head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.2 netbsd-11-0-RC3:1.1.1.2 tcpdump-4-99-6:1.1.1.3 netbsd-11-0-RC2:1.1.1.2 netbsd-11-0-RC1:1.1.1.2 perseant-exfatfs-base-20250801:1.1.1.2 netbsd-11:1.1.1.2.0.2 netbsd-11-base:1.1.1.2 tcpdump-4-99-5:1.1.1.2 perseant-exfatfs-base-20240630:1.1.1.1 perseant-exfatfs:1.1.1.1.0.2 perseant-exfatfs-base:1.1.1.1 tcpdump-4-99-4:1.1.1.1 TCPDUMP:1.1.1; locks; strict; comment @# @; 1.1 date 2023.08.17.15.57.15; author christos; state Exp; branches 1.1.1.1; next ; commitid 6SL2uKbgSix3J9BE; 1.1.1.1 date 2023.08.17.15.57.15; author christos; state Exp; branches 1.1.1.1.2.1; next 1.1.1.2; commitid 6SL2uKbgSix3J9BE; 1.1.1.2 date 2024.09.02.15.50.12; author christos; state Exp; branches; next 1.1.1.3; commitid E0666bfLa9iupfoF; 1.1.1.3 date 2026.03.19.00.00.55; author christos; state Exp; branches; next ; commitid eaFgVHJVXxuJ3wyG; 1.1.1.1.2.1 date 2025.08.02.05.23.29; author perseant; state Exp; branches; next ; commitid 23j6GFaDws3O875G; desc @@ 1.1 log @Initial revision @ text @#!/usr/bin/env perl # # Were we told where to find tcpdump? # if (!($TCPDUMP = $ENV{TCPDUMP_BIN})) { # # No. Use the appropriate path. # if ($^O eq 'MSWin32') { # # XXX - assume, for now, a Visual Studio debug build, so that # tcpdump is in the Debug subdirectory. # $TCPDUMP = "Debug\\tcpdump" } else { $TCPDUMP = "./tcpdump" } } # # Make true and false work as Booleans. # use constant true => 1; use constant false => 0; use File::Basename; use POSIX qw( WEXITSTATUS WIFEXITED); use Cwd qw(abs_path getcwd); use File::Path qw(mkpath); # mkpath works with ancient perl, as well as newer perl use File::Spec; use Data::Dumper; # for debugging. # these are created in the directory where we are run, which might be # a build directory. my $newdir = "tests/NEW"; my $diffdir= "tests/DIFF"; mkpath($newdir); mkpath($diffdir); my $origdir = getcwd(); my $srcdir = $ENV{'srcdir'} || "."; # Default to unified diff and allow to fall back to basic diff if necessary. my $diff_flags = defined $ENV{'DIFF_FLAGS'} ? $ENV{'DIFF_FLAGS'} : '-u'; # # Force UTC, so time stamps are printed in a standard time zone, and # tests don't have to be run in the time zone in which the output # file was generated. # $ENV{'TZ'}='GMT0'; # # Get the tests directory from $0. # my $testsdir = dirname($0); # # Convert it to an absolute path, so it works even after we do a cd. # $testsdir = abs_path($testsdir); print "Running tests from ${testsdir}\n"; print "with ${TCPDUMP}, version:\n"; system "${TCPDUMP} --version"; unshift(@@INC, $testsdir); $passedcount = 0; $failedcount = 0; # my $failureoutput=$origdir . "/tests/failure-outputs.txt"; # truncate the output file open(FAILUREOUTPUT, ">" . $failureoutput); close(FAILUREOUTPUT); $confighhash = undef; sub showfile { local($path) = @@_; # # XXX - just do this directly in Perl? # if ($^O eq 'MSWin32') { my $winpath = File::Spec->canonpath($path); system "type $winpath"; } else { system "cat $path"; } } sub runtest { local($name, $input, $output, $options) = @@_; my $r; $outputbase = basename($output); my $coredump = false; my $status = 0; my $linecount = 0; my $rawstderrlog = "tests/NEW/${outputbase}.raw.stderr"; my $stderrlog = "tests/NEW/${outputbase}.stderr"; my $diffstat = 0; my $errdiffstat = 0; # we used to do this as a nice pipeline, but the problem is that $r fails to # to be set properly if the tcpdump core dumps. # # Furthermore, on Windows, fc can't read the standard input, so we # can't do it as a pipeline in any case. $r = system "$TCPDUMP -# -n -r $input $options >tests/NEW/${outputbase} 2>${rawstderrlog}"; if($r != 0) { # # Something other than "tcpdump opened the file, read it, and # dissected all the packets". What happened? # # We write out an exit status after whatever the subprocess # wrote out, so it shows up when we diff the expected output # with it. # open(OUTPUT, ">>"."tests/NEW/$outputbase") || die "fail to open $outputbase\n"; if($r == -1) { # failed to start due to error. $status = $!; printf OUTPUT "FAILED TO RUN: status: %d\n", $status; } else { if ($^O eq 'MSWin32' or $^O eq 'msys') { # # On Windows, the return value of system is the lower 8 # bits of the exit status of the process, shifted left # 8 bits. # # If the process crashed, rather than exiting, the # exit status will be one of the EXCEPTION_ values # listed in the documentation for the GetExceptionCode() # macro. # # Those are defined as STATUS_ values, which should have # 0xC in the topmost 4 bits (being fatal error # statuses); some of them have a value that fits in # the lower 8 bits. We could, I guess, assume that # any value that 1) isn't returned by tcpdump and 2) # corresponds to the lower 8 bits of a STATUS_ value # used as an EXCEPTION_ value indicates that tcpdump # exited with that exception. # # However, as we're running tcpdump with system, which # runs the command through cmd.exe, and as cmd.exe # doesn't map the command's exit code to its own exit # code in any straightforward manner, we can't get # that information in any case, so there's no point # in trying to interpret it in that fashion. # $status = $r >> 8; } else { # # On UN*Xes, the return status is a POSIX as filled in # by wait() or waitpid(). # # POSIX offers some calls for analyzing it, such as # WIFSIGNALED() to test whether it indicates that the # process was terminated by a signal, WTERMSIG() to # get the signal number from it, WIFEXITED() to test # whether it indicates that the process exited normally, # and WEXITSTATUS() to get the exit status from it. # # POSIX doesn't standardize core dumps, so the POSIX # calls can't test whether a core dump occurred. # However, all the UN*Xes we are likely to encounter # follow Research UNIX in this regard, with the exit # status containing either 0 or a signal number in # the lower 7 bits, with 0 meaning "exited rather # than being terminated by a signal", the "core dumped" # flag in the 0x80 bit, and, if the signal number is # 0, the exit status in the next 8 bits up. # # This should be cleaned up to use the POSIX calls # from the Perl library - and to define an additional # WCOREDUMP() call to test the "core dumped" bit and # use that. # # But note also that, as we're running tcpdump with # system, which runs the command through a shell, if # tcpdump crashes, we'll only know that if the shell # maps the signal indication and uses that as its # exit status. # # The good news is that the Bourne shell, and compatible # shells, have traditionally done that. If the process # for which the shell reports the exit status terminates # with a signal, it adds 128 to the signal number and # returns that as its exit status. (This is why the # "this is now working right" behavior described in a # comment below is occurring.) # # As tcpdump itself never returns with an exit status # >= 128, we can try checking for an exit status with # the 0x80 bit set and, if we have one, get the signal # number from the lower 7 bits of the exit status. We # can't get the "core dumped" indication from the # shell's exit status; all we can do is check whether # there's a core file. # if( $r & 128 ) { $coredump = $r & 127; } if( WIFEXITED($r)) { $status = WEXITSTATUS($r); } } if($coredump || $status) { printf OUTPUT "EXIT CODE %08x: dump:%d code: %d\n", $r, $coredump, $status; } else { printf OUTPUT "EXIT CODE %08x\n", $r; } $r = 0; } close(OUTPUT); } if($r == 0) { # # Compare tcpdump's output with what we think it should be. # If tcpdump failed to produce output, we've produced our own # "output" above, with the exit status. # if ($^O eq 'MSWin32') { my $winoutput = File::Spec->canonpath($output); $r = system "fc /lb1000 /t /1 $winoutput tests\\NEW\\$outputbase >tests\\DIFF\\$outputbase.diff"; $diffstat = $r >> 8; } else { $r = system "diff $diff_flags $output tests/NEW/$outputbase >tests/DIFF/$outputbase.diff"; $diffstat = WEXITSTATUS($r); } } # process the standard error file, sanitize "reading from" line, # and count lines $linecount = 0; open(ERRORRAW, "<" . $rawstderrlog); open(ERROROUT, ">" . $stderrlog); while() { next if /^$/; # blank lines are boring if(/^(reading from file )(.*)(,.*)$/) { my $filename = basename($2); print ERROROUT "${1}${filename}${3}\n"; next; } print ERROROUT; $linecount++; } close(ERROROUT); close(ERRORRAW); if ( -f "$output.stderr" ) { # # Compare the standard error with what we think it should be. # if ($^O eq 'MSWin32') { my $winoutput = File::Spec->canonpath($output); my $canonstderrlog = File::Spec->canonpath($stderrlog); $nr = system "fc /lb1000 /t /1 $winoutput.stderr $canonstderrlog >tests\DIFF\$outputbase.stderr.diff"; $errdiffstat = $nr >> 8; } else { $nr = system "diff $output.stderr $stderrlog >tests/DIFF/$outputbase.stderr.diff"; $errdiffstat = WEXITSTATUS($nr); } if($r == 0) { $r = $nr; } } if($r == 0) { if($linecount == 0 && $status == 0) { unlink($stderrlog); } else { $errdiffstat = 1; } } #print sprintf("END: %08x\n", $r); if($r == 0) { if($linecount == 0) { printf " %-40s: passed\n", $name; } else { printf " %-40s: passed with error messages:\n", $name; showfile($stderrlog); } unlink "tests/DIFF/$outputbase.diff"; return 0; } # must have failed! printf " %-40s: TEST FAILED(exit core=%d/diffstat=%d,%d/r=%d)", $name, $coredump, $diffstat, $errdiffstat, $r; open FOUT, '>>tests/failure-outputs.txt'; printf FOUT "\nFailed test: $name\n\n"; close FOUT; if(-f "tests/DIFF/$outputbase.diff") { # # XXX - just do this directly in Perl? # if ($^O eq 'MSWin32') { system "type tests\\DIFF\\$outputbase.diff >> tests\\failure-outputs.txt"; } else { system "cat tests/DIFF/$outputbase.diff >> tests/failure-outputs.txt"; } } if($r == -1) { print " (failed to execute: $!)\n"; return(30); } # this is not working right, $r == 0x8b00 when there is a core dump. # clearly, we need some platform specific perl magic to take this apart, so look for "core" # too. # In particular, on Solaris 10 SPARC an alignment problem results in SIGILL, # a core dump and $r set to 0x00008a00 ($? == 138 in the shell). if($r & 127 || -f "core") { my $with = ($r & 128) ? 'with' : 'without'; if(-f "core") { $with = "with"; } printf " (terminated with signal %u, %s coredump)", ($r & 127), $with; if($linecount == 0) { print "\n"; } else { print " with error messages:\n"; showfile($stderrlog); } return(($r & 128) ? 10 : 20); } if($linecount == 0) { print "\n"; } else { print " with error messages:\n"; showfile($stderrlog); } return(5); } sub loadconfighash { if(defined($confighhash)) { return $confighhash; } $main::confighhash = {}; # this could be loaded once perhaps. open(CONFIG_H, "config.h") || die "Can not open config.h: $!\n"; while() { chomp; if(/^\#define (.*) 1/) { #print "Setting $1\n"; $main::confighhash->{$1} = 1; } } close(CONFIG_H); #print Dumper($main::confighhash); # also run tcpdump --fp-type to get the type of floating-point # arithmetic we're doing, setting a HAVE_{fptype} key based # on the value it prints open(FPTYPE_PIPE, "$TCPDUMP --fp-type |") or die("piping tcpdump --fp-type failed\n"); my $fptype_val = ; close(FPTYPE_PIPE); my $have_fptype; if($fptype_val == "9877.895") { $have_fptype = "HAVE_FPTYPE1"; } else { $have_fptype = "HAVE_FPTYPE2"; } $main::confighhash->{$have_fptype} = 1; # and check whether this is OpenBSD, as one test fails in OpenBSD # due to the sad hellscape of low-numbered DLT_ values, due to # 12 meaning "OpenBSD loopback" rather than "raw IP" on OpenBSD if($^O eq "openbsd") { $main::confighhash->{"IS_OPENBSD"} = 1; } return $main::confighhash; } sub runOneComplexTest { local($testconfig) = @@_; my $output = $testconfig->{output}; my $input = $testconfig->{input}; my $name = $testconfig->{name}; my $options= $testconfig->{args}; my $foundit = 1; my $unfoundit=1; my $configset = $testconfig->{config_set}; my $configunset = $testconfig->{config_unset}; my $ch = loadconfighash(); #print Dumper($ch); if(defined($configset)) { $foundit = ($ch->{$configset} == 1); } if(defined($configunset)) { $unfoundit=($ch->{$configunset} != 1); } if(!$foundit) { printf " %-40s: skipped (%s not set)\n", $name, $configset; return 0; } if(!$unfoundit) { printf " %-40s: skipped (%s set)\n", $name, $configunset; return 0; } #use Data::Dumper; #print Dumper($testconfig); # EXPAND any occurrences of @@TESTDIR@@ to $testsdir $options =~ s/\@@TESTDIR\@@/$testsdir/; my $result = runtest($name, $testsdir . "/" . $input, $testsdir . "/" . $output, $options); if($result == 0) { $passedcount++; } else { $failedcount++; } } # *.tests files are PERL hash definitions. They should create an array of hashes # one per test, and place it into the variable @@testlist. sub runComplexTests { my @@files = glob( $testsdir . '/*.tests' ); foreach $file (@@files) { my @@testlist = undef; my $definitions; print "FILE: ${file}\n"; open(FILE, "<".$file) || die "can not open $file: $!"; { local $/ = undef; $definitions = ; } close(FILE); #print "STUFF: ${definitions}\n"; eval $definitions; if(defined($testlist)) { #use Data::Dumper; #print Dumper($testlist); foreach $test (@@$testlist) { runOneComplexTest($test); } } else { warn "File: ${file} could not be loaded as PERL: $!"; } } } sub runSimpleTests { local($only)=@@_; open(TESTLIST, "<" . "${testsdir}/TESTLIST") || die "no ${testsdir}/TESTFILE: $!\n"; while() { next if /^\#/; next if /^$/; unlink("core"); ($name, $input, $output, @@options) = split; #print "processing ${only} vs ${name}\n"; next if(defined($only) && $only ne $name); my $options = join(" ", @@options); #print "@@{options} becomes ${options}\n"; my $hash = { name => $name, input=> $input, output=>$output, args => $options }; runOneComplexTest($hash); } } if(scalar(@@ARGV) == 0) { runSimpleTests(); runComplexTests(); } else { runSimpleTests($ARGV[0]); } # exit with number of failing tests. print "------------------------------------------------\n"; printf("%4u tests failed\n",$failedcount); printf("%4u tests passed\n",$passedcount); showfile(${failureoutput}); exit $failedcount; @ 1.1.1.1 log @Import tcpdump-4.99.4 (last was 4.9.3) Friday, April 7, 2023 / The Tcpdump Group Summary for 4.99.4 tcpdump release Source code: Fix spaces before tabs in indentation. Updated printers: LSP ping: Fix "Unused value" warnings from Coverity. CVE-2023-1801: Fix an out-of-bounds write in the SMB printer. DNS: sync resource types with IANA. ICMPv6: Update the output to show a RPL DAO field name. Geneve: Fix the Geneve UDP port test. Building and testing: Require at least autoconf 2.69. Don't check for strftime(), as it's in C90 and beyond. Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21. Documentation: man: Document TCP flag names better. Thursday, January 12, 2023 / The Tcpdump Group Summary for 4.99.3 tcpdump release Updated printers: PTP: Use the proper values for the control field and print un-allocated values for the message field as "Reserved" instead of "none". Source code: smbutil.c: Replace obsolete function call (asctime) Building and testing: cmake: Update the minimum required version to 2.8.12 (except Windows). CI: Introduce and use TCPDUMP_CMAKE_TAINTED. Makefile.in: Add the releasecheck target. Makefile.in: Add "make -s install" in the releasecheck target. Cirrus CI: Run the "make releasecheck" command in the Linux task. Makefile.in: Add the whitespacecheck target. Cirrus CI: Run the "make whitespacecheck" command in the Linux task. Address all shellcheck warnings in update-test.sh. Makefile.in: Get rid of a remain of gnuc.h. Documentation: Reformat the installation notes (INSTALL.txt) in Markdown. Convert CONTRIBUTING to Markdown. CONTRIBUTING.md: Document the use of "protocol: " in a commit summary. Add a README file for NetBSD. Fix CMake build to set man page section numbers in tcpdump.1 Saturday, December 31, 2022 / The Tcpdump Group Summary for 4.99.2 tcpdump release Updated printers: BGP: Update cease notification decoding to RFC 9003. BGP: decode BGP link-bandwidth extended community properly. BGP: Fix parsing the AIGP attribute BGP: make sure the path attributes don't go past the end of the packet. BGP: Shutdown message can be up to 255 bytes length according to rfc9003 DSA: correctly determine VID. EAP: fix some length checks and output issues. 802.11: Fix the misleading comment regarding "From DS", "To DS" Frame Control Flags. 802.11: Fetch the CF and TIM IEs a field at a time. 802.15.4, BGP, LISP: fix some length checks, compiler warnings, and undefined behavior warnings. PFLOG: handle LINKTYPE_PFLOG/DLT_PFLOG files from all OSes on all OSes. RRCP: support more Realtek protocols than just RRCP. MPLS: show the EXP field as TC, as per RFC 5462. ICMP: redo MPLS Extension code as general ICMP Extension code. VQP: Do not print unknown error codes twice. Juniper: Add some bounds checks. Juniper: Don't treat known DLT_ types as "Unknown". lwres: Fix a length check, update a variable type. EAP: Fix some undefined behaviors at runtime. Ethernet: Rework the length checks, add a length check. IPX: Add two length checks. Zephyr: Avoid printing non-ASCII characters. VRRP: Print the protocol name before any GET_(). DCCP: Get rid of trailing commas in lists. Juniper: Report invalid packets as invalid, not truncated. IPv6: Remove an obsolete code in an always-false #if wrapper. ISAKMP: Use GET_U_1() to replace a direct dereference. RADIUS: Use GET_U_1() to replace a direct dereference. TCP: Fix an invalid check. RESP: Fix an invalid check. RESP: Remove an unnecessary test. Arista: Refine the output format and print HwInfo. sFlow: add support for IPv6 agent, add a length check. VRRP: add support for IPv6. OSPF: Update to match the Router Properties registry. OSPF: Remove two unnecessary dereferences. OSPF: Add support bit Nt RFC3101. OSPFv3: Remove two unnecessary dereferences. ICMPv6: Fix output for Router Renumbering messages. ICMPv6: Fix the Node Information flags. ICMPv6: Remove an unused macro and extra blank lines. ICMPv6: Add a length check in the rpl_dio_print() function. ICMPv6: Use GET_IP6ADDR_STRING() in the rpl_dio_print() function. IPv6: Add some checks for the Hop-by-Hop Options header IPv6: Add a check for the Jumbo Payload Hop-by-Hop option. NFS: Fix the format for printing an unsigned int PTP: fix printing of the correction fields PTP: Use ND_LCHECK_U for checking invalid length. WHOIS: Add its own printer source file and printer function MPTCP: print length before subtype inside MPTCP options ESP: Add a workaround to a "use-of-uninitialized-value". PPP: Add tests to avoid incorrectly re-entering ppp_hdlc(). PPP: Don't process further if protocol is unknown (-e option). PPP: Change the pointer to packet data. ZEP: Add three length checks. Add some const qualifiers. Building and testing: Update config.guess and config.sub. Use AS_HELP_STRING macro instead of AC_HELP_STRING. Handle some Autoconf/make errors better. Fix an error when cross-compiling. Use "git archive" for the "make releasetar" process. Remove the release candidate rcX targets. Mend "make check" on Solaris 9 with Autoconf. Address assorted compiler warnings. Fix auto-enabling of Capsicum on FreeBSD with Autoconf. Treat "msys" as Windows for test exit statuses. Clean up some help messages in configure. Use unified diff by default. Remove awk code from mkdep. Fix configure test errors with Clang 15 CMake: Prevent stripping of the RPATH on installation. AppVeyor CI: update Npcap site, update to 1.12 SDK. Cirrus CI: Use the same configuration as for the main branch. CI: Add back running tcpdump -J/-L and capture, now with Cirrus VMs. Remove four test files (They are now in the libpcap tests directory). On Solaris, for 64-bit builds, use the 64-bit pcap-config. Tell CMake not to check for a C++ compiler. CMake: Add a way to request -Werror and equivalents. configure: Special-case macOS /usr/bin/pcap-config as we do in CMake. configure: Use pcap-config --static-pcap-only if available. configure: Use ac_c_werror_flag to force unknown compiler flags to fail. configure: Use AC_COMPILE_IFELSE() and AC_LANG_SOURCE() for testing flags. Run the test that fails on OpenBSD only if we're not on OpenBSD. Source code: Fix some snapend-changing routines to protect against pointer underflow. Use __func__ from C99 in some function calls. Memory allocator: Update nd_add_alloc_list() to a static function. addrtoname.c: Fix two invalid tests. Use more S_SUCCESS and S_ERR_HOST_PROGRAM in main(). Add some comments about "don't use GET_IP6ADDR_STRING()". Assign ndo->ndo_packetp in pretty_print_packet(). Add ND_LCHECKMSG_U, ND_LCHECK_U, ND_LCHECKMSG_ZU and ND_LCHECK_ZU macros. Update tok2strbuf() to a static function. netdissect.h: Keep the link-layer dissectors names sorted. setsignal(): Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP) to avoid corrupting binary pcap output. Use __builtin_unreachable(). Fail if nd_push_buffer() or nd_push_snaplen() fails. Improve code style and fix many typos. Documentation: Some man page cleanups. Update the print interface for the packet count to stdout. Note that we require compilers to support at least some of C99. Update AIX and Solaris-related specifics. INSTALL.txt: Add doc/README.*, delete the deleted win32 directory. Update README.md and README.Win32.md. Update some comments with new RFC numbers. Wednesday, June 9, 2021 by gharris Summary for 4.99.1 tcpdump release Source code: Squelch some compiler warnings ICMP: Update the snapend for some nested IP packets. MACsec: Update the snapend thus the ICV field is not payload for the caller. EIGRP: Fix packet header fields SMB: Disable printer by default in CMake builds OLSR: Print the protocol name even if the packet is invalid MSDP: Print ": " before the protocol name ESP: Remove padding, padding length and next header from the buffer DHCPv6: Update the snapend for nested DHCPv6 packets OpenFlow 1.0: Get snapend right for nested frames. TCP: Update the snapend before decoding a MPTCP option Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks ForCES: Refine SPARSEDATA-TLV length check. ASCII/hex: Use nd_trunc_longjmp() in truncation cases GeoNet: Add a ND_TCHECK_LEN() call Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). BGP: Fix overwrites of global 'astostr' temporary buffer ARP: fix overwrites of static buffer in q922_string(). Frame Relay: have q922_string() handle errors better. Building and testing: Rebuild configure script when building release Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: man: Update a reference as www.cifs.org is gone. [skip ci] man: Update DNS sections Solaris: Fix a compile error with Sun C Wednesday, December 30, 2020, by mcr@@sandelman.ca, denis and fxl. Summary for 4.99.0 tcpdump release CVE-2018-16301: For the -F option handle large input files safely. Improve the contents, wording and formatting of the man page. Print unsupported link-layer protocol packets in hex. Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. User interface: Make SLL2 the default for Linux "any" pseudo-device. Add --micro and --nano shorthands. Add --count to print a counter only instead of decoding. Add --print, to cause packet printing even with -w. Add support for remote capture if libpcap supports it. Display the "wireless" flag and connection status. Flush the output packet buffer on a SIGUSR2. Add the snapshot length to the "reading from file ..." message. Fix local time printing (DST offset in timestamps). Allow -C arguments > 2^31-1 GB if they can fit into a long. Handle very large -f files by rejecting them. Report periodic stats only when safe to do so. Print the number of packets captured only as often as necessary. With no -s, or with -s 0, don't specify the snapshot length with newer versions of libpcap. Improve version and usage message printing. Building and testing: Install into bindir, not sbindir. autoconf: replace --with-system-libpcap with --disable-local-libpcap. Require the compiler to support C99. Better detect and use various C compilers and their features. Add CMake as the second build system. Make out-of-tree builds more reliable. Use pkg-config to detect libpcap if available. Improve Windows support. Add more tests and improve the scripts that run them. Test both with "normal" and "x87" floating-point. Eliminate dependency on libdnet. FreeBSD: Print a proper error message about monitor mode VAP. Use libcasper if available. Fix failure to capture on RDMA device. Include the correct capsicum header. Source code: Start the transition to longjmp() for packet truncation handling. Introduce new helper functions, including GET_*(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. Put integer signedness right in many cases. Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. Fix many C compiler, Coverity, UBSan and cppcheck warnings. Fix issues detected with AddressSanitizer. Remove many workarounds for older compilers and OSes. Add a sanity check on packet header length. Add and remove plenty of bounds checks. Clean up pcap_findalldevs() call to find the first interface. Use a short timeout, rather than immediate mode, for text output. Handle DLT_ENC files *not* written on the same OS and byte-order host. Add, and use, macros to do locale-independent case mapping. Use a table instead of getprotobynumber(). Get rid of ND_UNALIGNED and ND_TCHECK(). Make roundup2() generally available. Resync SMI list against Wireshark. Fix many typos. @ text @@ 1.1.1.1.2.1 log @Sync with HEAD @ text @d15 1 a15 1 $TCPDUMP = "Debug\\tcpdump.exe" a68 1 $skippedcount = 0; d100 2 a101 2 my $rawstderrlog = "${newdir}/${outputbase}.raw.stderr"; my $stderrlog = "${newdir}/${outputbase}.stderr"; d110 1 a110 10 if (index($options, "SPECIAL_t") != -1) { # Hack to keep specific time options for tcp-handshake-micro-t, etc. # -t, -tt, etc. $options =~ s/ SPECIAL_t//; } else { # No specific time option, use -tttt $options .= " -tttt"; } $r = system "$TCPDUMP -# -n -r $input $options >${newdir}/${outputbase} 2>${rawstderrlog}"; d120 1 a120 1 open(OUTPUT, ">>"."${newdir}/$outputbase") || die "fail to open $outputbase\n"; d228 1 a228 3 my $winnewdir = File::Spec->canonpath($newdir); my $windiffdir = File::Spec->canonpath($diffdir); $r = system "fc /lb1000 /t /1 $winoutput ${winnewdir}\\$outputbase >${windiffdir}\\$outputbase.diff"; d231 1 a231 1 $r = system "diff $diff_flags $output ${newdir}/$outputbase >${diffdir}/$outputbase.diff"; a259 1 my $windiffdir = File::Spec->canonpath($diffdir); d261 1 a261 1 $nr = system "fc /lb1000 /t /1 $winoutput.stderr $canonstderrlog >${windiffdir}\\$outputbase.stderr.diff"; d264 1 a264 1 $nr = system "diff $output.stderr $stderrlog >${diffdir}/$outputbase.stderr.diff"; d289 1 a289 1 unlink "${diffdir}/$outputbase.diff"; d297 1 a297 1 if(-f "${diffdir}/$outputbase.diff") { d302 1 a302 2 my $windiffdir = File::Spec->canonpath($diffdir); system "type ${windiffdir}\\$outputbase.diff >> tests\\failure-outputs.txt"; d304 1 a304 1 system "cat ${diffdir}/$outputbase.diff >> tests/failure-outputs.txt"; a371 1 printf "$TCPDUMP --fp-type => %s\n", $have_fptype; a408 1 $skippedcount++; a413 1 $skippedcount++; a497 1 printf("%4u tests skipped\n",$skippedcount); @ 1.1.1.2 log @Import tcpdump-4.99.5, previous was 4.99.4 Friday, August 30, 2024 / The Tcpdump Group Summary for 4.99.5 tcpdump release Refine protocol decoding for: Arista: Use the test .pcap file from pull request #955 (HwInfo). BGP: Fix an undefined behavior when it tries to parse a too-short packet. CARP: Print the protocol name before any GET_(). CDP: only hex-dump unknown TLVs in verbose mode. DHCP: parse the SZTP redirect tag. DHCPv6: client-id/server-id DUID type 2 correction; parse the user class, boot file URL, and SZTP redirect options; add DUID-UUID printing (RFC6355). DNS: Detect and correctly handle too-short URI RRs. EAP: Assign ndo_protocol in the eap_print() function. ESP: Don't use EVP_add_cipher_alias() (fixes building on OpenBSD 7.5). Frame Relay (Multilink): Fix the Timestamp Information Element printing. ICMPv6: Fix printing the Home Agent Address Discovery Reply Message. IEEE 802.11: no need for an element ID in the structures for IEs, make the length in the IE structures a u_int, include the "TA" field while printing Block Ack Control frame. IP: Enable TSO (TCP Segmentation Offload) support; fix printing invalid cases as invalid, not truncated; use ND_ICHECKMSG_ZU() to test the header length. IPv6: Fix printing invalid cases as invalid, not truncated; use ND_ICHECKMSG_U() to print an invalid version. IPv6: Fix invalid 32-bit versus 64-bit printouts of fragment headers. ISAKMP: Fix printing Delete payload SPI when size is zero. Kerberos: Print the protocol name, remove a redundant bounds check. lwres: Fix an undefined behavior in pointer arithmetic. OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of some lengths, and fix handling of snapend. TCP: Test ports < 1024 in port order to select the printer. UDP: Move source port equal BCM_LI_PORT to bottom of long if else chain. UDP: Test ports < 1024 in port order to select the printer. LDP: Add missing fields of the Common Session Parameters TLV and fix the offset for the A&D bits. NFLOG: Use correct AF code points on all OSes. NFS: Avoid printing non-ASCII characters. OSPF: Pad TLVs in LS_OPAQUE_TYPE_RI to multiples of 4 bytes. OSPF: Update LS-Ack printing not to run off the end of the packet. OSPF6: Fix an undefined behavior. pflog: use nd_ types in struct pfloghdr. PPP: Check if there is some data to hexdump. PPP: Remove an extra colon before LCP Callback Operation. Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397; Note: This problem does not affect any tcpdump release. PTP: Fix spelling of type SIGNALING, Parse major and minor version correctly, Print majorSdoId field instead of just the first bit. RIP: Make a couple trivial protocol updates. RPKI-Router: Refine length and bounds checks. RX: Use the "%Y-%m-%d" date format. smbutil.c: Use the "%Y-%m-%d" date format. SNMP: Fix two undefined behaviors. Text protocols: Fix printing truncation if it is not the case. ZEP: Use the "%Y-%m-%d" date format. ZMTP: Replace custom code with bittok2str(). User interface: Print the supported time stamp types (-J) to stdout instead of stderr. Print the list of data link types (-L) to stdout instead of stderr. Use symmetrical quotation characters in error messages. Update --version option to print 32/64-bit build and time_t size. Improve error messages for invalid interface indexes specified with -i. Support "3des" as an alias for "des_ede3_cbc" even if the crypto library doesn't support adding aliases. Source code: tcpdump: Fix a memory leak. child_cleanup: reap as many child processes as possible. Ignore failures when setting the default "any" device DLL to LINUX_SLL2. Fix for backends which doesn't support capsicum. Update ND_BYTES_BETWEEN() macro for better accuracy. Update ND_BYTES_AVAILABLE_AFTER() macro for better accuracy. Introduce new ND_ICHECK*() macros to deduplicate more code. Skip privilege dropping when using -Z root on --with-user builds. Add a nd_printjn() function. Make nd_trunc_longjmp() not static inline. Include from netdissect.h. Remove init_crc10_table() and the entourage. Initialize tzcode early. Capsicum support: Fix a 'not defined' macro error. Update the "Error converting time" tests for packet times. Fix warnings when building for 32-bit and defining _TIME_BITS=64. Free interface list just before exiting where it wasn't being freed. Building and testing: Add a configure option to help debugging (--enable-instrument-functions). At build time require a proof of suitable snprintf(3) implementation in libc (and document Solaris 9 as unsupported because of that). Makefile.in: Add two "touch .devel" commands in the releasecheck target. Autoconf: Get --with-user and --with-chroot right. Autoconf: Fix --static-pcap-only test on Solaris 10. Autoconf: Add some warning flags for clang 13 or newer. Autoconf: Update config.{guess,sub}, timestamps 2024-01-01. Autoconf: Add autogen.sh, remove configure and config.h.in and put these generated files in the release tarball. Autoconf: Update the install-sh script to the 2020-11-14.01 version. configure: Apply autoupdate 2.69. CMake: improve the comment before project(tcpdump C). Do not require vsnprintf(). tests: Use the -tttt option, by default, for the tests. Autoconf, CMake: Get the size of a void * and a time_t. Fix propagation of cc_werr_cflags() output. Makefile.in: Fix the depend target. mkdep: Exit with a non-zero status if a command fails. Autoconf: use V_INCLS to update the list of include search paths. Autoconf: don't put anything before -I and -L flags for local libpcap. Autoconf, CMake: work around an Xcode 15+ issue. Autoconf, CMake: use pkg-config and Homebrew when looking for libcrypto. Fix Sun C invocation from CMake. mkdep: Use TMPDIR if it is set and not null. Add initial support for building with TinyCC. Makefile.in: Use the variable MAKE instead of the make command. Makefile.in: Add instrumentation configuration in releasecheck target. Make various improvements to the TESTrun script. Untangle detection of pcap_findalldevs(). Autoconf: don't use egrep, use $EGREP. Autoconf: check for gethostbyaddr(), not gethostbyname(). Autoconf, CMake: search for gethostbyaddr() in libnetwork. Make illumos build warning-free. Documentation: Fixed errors in doc/README.Win32.md and renamed it to README.windows.md. Make various improvements to the man page. Add initial README file for Haiku. Make various improvements to CONTRIBUTING.md. @ text @d15 1 a15 1 $TCPDUMP = "Debug\\tcpdump.exe" a68 1 $skippedcount = 0; d100 2 a101 2 my $rawstderrlog = "${newdir}/${outputbase}.raw.stderr"; my $stderrlog = "${newdir}/${outputbase}.stderr"; d110 1 a110 10 if (index($options, "SPECIAL_t") != -1) { # Hack to keep specific time options for tcp-handshake-micro-t, etc. # -t, -tt, etc. $options =~ s/ SPECIAL_t//; } else { # No specific time option, use -tttt $options .= " -tttt"; } $r = system "$TCPDUMP -# -n -r $input $options >${newdir}/${outputbase} 2>${rawstderrlog}"; d120 1 a120 1 open(OUTPUT, ">>"."${newdir}/$outputbase") || die "fail to open $outputbase\n"; d228 1 a228 3 my $winnewdir = File::Spec->canonpath($newdir); my $windiffdir = File::Spec->canonpath($diffdir); $r = system "fc /lb1000 /t /1 $winoutput ${winnewdir}\\$outputbase >${windiffdir}\\$outputbase.diff"; d231 1 a231 1 $r = system "diff $diff_flags $output ${newdir}/$outputbase >${diffdir}/$outputbase.diff"; a259 1 my $windiffdir = File::Spec->canonpath($diffdir); d261 1 a261 1 $nr = system "fc /lb1000 /t /1 $winoutput.stderr $canonstderrlog >${windiffdir}\\$outputbase.stderr.diff"; d264 1 a264 1 $nr = system "diff $output.stderr $stderrlog >${diffdir}/$outputbase.stderr.diff"; d289 1 a289 1 unlink "${diffdir}/$outputbase.diff"; d297 1 a297 1 if(-f "${diffdir}/$outputbase.diff") { d302 1 a302 2 my $windiffdir = File::Spec->canonpath($diffdir); system "type ${windiffdir}\\$outputbase.diff >> tests\\failure-outputs.txt"; d304 1 a304 1 system "cat ${diffdir}/$outputbase.diff >> tests/failure-outputs.txt"; a371 1 printf "$TCPDUMP --fp-type => %s\n", $have_fptype; a408 1 $skippedcount++; a413 1 $skippedcount++; a497 1 printf("%4u tests skipped\n",$skippedcount); @ 1.1.1.3 log @Import tcpdump 4.99.6 (previous was 4.99.5) Tuesday, December 30, 2025 / The Tcpdump Group Summary for 4.99.6 tcpdump release Remove protocol decoding for: OTV (draft-hasmit-otv-04, this Internet-Draft is no longer active). Refine protocol decoding for: DNS: Use ND_TCHECK_LEN() instead of a custom bounds check. IPv6: Add a missing comma and remove a colon in the output. TCP: Note if the Urgent Pointer is non-zero while URG flag not set, if the verbose level is > 1 (option -vv and more). TCP: Note if the Acknowledgment Number is non-zero while ACK flag not set, if the verbose level is > 1 (option -vv and more). TCP: Fix Reset segment processing. IP, IPv6: Fix setting the snapshot length for the payload. IP: Use ND_TTEST_LEN() instead of a custom bounds check. frag6: Add a bounds check in non-verbose mode. PTP: Remove spaces before colons in output. PTP: Fix management packet fields. ISO: Avoid undefined behavior and integer overflow in the Fletcher checksum calculation. NFS: Delete dead code. BOOTP: Use an uint16_t variable to get the result of a GET_BE_U_2(). ZEP: use the existing NTP time formatting code. NTP: Fix p_ntp_time_fmt() using epoch 1/epoch 2 convention (RFC 4330). NTP: Update a field name with the RFC 5905 name (Origin Timestamp). IPv6 mobility: Modernize packet parsing and make fixes. IP6OPTS: Modernize packet parsing and make fixes. VXLAN: Add UDP port 8472 used by Linux as the default port. EGP: Replace custom code with tok2str(); Modernize packet parsing and fix printing with -v option. User interface: Add optional unit suffix on -C file size. Improve the handling of size suffixes for -C. Print errors for options -A, -x[x] and -X[X] (mutually exclusive). Print errors about -C, -G and -z options usage. For PCAP_ERROR_CAPTURE_NOTSUP, show the error message provided by libpcap for that error if it's non-empty. Update the -z option processing. Print "invalid option -- z" when it is. Add the -g option, causing IPv4 output in verbose mode to be on one line. Other: Avoid race condition when receiving signal during shutdown. Always show the interface name in error messages when the interface can't be opened. Clean up the message shown if a -i flag is specified with an interface index that's too large. Source code: Fix '-tt' option printing when time > 2106-02-07T06:28:15Z. Add sub-second packet timestamp checks for invalid micro/nano. Remove unused missing/snprintf.c. Fix incompatible pointer types with time functions calls on Windows. Use C99 macros to define 64-bit constants and maximum 64-bit values. Windows: Fixed to find wpcap.dll if WinPcap isn't installed and Npcap was installed without the WinPcap API compatibility option. (GitHub issue #1226). Building and testing: Makefile.in: Use a local libpcap in the releasecheck target. CMake: Fix build with CMake 3.31. autotools, CMake: don't separately test whether snprintf(3) is available and whether it's suitable - the test for whether it's suitable also fails if it's unavailable. CMake: Skip snprintf(3) tests when cross-compiling. autotools, CMake: fix issues with snprintf test and sanitizers. CMake: check whether check_c_source_runs() works, treat the build as a cross-compile if it doesn't work. Autoconf: Use AC_SYS_YEAR2038_RECOMMENDED when possible if the environment variable BUILD_YEAR2038 = yes (via autogen.sh). Autoconf: Avoid incorrectly include the libpcap's config.h. Autoconf: Refine reporting of os-proto.h. Require config.h to be from the tcpdump build. AppVeyor: Update Npcap SDK to 1.15. autogen.sh: Allow to configure Autoconf warnings. autogen.sh: Delete all trailing blank lines at end of configure. @ text @d32 1 d293 2 d367 1 d372 1 a388 11 # run tcpdump --time-t-size to get the size of size_t in bits open(TIMETSIZE_PIPE, "$TCPDUMP --time-t-size |") or die("piping tcpdump --time-t-size failed\n"); my $time_t_size = ; close(TIMETSIZE_PIPE); my $have_time_t_64; if($time_t_size == "64") { $have_time_t_64 = "HAVE_TIME_T_64"; } printf "$TCPDUMP --time-t-size => %s\n", $time_t_size; $main::confighhash->{$have_time_t_64} = 1; d413 1 d434 3 d466 1 d469 2 d491 1 d495 2 @