- +2.9.3 + diff --git a/SOURCES/0007-Introduce-nn-option.patch b/SOURCES/0007-Introduce-nn-option.patch new file mode 100644 index 0000000..1e64d8b --- /dev/null +++ b/SOURCES/0007-Introduce-nn-option.patch @@ -0,0 +1,55 @@ +From 9ea43c6c97d3653cb58c1934f8770b951917bf9a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:26:38 +0200 +Subject: [PATCH 7/8] Introduce -nn option + +This changes the semantics on -n option so only namelookups are skipped. Port +numbers *are* translated to their string representations. Option -nn then has +the same semantics as -n had originally. +--- + addrtoname.c | 4 ++-- + tcpdump.1.in | 6 +++++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index 949acb7..9dd78d8 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -810,7 +810,7 @@ init_servarray(netdissect_options *ndo) + + while (table->name) + table = table->nxt; +- if (ndo->ndo_nflag) { ++ if (ndo->ndo_nflag > 1) { + (void)snprintf(buf, sizeof(buf), "%d", port); + table->name = strdup(buf); + } else +@@ -1233,7 +1233,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) + f_localnet = localnet; + f_netmask = mask; + } +- if (ndo->ndo_nflag) ++ if (ndo->ndo_nflag > 1) + /* + * Simplest way to suppress names. + */ +diff --git a/tcpdump.1.in b/tcpdump.1.in +index ca5cff2..c711a24 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -547,7 +547,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in + TCP segments with the TCP-MD5 option (RFC 2385), if present. + .TP + .B \-n +-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. ++Don't convert host addresses to names. This can be used to avoid ++DNS lookups. ++.TP ++.B \-nn ++Don't convert protocol and port numbers etc. to names either. + .TP + .B \-N + Don't print domain name qualification of host names. +-- +2.9.3 + diff --git a/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch new file mode 100644 index 0000000..2e4551c --- /dev/null +++ b/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch @@ -0,0 +1,36 @@ +From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 3 Feb 2017 09:43:03 +0100 +Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping + it + +--- + tcpdump.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/tcpdump.c b/tcpdump.c +index 29f7f87..18c4a5c 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir) + int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); + if (ret < 0) { + fprintf(stderr, "error : ret %d\n", ret); +- } else { +- fprintf(stderr, "dropped privs to %s\n", username); + } + } + #else +@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir) + pcap_strerror(errno)); + exit_tcpdump(1); + } +- else { +- fprintf(stderr, "dropped privs to %s\n", username); +- } + #endif /* HAVE_LIBCAP_NG */ + } + else { +-- +2.9.3 + diff --git a/SOURCES/0009-Change-P-to-Q-and-print-warning.patch b/SOURCES/0009-Change-P-to-Q-and-print-warning.patch new file mode 100644 index 0000000..f443700 --- /dev/null +++ b/SOURCES/0009-Change-P-to-Q-and-print-warning.patch @@ -0,0 +1,107 @@ +From 3dae043c2a0c4d855719f5f34b6702995c82b7bb Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Feb 2017 11:01:19 +0100 +Subject: [PATCH] Change -P to -Q and print warning + +Guy Harris points that -P is already taken by MacOS derived work and +that the only remaining single-letter option is -Q (see GH #252). Fix +some formatting while at it. +--- + tcpdump.1.in | 4 ++-- + tcpdump.c | 23 +++++++++++++---------- + 2 files changed, 15 insertions(+), 12 deletions(-) + +diff --git a/tcpdump.1.in b/tcpdump.1.in +index c711a24..10b7542 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -74,7 +74,7 @@ tcpdump \- dump traffic on a network + .B \-\-number + ] + [ +-.B \-Q ++.B \-Q|\-P + .I in|out|inout + ] + .ti +8 +@@ -586,7 +586,7 @@ Note that the interface might be in promiscuous + mode for some other reason; hence, `-p' cannot be used as an abbreviation for + `ether host {local-hw-addr} or ether broadcast'. + .TP +-.BI \-Q " direction" ++.BI \-Q|\-P " direction" + .PD 0 + .TP + .BI \-\-direction= direction +diff --git a/tcpdump.c b/tcpdump.c +index 18c4a5c..816fbe1 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -157,7 +157,7 @@ static int Jflag; /* list available time stamp types */ + static int jflag = -1; /* packet time stamp source */ + static int pflag; /* don't go promiscuous */ + #ifdef HAVE_PCAP_SETDIRECTION +-static int Qflag = -1; /* restrict captured packet by send/receive direction */ ++static int PQflag = -1; /* restrict captured packet by send/receive direction */ + #endif + static int Uflag; /* "unbuffered" output of dump files */ + static int Wflag; /* recycle output files after this number of files */ +@@ -518,12 +518,12 @@ show_devices_and_exit (void) + #endif + + #ifdef HAVE_PCAP_SETDIRECTION +-#define Q_FLAG "Q:" ++#define PQ_FLAG "P:Q:" + #else +-#define Q_FLAG ++#define PQ_FLAG + #endif + +-#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#" ++#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" PQ_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#" + + /* + * Long options. +@@ -1068,8 +1068,8 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf) + pcap_statustostr(status)); + } + #ifdef HAVE_PCAP_SETDIRECTION +- if (Qflag != -1) { +- status = pcap_setdirection(pc, Qflag); ++ if (PQflag != -1) { ++ status = pcap_setdirection(pc, PQflag); + if (status != 0) + error("%s: pcap_setdirection() failed: %s", + device, pcap_geterr(pc)); +@@ -1353,13 +1353,16 @@ main(int argc, char **argv) + break; + + #ifdef HAVE_PCAP_SETDIRECTION ++ case 'P': ++ fprintf(stderr, "Warning: -P switch is not compatible with the upstream version. You should use -Q instead.\n"); ++ /* Intentional fall through */ + case 'Q': + if (ascii_strcasecmp(optarg, "in") == 0) +- Qflag = PCAP_D_IN; ++ PQflag = PCAP_D_IN; + else if (ascii_strcasecmp(optarg, "out") == 0) +- Qflag = PCAP_D_OUT; ++ PQflag = PCAP_D_OUT; + else if (ascii_strcasecmp(optarg, "inout") == 0) +- Qflag = PCAP_D_INOUT; ++ PQflag = PCAP_D_INOUT; + else + error("unknown capture direction `%s'", optarg); + break; +@@ -2639,7 +2642,7 @@ print_usage(void) + "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ] [ --number ]\n"); + #ifdef HAVE_PCAP_SETDIRECTION + (void)fprintf(stderr, +-"\t\t[ -Q in|out|inout ]\n"); ++"\t\t[ -Q|-P in|out|inout ]\n"); + #endif + (void)fprintf(stderr, + "\t\t[ -r file ] [ -s snaplen ] "); +-- +2.9.3 + diff --git a/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch b/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch new file mode 100644 index 0000000..3814cd1 --- /dev/null +++ b/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch @@ -0,0 +1,27 @@ +From a27f780ce55de779c8ce56a8594ef13cefb21fdf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Apr 2017 09:19:48 +0200 +Subject: [PATCH 1/3] Change -n flag to -nn in TESTonce + +We need to change this because we have a different meaning of -n +flag than upstream does. We use -nn in those cases. +--- + tests/TESTonce | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/TESTonce b/tests/TESTonce +index 78ad075..ad8a471 100755 +--- a/tests/TESTonce ++++ b/tests/TESTonce +@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') { + else { + # we used to do this as a nice pipeline, but the problem is that $r fails to + # to be set properly if the tcpdump core dumps. +- $r = system "../tcpdump 2>/dev/null -n -r $input $options >NEW/$output"; ++ $r = system "../tcpdump 2>/dev/null -nn -r $input $options >NEW/$output"; + if($r == 0x100) { + # this means tcpdump exited with code 1. + open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n"; +-- +1.8.3.1 + diff --git a/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch b/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch new file mode 100644 index 0000000..05ab05c --- /dev/null +++ b/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch @@ -0,0 +1,46 @@ +From 64c07ad272eef3a781792059a584b220974eeedb Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Apr 2017 09:37:53 +0200 +Subject: [PATCH 2/3] Expect miliseconds instead of seconds in icmp capture. + +Again this is caused by our patch, so we need to modify tests +accordingly. +--- + tests/icmpv6.out | 2 +- + tests/icmpv6_opt24-v.out | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/icmpv6.out b/tests/icmpv6.out +index bb7775e..8979540 100644 +--- a/tests/icmpv6.out ++++ b/tests/icmpv6.out +@@ -1,5 +1,5 @@ + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176 +- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s ++ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms + prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s + 0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222 + 0x0010: 3333 4444 5555 6600 0000 0000 0000 +diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out +index 2b7cf09..00512df 100644 +--- a/tests/icmpv6_opt24-v.out ++++ b/tests/icmpv6_opt24-v.out +@@ -1,5 +1,5 @@ + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 +- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s ++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms + source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 + mtu option (5), length 8 (1): 1500 + prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s +@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87 + rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1 + dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan. + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 +- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s ++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms + source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 + mtu option (5), length 8 (1): 1500 + prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s +-- +1.8.3.1 + diff --git a/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch b/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch new file mode 100644 index 0000000..f0437bd --- /dev/null +++ b/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch @@ -0,0 +1,46 @@ +From 453bdd1bd7cb6f713b56829ae6a728df8c621df0 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Apr 2017 09:42:57 +0200 +Subject: [PATCH 3/3] Disable tests that require newer version of libpcap. + +As can be seen from ltrace: +pcap_compile(0x25d4250, 0x7ffc966dcba0, "geneve && tcp", 1, nil) = -1 +these two filters (geneve) cannot be compiled, but it is not a tcpdump +fault. +--- + tests/TESTLIST | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/tests/TESTLIST b/tests/TESTLIST +index ba29da4..0a1e2f1 100644 +--- a/tests/TESTLIST ++++ b/tests/TESTLIST +@@ -300,8 +300,9 @@ aoe_1-v AoE_Linux.pcap aoe_1-v.out -t -v + + # Geneve tests + geneve-v geneve.pcap geneve-vv.out -t -vv +-geneve-vni geneve.pcap geneve-vni.out -t geneve 0xb +-geneve-tcp geneve.pcap geneve-tcp.out -t "geneve && tcp" ++# These filters cannot be compiled by our libpcap ++# geneve-vni geneve.pcap geneve-vni.out -t geneve 0xb ++# geneve-tcp geneve.pcap geneve-tcp.out -t "geneve && tcp" + + # DHCP tests + dhcp-rfc3004 dhcp-rfc3004.pcap dhcp-rfc3004-v.out -t -v +@@ -355,11 +356,11 @@ lisp_ipv6_eid lisp_ipv6.pcap lisp_ipv6.out -t -v + + # pcap invalid versions (first: version = 1.4 ; second: version = 2.5) + pcap-invalid-version-1 pcap-invalid-version-1.pcap pcap-invalid-version-1.out -t +-pcap-invalid-version-2 pcap-invalid-version-2.pcap pcap-invalid-version-2.out -t ++# pcap-invalid-version-2 pcap-invalid-version-2.pcap pcap-invalid-version-2.out -t + + # pcap-ng invalid version (first: version = 0.1 ; second: version = 1.1) + pcap-ng-invalid-vers-1 pcap-ng-invalid-vers-1.pcap pcap-ng-invalid-vers-1.out -t +-pcap-ng-invalid-vers-2 pcap-ng-invalid-vers-2.pcap pcap-ng-invalid-vers-2.out -t ++# pcap-ng-invalid-vers-2 pcap-ng-invalid-vers-2.pcap pcap-ng-invalid-vers-2.out -t + + # NSH over VxLAN-GPE + nsh-over-vxlan-gpe nsh-over-vxlan-gpe.pcap nsh-over-vxlan-gpe.out -t +-- +1.8.3.1 + diff --git a/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch b/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch new file mode 100644 index 0000000..3bc0ed5 --- /dev/null +++ b/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch @@ -0,0 +1,38 @@ +From 65cf72e5f47449ef053c099126949431e1d4d50b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 9 May 2017 10:17:42 +0200 +Subject: [PATCH] Make default capture buffer size bigger. + +--- + tcpdump.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tcpdump.c b/tcpdump.c +index c7e2ebd..d0def76 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -130,6 +130,7 @@ The Regents of the University of California. All rights reserved.\n"; + #endif + + static int Bflag; /* buffer size */ ++#define DEFAULT_CAPTURE_BUFFER_SIZE 4*1024*1024 + static int Cflag; /* rotate dump files after this many bytes */ + static int Cflag_count; /* Keep track of which file number we're writing */ + static int Dflag; /* list available devices and exit */ +@@ -1020,7 +1021,12 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf) + if (status != 0) + error("%s: Can't set buffer size: %s", + device, pcap_statustostr(status)); +- } ++ } else { ++ Bflag = DEFAULT_CAPTURE_BUFFER_SIZE; ++ status = pcap_set_buffer_size(pc, Bflag); ++ if (status != 0) ++ fprintf(stderr, "Can't set buffer size to %d, using system default.\n", DEFAULT_CAPTURE_BUFFER_SIZE); ++ } + #ifdef HAVE_PCAP_SET_TSTAMP_TYPE + if (jflag != -1) { + status = pcap_set_tstamp_type(pc, jflag); +-- +2.9.3 + diff --git a/SOURCES/tcpdump-4.0.0-icmp6msec.patch b/SOURCES/tcpdump-4.0.0-icmp6msec.patch deleted file mode 100644 index 912bd94..0000000 --- a/SOURCES/tcpdump-4.0.0-icmp6msec.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up tcpdump/print-icmp6.c.icmp6msec tcpdump/print-icmp6.c ---- tcpdump/print-icmp6.c.icmp6msec 2009-08-19 00:02:37.000000000 +0200 -+++ tcpdump/print-icmp6.c 2009-08-20 16:33:59.000000000 +0200 -@@ -397,7 +397,7 @@ icmp6_print(const u_char *bp, u_int leng - p = (struct nd_router_advert *)dp; - TCHECK(p->nd_ra_retransmit); - printf("\n\thop limit %u, Flags [%s]" \ -- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", -+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", - (u_int)p->nd_ra_curhoplimit, - bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), - get_rtpref(p->nd_ra_flags_reserved), diff --git a/SOURCES/tcpdump-4.0.0-portnumbers.patch b/SOURCES/tcpdump-4.0.0-portnumbers.patch deleted file mode 100644 index 22bd2f2..0000000 --- a/SOURCES/tcpdump-4.0.0-portnumbers.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up tcpdump-3.9.8/addrtoname.c.portnumbers tcpdump-3.9.8/addrtoname.c ---- tcpdump-3.9.8/addrtoname.c.portnumbers 2007-09-26 03:59:52.000000000 +0200 -+++ tcpdump-3.9.8/addrtoname.c 2008-08-29 13:53:12.000000000 +0200 -@@ -704,7 +704,7 @@ init_servarray(void) - - while (table->name) - table = table->nxt; -- if (nflag) { -+ if (nflag > 1) { - (void)snprintf(buf, sizeof(buf), "%d", port); - table->name = strdup(buf); - } else -@@ -1104,7 +1104,7 @@ init_addrtoname(u_int32_t localnet, u_in - f_localnet = localnet; - f_netmask = mask; - } -- if (nflag) -+ if (nflag > 1) - /* - * Simplest way to suppress names. - */ -diff -up tcpdump-3.9.8/tcpdump.1.portnumbers tcpdump-3.9.8/tcpdump.1 ---- tcpdump-3.9.8/tcpdump.1.in.portnumbers 2008-08-29 13:53:12.000000000 +0200 -+++ tcpdump-3.9.8/tcpdump.1.in 2008-08-29 13:53:12.000000000 +0200 -@@ -403,7 +403,11 @@ Use \fIsecret\fP as a shared secret for - TCP segments with the TCP-MD5 option (RFC 2385), if present. - .TP - .B \-n --Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. -+Don't convert host addresses to names. This can be used to avoid -+DNS lookups. -+.TP -+.B \-nn -+Don't convert protocol and port numbers etc. to names either. - .TP - .B \-N - Don't print domain name qualification of host names. diff --git a/SOURCES/tcpdump-4.4.0-eperm.patch b/SOURCES/tcpdump-4.4.0-eperm.patch deleted file mode 100644 index 5750a8a..0000000 --- a/SOURCES/tcpdump-4.4.0-eperm.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in ---- tcpdump-4.4.0/tcpdump.1.in.eperm 2013-10-07 15:21:26.795602764 +0200 -+++ tcpdump-4.4.0/tcpdump.1.in 2013-10-07 15:21:26.800602762 +0200 -@@ -221,6 +221,9 @@ have the name specified with the - flag, with a number after it, starting at 1 and continuing upward. - The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, - not 1,048,576 bytes). -+ -+Note that when used with \fB\-Z\fR option (enabled by default), privileges -+are dropped before opening first savefile. - .TP - .B \-d - Dump the compiled packet-matching code in a human readable form to -@@ -720,7 +723,9 @@ but before opening any savefiles for out - and the group ID to the primary group of - .IR user . - .IP --This behavior can also be enabled by default at compile time. -+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can -+be disabled by \fB\-Z root\fR. -+ - .IP "\fI expression\fP" - .RS - selects which packets will be dumped. -diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c ---- tcpdump-4.4.0/tcpdump.c.eperm 2013-03-24 22:49:18.000000000 +0100 -+++ tcpdump-4.4.0/tcpdump.c 2013-10-07 15:22:26.360590143 +0200 -@@ -1426,11 +1426,24 @@ main(int argc, char **argv) - } - #endif /* HAVE_CAP_NG_H */ - -- if (getuid() == 0 || geteuid() == 0) { -- if (username || chroot_dir) -+ /* If user is running tcpdump as root and wants to write to the savefile, -+ * we will check if -C is set and if it is, we will drop root -+ * privileges right away and consequent call to pcap_dump_open() -+ * will most likely fail for the first file. If -C flag is not set we -+ * will create file as root then change ownership of file to proper -+ * user(default tcpdump) and drop root privileges. -+ */ -+ int chown_flag = 0; -+ -+ if (WFileName && (getuid() == 0 || geteuid() == 0)) -+ if (Cflag && (username || chroot_dir)) -+ droproot(username, chroot_dir); -+ else -+ chown_flag = 1; -+ else -+ if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir)) - droproot(username, chroot_dir); - -- } - #endif /* WIN32 */ - - if (pcap_setfilter(pd, &fcode) < 0) -@@ -1450,6 +1463,21 @@ main(int argc, char **argv) - MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); - - p = pcap_dump_open(pd, dumpinfo.CurrentFileName); -+ -+ /* Change ownership of file and drop root privileges */ -+ if (chown_flag) { -+ struct passwd *pwd; -+ -+ pwd = getpwnam(username); -+ if (!pwd) -+ error("Couldn't find user '%s'", username); -+ -+ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) -+ error("Couldn't change ownership of savefile"); -+ -+ if (username || chroot_dir) -+ droproot(username, chroot_dir); -+ } - #ifdef HAVE_CAP_NG_H - /* Give up capabilities, clear Effective set */ - capng_clear(CAPNG_EFFECTIVE); diff --git a/SOURCES/tcpdump-4.5.0-gethostby.patch b/SOURCES/tcpdump-4.5.0-gethostby.patch deleted file mode 100644 index f1cf324..0000000 --- a/SOURCES/tcpdump-4.5.0-gethostby.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -up tcpdump-4.5.0/addrtoname.c.gethostby tcpdump-4.5.0/addrtoname.c ---- tcpdump-4.5.0/addrtoname.c.gethostby 2013-11-08 09:03:52.166752012 +0100 -+++ tcpdump-4.5.0/addrtoname.c 2013-11-08 09:04:57.792747210 +0100 -@@ -224,7 +224,6 @@ static u_int32_t f_localnet; - const char * - getname(const u_char *ap) - { -- register struct hostent *hp; - u_int32_t addr; - static struct hnamemem *p; /* static for longjmp() */ - -@@ -246,6 +245,28 @@ getname(const u_char *ap) - */ - if (!nflag && - (addr & f_netmask) == f_localnet) { -+#ifdef HAVE_GETNAMEINFO -+ struct sockaddr_in sa; -+ char hbuf[NI_MAXHOST]; -+ -+ memset(&sa, 0, sizeof (sa)); -+ sa.sin_family = AF_INET; -+ sa.sin_addr.s_addr = addr; -+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), -+ hbuf, sizeof (hbuf), NULL, 0, 0)) { -+ if (Nflag) { -+ char *dotp; -+ -+ /* Remove domain qualifications */ -+ dotp = strchr(hbuf, '.'); -+ if (dotp) -+ *dotp = '\0'; -+ } -+ p->name = strdup(hbuf); -+ return p->name; -+ } -+#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, 4, AF_INET); - if (hp) { - char *dotp; -@@ -259,6 +280,7 @@ getname(const u_char *ap) - } - return (p->name); - } -+#endif - } - p->name = strdup(intoa(addr)); - return (p->name); -@@ -272,7 +294,6 @@ getname(const u_char *ap) - const char * - getname6(const u_char *ap) - { -- register struct hostent *hp; - union { - struct in6_addr addr; - struct for_hash_addr { -@@ -297,6 +318,28 @@ getname6(const u_char *ap) - * Do not print names if -n was given. - */ - if (!nflag) { -+#ifdef HAVE_GETNAMEINFO -+ struct sockaddr_in6 sa; -+ char hbuf[NI_MAXHOST]; -+ -+ memset(&sa, 0, sizeof (sa)); -+ sa.sin6_family = AF_INET6; -+ sa.sin6_addr = addr.addr; -+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), -+ hbuf, sizeof (hbuf), NULL, 0, 0)) { -+ if (Nflag) { -+ char *dotp; -+ -+ /* Remove domain qualifications */ -+ dotp = strchr(hbuf, '.'); -+ if (dotp) -+ *dotp = '\0'; -+ } -+ p->name = strdup(hbuf); -+ return p->name; -+ } -+#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); - if (hp) { - char *dotp; -@@ -310,6 +353,7 @@ getname6(const u_char *ap) - } - return (p->name); - } -+#endif - } - cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); - p->name = strdup(cp); diff --git a/SOURCES/tcpslice-1.2a3-dateformat.patch b/SOURCES/tcpslice-1.2a3-dateformat.patch deleted file mode 100644 index dd59457..0000000 --- a/SOURCES/tcpslice-1.2a3-dateformat.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up tcpslice-1.2a3/tcpslice.c.orig tcpslice-1.2a3/tcpslice.c ---- tcpslice-1.2a3/tcpslice.c.orig 2005-10-25 00:06:26.000000000 +0200 -+++ tcpslice-1.2a3/tcpslice.c 2011-08-24 13:12:53.215962428 +0200 -@@ -404,7 +404,9 @@ fill_tm(char *time_string, int is_delta, - - while (isdigit(*t_stop)) - ++t_stop; -- if (! t_stop) -+ -+ if (!(*t_stop)) -+ /* we've reached end of string -> bad date format */ - error("bad date format %s, problem starting at %s", - time_string, t_start); - diff --git a/SOURCES/tcpslice-1.2a3-time.patch b/SOURCES/tcpslice-1.2a3-time.patch deleted file mode 100644 index c59448d..0000000 --- a/SOURCES/tcpslice-1.2a3-time.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- tcpslice-1.2a3.orig/search.c 2000-09-10 10:52:40.000000000 +0200 -+++ tcpslice-1.2a3/search.c 2006-07-28 14:56:55.000000000 +0200 -@@ -53,7 +53,7 @@ - /* Size of a packet header in bytes; easier than typing the sizeof() all - * the time ... - */ --#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) -+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) - - extern int snaplen; - -@@ -111,16 +111,24 @@ - static void - extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) - { -- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); -+ struct pcap_sf_pkthdr hdri; -+ -+ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); - - if ( pcap_is_swapped( p ) ) - { -- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); -- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); -- hdr->len = SWAPLONG(hdr->len); -- hdr->caplen = SWAPLONG(hdr->caplen); -+ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); -+ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); -+ hdr->len = SWAPLONG(hdri.len); -+ hdr->caplen = SWAPLONG(hdri.caplen); -+ } -+ else -+ { -+ hdr->ts.tv_sec = hdri.ts.tv_sec; -+ hdr->ts.tv_usec = hdri.ts.tv_usec; -+ hdr->len = hdri.len; -+ hdr->caplen = hdri.caplen; - } -- - /* - * From bpf/libpcap/savefile.c: - * ---- tcpslice-1.2a3.orig/tcpslice.h 1995-11-02 00:40:53.000000000 +0100 -+++ tcpslice-1.2a3/tcpslice.h 2006-07-28 14:56:55.000000000 +0200 -@@ -20,6 +20,26 @@ - */ - - -+#include -+/* #include */ -+ -+/* -+ * This is a timeval as stored in disk in a dumpfile. -+ * It has to use the same types everywhere, independent of the actual -+ * `struct timeval' -+ */ -+ -+struct pcap_timeval { -+ bpf_int32 tv_sec; /* seconds */ -+ bpf_int32 tv_usec; /* microseconds */ -+}; -+ -+struct pcap_sf_pkthdr { -+ struct pcap_timeval ts; /* time stamp */ -+ bpf_u_int32 caplen; /* length of portion present */ -+ bpf_u_int32 len; /* length this packet (off wire) */ -+}; -+ - time_t gwtm2secs( struct tm *tm ); - - int sf_find_end( struct pcap *p, struct timeval *first_timestamp, diff --git a/SOURCES/tcpslice-CVS.20010207-bpf.patch b/SOURCES/tcpslice-CVS.20010207-bpf.patch deleted file mode 100644 index 8aaad3b..0000000 --- a/SOURCES/tcpslice-CVS.20010207-bpf.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur tcpdump-3.8.1/tcpslice/tcpslice.c tcpdump-3.8.1.new/tcpslice/tcpslice.c ---- tcpslice/tcpslice.c 2004-01-15 17:35:53.000000000 +0100 -+++ tcpslice/tcpslice.c 2004-01-15 16:12:57.000000000 +0100 -@@ -35,7 +35,7 @@ - #include - #include - --#include -+/* #include */ - - #include - #ifdef HAVE_FCNTL_H diff --git a/SPECS/tcpdump.spec b/SPECS/tcpdump.spec index 7e32478..63cdd6c 100644 --- a/SPECS/tcpdump.spec +++ b/SPECS/tcpdump.spec @@ -1,29 +1,30 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 -Version: 4.5.1 -Release: 3%{?dist} +Version: 4.9.0 +Release: 5%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet Requires(pre): shadow-utils -BuildRequires: openssl-devel libpcap-devel -BuildRequires: automake sharutils +BuildRequires: automake sharutils openssl-devel libcap-ng-devel libpcap-devel git Source0: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz -Patch1: tcpdump-4.0.0-portnumbers.patch -Patch2: tcpdump-4.0.0-icmp6msec.patch -Patch3: tcpdump-4.5.0-gethostby.patch -Patch4: tcpdump-4.4.0-eperm.patch -Patch5: tcpslice-1.2a3-time.patch -Patch6: tcpslice-CVS.20010207-bpf.patch -Patch7: tcpslice-1.2a3-dateformat.patch -Patch8: 0001-Introduce-time-stamp-precision.patch -Patch9: 0002-Give-more-details-for-time-stamp-precision.patch -Patch10: 0003-Check-for-TLV-length-too-small.patch -Patch11: 0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch +Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +# Patch 0003 removed +Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +Patch0005: 0005-tcpslice-remove-unneeded-include.patch +Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +Patch0007: 0007-Introduce-nn-option.patch +Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +Patch0009: 0009-Change-P-to-Q-and-print-warning.patch +Patch0010: 0010-Change-n-flag-to-nn-in-TESTonce.patch +Patch0011: 0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch +Patch0012: 0012-Disable-tests-that-require-newer-version-of-libpcap.patch +Patch0013: 0013-Make-default-capture-buffer-size-bigger.patch %define tcpslice_dir tcpslice-1.2a3 @@ -36,27 +37,10 @@ the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %prep -%setup -q -a 1 - -%patch1 -p1 -b .portnumbers -%patch2 -p1 -b .icmp6msec -%patch3 -p1 -b .gethostby -%patch4 -p1 -b .eperm -%patch8 -p1 -b .tstamp -%patch9 -p1 -b .tstamp-details -%patch10 -p1 -b .cdp -%patch11 -p1 -b .cdp-checksum - -pushd %{tcpslice_dir} -%patch5 -p1 -b .time -%patch6 -p1 -b .bpf -%patch7 -p1 -b .dateformat -popd - -find . -name '*.c' -o -name '*.h' | xargs chmod 644 +%autosetup -a 1 -S git %build -export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing" +export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing -DHAVE_GETNAMEINFO" pushd %{tcpslice_dir} # update config.{guess,sub} @@ -69,7 +53,7 @@ popd make %{?_smp_mflags} %check -#make check +make check %install mkdir -p ${RPM_BUILD_ROOT}%{_libdir} @@ -103,6 +87,33 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Tue May 09 2017 Martin Sehnoutka - 14:4.9.0-5 +- Resolves: #1441597; use bigger capture buffer than in upstream + +* Thu Apr 20 2017 Martin Sehnoutka - 14:4.9.0-4 +- Drop downstream patch (drop root privileges) +- Add libcap-ng as a new build dependency +- Related: #1262283 + +* Tue Apr 11 2017 root - 14:4.9.0-3 +- Fix tests according to our patches and libpcap version + +* Fri Mar 17 2017 Martin Sehnoutka - 14:4.9.0-2 +- Use getnameinfo instead of gethostbyaddr + +* Mon Feb 20 2017 Martin Sehnoutka - 14:4.9.0-1 +- New upstream version 4.9.0. Resolves: #1422473 +- Add legacy -P switch with warning. Related to #1422473 and #1292056 + +* Wed Jan 04 2017 Martin Sehnoutka - 14:4.5.1-6 +- Drop root before creating any dump file. Resolves: #1262283 + +* Wed Jan 04 2017 Martin Sehnoutka - 14:4.5.1-5 +- Use -Q instead of -P to set capture direction. Resolves: #1292056 + +* Fri Dec 09 2016 Martin Sehnoutka - 14:4.5.1-4 +- Fix segfault with --help option. Resolves: #1297812 + * Thu Jun 18 2015 Michal Sekletar - 14:4.5.1-3 - add support for nano second timestamps (#1151406) - fix cdp dissector, allow zero-length data frames (#1231246)