| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Under load it's possible multiple child processes have been killed before
we start processing the SIGCHILD signal, leaving zombie processes behind
everytime we miss a process.
Reap as many processes as possible instead of assuming one handler
call = one process like we currently did.
Can be reproduced by running the following commands in parallel:
- tcpdump -i lo -w /tmp/test -C 1 -z /usr/bin/true
- iperf3 -s
- iperf3 -c localhost
|
| |
|
|
|
|
|
| |
Some versions of Mac OS X (as it was then called) *did*, in fact, ship
with a libpcap that had pcap_findalldevs() but a pcap.h that didn't
define pcap_if_t; it's not a question of "may ship", it's a fact of "did
ship".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tcpdump source code has not been using struct in6_addr since commit
0c9cfdc in 2019, so lose the conditional structure declaration, which is
a no-op.
Since commit de7c619 in 2015 netdissect-stdinc.h on Windows defines
HAVE_OS_IPV6_SUPPORT if AF_INET6 if defined, which makes it equivalent
to AF_INET6. On Unix-like systems taking struct in6_addr out of scope
would make HAVE_OS_IPV6_SUPPORT equivalent to AF_INET6, thus after
removing struct in6_addr remove HAVE_OS_IPV6_SUPPORT together with
Autoconf and CMake checks that define it. Leave an unrelated CMake
workaround in place for later debugging.
On Windows do not define AF_INET6 if it is not defined, which makes
AF_INET6 a universal indicator of the OS IPv6 support on all supported
OSes. The few remaining use cases that genuinely need AF_INET6 use it
to make OS API calls, so if the macro is not defined, it most likely
means such an API call in the best case would return just a well-formed
error status. With this in mind, in win32_gethostbyaddr() and
ip6addr_string() guard all IPv6-specific code with #ifdef AF_INET6. In
tcpdump.c add a comment to note why a guard is not required for
Casper-specific conditional code that uses AF_INET6.
This way when the OS does not support IPv6, IPv6 addresses will not
resolve to names, which is expected. Other than that, tcpdump should be
able to process IPv6 addresses the usual way regardless if the OS would
be able to process the packets with these addresses.
|
| |
|
|
|
|
|
| |
If the -V flag is used, and not all files in the -V file have the same
link-layer type, when the filter is recompiled for a new link-layer
type, the old filter program is leaked. Free the old filter before
compiling the new filter.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Have a routine that takes a buffer, a strftime format, and a struct tm *
as arguments, and:
* checks whether the struct tm * is null and, if so, returns a string
indicating that the date and time couldn't be converted;
* otherwise, passes it to strftime(), along with the buffer and the
format argument and, if strftime() returns 0, meaning the string didn't
fit into the buffer and thus that the buffer's contents are undefined,
returns a string indicating that the date and time didn't fit into the
buffer;
* otherwise, returns a pointer to the buffer.
Call that routine instead of directly calling strftime() in printers;
that prevents printing a buffer with undefined data if the buffer isn't
big enough for the string.
Also, when generating file names using an strftime format, check the
return value of strftime() to make sure the buffer didn't overflow.
|
| |
|
|
| |
corrupting binary pcap output
|
| | |
|
| |
|
|
|
|
|
|
|
| |
New option `--print-sampling=NTH` will parse and print every NTH packet,
with all other packets producing no output. This option enables
`--print` and `-S` flags.
Print sampling is useful for real-time inspection of an interface with
a high packet rate, or initial inspection of large capture files.
|
| | |
|
| |
|
|
|
| |
(This should also provoke a rebuild; the NetBSD libpcap build should no
longer have the issue that caused tcpdump to fail when built with it.)
|
| |
|
|
|
|
|
| |
(There doesn't appear to be an obvious way to force a rebuild, and a
change to libpcap doesn't force a rebuild of programs such as tcpdump
for which the CI build includes a build with the tip of the main branch
of libpcap.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On FreeBSD CMake runs Clang with -std=gnu99, which used to emit three
warnings in a Capsicum-specific block along the following lines:
tcpdump.c:2432:32: warning: '_Generic' is a C11 extension
[-Wc11-extensions]
/usr/include/libgen.h:61:21: note: expanded from macro 'basename'
basename)(x)
/usr/include/sys/cdefs.h:325:2: note: expanded from macro '__generic'
_Generic(expr, t: yes, default: no)
(In the same context Autoconf does not request a specific C standard
from Clang, so it happens to use C17 and there is no warning.)
Type-generic expressions support in C99 mode seems to be a quirk of
Clang that cannot be disabled and is harmless in this context, so
introduce and use another pair of diagnostic control macros (for Clang
only) to squelch the warnings.
While at it, study the reason for _Generic use in /usr/include/libgen.h
and realize that tcpdump.c still assumes the behaviour before FreeBSD
12.0. Add two temporary buffers around basename() and dirname() calls
to get consistent results regardless of which FreeBSD version it is.
Remove the last remaining exemption rule.
|
| |
|
|
|
|
|
|
|
|
|
| |
The Capsicum workaround I added in commit 706c79e causes a side effect
on FreeBSD 11.4, 12.2 and 13.0 with local libpcap when Capsicum is
enabled, that is, in CMake builds (Capsicum detection is broken in
Autoconf builds, as it turns out). Add a workaround for the side effect
as well and get rid of another warning and respective exemption:
tcpdump.c:2286:3: warning: implicit declaration of function 'bpf_dump'
is invalid in C99 [-Wimplicit-function-declaration]
|
| |
|
|
|
|
|
|
| |
Address the warning below (specific to a few versions of Clang, CMake
and FreeBSD) and update the exemption rule comment in build.sh.
tcpdump.c:244:16: warning: no previous extern declaration for non-static
variable 'capdns' [-Wmissing-variable-declarations]
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's explicitly cheating in some places; just cast away the warnings.
Add a Clang version testing macro to compiler-tests.h.
Move the diagnostic control #defines from netdissect-stdinc.h to
diag-control.h, libpcap-style, so that they can be used by code that
doesn't use (or need) netdissect-stdinc.h. This also means that we can
limit the inclusion of diag-control.h, and the definition of those
Do them more libpcap-style, with separate DIAG_OFF/DIAG_ON pairs for
particular issues, rather than having DIAG_OFF() and DIAG_ON() macros
that take -W option names as arguments; that way, if we need to define
them for compilers that don't have the GCC/Clang syntax for those
pragmas, e.g. MSVC, we can do so.
|
| |
|
|
|
|
|
|
|
| |
Support upper-case suffixes (K/M/G) as well as lower-case suffixes.
Make sure nothing *follows* the suffix.
We don't need to check for the suffix before parsing the number; the
parsing routines stop if they see a non-digit character.
|
| |\
| |
| | |
optional unit suffix on -C file size
|
| | | |
|
| | |
| |
| |
| | |
It is not an error, thus print them to stdout.
|
| | | |
|
| |/
|
|
| |
It is not an error, thus print it to stdout.
|
| |
|
|
| |
Reinstate a few comments in print.c for consistency.
|
| |
|
|
|
|
| |
It is not an error, thus print it to stdout.
[skip ci]
|
| |
|
|
|
| |
This automatically fixes a few error messages that would tell an
incorrect function name.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
_read(), on Windows, has a 32-bit size argument and a 32-bit return
value, so reject -f files that have more than 2^31-1 characters.
Add some #defines so that, on Windows, we use _fstati64 to get the size
of that file, to handle large files.
Don't assume that our definition for ssize_t is the same size as size_t;
by the time we want to print the return value of the read, we know it'll
fit into an int, so just cast it to int and print it with %d.
|
| |
|
|
|
|
| |
When there is an error, print to stderr and exit with a non-0 status.
Otherwise print to stdout and exit with a status 0. See also tcpslice
commit 5015245.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As explained in GH #155, when tcpdump is given -r, -w and -v and it
takes long enough to read from the input file (because it is stdin
connected through network or a pipe to stdout of another tcpdump doing
a live capture), pcap_loop() will error before long. One of the ways to
reproduce the fault is as follows:
$ tcpdump -i eno1 -w - | tcpdump -r - -w /tmp/tmp.pcap -v
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
reading from file -, link-type EN10MB (Ethernet), snapshot length 262144
tcpdump: pcap_loop: error reading dump file: Interrupted system call
Skip the verbose_stats_dump() timer setup in this specific corner case
for the time being and document it.
|
| |
|
|
|
|
|
|
|
|
|
| |
All the link-layer dissectors are now void functions.
All the functions were moved to the void_printers[] array.
Rename this array to printers[].
Remove the uint_printers[] array, now empty.
Remove the 'ndo_void_printer' flag field, now useless, from
netdissect_options.
Remove other transitional code.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The -v (verbose) option can be repeated more than two times.
[skip ci]
|
| |
|
|
|
|
|
|
|
| |
This may help to understand some bug reports.
Moreover:
s/CLang/Clang/
[skip ci]
|
| |
|
|
| |
[skip ci]
|
| |
|
|
|
|
| |
This allows tcpdump to handle DNS running on non-standard ports.
Add two test files with DNS over TCP and DNS over UDP, port 8053.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This change add an option to print only on stderr the packet count
when reading capture file(s) instead of parsing/printing the packets.
If a filter is specified on the command line, tcpdump counts only
packets that were matched by the filter expression.
The option name is '--count'.
|
| | |
|
| |
|
|
|
|
| |
Hopefully, that will make sure we don't optimize away anything that
will, for example, cause us not to do things differently on 32-bit x86
using the x87 instructions.
|
| |
|
|
|
|
|
|
|
| |
It's All Very Complicated, so mirror what print-lmp.c does - just do a
calculation based on a particular input value and print the result using
the same format print-lmp.c does, and have tests/TESTrun see what that
result is.
Just do that inside tcpdump.c, so we don't need the fptype stuff.
|
| |
|
|
|
|
|
|
|
| |
Add a --fp-type flag to tcpdump, which causes it to do a floating-point
operation and, based on the result of the operation, prints out
"FPTYPE{n}", where {n} is a number indicating the result.
Have tests/TESTrun run "./tcpdump --fp-type" and set a HAVE_ key based
on that. Run some tests only for FPTYPE1.
|
| |
|
|
|
|
|
|
| |
That means that we do some buffering of packets. It also means we don't
depend on the immediate-mode APIs being available.
While we're at it, use the short timeout if we're doing text output in
"line-buffered mode" as well as if we're doing it to a terminal.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you call pcap_activate() and it fails, you still have a pcap_t from
pcap_create(), and should close it.
Moving the code after the error() calls doesn't make a difference, as
error() exits, but it may make it clearer to those reading tcpdump.c for
help in figuring out how to use libpcap that you should close the pcap_t
if pcap_activate() fails.
(In the future, there may also be the option of changing some options
and trying again, e.g. changing the user name or password for a remote
capture.)
|
| |
|
|
|
|
|
|
|
| |
- the print routines for ptp different ptp messages
- test completed for sync message, announce message, delay request message,
delay response message and follow up message.
- integration of the ptp v2 code with the tcpdump code.
Signed-off-by: Partha S. Ghosh <psglinux@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only function tcpdump used in libdnet was dnet_htoa(), which tries
to translate a binary DECnet address to a nodename through a lookup in
/etc/decnet.conf. The translation is slow and has a bug, so stop using
the function and remove the dependency on libdnet.
This makes tcpdump always print DECnet addresses in numeric format, if
anybody needs the translation back they are welcome to fix libdnet or
(more realistically) add an implementation of dnet_htoa() to the tcpdump
source code and use it.
(This is a forward-port of commit 9a6eb27 from tcpdump-4.9 to master.
Sadly, together with libdnet this change removes the fine work that Guy
had done in the master branch in commits ebf3f19 and 4ef8d63 to put
libdnet usage right whilst my original "do not use libdnet" commit was
aging in the pipeline.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change fixes CVE-2018-14879.
get_next_file() did not check the return value of strlen() and
underflowed an array index if the line read by fgets() from the file
started with \0. This caused an out-of-bounds read and could cause a
write. Add the missing check.
This vulnerability was discovered by Brian Carpenter & Geeknik Labs.
Cherry picked from 9ba91381954ad325ea4fd26b9c65a8bd9a2a85b6
in 4.9 branch.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We require an environment with a C99-compatible snprintf(), so we don't
need to work around older implementations. Make the configuration
process fail if we don't have snprintf() and vsnprintf().
We require at least VS 2015, so we don't have to check for _MSC_VER >=
1400. Make the build fail if we don't have at least VS 2015.
We apparently do, however, have to use __inline, as the VS 2015
documentation doesn't meaning plain old "inline". Update a comment.
|
| |
|
|
|
|
|
| |
./tcpdump.c:1951:13: warning: assigning to 'char *' from 'const char [7]'
discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
username = WITH_USER;
^ ~~~~~~~~~
|
| |
|
|
|
|
|
|
| |
No chroot on Windows.
The warning was:
C:\projects\tcpdump\tcpdump.c(1450): warning C4189: 'chroot_dir':
local variable is initialized but not referenced
|
