diff --git a/.gitignore b/.gitignore
index 83ac48e..1141b51 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/tcpdump-4.5.1.tar.gz
+SOURCES/tcpdump-4.9.0.tar.gz
SOURCES/tcpslice-1.2a3.tar.gz
diff --git a/.tcpdump.metadata b/.tcpdump.metadata
index b278621..223998b 100644
--- a/.tcpdump.metadata
+++ b/.tcpdump.metadata
@@ -1,2 +1,2 @@
-46d5ec107c6a1b262ad8da799f74c5d01cce8815 SOURCES/tcpdump-4.5.1.tar.gz
+2c4193685edb1040506a9ec0f15cd85825085697 SOURCES/tcpdump-4.9.0.tar.gz
98790301cb1bf4399a95153bc62d49b3f5808994 SOURCES/tcpslice-1.2a3.tar.gz
diff --git a/SOURCES/0001-Introduce-time-stamp-precision.patch b/SOURCES/0001-Introduce-time-stamp-precision.patch
deleted file mode 100644
index 7fb4edf..0000000
--- a/SOURCES/0001-Introduce-time-stamp-precision.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From 9784ac1d98ae256e9e9f1830e7bab3b6bc20ec6c Mon Sep 17 00:00:00 2001
-From: Michal Sekletar <sekletar.m@gmail.com>
-Date: Wed, 19 Mar 2014 14:14:25 +0100
-Subject: [PATCH 1/4] Introduce --time-stamp-precision
-
-A while ago we introduced new API in libpcap which made possible to
-request time stamps with higher precision (nanoseconds). This commit
-aims to move things forward and implement missing bits. It introduces
-new long option --time-stamp-precision. Note that there is no equivalent
-short option.
-
-When used for a live capture tcpdump will ask the kernel for time stamp
-with desired precision and tcpdump will print fraction part of the time
-stamp using respective format. We currently support only microsecond and
-nanosecond precision. In the future we might support even more granular
-time stamp precision, but we should be fine to support only
-microseconds and nanoseconds for now. libpcap doesn't provide anything
-else at the moment anyway.
-
-When used in combination with -r/-w options then we obtain time stamps
-appropriately scaled up or down from libpcap. Also note that distinct
-magic number is used for savefiles containing nanosecond time stamps.
-
-(cherry picked from commit 52b27d11fc50ebc4f1fc54b53fd9437d62dd7f4a)
-
-Conflicts:
- netdissect.h
- tcpdump.c
----
- netdissect.h | 1 +
- tcpdump.1.in | 9 +++++++++
- tcpdump.c | 41 +++++++++++++++++++++++++++++++++++++++--
- util.c | 9 ++++++---
- 4 files changed, 55 insertions(+), 5 deletions(-)
-
-diff --git a/netdissect.h b/netdissect.h
-index 4fd4726..e0146e7 100644
---- a/netdissect.h
-+++ b/netdissect.h
-@@ -123,6 +123,7 @@ struct netdissect_options {
- time_t ndo_Gflag_time; /* The last time_t the dump file was rotated. */
- int ndo_Wflag; /* recycle output files after this number of files */
- int ndo_WflagChars;
-+ int ndo_tstamp_precision; /* requested time stamp precision */
- int ndo_Hflag; /* dissect 802.11s draft mesh standard */
- int ndo_suppress_default_print; /* don't use default_print() for unknown packet types */
- const char *ndo_dltname;
-diff --git a/tcpdump.1.in b/tcpdump.1.in
-index a5a0e28..6083474 100644
---- a/tcpdump.1.in
-+++ b/tcpdump.1.in
-@@ -399,6 +399,15 @@ List the supported time stamp types for the interface and exit. If the
- time stamp type cannot be set for the interface, no time stamp types are
- listed.
- .TP
-+.BI \-\-time\-stamp\-precision= tstamp_precision
-+.PD
-+Set the time stamp precision for the capture to
-+\fItstamp_precision\fP. Currently supported are microseconds and
-+nanoseconds. Note that availability of high precision time stamps (nanoseconds)
-+and their actual accuracy is platform and HW dependent. Also note that when
-+writing captures to the savefile, distinct magic number is used to distinguish
-+savefiles which contains time stamps in nanoseconds.
-+.TP
- .B \-K
- Don't attempt to verify IP, TCP, or UDP checksums. This is useful for
- interfaces that perform some or all of those checksum calculation in
-diff --git a/tcpdump.c b/tcpdump.c
-index 79db6d7..444e1e3 100644
---- a/tcpdump.c
-+++ b/tcpdump.c
-@@ -73,6 +73,7 @@ extern int SIZE_BUF;
- #include <grp.h>
- #include <errno.h>
- #endif /* WIN32 */
-+#include <getopt.h>
-
- /* capabilities convinience library */
- #ifdef HAVE_CAP_NG_H
-@@ -529,6 +530,12 @@ show_dlts_and_exit(const char *device, pcap_t *pd)
- #define P_FLAG
- #endif
-
-+#define OPTION_TSTAMP_PRECISION 130
-+
-+static struct option longopts[] = {
-+ { "time-stamp-precision", required_argument, NULL, OPTION_TSTAMP_PRECISION},
-+};
-+
- #ifndef WIN32
- /* Drop root privileges and chroot if necessary */
- static void
-@@ -682,6 +689,18 @@ get_next_file(FILE *VFile, char *ptr)
- return ret;
- }
-
-+static int
-+tstamp_precision_from_string(const char *precision)
-+{
-+ if (strncmp(precision, "nano", strlen("nano")) == 0)
-+ return PCAP_TSTAMP_PRECISION_NANO;
-+
-+ if (strncmp(precision, "micro", strlen("micro")) == 0)
-+ return PCAP_TSTAMP_PRECISION_MICRO;
-+
-+ return -EINVAL;
-+}
-+
- int
- main(int argc, char **argv)
- {
-@@ -747,7 +766,7 @@ main(int argc, char **argv)
- #endif
-
- while (
-- (op = getopt(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:")) != -1)
-+ (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOp" P_FLAG "qr:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:", longopts, NULL)) != -1)
- switch (op) {
-
- case 'a':
-@@ -1128,6 +1147,12 @@ main(int argc, char **argv)
- }
- break;
-
-+ case OPTION_TSTAMP_PRECISION:
-+ gndo->ndo_tstamp_precision = tstamp_precision_from_string(optarg);
-+ if (gndo->ndo_tstamp_precision < 0)
-+ error("unsupported time stamp precision");
-+ break;
-+
- default:
- usage();
- /* NOTREACHED */
-@@ -1213,7 +1238,12 @@ main(int argc, char **argv)
- RFileName = VFileLine;
- }
-
-- pd = pcap_open_offline(RFileName, ebuf);
-+ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO)
-+ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_NANO, ebuf);
-+ else
-+ pd = pcap_open_offline_with_tstamp_precision(RFileName, PCAP_TSTAMP_PRECISION_MICRO, ebuf);
-+
-+
- if (pd == NULL)
- error("%s", ebuf);
- dlt = pcap_datalink(pd);
-@@ -1262,6 +1292,13 @@ main(int argc, char **argv)
- if (Jflag)
- show_tstamp_types_and_exit(device, pd);
- #endif
-+ if (gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO) {
-+ status = pcap_set_tstamp_precision(pd, PCAP_TSTAMP_PRECISION_NANO);
-+ if (status != 0)
-+ error("%s: Can't set nanosecond time stamp precision: %s",
-+ device, pcap_statustostr(status));
-+ }
-+
- /*
- * Is this an interface that supports monitor mode?
- */
-diff --git a/util.c b/util.c
-index a2ef36d..6bc05c0 100644
---- a/util.c
-+++ b/util.c
-@@ -146,9 +146,12 @@ fn_printzp(register const u_char *s, register u_int n,
- char *
- ts_format(register int sec, register int usec)
- {
-- static char buf[sizeof("00:00:00.000000")];
-- (void)snprintf(buf, sizeof(buf), "%02d:%02d:%02d.%06u",
-- sec / 3600, (sec % 3600) / 60, sec % 60, usec);
-+ static char buf[sizeof("00:00:00.000000000")];
-+ const char *format = gndo->ndo_tstamp_precision == PCAP_TSTAMP_PRECISION_NANO ?
-+ "%02d:%02d:%02d.%09u" : "%02d:%02d:%02d.%06u";
-+
-+ snprintf(buf, sizeof(buf), format,
-+ sec / 3600, (sec % 3600) / 60, sec % 60, usec);
-
- return buf;
- }
---
-2.4.3
-
diff --git a/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
new file mode 100644
index 0000000..c5e54ae
--- /dev/null
+++ b/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
@@ -0,0 +1,26 @@
+From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 13:34:24 +0200
+Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from
+ ICMPv6 as milliseconds
+
+---
+ print-icmp6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/print-icmp6.c b/print-icmp6.c
+index 7fe639d..cfaa2df 100644
+--- a/print-icmp6.c
++++ b/print-icmp6.c
+@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo,
+ p = (const struct nd_router_advert *)dp;
+ ND_TCHECK(p->nd_ra_retransmit);
+ ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \
+- ", pref %s, router lifetime %us, reachable time %us, retrans time %us",
++ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums",
+ (u_int)p->nd_ra_curhoplimit,
+ bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)),
+ get_rtpref(p->nd_ra_flags_reserved),
+--
+2.9.3
+
diff --git a/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch b/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch
deleted file mode 100644
index bc507fb..0000000
--- a/SOURCES/0002-Give-more-details-for-time-stamp-precision.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 3699eaccf3e0833604d74fcd483152972721869a Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Wed, 25 Jun 2014 11:45:29 -0700
-Subject: [PATCH 2/4] Give more details for --time-stamp-precision.
-
-(cherry picked from commit e76768c97a70934b8f3a41fe2df705c61a924a47)
-
-[msekleta: replaced .LP with .IP to fix indentation of paragraphs]
----
- tcpdump.1.in | 24 +++++++++++++++++-------
- 1 file changed, 17 insertions(+), 7 deletions(-)
-
-diff --git a/tcpdump.1.in b/tcpdump.1.in
-index 6083474..4f0648c 100644
---- a/tcpdump.1.in
-+++ b/tcpdump.1.in
-@@ -400,13 +400,23 @@ time stamp type cannot be set for the interface, no time stamp types are
- listed.
- .TP
- .BI \-\-time\-stamp\-precision= tstamp_precision
--.PD
--Set the time stamp precision for the capture to
--\fItstamp_precision\fP. Currently supported are microseconds and
--nanoseconds. Note that availability of high precision time stamps (nanoseconds)
--and their actual accuracy is platform and HW dependent. Also note that when
--writing captures to the savefile, distinct magic number is used to distinguish
--savefiles which contains time stamps in nanoseconds.
-+When capturing, set the time stamp precision for the capture to
-+\fItstamp_precision\fP. Note that availability of high precision time
-+stamps (nanoseconds) and their actual accuracy is platform and hardware
-+dependent. Also note that when writing captures made with nanosecond
-+accuracy to a savefile, the time stamps are written with nanosecond
-+resolution, and the file is written with a different magic number, to
-+indicate that the time stamps are in seconds and nanoseconds; not all
-+programs that read pcap savefiles will be able to read those captures.
-+.IP
-+When reading a savefile, convert time stamps to the precision specified
-+by \fItimestamp_precision\fP, and display them with that resolution. If
-+the precision specified is less than the precision of time stamps in the
-+file, the conversion will lose precision.
-+.IP
-+The supported values for \fItimestamp_precision\fP are \fBmicro\fP for
-+microsecond resolution and \fBnano\fP for nanosecond resolution. The
-+default is microsecond resolution.
- .TP
- .B \-K
- Don't attempt to verify IP, TCP, or UDP checksums. This is useful for
---
-2.4.3
-
diff --git a/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
new file mode 100644
index 0000000..28bce58
--- /dev/null
+++ b/SOURCES/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
@@ -0,0 +1,106 @@
+From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 14:12:46 +0200
+Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr
+
+---
+ addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 46 insertions(+), 2 deletions(-)
+
+diff --git a/addrtoname.c b/addrtoname.c
+index 6975b71..949acb7 100644
+--- a/addrtoname.c
++++ b/addrtoname.c
+@@ -220,7 +220,6 @@ static uint32_t f_localnet;
+ const char *
+ getname(netdissect_options *ndo, const u_char *ap)
+ {
+- register struct hostent *hp;
+ uint32_t addr;
+ struct hnamemem *p;
+
+@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap)
+ */
+ if (!ndo->ndo_nflag &&
+ (addr & f_netmask) == f_localnet) {
++#ifdef HAVE_GETNAMEINFO
++ struct sockaddr_in sa;
++ char hbuf[NI_MAXHOST];
++
++ memset(&sa, 0, sizeof (sa));
++ sa.sin_family = AF_INET;
++ sa.sin_addr.s_addr = addr;
++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
++ hbuf, sizeof (hbuf), NULL, 0, 0)) {
++ if (ndo->ndo_Nflag) {
++ char *dotp;
++
++ /* Remove domain qualifications */
++ dotp = strchr(hbuf, '.');
++ if (dotp)
++ *dotp = '\0';
++ }
++ p->name = strdup(hbuf);
++ return p->name;
++ }
++#else
++ register struct hostent *hp;
+ hp = gethostbyaddr((char *)&addr, 4, AF_INET);
+ if (hp) {
+ char *dotp;
+@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap)
+ }
+ return (p->name);
+ }
++#endif
+ }
+ p->name = strdup(intoa(addr));
+ if (p->name == NULL)
+@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap)
+ const char *
+ getname6(netdissect_options *ndo, const u_char *ap)
+ {
+- register struct hostent *hp;
+ union {
+ struct in6_addr addr;
+ struct for_hash_addr {
+@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap)
+ * Do not print names if -n was given.
+ */
+ if (!ndo->ndo_nflag) {
++#ifdef HAVE_GETNAMEINFO
++ struct sockaddr_in6 sa;
++ char hbuf[NI_MAXHOST];
++
++ memset(&sa, 0, sizeof (sa));
++ sa.sin6_family = AF_INET6;
++ sa.sin6_addr = addr.addr;
++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
++ hbuf, sizeof (hbuf), NULL, 0, 0)) {
++ if (ndo->ndo_Nflag) {
++ char *dotp;
++
++ /* Remove domain qualifications */
++ dotp = strchr(hbuf, '.');
++ if (dotp)
++ *dotp = '\0';
++ }
++ p->name = strdup(hbuf);
++ return p->name;
++ }
++#else
++ register struct hostent *hp;
+ hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
+ if (hp) {
+ char *dotp;
+@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap)
+ }
+ return (p->name);
+ }
++#endif
+ }
+ cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf));
+ p->name = strdup(cp);
+--
+2.9.3
+
diff --git a/SOURCES/0003-Check-for-TLV-length-too-small.patch b/SOURCES/0003-Check-for-TLV-length-too-small.patch
deleted file mode 100644
index 9c85e94..0000000
--- a/SOURCES/0003-Check-for-TLV-length-too-small.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 009b632b5c7cf5151699b660a4c885ba57f9f836 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Thu, 14 Aug 2014 17:14:32 -0700
-Subject: [PATCH 3/4] Check for TLV length too small.
-
-The TLV length includes the T and the L, so it must be at least 4.
-
-This means we don't need the "avoid infinite loop" check later; that
-check was wrong, as per GitHub issue #401 and #402; this fixes #402,
-which has a different patch for that bug.
-
-(cherry picked from commit 5511e8f79f0ac96671bab23223397881eba8b806)
-
-[msekleta: replaced ND_PRINT by printfs]
----
- print-cdp.c | 18 +++++++++++++++---
- 1 file changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/print-cdp.c b/print-cdp.c
-index 152b2f9..5a0eaea 100644
---- a/print-cdp.c
-+++ b/print-cdp.c
-@@ -111,6 +111,21 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen)
- goto trunc;
- type = EXTRACT_16BITS(tptr);
- len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */
-+
-+ if (len < 4) {
-+ if (vflag)
-+ printf("\n\t%s (0x%02x), length: %u byte%s (too short)",
-+ tok2str(cdp_tlv_values,"unknown field type", type),
-+ type,
-+ len,
-+ PLURAL_SUFFIX(len)); /* plural */
-+ else
-+ printf(", %s TLV length %u too short",
-+ tok2str(cdp_tlv_values,"unknown field type", type),
-+ len);
-+ break;
-+ }
-+
- tptr += 4;
- len -= 4;
-
-@@ -222,9 +237,6 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen)
- break;
- }
- }
-- /* avoid infinite loop */
-- if (len == 0)
-- break;
- tptr = tptr+len;
- }
- if (vflag < 1)
---
-2.4.3
-
diff --git a/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch b/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch
deleted file mode 100644
index ba81646..0000000
--- a/SOURCES/0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From b49ff8d0b6ab53d95f3b4b97d889926f70112ae4 Mon Sep 17 00:00:00 2001
-From: Jamie Bainbridge <jamie.bainbridge@gmail.com>
-Date: Thu, 14 Aug 2014 20:47:57 +1000
-Subject: [PATCH 4/4] Print checksum in hex, and print the actual checksum,
- plus cleanup
-
-(cherry picked from commit 24007a9a1249ed8733ff0039812ba92544a38bbe)
-
-Conflicts:
- print-cdp.c
----
- print-cdp.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/print-cdp.c b/print-cdp.c
-index 5a0eaea..0f44ba6 100644
---- a/print-cdp.c
-+++ b/print-cdp.c
-@@ -44,6 +44,8 @@ static const char rcsid[] _U_ =
- #include "nlpid.h"
-
- #define CDP_HEADER_LEN 4
-+#define CDP_HEADER_LEN 4
-+#define CDP_HEADER_OFFSET 2
-
- static const struct tok cdp_tlv_values[] = {
- { 0x01, "Device-ID"},
-@@ -102,15 +104,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen)
- goto trunc;
- printf("CDPv%u, ttl: %us", *tptr, *(tptr+1));
- if (vflag)
-- printf(", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length);
-+ printf(", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET), length);
- tptr += CDP_HEADER_LEN;
-
- while (tptr < (pptr+length)) {
-
-- if (!TTEST2(*tptr, 4)) /* read out Type and Length */
-+ if (!TTEST2(*tptr, CDP_HEADER_LEN)) /* read out Type and Length */
- goto trunc;
- type = EXTRACT_16BITS(tptr);
-- len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */
-+ len = EXTRACT_16BITS(tptr+CDP_HEADER_OFFSET); /* object length includes the 4 bytes header length */
-
- if (len < 4) {
- if (vflag)
-@@ -126,8 +128,8 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen)
- break;
- }
-
-- tptr += 4;
-- len -= 4;
-+ tptr += CDP_HEADER_LEN;
-+ len -= CDP_HEADER_LEN;
-
- if (!TTEST2(*tptr, len))
- goto trunc;
-@@ -184,15 +186,15 @@ cdp_print(const u_char *pptr, u_int length, u_int caplen)
- break;
- case 0x08: /* Protocol Hello Option - not documented */
- break;
-- case 0x09: /* VTP Mgmt Domain - not documented */
-+ case 0x09: /* VTP Mgmt Domain - CDPv2 */
- printf("'");
- fn_printn(tptr, len, NULL);
- printf("'");
- break;
-- case 0x0a: /* Native VLAN ID - not documented */
-+ case 0x0a: /* Native VLAN ID - CDPv2 */
- printf("%d",EXTRACT_16BITS(tptr));
- break;
-- case 0x0b: /* Duplex - not documented */
-+ case 0x0b: /* Duplex - CDPv2 */
- printf("%s", *(tptr) ? "full": "half");
- break;
-
---
-2.4.3
-
diff --git a/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
new file mode 100644
index 0000000..d6973ac
--- /dev/null
+++ b/SOURCES/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
@@ -0,0 +1,88 @@
+From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 14:43:04 +0200
+Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3
+
+---
+ tcpslice-1.2a3/search.c | 22 +++++++++++++++-------
+ tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++
+ 2 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c
+index 1e2d051..23aa105 100644
+--- a/tcpslice-1.2a3/search.c
++++ b/tcpslice-1.2a3/search.c
+@@ -53,7 +53,7 @@ static const char rcsid[] =
+ /* Size of a packet header in bytes; easier than typing the sizeof() all
+ * the time ...
+ */
+-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr ))
++#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr ))
+
+ extern int snaplen;
+
+@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time
+ static void
+ extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr )
+ {
+- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr));
++ struct pcap_sf_pkthdr hdri;
++
++ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr));
+
+ if ( pcap_is_swapped( p ) )
+ {
+- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
+- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
+- hdr->len = SWAPLONG(hdr->len);
+- hdr->caplen = SWAPLONG(hdr->caplen);
++ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec);
++ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec);
++ hdr->len = SWAPLONG(hdri.len);
++ hdr->caplen = SWAPLONG(hdri.caplen);
++ }
++ else
++ {
++ hdr->ts.tv_sec = hdri.ts.tv_sec;
++ hdr->ts.tv_usec = hdri.ts.tv_usec;
++ hdr->len = hdri.len;
++ hdr->caplen = hdri.caplen;
+ }
+-
+ /*
+ * From bpf/libpcap/savefile.c:
+ *
+diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h
+index de4a01c..9dcd1a1 100644
+--- a/tcpslice-1.2a3/tcpslice.h
++++ b/tcpslice-1.2a3/tcpslice.h
+@@ -20,6 +20,26 @@
+ */
+
+
++#include <time.h>
++/* #include <net/bpf.h> */
++
++/*
++ * This is a timeval as stored in disk in a dumpfile.
++ * It has to use the same types everywhere, independent of the actual
++ * `struct timeval'
++ */
++
++struct pcap_timeval {
++ bpf_int32 tv_sec; /* seconds */
++ bpf_int32 tv_usec; /* microseconds */
++};
++
++struct pcap_sf_pkthdr {
++ struct pcap_timeval ts; /* time stamp */
++ bpf_u_int32 caplen; /* length of portion present */
++ bpf_u_int32 len; /* length this packet (off wire) */
++};
++
+ time_t gwtm2secs( struct tm *tm );
+
+ int sf_find_end( struct pcap *p, struct timeval *first_timestamp,
+--
+2.9.3
+
diff --git a/SOURCES/0005-tcpslice-remove-unneeded-include.patch b/SOURCES/0005-tcpslice-remove-unneeded-include.patch
new file mode 100644
index 0000000..2413575
--- /dev/null
+++ b/SOURCES/0005-tcpslice-remove-unneeded-include.patch
@@ -0,0 +1,26 @@
+From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 15:06:54 +0200
+Subject: [PATCH 5/8] tcpslice: remove unneeded include
+
+net/bpf.h doesn't exist on Linux.
+---
+ tcpslice-1.2a3/tcpslice.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c
+index e73d76f..895e54f 100644
+--- a/tcpslice-1.2a3/tcpslice.c
++++ b/tcpslice-1.2a3/tcpslice.c
+@@ -35,8 +35,6 @@ static const char rcsid[] =
+ #include <sys/file.h>
+ #include <sys/stat.h>
+
+-#include <net/bpf.h>
+-
+ #include <ctype.h>
+ #ifdef HAVE_FCNTL_H
+ #include <fcntl.h>
+--
+2.9.3
+
diff --git a/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
new file mode 100644
index 0000000..60efc1c
--- /dev/null
+++ b/SOURCES/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
@@ -0,0 +1,27 @@
+From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 15:19:44 +0200
+Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL
+
+---
+ tcpslice-1.2a3/tcpslice.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c
+index 895e54f..a91439b 100644
+--- a/tcpslice-1.2a3/tcpslice.c
++++ b/tcpslice-1.2a3/tcpslice.c
+@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr)
+
+ while (isdigit(*t_stop))
+ ++t_stop;
+- if (! t_stop)
++
++ if (!(*t_stop))
++ /* we've reached end of string -> bad date format */
+ error("bad date format %s, problem starting at %s",
+ time_string, t_start);
+
+--
+2.9.3
+
diff --git a/SOURCES/0007-Introduce-nn-option.patch b/SOURCES/0007-Introduce-nn-option.patch
new file mode 100644
index 0000000..1e64d8b
--- /dev/null
+++ b/SOURCES/0007-Introduce-nn-option.patch
@@ -0,0 +1,55 @@
+From 9ea43c6c97d3653cb58c1934f8770b951917bf9a Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 13:26:38 +0200
+Subject: [PATCH 7/8] Introduce -nn option
+
+This changes the semantics on -n option so only namelookups are skipped. Port
+numbers *are* translated to their string representations. Option -nn then has
+the same semantics as -n had originally.
+---
+ addrtoname.c | 4 ++--
+ tcpdump.1.in | 6 +++++-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/addrtoname.c b/addrtoname.c
+index 949acb7..9dd78d8 100644
+--- a/addrtoname.c
++++ b/addrtoname.c
+@@ -810,7 +810,7 @@ init_servarray(netdissect_options *ndo)
+
+ while (table->name)
+ table = table->nxt;
+- if (ndo->ndo_nflag) {
++ if (ndo->ndo_nflag > 1) {
+ (void)snprintf(buf, sizeof(buf), "%d", port);
+ table->name = strdup(buf);
+ } else
+@@ -1233,7 +1233,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
+ f_localnet = localnet;
+ f_netmask = mask;
+ }
+- if (ndo->ndo_nflag)
++ if (ndo->ndo_nflag > 1)
+ /*
+ * Simplest way to suppress names.
+ */
+diff --git a/tcpdump.1.in b/tcpdump.1.in
+index ca5cff2..c711a24 100644
+--- a/tcpdump.1.in
++++ b/tcpdump.1.in
+@@ -547,7 +547,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in
+ TCP segments with the TCP-MD5 option (RFC 2385), if present.
+ .TP
+ .B \-n
+-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
++Don't convert host addresses to names. This can be used to avoid
++DNS lookups.
++.TP
++.B \-nn
++Don't convert protocol and port numbers etc. to names either.
+ .TP
+ .B \-N
+ Don't print domain name qualification of host names.
+--
+2.9.3
+
diff --git a/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
new file mode 100644
index 0000000..2e4551c
--- /dev/null
+++ b/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
@@ -0,0 +1,36 @@
+From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 3 Feb 2017 09:43:03 +0100
+Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping
+ it
+
+---
+ tcpdump.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/tcpdump.c b/tcpdump.c
+index 29f7f87..18c4a5c 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir)
+ int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
+ if (ret < 0) {
+ fprintf(stderr, "error : ret %d\n", ret);
+- } else {
+- fprintf(stderr, "dropped privs to %s\n", username);
+ }
+ }
+ #else
+@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir)
+ pcap_strerror(errno));
+ exit_tcpdump(1);
+ }
+- else {
+- fprintf(stderr, "dropped privs to %s\n", username);
+- }
+ #endif /* HAVE_LIBCAP_NG */
+ }
+ else {
+--
+2.9.3
+
diff --git a/SOURCES/0009-Change-P-to-Q-and-print-warning.patch b/SOURCES/0009-Change-P-to-Q-and-print-warning.patch
new file mode 100644
index 0000000..f443700
--- /dev/null
+++ b/SOURCES/0009-Change-P-to-Q-and-print-warning.patch
@@ -0,0 +1,107 @@
+From 3dae043c2a0c4d855719f5f34b6702995c82b7bb Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Feb 2017 11:01:19 +0100
+Subject: [PATCH] Change -P to -Q and print warning
+
+Guy Harris points that -P is already taken by MacOS derived work and
+that the only remaining single-letter option is -Q (see GH #252). Fix
+some formatting while at it.
+---
+ tcpdump.1.in | 4 ++--
+ tcpdump.c | 23 +++++++++++++----------
+ 2 files changed, 15 insertions(+), 12 deletions(-)
+
+diff --git a/tcpdump.1.in b/tcpdump.1.in
+index c711a24..10b7542 100644
+--- a/tcpdump.1.in
++++ b/tcpdump.1.in
+@@ -74,7 +74,7 @@ tcpdump \- dump traffic on a network
+ .B \-\-number
+ ]
+ [
+-.B \-Q
++.B \-Q|\-P
+ .I in|out|inout
+ ]
+ .ti +8
+@@ -586,7 +586,7 @@ Note that the interface might be in promiscuous
+ mode for some other reason; hence, `-p' cannot be used as an abbreviation for
+ `ether host {local-hw-addr} or ether broadcast'.
+ .TP
+-.BI \-Q " direction"
++.BI \-Q|\-P " direction"
+ .PD 0
+ .TP
+ .BI \-\-direction= direction
+diff --git a/tcpdump.c b/tcpdump.c
+index 18c4a5c..816fbe1 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -157,7 +157,7 @@ static int Jflag; /* list available time stamp types */
+ static int jflag = -1; /* packet time stamp source */
+ static int pflag; /* don't go promiscuous */
+ #ifdef HAVE_PCAP_SETDIRECTION
+-static int Qflag = -1; /* restrict captured packet by send/receive direction */
++static int PQflag = -1; /* restrict captured packet by send/receive direction */
+ #endif
+ static int Uflag; /* "unbuffered" output of dump files */
+ static int Wflag; /* recycle output files after this number of files */
+@@ -518,12 +518,12 @@ show_devices_and_exit (void)
+ #endif
+
+ #ifdef HAVE_PCAP_SETDIRECTION
+-#define Q_FLAG "Q:"
++#define PQ_FLAG "P:Q:"
+ #else
+-#define Q_FLAG
++#define PQ_FLAG
+ #endif
+
+-#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
++#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" PQ_FLAG "r:s:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
+
+ /*
+ * Long options.
+@@ -1068,8 +1068,8 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf)
+ pcap_statustostr(status));
+ }
+ #ifdef HAVE_PCAP_SETDIRECTION
+- if (Qflag != -1) {
+- status = pcap_setdirection(pc, Qflag);
++ if (PQflag != -1) {
++ status = pcap_setdirection(pc, PQflag);
+ if (status != 0)
+ error("%s: pcap_setdirection() failed: %s",
+ device, pcap_geterr(pc));
+@@ -1353,13 +1353,16 @@ main(int argc, char **argv)
+ break;
+
+ #ifdef HAVE_PCAP_SETDIRECTION
++ case 'P':
++ fprintf(stderr, "Warning: -P switch is not compatible with the upstream version. You should use -Q instead.\n");
++ /* Intentional fall through */
+ case 'Q':
+ if (ascii_strcasecmp(optarg, "in") == 0)
+- Qflag = PCAP_D_IN;
++ PQflag = PCAP_D_IN;
+ else if (ascii_strcasecmp(optarg, "out") == 0)
+- Qflag = PCAP_D_OUT;
++ PQflag = PCAP_D_OUT;
+ else if (ascii_strcasecmp(optarg, "inout") == 0)
+- Qflag = PCAP_D_INOUT;
++ PQflag = PCAP_D_INOUT;
+ else
+ error("unknown capture direction `%s'", optarg);
+ break;
+@@ -2639,7 +2642,7 @@ print_usage(void)
+ "\t\t[ -i interface ]" j_FLAG_USAGE " [ -M secret ] [ --number ]\n");
+ #ifdef HAVE_PCAP_SETDIRECTION
+ (void)fprintf(stderr,
+-"\t\t[ -Q in|out|inout ]\n");
++"\t\t[ -Q|-P in|out|inout ]\n");
+ #endif
+ (void)fprintf(stderr,
+ "\t\t[ -r file ] [ -s snaplen ] ");
+--
+2.9.3
+
diff --git a/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch b/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch
new file mode 100644
index 0000000..3814cd1
--- /dev/null
+++ b/SOURCES/0010-Change-n-flag-to-nn-in-TESTonce.patch
@@ -0,0 +1,27 @@
+From a27f780ce55de779c8ce56a8594ef13cefb21fdf Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Apr 2017 09:19:48 +0200
+Subject: [PATCH 1/3] Change -n flag to -nn in TESTonce
+
+We need to change this because we have a different meaning of -n
+flag than upstream does. We use -nn in those cases.
+---
+ tests/TESTonce | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/TESTonce b/tests/TESTonce
+index 78ad075..ad8a471 100755
+--- a/tests/TESTonce
++++ b/tests/TESTonce
+@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') {
+ else {
+ # we used to do this as a nice pipeline, but the problem is that $r fails to
+ # to be set properly if the tcpdump core dumps.
+- $r = system "../tcpdump 2>/dev/null -n -r $input $options >NEW/$output";
++ $r = system "../tcpdump 2>/dev/null -nn -r $input $options >NEW/$output";
+ if($r == 0x100) {
+ # this means tcpdump exited with code 1.
+ open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n";
+--
+1.8.3.1
+
diff --git a/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch b/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
new file mode 100644
index 0000000..05ab05c
--- /dev/null
+++ b/SOURCES/0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
@@ -0,0 +1,46 @@
+From 64c07ad272eef3a781792059a584b220974eeedb Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Apr 2017 09:37:53 +0200
+Subject: [PATCH 2/3] Expect miliseconds instead of seconds in icmp capture.
+
+Again this is caused by our patch, so we need to modify tests
+accordingly.
+---
+ tests/icmpv6.out | 2 +-
+ tests/icmpv6_opt24-v.out | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/icmpv6.out b/tests/icmpv6.out
+index bb7775e..8979540 100644
+--- a/tests/icmpv6.out
++++ b/tests/icmpv6.out
+@@ -1,5 +1,5 @@
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176
+- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s
++ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms
+ prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s
+ 0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222
+ 0x0010: 3333 4444 5555 6600 0000 0000 0000
+diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out
+index 2b7cf09..00512df 100644
+--- a/tests/icmpv6_opt24-v.out
++++ b/tests/icmpv6_opt24-v.out
+@@ -1,5 +1,5 @@
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
+- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
+ source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
+ mtu option (5), length 8 (1): 1500
+ prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
+@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87
+ rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1
+ dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan.
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
+- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
+ source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
+ mtu option (5), length 8 (1): 1500
+ prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
+--
+1.8.3.1
+
diff --git a/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch b/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch
new file mode 100644
index 0000000..f0437bd
--- /dev/null
+++ b/SOURCES/0012-Disable-tests-that-require-newer-version-of-libpcap.patch
@@ -0,0 +1,46 @@
+From 453bdd1bd7cb6f713b56829ae6a728df8c621df0 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Apr 2017 09:42:57 +0200
+Subject: [PATCH 3/3] Disable tests that require newer version of libpcap.
+
+As can be seen from ltrace:
+pcap_compile(0x25d4250, 0x7ffc966dcba0, "geneve && tcp", 1, nil) = -1
+these two filters (geneve) cannot be compiled, but it is not a tcpdump
+fault.
+---
+ tests/TESTLIST | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/tests/TESTLIST b/tests/TESTLIST
+index ba29da4..0a1e2f1 100644
+--- a/tests/TESTLIST
++++ b/tests/TESTLIST
+@@ -300,8 +300,9 @@ aoe_1-v AoE_Linux.pcap aoe_1-v.out -t -v
+
+ # Geneve tests
+ geneve-v geneve.pcap geneve-vv.out -t -vv
+-geneve-vni geneve.pcap geneve-vni.out -t geneve 0xb
+-geneve-tcp geneve.pcap geneve-tcp.out -t "geneve && tcp"
++# These filters cannot be compiled by our libpcap
++# geneve-vni geneve.pcap geneve-vni.out -t geneve 0xb
++# geneve-tcp geneve.pcap geneve-tcp.out -t "geneve && tcp"
+
+ # DHCP tests
+ dhcp-rfc3004 dhcp-rfc3004.pcap dhcp-rfc3004-v.out -t -v
+@@ -355,11 +356,11 @@ lisp_ipv6_eid lisp_ipv6.pcap lisp_ipv6.out -t -v
+
+ # pcap invalid versions (first: version = 1.4 ; second: version = 2.5)
+ pcap-invalid-version-1 pcap-invalid-version-1.pcap pcap-invalid-version-1.out -t
+-pcap-invalid-version-2 pcap-invalid-version-2.pcap pcap-invalid-version-2.out -t
++# pcap-invalid-version-2 pcap-invalid-version-2.pcap pcap-invalid-version-2.out -t
+
+ # pcap-ng invalid version (first: version = 0.1 ; second: version = 1.1)
+ pcap-ng-invalid-vers-1 pcap-ng-invalid-vers-1.pcap pcap-ng-invalid-vers-1.out -t
+-pcap-ng-invalid-vers-2 pcap-ng-invalid-vers-2.pcap pcap-ng-invalid-vers-2.out -t
++# pcap-ng-invalid-vers-2 pcap-ng-invalid-vers-2.pcap pcap-ng-invalid-vers-2.out -t
+
+ # NSH over VxLAN-GPE
+ nsh-over-vxlan-gpe nsh-over-vxlan-gpe.pcap nsh-over-vxlan-gpe.out -t
+--
+1.8.3.1
+
diff --git a/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch b/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch
new file mode 100644
index 0000000..3bc0ed5
--- /dev/null
+++ b/SOURCES/0013-Make-default-capture-buffer-size-bigger.patch
@@ -0,0 +1,38 @@
+From 65cf72e5f47449ef053c099126949431e1d4d50b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 9 May 2017 10:17:42 +0200
+Subject: [PATCH] Make default capture buffer size bigger.
+
+---
+ tcpdump.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/tcpdump.c b/tcpdump.c
+index c7e2ebd..d0def76 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -130,6 +130,7 @@ The Regents of the University of California. All rights reserved.\n";
+ #endif
+
+ static int Bflag; /* buffer size */
++#define DEFAULT_CAPTURE_BUFFER_SIZE 4*1024*1024
+ static int Cflag; /* rotate dump files after this many bytes */
+ static int Cflag_count; /* Keep track of which file number we're writing */
+ static int Dflag; /* list available devices and exit */
+@@ -1020,7 +1021,12 @@ open_interface(const char *device, netdissect_options *ndo, char *ebuf)
+ if (status != 0)
+ error("%s: Can't set buffer size: %s",
+ device, pcap_statustostr(status));
+- }
++ } else {
++ Bflag = DEFAULT_CAPTURE_BUFFER_SIZE;
++ status = pcap_set_buffer_size(pc, Bflag);
++ if (status != 0)
++ fprintf(stderr, "Can't set buffer size to %d, using system default.\n", DEFAULT_CAPTURE_BUFFER_SIZE);
++ }
+ #ifdef HAVE_PCAP_SET_TSTAMP_TYPE
+ if (jflag != -1) {
+ status = pcap_set_tstamp_type(pc, jflag);
+--
+2.9.3
+
diff --git a/SOURCES/tcpdump-4.0.0-icmp6msec.patch b/SOURCES/tcpdump-4.0.0-icmp6msec.patch
deleted file mode 100644
index 912bd94..0000000
--- a/SOURCES/tcpdump-4.0.0-icmp6msec.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up tcpdump/print-icmp6.c.icmp6msec tcpdump/print-icmp6.c
---- tcpdump/print-icmp6.c.icmp6msec 2009-08-19 00:02:37.000000000 +0200
-+++ tcpdump/print-icmp6.c 2009-08-20 16:33:59.000000000 +0200
-@@ -397,7 +397,7 @@ icmp6_print(const u_char *bp, u_int leng
- p = (struct nd_router_advert *)dp;
- TCHECK(p->nd_ra_retransmit);
- printf("\n\thop limit %u, Flags [%s]" \
-- ", pref %s, router lifetime %us, reachable time %us, retrans time %us",
-+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums",
- (u_int)p->nd_ra_curhoplimit,
- bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)),
- get_rtpref(p->nd_ra_flags_reserved),
diff --git a/SOURCES/tcpdump-4.0.0-portnumbers.patch b/SOURCES/tcpdump-4.0.0-portnumbers.patch
deleted file mode 100644
index 22bd2f2..0000000
--- a/SOURCES/tcpdump-4.0.0-portnumbers.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-diff -up tcpdump-3.9.8/addrtoname.c.portnumbers tcpdump-3.9.8/addrtoname.c
---- tcpdump-3.9.8/addrtoname.c.portnumbers 2007-09-26 03:59:52.000000000 +0200
-+++ tcpdump-3.9.8/addrtoname.c 2008-08-29 13:53:12.000000000 +0200
-@@ -704,7 +704,7 @@ init_servarray(void)
-
- while (table->name)
- table = table->nxt;
-- if (nflag) {
-+ if (nflag > 1) {
- (void)snprintf(buf, sizeof(buf), "%d", port);
- table->name = strdup(buf);
- } else
-@@ -1104,7 +1104,7 @@ init_addrtoname(u_int32_t localnet, u_in
- f_localnet = localnet;
- f_netmask = mask;
- }
-- if (nflag)
-+ if (nflag > 1)
- /*
- * Simplest way to suppress names.
- */
-diff -up tcpdump-3.9.8/tcpdump.1.portnumbers tcpdump-3.9.8/tcpdump.1
---- tcpdump-3.9.8/tcpdump.1.in.portnumbers 2008-08-29 13:53:12.000000000 +0200
-+++ tcpdump-3.9.8/tcpdump.1.in 2008-08-29 13:53:12.000000000 +0200
-@@ -403,7 +403,11 @@ Use \fIsecret\fP as a shared secret for
- TCP segments with the TCP-MD5 option (RFC 2385), if present.
- .TP
- .B \-n
--Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
-+Don't convert host addresses to names. This can be used to avoid
-+DNS lookups.
-+.TP
-+.B \-nn
-+Don't convert protocol and port numbers etc. to names either.
- .TP
- .B \-N
- Don't print domain name qualification of host names.
diff --git a/SOURCES/tcpdump-4.4.0-eperm.patch b/SOURCES/tcpdump-4.4.0-eperm.patch
deleted file mode 100644
index 5750a8a..0000000
--- a/SOURCES/tcpdump-4.4.0-eperm.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in
---- tcpdump-4.4.0/tcpdump.1.in.eperm 2013-10-07 15:21:26.795602764 +0200
-+++ tcpdump-4.4.0/tcpdump.1.in 2013-10-07 15:21:26.800602762 +0200
-@@ -221,6 +221,9 @@ have the name specified with the
- flag, with a number after it, starting at 1 and continuing upward.
- The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
- not 1,048,576 bytes).
-+
-+Note that when used with \fB\-Z\fR option (enabled by default), privileges
-+are dropped before opening first savefile.
- .TP
- .B \-d
- Dump the compiled packet-matching code in a human readable form to
-@@ -720,7 +723,9 @@ but before opening any savefiles for out
- and the group ID to the primary group of
- .IR user .
- .IP
--This behavior can also be enabled by default at compile time.
-+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
-+be disabled by \fB\-Z root\fR.
-+
- .IP "\fI expression\fP"
- .RS
- selects which packets will be dumped.
-diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c
---- tcpdump-4.4.0/tcpdump.c.eperm 2013-03-24 22:49:18.000000000 +0100
-+++ tcpdump-4.4.0/tcpdump.c 2013-10-07 15:22:26.360590143 +0200
-@@ -1426,11 +1426,24 @@ main(int argc, char **argv)
- }
- #endif /* HAVE_CAP_NG_H */
-
-- if (getuid() == 0 || geteuid() == 0) {
-- if (username || chroot_dir)
-+ /* If user is running tcpdump as root and wants to write to the savefile,
-+ * we will check if -C is set and if it is, we will drop root
-+ * privileges right away and consequent call to pcap_dump_open()
-+ * will most likely fail for the first file. If -C flag is not set we
-+ * will create file as root then change ownership of file to proper
-+ * user(default tcpdump) and drop root privileges.
-+ */
-+ int chown_flag = 0;
-+
-+ if (WFileName && (getuid() == 0 || geteuid() == 0))
-+ if (Cflag && (username || chroot_dir))
-+ droproot(username, chroot_dir);
-+ else
-+ chown_flag = 1;
-+ else
-+ if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir))
- droproot(username, chroot_dir);
-
-- }
- #endif /* WIN32 */
-
- if (pcap_setfilter(pd, &fcode) < 0)
-@@ -1450,6 +1463,21 @@ main(int argc, char **argv)
- MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
-
- p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
-+
-+ /* Change ownership of file and drop root privileges */
-+ if (chown_flag) {
-+ struct passwd *pwd;
-+
-+ pwd = getpwnam(username);
-+ if (!pwd)
-+ error("Couldn't find user '%s'", username);
-+
-+ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
-+ error("Couldn't change ownership of savefile");
-+
-+ if (username || chroot_dir)
-+ droproot(username, chroot_dir);
-+ }
- #ifdef HAVE_CAP_NG_H
- /* Give up capabilities, clear Effective set */
- capng_clear(CAPNG_EFFECTIVE);
diff --git a/SOURCES/tcpdump-4.5.0-gethostby.patch b/SOURCES/tcpdump-4.5.0-gethostby.patch
deleted file mode 100644
index f1cf324..0000000
--- a/SOURCES/tcpdump-4.5.0-gethostby.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-diff -up tcpdump-4.5.0/addrtoname.c.gethostby tcpdump-4.5.0/addrtoname.c
---- tcpdump-4.5.0/addrtoname.c.gethostby 2013-11-08 09:03:52.166752012 +0100
-+++ tcpdump-4.5.0/addrtoname.c 2013-11-08 09:04:57.792747210 +0100
-@@ -224,7 +224,6 @@ static u_int32_t f_localnet;
- const char *
- getname(const u_char *ap)
- {
-- register struct hostent *hp;
- u_int32_t addr;
- static struct hnamemem *p; /* static for longjmp() */
-
-@@ -246,6 +245,28 @@ getname(const u_char *ap)
- */
- if (!nflag &&
- (addr & f_netmask) == f_localnet) {
-+#ifdef HAVE_GETNAMEINFO
-+ struct sockaddr_in sa;
-+ char hbuf[NI_MAXHOST];
-+
-+ memset(&sa, 0, sizeof (sa));
-+ sa.sin_family = AF_INET;
-+ sa.sin_addr.s_addr = addr;
-+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
-+ hbuf, sizeof (hbuf), NULL, 0, 0)) {
-+ if (Nflag) {
-+ char *dotp;
-+
-+ /* Remove domain qualifications */
-+ dotp = strchr(hbuf, '.');
-+ if (dotp)
-+ *dotp = '\0';
-+ }
-+ p->name = strdup(hbuf);
-+ return p->name;
-+ }
-+#else
-+ register struct hostent *hp;
- hp = gethostbyaddr((char *)&addr, 4, AF_INET);
- if (hp) {
- char *dotp;
-@@ -259,6 +280,7 @@ getname(const u_char *ap)
- }
- return (p->name);
- }
-+#endif
- }
- p->name = strdup(intoa(addr));
- return (p->name);
-@@ -272,7 +294,6 @@ getname(const u_char *ap)
- const char *
- getname6(const u_char *ap)
- {
-- register struct hostent *hp;
- union {
- struct in6_addr addr;
- struct for_hash_addr {
-@@ -297,6 +318,28 @@ getname6(const u_char *ap)
- * Do not print names if -n was given.
- */
- if (!nflag) {
-+#ifdef HAVE_GETNAMEINFO
-+ struct sockaddr_in6 sa;
-+ char hbuf[NI_MAXHOST];
-+
-+ memset(&sa, 0, sizeof (sa));
-+ sa.sin6_family = AF_INET6;
-+ sa.sin6_addr = addr.addr;
-+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
-+ hbuf, sizeof (hbuf), NULL, 0, 0)) {
-+ if (Nflag) {
-+ char *dotp;
-+
-+ /* Remove domain qualifications */
-+ dotp = strchr(hbuf, '.');
-+ if (dotp)
-+ *dotp = '\0';
-+ }
-+ p->name = strdup(hbuf);
-+ return p->name;
-+ }
-+#else
-+ register struct hostent *hp;
- hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
- if (hp) {
- char *dotp;
-@@ -310,6 +353,7 @@ getname6(const u_char *ap)
- }
- return (p->name);
- }
-+#endif
- }
- cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf));
- p->name = strdup(cp);
diff --git a/SOURCES/tcpslice-1.2a3-dateformat.patch b/SOURCES/tcpslice-1.2a3-dateformat.patch
deleted file mode 100644
index dd59457..0000000
--- a/SOURCES/tcpslice-1.2a3-dateformat.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up tcpslice-1.2a3/tcpslice.c.orig tcpslice-1.2a3/tcpslice.c
---- tcpslice-1.2a3/tcpslice.c.orig 2005-10-25 00:06:26.000000000 +0200
-+++ tcpslice-1.2a3/tcpslice.c 2011-08-24 13:12:53.215962428 +0200
-@@ -404,7 +404,9 @@ fill_tm(char *time_string, int is_delta,
-
- while (isdigit(*t_stop))
- ++t_stop;
-- if (! t_stop)
-+
-+ if (!(*t_stop))
-+ /* we've reached end of string -> bad date format */
- error("bad date format %s, problem starting at %s",
- time_string, t_start);
-
diff --git a/SOURCES/tcpslice-1.2a3-time.patch b/SOURCES/tcpslice-1.2a3-time.patch
deleted file mode 100644
index c59448d..0000000
--- a/SOURCES/tcpslice-1.2a3-time.patch
+++ /dev/null
@@ -1,71 +0,0 @@
---- tcpslice-1.2a3.orig/search.c 2000-09-10 10:52:40.000000000 +0200
-+++ tcpslice-1.2a3/search.c 2006-07-28 14:56:55.000000000 +0200
-@@ -53,7 +53,7 @@
- /* Size of a packet header in bytes; easier than typing the sizeof() all
- * the time ...
- */
--#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr ))
-+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr ))
-
- extern int snaplen;
-
-@@ -111,16 +111,24 @@
- static void
- extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr )
- {
-- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr));
-+ struct pcap_sf_pkthdr hdri;
-+
-+ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr));
-
- if ( pcap_is_swapped( p ) )
- {
-- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
-- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
-- hdr->len = SWAPLONG(hdr->len);
-- hdr->caplen = SWAPLONG(hdr->caplen);
-+ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec);
-+ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec);
-+ hdr->len = SWAPLONG(hdri.len);
-+ hdr->caplen = SWAPLONG(hdri.caplen);
-+ }
-+ else
-+ {
-+ hdr->ts.tv_sec = hdri.ts.tv_sec;
-+ hdr->ts.tv_usec = hdri.ts.tv_usec;
-+ hdr->len = hdri.len;
-+ hdr->caplen = hdri.caplen;
- }
--
- /*
- * From bpf/libpcap/savefile.c:
- *
---- tcpslice-1.2a3.orig/tcpslice.h 1995-11-02 00:40:53.000000000 +0100
-+++ tcpslice-1.2a3/tcpslice.h 2006-07-28 14:56:55.000000000 +0200
-@@ -20,6 +20,26 @@
- */
-
-
-+#include <time.h>
-+/* #include <net/bpf.h> */
-+
-+/*
-+ * This is a timeval as stored in disk in a dumpfile.
-+ * It has to use the same types everywhere, independent of the actual
-+ * `struct timeval'
-+ */
-+
-+struct pcap_timeval {
-+ bpf_int32 tv_sec; /* seconds */
-+ bpf_int32 tv_usec; /* microseconds */
-+};
-+
-+struct pcap_sf_pkthdr {
-+ struct pcap_timeval ts; /* time stamp */
-+ bpf_u_int32 caplen; /* length of portion present */
-+ bpf_u_int32 len; /* length this packet (off wire) */
-+};
-+
- time_t gwtm2secs( struct tm *tm );
-
- int sf_find_end( struct pcap *p, struct timeval *first_timestamp,
diff --git a/SOURCES/tcpslice-CVS.20010207-bpf.patch b/SOURCES/tcpslice-CVS.20010207-bpf.patch
deleted file mode 100644
index 8aaad3b..0000000
--- a/SOURCES/tcpslice-CVS.20010207-bpf.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur tcpdump-3.8.1/tcpslice/tcpslice.c tcpdump-3.8.1.new/tcpslice/tcpslice.c
---- tcpslice/tcpslice.c 2004-01-15 17:35:53.000000000 +0100
-+++ tcpslice/tcpslice.c 2004-01-15 16:12:57.000000000 +0100
-@@ -35,7 +35,7 @@
- #include <sys/file.h>
- #include <sys/stat.h>
-
--#include <net/bpf.h>
-+/* #include <net/bpf.h> */
-
- #include <ctype.h>
- #ifdef HAVE_FCNTL_H
diff --git a/SPECS/tcpdump.spec b/SPECS/tcpdump.spec
index 7e32478..63cdd6c 100644
--- a/SPECS/tcpdump.spec
+++ b/SPECS/tcpdump.spec
@@ -1,29 +1,30 @@
Summary: A network traffic monitoring tool
Name: tcpdump
Epoch: 14
-Version: 4.5.1
-Release: 3%{?dist}
+Version: 4.9.0
+Release: 5%{?dist}
License: BSD with advertising
URL: http://www.tcpdump.org
Group: Applications/Internet
Requires(pre): shadow-utils
-BuildRequires: openssl-devel libpcap-devel
-BuildRequires: automake sharutils
+BuildRequires: automake sharutils openssl-devel libcap-ng-devel libpcap-devel git
Source0: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz
Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
-Patch1: tcpdump-4.0.0-portnumbers.patch
-Patch2: tcpdump-4.0.0-icmp6msec.patch
-Patch3: tcpdump-4.5.0-gethostby.patch
-Patch4: tcpdump-4.4.0-eperm.patch
-Patch5: tcpslice-1.2a3-time.patch
-Patch6: tcpslice-CVS.20010207-bpf.patch
-Patch7: tcpslice-1.2a3-dateformat.patch
-Patch8: 0001-Introduce-time-stamp-precision.patch
-Patch9: 0002-Give-more-details-for-time-stamp-precision.patch
-Patch10: 0003-Check-for-TLV-length-too-small.patch
-Patch11: 0004-Print-checksum-in-hex-and-print-the-actual-checksum-.patch
+Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
+Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
+# Patch 0003 removed
+Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
+Patch0005: 0005-tcpslice-remove-unneeded-include.patch
+Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
+Patch0007: 0007-Introduce-nn-option.patch
+Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
+Patch0009: 0009-Change-P-to-Q-and-print-warning.patch
+Patch0010: 0010-Change-n-flag-to-nn-in-TESTonce.patch
+Patch0011: 0011-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
+Patch0012: 0012-Disable-tests-that-require-newer-version-of-libpcap.patch
+Patch0013: 0013-Make-default-capture-buffer-size-bigger.patch
%define tcpslice_dir tcpslice-1.2a3
@@ -36,27 +37,10 @@ the packet headers, or just the ones that match particular criteria.
Install tcpdump if you need a program to monitor network traffic.
%prep
-%setup -q -a 1
-
-%patch1 -p1 -b .portnumbers
-%patch2 -p1 -b .icmp6msec
-%patch3 -p1 -b .gethostby
-%patch4 -p1 -b .eperm
-%patch8 -p1 -b .tstamp
-%patch9 -p1 -b .tstamp-details
-%patch10 -p1 -b .cdp
-%patch11 -p1 -b .cdp-checksum
-
-pushd %{tcpslice_dir}
-%patch5 -p1 -b .time
-%patch6 -p1 -b .bpf
-%patch7 -p1 -b .dateformat
-popd
-
-find . -name '*.c' -o -name '*.h' | xargs chmod 644
+%autosetup -a 1 -S git
%build
-export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing"
+export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing -DHAVE_GETNAMEINFO"
pushd %{tcpslice_dir}
# update config.{guess,sub}
@@ -69,7 +53,7 @@ popd
make %{?_smp_mflags}
%check
-#make check
+make check
%install
mkdir -p ${RPM_BUILD_ROOT}%{_libdir}
@@ -103,6 +87,33 @@ exit 0
%{_mandir}/man8/tcpdump.8*
%changelog
+* Tue May 09 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.9.0-5
+- Resolves: #1441597; use bigger capture buffer than in upstream
+
+* Thu Apr 20 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.9.0-4
+- Drop downstream patch (drop root privileges)
+- Add libcap-ng as a new build dependency
+- Related: #1262283
+
+* Tue Apr 11 2017 root - 14:4.9.0-3
+- Fix tests according to our patches and libpcap version
+
+* Fri Mar 17 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.9.0-2
+- Use getnameinfo instead of gethostbyaddr
+
+* Mon Feb 20 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.9.0-1
+- New upstream version 4.9.0. Resolves: #1422473
+- Add legacy -P switch with warning. Related to #1422473 and #1292056
+
+* Wed Jan 04 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.5.1-6
+- Drop root before creating any dump file. Resolves: #1262283
+
+* Wed Jan 04 2017 Martin Sehnoutka <msehnout@redhat.com> - 14:4.5.1-5
+- Use -Q instead of -P to set capture direction. Resolves: #1292056
+
+* Fri Dec 09 2016 Martin Sehnoutka <msehnout@redhat.com> - 14:4.5.1-4
+- Fix segfault with --help option. Resolves: #1297812
+
* Thu Jun 18 2015 Michal Sekletar <msekleta@redhat.com> - 14:4.5.1-3
- add support for nano second timestamps (#1151406)
- fix cdp dissector, allow zero-length data frames (#1231246)