]> The Tcpdump Group git mirrors - tcpdump/log
tcpdump
7 days agoCI: Add warning exemptions for Sun C (suncc-5.15) on Solaris 10 master
Francois-Xavier Le Bail [Thu, 1 May 2025 11:45:26 +0000 (13:45 +0200)] 
CI: Add warning exemptions for Sun C (suncc-5.15) on Solaris 10

11 days agoCI: Add warning exemptions for Sun C (suncc-5.14) on Solaris 10
Francois-Xavier Le Bail [Sun, 27 Apr 2025 09:33:35 +0000 (11:33 +0200)] 
CI: Add warning exemptions for Sun C (suncc-5.14) on Solaris 10

3 weeks agoAutoconf: Print the GNU C Library version when needed in autogen.sh
Francois-Xavier Le Bail [Wed, 16 Apr 2025 16:15:53 +0000 (18:15 +0200)] 
Autoconf: Print the GNU C Library version when needed in autogen.sh

3 weeks agoCHANGES: Move change(s) backported to 4.99
Francois-Xavier Le Bail [Fri, 11 Apr 2025 15:04:15 +0000 (17:04 +0200)] 
CHANGES: Move change(s) backported to 4.99

[skip ci]

4 weeks agoFix a typo in a comment
Francois-Xavier Le Bail [Thu, 10 Apr 2025 15:39:52 +0000 (17:39 +0200)] 
Fix a typo in a comment

4 weeks agoAvoid -E and -M options inconsistencies with no libcrypto coverity_scan
Francois-Xavier Le Bail [Wed, 9 Apr 2025 17:53:20 +0000 (19:53 +0200)] 
Avoid -E and -M options inconsistencies with no libcrypto

The inconsistencies were:
-E
tcpdump: option requires an argument -- 'E'
-E xxx
tcpdump: WARNING: crypto code not compiled in

-M
tcpdump: option requires an argument -- 'M'
-M xxx
tcpdump: WARNING: crypto code not compiled in

4 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Wed, 9 Apr 2025 06:22:11 +0000 (08:22 +0200)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

4 weeks agoPrint "invalid option -- z" when it is
Francois-Xavier Le Bail [Tue, 8 Apr 2025 07:37:17 +0000 (09:37 +0200)] 
Print "invalid option -- z" when it is

It can only be used if defined(HAVE_FORK) || defined(HAVE_VFORK).
e.g. not on Windows systems.

Update print_usage().

Update the man page.

4 weeks agotcpdump.c: Avoid including two times "netdissect-stdinc.h"
Francois-Xavier Le Bail [Tue, 8 Apr 2025 06:27:50 +0000 (08:27 +0200)] 
tcpdump.c: Avoid including two times "netdissect-stdinc.h"

4 weeks agoSuppress bogus C4738 from MSVC.
Guy Harris [Mon, 7 Apr 2025 21:00:24 +0000 (14:00 -0700)] 
Suppress bogus C4738 from MSVC.

Our trick to extract a big-endian IEEE floating-point number from a
packet confuses MSVC into thinking we're doing something we're not
doing, or maybe just that we might do so somewhere that it can't see.
Suppress the resulting warning.

This should fix issue #1318.

4 weeks agoRename a #define that's also define by Illumos.
Guy Harris [Mon, 7 Apr 2025 21:13:09 +0000 (14:13 -0700)] 
Rename a #define that's also define by Illumos.

4 weeks agoRemove "\n" in error() calls: It is added in the function
Francois-Xavier Le Bail [Mon, 7 Apr 2025 12:04:46 +0000 (14:04 +0200)] 
Remove "\n" in error() calls: It is added in the function

4 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Mon, 7 Apr 2025 10:53:06 +0000 (12:53 +0200)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

4 weeks agoAdd error messages about -C, -G and -z options usage
Francois-Xavier Le Bail [Sun, 6 Apr 2025 07:25:35 +0000 (09:25 +0200)] 
Add error messages about -C, -G and -z options usage

Also:
Replace warning by error messages about -A, -x[x] and -x[x] usage for
consistency with those on -f, -r and -V.
Update an error message about -f.

4 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Sun, 6 Apr 2025 05:29:57 +0000 (07:29 +0200)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

4 weeks agoUpdate the -z option processing
Francois-Xavier Le Bail [Fri, 4 Apr 2025 19:14:43 +0000 (21:14 +0200)] 
Update the -z option processing

It can only be used if defined(HAVE_FORK) || defined(HAVE_VFORK).

This avoid:
tcpdump.c:3140:31: warning: unused parameter 'filename'
  [-Wunused-parameter] compress_savefile(const char *filename)

4 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Sat, 5 Apr 2025 06:29:27 +0000 (08:29 +0200)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

4 weeks agoUse __func__ in some error messages in compress_savefile()
Francois-Xavier Le Bail [Fri, 4 Apr 2025 14:49:01 +0000 (16:49 +0200)] 
Use __func__ in some error messages in compress_savefile()

4 weeks agotcpdump.c: Fix a warning when HAVE_FORK and HAVE_VFORK are not defined
Francois-Xavier Le Bail [Thu, 3 Apr 2025 06:23:03 +0000 (08:23 +0200)] 
tcpdump.c: Fix a warning when HAVE_FORK and HAVE_VFORK are not defined

The warning was:
tcpdump.c:226:13: warning: unused function 'child_cleanup'
  [-Wunused-function] static void child_cleanup(int);

5 weeks agoAutoconf: Avoid incorrectly include the libpcap's config.h
Francois-Xavier Le Bail [Wed, 2 Apr 2025 14:16:51 +0000 (16:16 +0200)] 
Autoconf: Avoid incorrectly include the libpcap's config.h

Fix the problem when configure like following is done:
./configure CFLAGS='-I../libpcap -I.'
This gives:
CCOPT =  -I../libpcap -I. -W -Wall [...]

See also the GitHub bug report #1313.

In Makefile.in, there is:
INCLS = -I. @V_INCLS@

Put $(INCLS) first in FULL_CFLAGS.

5 weeks agoRequire config.h to be from the tcpdump build. 1317/head
Denis Ovsienko [Thu, 3 Apr 2025 10:30:27 +0000 (11:30 +0100)] 
Require config.h to be from the tcpdump build.

This way the build will reliably fail if it happened to include the
header from some other build (e.g. libpcap).  See GitHub bug report
#1313.

5 weeks agoCirrus CI: Bump FreeBSD up to 13.5. 1314/head
Denis Ovsienko [Tue, 1 Apr 2025 16:13:38 +0000 (17:13 +0100)] 
Cirrus CI: Bump FreeBSD up to 13.5.

5 weeks agoRemove pcap-missing.h.
Denis Ovsienko [Tue, 1 Apr 2025 16:08:37 +0000 (17:08 +0100)] 
Remove pcap-missing.h.

Complete commit d5b1a16: pcap_list_datalinks() has been available since
libpcap 0.8.

5 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Tue, 1 Apr 2025 12:14:39 +0000 (14:14 +0200)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

5 weeks agoNTP: Update a field name with the RFC 5905 name
Francois-Xavier Le Bail [Mon, 31 Mar 2025 09:01:12 +0000 (11:01 +0200)] 
NTP: Update a field name with the RFC 5905 name

s/Originate Timestamp/Origin Timestamp/
s/Originator Timestamp/Origin Timestamp/

Originate Timestamp: Obsoleted.
Originator Timestamp: Never used.

5 weeks agoCHANGES: Add/move change(s) backported to 4.99
Francois-Xavier Le Bail [Fri, 28 Mar 2025 14:39:26 +0000 (15:39 +0100)] 
CHANGES: Add/move change(s) backported to 4.99

[skip ci]

6 weeks agoCHANGES: Add change(s) backported to 4.99
Francois-Xavier Le Bail [Wed, 26 Mar 2025 18:45:07 +0000 (19:45 +0100)] 
CHANGES: Add change(s) backported to 4.99

[skip ci]

6 weeks agoNTP: Fix p_ntp_time_fmt() using epoch 1/epoch 2 convention (RFC 4330)
Francois-Xavier Le Bail [Sun, 31 Mar 2024 09:38:44 +0000 (11:38 +0200)] 
NTP: Fix p_ntp_time_fmt() using epoch 1/epoch 2 convention (RFC 4330)

Moreover:
Update the error message, replace
"[Time is too large to fit into a time_t]"
by
"[timestamp overflow]".
Same as in ts_date_hmsfrac_print() and ts_unix_print().

Fix indentation.

Update 5 test outputs and processings, based on skip_time_t_not (64).

6 weeks agoUse a less cryptic message for packet timestamp overflow
Francois-Xavier Le Bail [Sat, 28 Sep 2024 09:38:35 +0000 (11:38 +0200)] 
Use a less cryptic message for packet timestamp overflow

In ts_date_hmsfrac_print() and ts_unix_print() replace
"[timestamp < 1970-01-01 00:00:00 UTC]"
by
"[timestamp overflow]".

(Wikipedia "Year 2038 problem" uses "overflow".)

6 weeks agoDHCP: Add support for option 108 "IPv6-Only Preferred" (RFC 8925)
Francois-Xavier Le Bail [Tue, 18 Mar 2025 08:50:06 +0000 (09:50 +0100)] 
DHCP: Add support for option 108 "IPv6-Only Preferred" (RFC 8925)

Add a test file with DHCP option 108 in both the request and the reply,
provided by Bill.

6 weeks agoDHCP: Fix printing IP address pairs options
Francois-Xavier Le Bail [Sat, 22 Mar 2025 09:53:34 +0000 (10:53 +0100)] 
DHCP: Fix printing IP address pairs options

'p' is used by the options Policy Filter (21) and Static Route (33).
They have a minimum length of 8 and the length MUST be a multiple of 8.
Check that.

Add a test file for option 33 (lengths: 8, 16, 24, 3, 0), build with
scapy.

6 weeks agoDHCP: Use more nd_print_invalid()
Francois-Xavier Le Bail [Sat, 22 Mar 2025 13:29:40 +0000 (14:29 +0100)] 
DHCP: Use more nd_print_invalid()

Remove "ERROR: " in the error messages. Use instead nd_print_invalid().

Update some error messages.

7 weeks agoCHANGES: Add changes backported to 4.99
Francois-Xavier Le Bail [Thu, 20 Mar 2025 08:17:01 +0000 (09:17 +0100)] 
CHANGES: Add changes backported to 4.99

[skip ci]

7 weeks agoDHCP: Fix printing boolean options
Francois-Xavier Le Bail [Wed, 19 Mar 2025 12:42:53 +0000 (13:42 +0100)] 
DHCP: Fix printing boolean options

For 'B', the options 19, 20, 27, 29, 30, 31, 34, 36, 39 and 116 that
use it are only 1 octet "0/1" boolean. No need for a while loop.

Print the data and an error message if the length is not 1.

7 weeks agoDHCP: Fix typos in some error messages
Francois-Xavier Le Bail [Wed, 19 Mar 2025 13:42:26 +0000 (14:42 +0100)] 
DHCP: Fix typos in some error messages

7 weeks agoICMPv6: Recognise ND option 38 (PREF64)
Arseny Maslennikov [Fri, 8 Dec 2023 11:44:55 +0000 (14:44 +0300)] 
ICMPv6: Recognise ND option 38 (PREF64)

This option, defined in RFC 8781, allows a router administrator to pass
NAT64 prefix information for the network to end hosts together with
other routing and prefix information in the RA message, getting rid
of the need for DNS64 service in the network.

As of today the option is widely supported by software routers,
including radvd, BIRD and systemd-networkd.

We implement the printer and test some valid and broken option contents.

7 weeks agoDHCP: Fix printing for option 116 "Auto-Configure" (RFC 2563)
Francois-Xavier Le Bail [Tue, 18 Mar 2025 09:25:48 +0000 (10:25 +0100)] 
DHCP: Fix printing for option 116 "Auto-Configure" (RFC 2563)

7 weeks agoDHCP: Fix print format for client-last-transaction-time option
Francois-Xavier Le Bail [Tue, 18 Mar 2025 06:35:50 +0000 (07:35 +0100)] 
DHCP: Fix print format for client-last-transaction-time option

Option 91 time (RFC 4388) is unsigned, thus use 'l'.

7 weeks agoDHCP: Fix a comment about formats for (un)signed longs/shorts data
Francois-Xavier Le Bail [Mon, 17 Mar 2025 18:02:56 +0000 (19:02 +0100)] 
DHCP: Fix a comment about formats for (un)signed longs/shorts data

l - unsigned longs (32 bits)
L - longs (32 bits)
s - unsigned shorts (16 bits)

[skip ci]

7 weeks agoCMake: Print the time_t size (32-bit/64-bit)
Francois-Xavier Le Bail [Sun, 16 Mar 2025 20:25:45 +0000 (21:25 +0100)] 
CMake: Print the time_t size (32-bit/64-bit)

7 weeks agoAutoconf: Use AC_SYS_YEAR2038_RECOMMENDED when possible
Francois-Xavier Le Bail [Fri, 14 Mar 2025 22:36:01 +0000 (23:36 +0100)] 
Autoconf: Use AC_SYS_YEAR2038_RECOMMENDED when possible

On Linux, if the environment variable BUILD_YEAR2038=yes, Autoconf
version >= 2.72 and GNU C Library version >= 2.34, uncomment
AC_SYS_YEAR2038_RECOMMENDED to ensure time_t is Y2038-safe.

Tested with: BUILD_YEAR2038=yes MATRIX_CMAKE=no ./build_matrix.sh
on linux-armv7l because currently CMake build don't have year 2038 support.

8 weeks agoICMPv6: Recognise ND option 14 (Nonce)
Arseny Maslennikov [Mon, 4 Dec 2023 11:44:55 +0000 (14:44 +0300)] 
ICMPv6: Recognise ND option 14 (Nonce)

This option has been observed to be included in neighbour solicitations
sent by Linux kernel when `conf/*/enhanced_dad` is enabled on the
relevant network interface. It looks like it appeared in the linked
kernel commit.

In accordance with RFC 7527, a nonce can help distinguish valid DAD NS
messages in the presence of Ethernet loopbacks: after a DAD probe is
sent on the network, if an NS is received with the same nonce it is
considered looped back and ignored.

We implement the printer for this option and add a simple test with 3
different verbosity levels.

Also, introduce a helper function to util-print.c which prints
arbitrary data from the dissected packet as space-separated hexadecimal
octets, e. g. "77 c1 ad e9 17 70". Use it in the new printer.

Link: https://github.com/torvalds/linux/commit/adc176c5472214971d77c1a61c83db9b01e9cdc7
Link: https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5
8 weeks agotcpdump(1): Describe the -i flag better. [skip ci]
Denis Ovsienko [Mon, 10 Mar 2025 13:20:12 +0000 (13:20 +0000)] 
tcpdump(1): Describe the -i flag better. [skip ci]

2 months agoCHANGES: Add a change backported to 4.99
Francois-Xavier Le Bail [Thu, 6 Mar 2025 20:30:29 +0000 (21:30 +0100)] 
CHANGES: Add a change backported to 4.99

[skip ci]

2 months agoFix "ip broadcast" netmask byte order with the -f flag. 1299/head
Denis Ovsienko [Sat, 22 Feb 2025 02:29:41 +0000 (02:29 +0000)] 
Fix "ip broadcast" netmask byte order with the -f flag.

Let's suppose the interface eth0 has one IPv4 address with a /24
netmask.  Without -f tcpdump leaves the netmask variable set to 0, which
regardless of the host endianness causes "ip broadcast" to match
destination hosts 0.0.0.0 and 255.255.255.255:

# tcpdump -i eth0 -d 'ip broadcast'
(000) ldh      [12]
(001) jeq      #0x800           jt 2 jf 6
(002) ld       [30]
(003) jeq      #0x0             jt 5 jf 4
(004) jeq      #0xffffffff      jt 5 jf 6
(005) ret      #262144
(006) ret      #0

With -f tcpdump calls pcap_lookupnet(), which correctly sets the netmask
to 0xFFFFFF00 (in network byte order).  Then pcap_compile() receives the
same value, but it expects it to be in host byte order, so on a
little-endian host the resulting filter program incorrectly tests for a
0x00FFFFFF netmask:

# tcpdump -i eth0 -f -d 'ip broadcast'
(000) ldh      [12]
(001) jeq      #0x800           jt 2 jf 7
(002) ld       [30]
(003) jset     #0xff000000      jt 4 jf 6
(004) and      #0xff000000
(005) jeq      #0xff000000      jt 6 jf 7
(006) ret      #262144
(007) ret      #0

Add two missing ntohl() wrappers to make it right:
# tcpdump -i eno1 -f -d 'ip broadcast'
(000) ldh      [12]
(001) jeq      #0x800           jt 2 jf 7
(002) ld       [30]
(003) jset     #0xff            jt 4 jf 6
(004) and      #0xff
(005) jeq      #0xff            jt 6 jf 7
(006) ret      #262144
(007) ret      #0

Audit the init_print() code path and do not change anything because
there the byte order is already correct.  Add comments to spell the byte
order in every case and update the -f flag description in the man page.
See also libpcap commit 1e54958.

2 months agoAutoconf, CMake: Check for libcap-ng on Linux only.
Denis Ovsienko [Fri, 21 Feb 2025 19:15:09 +0000 (19:15 +0000)] 
Autoconf, CMake: Check for libcap-ng on Linux only.

2 months agoAutoconf, CMake: Check for Capsicum on FreeBSD only.
Denis Ovsienko [Fri, 21 Feb 2025 19:10:51 +0000 (19:10 +0000)] 
Autoconf, CMake: Check for Capsicum on FreeBSD only.

2 months agoAutoconf: Check for Homebrew on Linux and macOS only.
Denis Ovsienko [Fri, 21 Feb 2025 18:56:42 +0000 (18:56 +0000)] 
Autoconf: Check for Homebrew on Linux and macOS only.

Same as in libpcap.

2 months agoTESTrun: Copy some recent improvements from libpcap.
Denis Ovsienko [Fri, 21 Feb 2025 16:42:51 +0000 (16:42 +0000)] 
TESTrun: Copy some recent improvements from libpcap.

Add a help message and the same command-line options as in libpcap
(--passed, --one, --list, --config).  Add a licence boilerplate.  Move
some code around to make it cleaner.  To check for Windows, test for
"msys" only.  Use diff on all platforms.  Drop TESTRUN_PERL.

2 months agoAutoconf, CMake: Define PACKAGE_URL.
Denis Ovsienko [Fri, 21 Feb 2025 15:13:36 +0000 (15:13 +0000)] 
Autoconf, CMake: Define PACKAGE_URL.

Make CMake PACKAGE_xxxxx definitions in config.h reproduce Autoconf in
the same go.

2 months agoFix comments about bpf_dump() in Autoconf and CMake.
Denis Ovsienko [Tue, 18 Feb 2025 13:11:59 +0000 (13:11 +0000)] 
Fix comments about bpf_dump() in Autoconf and CMake.

2 months agoICMPv6: Add printing for Node Information Queries Qtype "IPv4 Addresses"
Francois-Xavier Le Bail [Mon, 17 Feb 2025 20:12:09 +0000 (21:12 +0100)] 
ICMPv6: Add printing for Node Information Queries Qtype "IPv4 Addresses"

Add two test files.

2 months agoICMPv6: Use a variable with a better name, simplifie some codes
Francois-Xavier Le Bail [Tue, 18 Feb 2025 10:58:04 +0000 (11:58 +0100)] 
ICMPv6: Use a variable with a better name, simplifie some codes

For Node Information Queries Qtype "Node Addresses".

Add two test files.

2 months agoICMPv6: Replace custom code with bittok2str_nosep() calls
Francois-Xavier Le Bail [Mon, 17 Feb 2025 18:04:49 +0000 (19:04 +0100)] 
ICMPv6: Replace custom code with bittok2str_nosep() calls

Moreover:
Remove a "just experimental. not in spec" flag ("anycast").
Replace a comment "undefined for query" by a check.

2 months agoRESP: Replace a fn_print_char() call by a ND_PRINT() call
Francois-Xavier Le Bail [Mon, 17 Feb 2025 10:55:04 +0000 (11:55 +0100)] 
RESP: Replace a fn_print_char() call by a ND_PRINT() call

fn_print_char() is used to filtering out the non-printable characters.
Unnecessary here.

2 months agoICMPv6: Delete some remains from drafts for Node Information Queries
Francois-Xavier Le Bail [Sun, 16 Feb 2025 12:54:41 +0000 (13:54 +0100)] 
ICMPv6: Delete some remains from drafts for Node Information Queries

These drafts date from 1999-2002.

2 months agoICMPv6: Fix duplicate type printing for Node Information Queries
Francois-Xavier Le Bail [Sat, 15 Feb 2025 09:22:33 +0000 (10:22 +0100)] 
ICMPv6: Fix duplicate type printing for Node Information Queries

Delete some duplicate macros, keeping macros with names similar to the
RFC 4620 names.

Update the outputs of two tests.

2 months agoICMPv6: Delete some duplicate macros
Francois-Xavier Le Bail [Fri, 14 Feb 2025 21:18:56 +0000 (22:18 +0100)] 
ICMPv6: Delete some duplicate macros

Keep macros with names similar to IANA names.

2 months agoRefine bpf_dump(). [skip appveyor]
Denis Ovsienko [Thu, 13 Feb 2025 01:23:24 +0000 (01:23 +0000)] 
Refine bpf_dump(). [skip appveyor]

Constify the temporary pointer, as was done in libpcap in 2008.  Remove
the BDEBUG conditional block becase in libpcap that is a part of the
optimizer debug feature, but in tcpdump it is dead code.

2 months agoIPv6: Print 'No Next Header' when relevant
Francois-Xavier Le Bail [Tue, 11 Feb 2025 13:39:52 +0000 (14:39 +0100)] 
IPv6: Print 'No Next Header' when relevant

This avoids to print 'next-header unknown (59)' when it's the first
header.

Add a test file.

2 months agoISAKMP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Mon, 10 Feb 2025 13:23:39 +0000 (14:23 +0100)] 
ISAKMP: Avoid reinventing nd_printjn()

2 months agoFR: Avoid reinventing nd_printjnp()
Francois-Xavier Le Bail [Mon, 10 Feb 2025 12:18:51 +0000 (13:18 +0100)] 
FR: Avoid reinventing nd_printjnp()

2 months agoLDP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 19:51:37 +0000 (20:51 +0100)] 
LDP: Avoid reinventing nd_printjn()

2 months agoPPP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 18:29:00 +0000 (19:29 +0100)] 
PPP: Avoid reinventing nd_printjn()

2 months agoRSVP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 17:01:20 +0000 (18:01 +0100)] 
RSVP: Avoid reinventing nd_printjn()

2 months agoISAKMP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 17:55:24 +0000 (18:55 +0100)] 
ISAKMP: Avoid reinventing nd_printjn()

2 months agoL2TP: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 13:34:07 +0000 (14:34 +0100)] 
L2TP: Avoid reinventing nd_printjn()

2 months agoTCP: Update the Reset segment processing
Francois-Xavier Le Bail [Tue, 19 Jan 2021 17:43:53 +0000 (18:43 +0100)] 
TCP: Update the Reset segment processing

Don't use "[!RST" for truncation, use standard [|tcp].

Replace the nd_printn() call by a nd_printjn() call.

Moreover:
Add a space (style).

2 months agoSMB: Avoid reinventing nd_printjn()
Francois-Xavier Le Bail [Sun, 9 Feb 2025 15:41:04 +0000 (16:41 +0100)] 
SMB: Avoid reinventing nd_printjn()

2 months agoDNS: Use ND_TCHECK_LEN() instead of a custom bounds check
Francois-Xavier Le Bail [Sat, 8 Feb 2025 10:36:07 +0000 (11:36 +0100)] 
DNS: Use ND_TCHECK_LEN() instead of a custom bounds check

This avoids an invalid-pointer-pair AddressSanitizer error.

Add a test file.

The error was:
reading from file ppp_ip_udp_dns.pcap, link-type PPP_SERIAL(PPP over
  serial), snapshot length 2098998
=================================================================
==258093==ERROR: AddressSanitizer: invalid-pointer-pair: 0x61300000c086
  0x61300000019e
    #0 0x78274f in ns_rprint [...]/print-domain.c:728:9

Address 0x61300000c086 is a wild pointer inside of access range of size
  0x000000000001.
0x61300000019e is located 0 bytes after 350-byte region
  [0x613000000040,0x61300000019e)
allocated by thread T0 here:
    #0 0x4b997e in malloc ([...]/tcpdump+0x4b997e)
    #1 0x60220b in ppp_hdlc [...]/print-ppp.c:1367:16

SUMMARY: AddressSanitizer: invalid-pointer-pair
  [...]/print-domain.c:728:9 in ns_rprint

2 months agoUse more the ND_TCHECK_n() macros
Francois-Xavier Le Bail [Fri, 7 Feb 2025 15:10:51 +0000 (16:10 +0100)] 
Use more the ND_TCHECK_n() macros

2 months agoReimplement the tests similarly to libpcap. [skip appveyor] 1280/head
Denis Ovsienko [Fri, 7 Feb 2025 11:52:39 +0000 (11:52 +0000)] 
Reimplement the tests similarly to libpcap. [skip appveyor]

Import TESTlib.pm, TESTst.pm and TESTmt.pm from libpcap.  In TESTrun use
strict and warnings, also address all Perl issues that manifest because
of that, remove old code that the imported files make redundant and
clean the rest up.  Ibid., remove the core dump file before every test
and apply the "only this one test" mode even if the test does not come
from the TESTLIST file; focus on tcpdump specifics and have the imported
files handle all test/result logistics.

The latter among other things places all temporary test files in a
proper temporary directory rather than the source tree, which in turn
eliminates the tests/NEW and tests/DIFF temporary directories, which
also includes *.out.raw.stderr files; the .passed and .failed files have
been gone since commit b82970c in 2020.  This way, the tests/.gitignore
file no longer has a purpose, so remove it and the associated exemption
for TEST_DIST in Makefile.  Remove failure-outputs.txt from the
top-level .gitignore as well.  Prune "make distclean" as well.

Merge tests/*.tests into TESTrun: these are a part of the source tree
rather than volatile external data, so instead of implementing the
required run-time logistics just place the Perl data structures in the
only Perl script that uses them.  Convert "config_set" and
"config_unset" using "skip" and equivalent Perl expressions.

Since these changes rewrite most of TESTrun, reindent and reformat it to
match the code style of the new files.

2 months agoMake all test names unique in TESTLIST.
Denis Ovsienko [Fri, 7 Feb 2025 11:36:00 +0000 (11:36 +0000)] 
Make all test names unique in TESTLIST.

3 months agoPTP: Refine timestamp printing. 1277/head
Denis Ovsienko [Mon, 20 Jan 2025 14:01:45 +0000 (14:01 +0000)] 
PTP: Refine timestamp printing.

In ptp_print_timestamp_identity() and ptp_print_announce_msg() use
ptp_print_timestamp() to deduplicate code.  In ptp_print_timestamp()
change the format to SECONDS.NANOSECONDS and indicate an invalid
nanoseconds value.  Update the tests.  This resolves GH issue #1260.

3 months agoReport invalid microseconds as "us", not "ms".
Denis Ovsienko [Mon, 20 Jan 2025 13:59:44 +0000 (13:59 +0000)] 
Report invalid microseconds as "us", not "ms".

In timeval-operations.h for microseconds and nanoseconds define both the
maximum number of units per second and the string to use for reporting
an invalid value.  Use the new macros in ts_frac_print() and update a
test.

For consistency in print-arista.c instead of MAX_VALID_NS and
BOGUS_NS_STR use the macros from timeval-operations.h.

3 months agoUpdate the GitHub issue template for the new workflow
Francois-Xavier Le Bail [Fri, 17 Jan 2025 11:11:13 +0000 (12:11 +0100)] 
Update the GitHub issue template for the new workflow

Summary:
Create the .github/ISSUE_TEMPLATE directory
Rename the file ISSUE_TEMPLATE to .github/ISSUE_TEMPLATE/issue_template.md
Update this file with some keywords (name, about, ...)
Add a .github/ISSUE_TEMPLATE/config.yml file containing
"blank_issues_enabled: false".

[skip ci]

3 months agoLISP: Add a length check
Francois-Xavier Le Bail [Sun, 12 Jan 2025 21:05:02 +0000 (22:05 +0100)] 
LISP: Add a length check

Verify we have at least the header length.

Print the protocol name with nd_print_protocol_caps() before any check.
Update the lisp_type[] structure accordingly.

Add a test file with an invalid length.

3 months agoESP: Delete a useless custom bounds check
Francois-Xavier Le Bail [Thu, 9 Jan 2025 15:35:53 +0000 (16:35 +0100)] 
ESP: Delete a useless custom bounds check

The two GET_BE_U_4() perform the bounds checks.

Print the protocol name, with nd_print_protocol_caps(), before any
check.

Add a test file with a truncated ESP packet.

3 months agoCHANGES: Add changes backported to 4.99
Francois-Xavier Le Bail [Wed, 8 Jan 2025 20:12:09 +0000 (21:12 +0100)] 
CHANGES: Add changes backported to 4.99

[skip ci]

3 months agoISO: avoid undefined behavior and integer overflow in the fletcher checksum calculation
Bill Fenner [Tue, 11 Oct 2022 20:10:46 +0000 (13:10 -0700)] 
ISO: avoid undefined behavior and integer overflow in the fletcher checksum calculation

The fletcher checksum calculation would sometimes left-shift
a negative number, which is an undefined operation.  Rework the
code to avoid this.

checksum.c:186:20: runtime error: left shift of negative value -36
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior checksum.c:186:20

Unlike some checksum routines that use the defined semantics of
2's-complement unsigned overflow to their advantage, this one
gets the wrong value if it is allowed to overflow, due to the
use of mod-255.

Convert c1 to uint64_t to avoid overflow.

checksum.c:163:16: runtime error: unsigned integer overflow: NNN + NNN
  cannot be represented in type 'unsigned int'

Use integers during subtraction to avoid implicit conversion to unsigned
when calculating both x and y

checksum.c:172:18: runtime error: unsigned integer overflow: NNN - NNN
  cannot be represented in type 'unsigned int'
checksum.c:172:9: runtime error: implicit conversion from type
  'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed
  the value to -NNN (32-bit, signed)
checksum.c:173:12: runtime error: unsigned integer overflow: NNN - NNN
  cannot be represented in type 'unsigned int'
checksum.c:173:9: runtime error: implicit conversion from type
  'unsigned int' of value NNN (32-bit, unsigned) to type 'int' changed
  the value to -NNN (32-bit, signed)

3 months agoNFS: Delete dead code
Francois-Xavier Le Bail [Tue, 7 Jan 2025 19:21:12 +0000 (20:21 +0100)] 
NFS: Delete dead code

Since  commit f2eaaa35725c6cb52e9e3947769fc6e7f2579dee in year 2000
the typedef struct my_fsid has a field 'char Opaque_Handle[2 * 32 + 1];'

Thus sizeof(*fsidp) is > 14.
Delete the else block as dead code and the two useless if.

This should remove two Visual Studio warnings:
parsenfsfh.c(318,25): warning C4127: conditional expression is constant
parsenfsfh.c(319,22): warning C4127: conditional expression is constant

3 months agoBOOTP: Use an uint16_t variable to get the result of a GET_BE_U_2()
Francois-Xavier Le Bail [Tue, 7 Jan 2025 10:54:11 +0000 (11:54 +0100)] 
BOOTP: Use an uint16_t variable to get the result of a GET_BE_U_2()

This will fix this Visual Studio warning:
print-bootp.c(1009,18): warning C4242: =: conversion from uint16_t to
uint8_t, possible loss of data

3 months agoFix comments. [skip ci]
Guy Harris [Tue, 7 Jan 2025 20:02:17 +0000 (12:02 -0800)] 
Fix comments. [skip ci]

Yes, the offending set of *BSDs (FreeBSD, DragonFly BSD, and
CupertinoBSD) all do define IPPROTO_PIGP.  And the #defines are
IPPROTO_xxx, not IP_PROTO_xxx.

4 months agoAdd macOS to the list of OSes that define IPPROTO_IGRP as 88. [skip ci]
Guy Harris [Tue, 7 Jan 2025 12:00:14 +0000 (04:00 -0800)] 
Add macOS to the list of OSes that define IPPROTO_IGRP as 88. [skip ci]

4 months agoAdd comments about the IGRP/EIGRP protocol number and #define mess.
Guy Harris [Tue, 7 Jan 2025 07:23:21 +0000 (23:23 -0800)] 
Add comments about the IGRP/EIGRP protocol number and #define mess.

The current IANA protocol number assignments page lists 9 as "any
private interior gateway (used by Cisco for their IGRP)" and 88 as
"EIGRP" from Cisco.

Recent FreeBSD and DragonFly BSD <netinet/in.h> headers define
IP_PROTO_IGRP as 9 and IP_PROTO_IGRP as 88.  We define IP_PROTO_PIGP
("private interior gateway protocol") as 9 and IP_PROTO_EIGRP as 88;
those names* better match what the current protocol number assignments
say.

4 months agotcpdump: show error message for PCAP_ERROR_CAPTURE_NOTSUP.
Guy Harris [Sat, 4 Jan 2025 23:29:19 +0000 (15:29 -0800)] 
tcpdump: show error message for PCAP_ERROR_CAPTURE_NOTSUP.

If an attempt to open a capture device failed because capturing isn't
supported on that device, check whether an error message with a further
explanation was provided and, if so, report it.

4 months agoCHANGES: Add changes backported to 4.99
Francois-Xavier Le Bail [Sun, 5 Jan 2025 11:15:04 +0000 (12:15 +0100)] 
CHANGES: Add changes backported to 4.99

[skip ci]

4 months agofrag6: Add a bounds check in non-verbose mode
Francois-Xavier Le Bail [Sat, 4 Jan 2025 19:09:37 +0000 (20:09 +0100)] 
frag6: Add a bounds check in non-verbose mode

Define ND_LONGJMP_FROM_TCHECK.

Rename a test and its output, with "-v" in the names.
Add a test case (same pcap printed without "-v").

4 months agoIP: Use ND_TTEST_LEN() instead of a custom bounds check
Francois-Xavier Le Bail [Fri, 3 Jan 2025 15:08:32 +0000 (16:08 +0100)] 
IP: Use ND_TTEST_LEN() instead of a custom bounds check

This avoids an invalid-pointer-pair AddressSanitizer error with options
-fsanitize=address -fsanitize=pointer-compare
and
ASAN_OPTIONS=detect_invalid_pointer_pairs=1

The error was:
    ip_printroute_asan                      : TEST FAILED[...]

reading from file ip_printroute_asan.pcap, link-type EN10MB (Ethernet),
  snapshot length 60
=================================================================
==ERROR: AddressSanitizer: invalid-pointer-pair: 0x60600000006a
  0x60600000005c
    #0 0x558ce1cddb0b in ip_print
      /home/cpe/soft-origin/tcpdump/my-tcpdump/print-ip.c:429:55

0x60600000006a is located 14 bytes after 60-byte region
  [0x606000000020,0x60600000005c)
allocated by thread T0 here:
    #0 0x558ce1c5390e in malloc
      (/home/cpe/soft-origin/tcpdump/my-tcpdump/tcpdump+0x1fd90e)
    #1 0x558ce1efbba3 in pcap_check_header
      /home/cpe/soft-origin/tcpdump/my-libpcap/sf-pcap.c:480:14

0x60600000005c is located 0 bytes after 60-byte region
  [0x606000000020,0x60600000005c)
allocated by thread T0 here:
    #0 0x558ce1c5390e in malloc
      (/home/cpe/soft-origin/tcpdump/my-tcpdump/tcpdump+0x1fd90e)
    #1 0x558ce1efbba3 in pcap_check_header
      /home/cpe/soft-origin/tcpdump/my-libpcap/sf-pcap.c:480:14

SUMMARY: AddressSanitizer: invalid-pointer-pair
  /home/cpe/soft-origin/tcpdump/my-tcpdump/print-ip.c:429:55 in ip_print

4 months agoPoint to the correct documentation for installation on Windows. [skip ci]
anubhav [Mon, 30 Dec 2024 19:49:35 +0000 (01:19 +0530)] 
Point to the correct documentation for installation on Windows. [skip ci]

4 months agoCHANGES: Add a change backported to 4.99
Francois-Xavier Le Bail [Mon, 23 Dec 2024 22:02:28 +0000 (23:02 +0100)] 
CHANGES: Add a change backported to 4.99

[skip ci]

4 months agoAdd sub-second packet timestamp checks for invalid micro/nano
Francois-Xavier Le Bail [Sun, 22 Dec 2024 14:12:56 +0000 (15:12 +0100)] 
Add sub-second packet timestamp checks for invalid micro/nano

Now prints e.g.:
    2  17:16:10.1000000 (invalid ms) IP [...]
    3  17:16:10.2147483648 (invalid ms) IP [...]
or
    2  17:16:10.1000000000 (invalid ns) IP [...]
    3  17:16:10.2147483648 (invalid ns) IP [...]

Add two test files.

4 months agotests: Fix some tests with invalid microsecond packet timestamps
Francois-Xavier Le Bail [Fri, 20 Dec 2024 19:37:09 +0000 (20:37 +0100)] 
tests: Fix some tests with invalid microsecond packet timestamps

If the timestamp for packets are given in seconds and microseconds,
a microsecond value > 999999 is invalid. Set it to 999999.

4 months agoIKEv1: Fix a typo in a comment
Francois-Xavier Le Bail [Thu, 19 Dec 2024 20:23:17 +0000 (21:23 +0100)] 
IKEv1: Fix a typo in a comment

[skip ci]

4 months agoCirrus CI: Do not install coreutils on macOS. [skip appveyor]
Denis Ovsienko [Tue, 17 Dec 2024 19:33:40 +0000 (19:33 +0000)] 
Cirrus CI: Do not install coreutils on macOS. [skip appveyor]

libpcap build & test process now tolerates a missing timeout(1), so
let's keep the build environment as close to the original as possible.
This reverts commit 673a2fe.

4 months agoCHANGES: move some misplaced main branch changes. [skip ci]
Guy Harris [Tue, 17 Dec 2024 20:14:08 +0000 (12:14 -0800)] 
CHANGES: move some misplaced main branch changes. [skip ci]

They were mistakenly put in a section for a 1.10 branch change.

4 months agoCHANGES: additional pflog changes. [skip ci]
Guy Harris [Tue, 17 Dec 2024 20:10:46 +0000 (12:10 -0800)] 
CHANGES: additional pflog changes. [skip ci]

Switch to sentence case for some entries while we're at it.

4 months agopflog: handle OpenBSD's "rewriten" flag and addresses.
Guy Harris [Tue, 17 Dec 2024 19:46:50 +0000 (11:46 -0800)] 
pflog: handle OpenBSD's "rewriten" flag and addresses.

Derived from the OpenBSD tcpdump.

4 months agopflog: don't use PF_ as a prefix for #defines.
Guy Harris [Tue, 17 Dec 2024 09:52:52 +0000 (01:52 -0800)] 
pflog: don't use PF_ as a prefix for #defines.

PF_ is used as a prefix for packet family values, and that may cause a
collision between PF_ packet family values, such as PF_DIVERT, and PF_
action valus, such as... PF_DIVERT.

Use PFACT_ for action values and PFDIR_ for direction values.

4 months agopflog: print the ruleset if it's present.
Guy Harris [Tue, 17 Dec 2024 09:00:52 +0000 (01:00 -0800)] 
pflog: print the ruleset if it's present.

Do that regardless of whether the subrule is present.

Picked up from the OpenBSD tcpdump.