Index: head/contrib/tcpdump/CHANGES =================================================================== --- head/contrib/tcpdump/CHANGES +++ head/contrib/tcpdump/CHANGES @@ -1,4 +1,35 @@ +Friday April 10, 2015 guy@alum.mit.edu + Summary for 4.7.4 tcpdump release + RPKI to Router Protocol: Fix Segmentation Faults and other problems + RPKI to Router Protocol: print strings with fn_printn() + wb: fix some bounds checks + +Wednesday March 11, 2015 mcr@sandelman.ca + Summary for 4.7.3 tcpdump release + Capsicum fixes for FreeBSD 10 + +Tuesday March 10, 2015 mcr@sandelman.ca + Summary for 4.7.2 tcpdump release + DCCP: update Packet Types with RFC4340/IANA names + fixes for CVE-2015-0261: IPv6 mobility header check issue + fixes for CVE-2015-2153, 2154, 2155: kday packets + +Friday Nov. 12, 2014 guy@alum.mit.edu + Summary for 4.7.0 tcpdump release + changes to hex printing of CDP packets + Fix PPI printing + Radius: update Packet Type Codes and Attribute Types with RFC/IANA names + Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support. + improvements to telnet printer, even if not -v + omit length for bcp, print-tcp uses it + formatting fixes for a bunch of protocols + new bounds checks for a number of protocols + split netflow 1,6, and 6 dissector up. + added geneve dissector + CVE-2014-9140 PPP dissector fixed. + Tuesday Sep. 2, 2014 mcr@sandelman.ca + Summary for 4.6.2 tcpdump release fix out-of-source-tree builds: find libpcap that is out of source better configure check for libsmi Index: head/contrib/tcpdump/CREDITS =================================================================== --- head/contrib/tcpdump/CREDITS +++ head/contrib/tcpdump/CREDITS @@ -2,7 +2,7 @@ The current maintainers: Bill Fenner - Denis Ovsienko + Denis Ovsienko Fulvio Risso Guy Harris Hannes Gredler @@ -85,6 +85,7 @@ Harry Raaymakers Heinz-Ado Arnolds Hendrik Scholz + Herwin Weststrate Ian McDonald Ilpo Järvinen Jacek Tobiasz @@ -95,6 +96,7 @@ Jefferson Ogata Jeffrey Hutzelman Jesper Peterson + Jesse Gross Jim Hutchins João Medeiros Joerg Mayer Index: head/contrib/tcpdump/INSTALL.txt =================================================================== --- head/contrib/tcpdump/INSTALL.txt +++ head/contrib/tcpdump/INSTALL.txt @@ -52,7 +52,6 @@ atime.awk - TCP ack awk script atm.h - ATM traffic type definitions atmuni31.h - ATM Q.2931 definitions -bootp.h - BOOTP definitions bpf_dump.c - BPF program printing routines, in case libpcap doesn't have them chdlc.h - Cisco HDLC definitions Index: head/contrib/tcpdump/Makefile.in =================================================================== --- head/contrib/tcpdump/Makefile.in +++ head/contrib/tcpdump/Makefile.in @@ -124,13 +124,17 @@ print-fddi.c \ print-forces.c \ print-fr.c \ + print-ftp.c \ + print-geneve.c \ print-geonet.c \ print-gre.c \ print-hsrp.c \ + print-http.c \ print-icmp.c \ print-igmp.c \ print-igrp.c \ print-ip.c \ + print-ip6.c \ print-ipcomp.c \ print-ipfc.c \ print-ipnet.c \ @@ -178,6 +182,7 @@ print-rpki-rtr.c \ print-rrcp.c \ print-rsvp.c \ + print-rtsp.c \ print-rx.c \ print-sctp.c \ print-sflow.c \ @@ -185,6 +190,7 @@ print-sl.c \ print-sll.c \ print-slow.c \ + print-smtp.c \ print-snmp.c \ print-stp.c \ print-sunatm.c \ @@ -231,7 +237,6 @@ appletalk.h \ atm.h \ atmuni31.h \ - bootp.h \ chdlc.h \ cpack.h \ ether.h \ @@ -241,7 +246,6 @@ gmpls.h \ gmt2local.h \ interface.h \ - interface.h \ ip.h \ ip6.h \ ipproto.h \ @@ -330,7 +334,6 @@ print-dhcp6.c \ print-frag6.c \ print-icmp6.c \ - print-ip6.c \ print-ip6opts.c \ print-mobility.c \ print-ospf6.c \ Index: head/contrib/tcpdump/VERSION =================================================================== --- head/contrib/tcpdump/VERSION +++ head/contrib/tcpdump/VERSION @@ -1 +1 @@ -4.6.2 +4.7.4 Index: head/contrib/tcpdump/addrtoname.h =================================================================== --- head/contrib/tcpdump/addrtoname.h +++ head/contrib/tcpdump/addrtoname.h @@ -51,6 +51,7 @@ #ifdef INET6 extern struct h6namemem *newh6namemem(void); #endif +extern const char * ieee8021q_tci_string(const uint16_t); #define ipaddr_string(ndo, p) getname(ndo, (const u_char *)(p)) #ifdef INET6 Index: head/contrib/tcpdump/addrtoname.c =================================================================== --- head/contrib/tcpdump/addrtoname.c +++ head/contrib/tcpdump/addrtoname.c @@ -576,7 +576,7 @@ return (etheraddr_string(ndo, ep)); if (type == LINKADDR_FRELAY) - return (q922_string(ep)); + return (q922_string(ndo, ep, len)); tp = lookup_bytestring(ep, len); if (tp->e_name) @@ -1236,3 +1236,15 @@ return (p); } #endif /* INET6 */ + +/* Represent TCI part of the 802.1Q 4-octet tag as text. */ +const char * +ieee8021q_tci_string(const uint16_t tci) +{ + static char buf[128]; + snprintf(buf, sizeof(buf), "vlan %u, p %u%s", + tci & 0xfff, + tci >> 13, + (tci & 0x1000) ? ", DEI" : ""); + return buf; +} Index: head/contrib/tcpdump/bootp.h =================================================================== --- head/contrib/tcpdump/bootp.h +++ head/contrib/tcpdump/bootp.h @@ -1,230 +0,0 @@ -/* - * Bootstrap Protocol (BOOTP). RFC951 and RFC1048. - * - * This file specifies the "implementation-independent" BOOTP protocol - * information which is common to both client and server. - * - * Copyright 1988 by Carnegie Mellon. - * - * Permission to use, copy, modify, and distribute this program for any - * purpose and without fee is hereby granted, provided that this copyright - * and permission notice appear on all copies and supporting documentation, - * the name of Carnegie Mellon not be used in advertising or publicity - * pertaining to distribution of the program without specific prior - * permission, and notice be given in supporting documentation that copying - * and distribution is by permission of Carnegie Mellon and Stanford - * University. Carnegie Mellon makes no representations about the - * suitability of this software for any purpose. It is provided "as is" - * without express or implied warranty. - */ - - -struct bootp { - uint8_t bp_op; /* packet opcode type */ - uint8_t bp_htype; /* hardware addr type */ - uint8_t bp_hlen; /* hardware addr length */ - uint8_t bp_hops; /* gateway hops */ - uint32_t bp_xid; /* transaction ID */ - uint16_t bp_secs; /* seconds since boot began */ - uint16_t bp_flags; /* flags - see bootp_flag_values[] - in print-bootp.c */ - struct in_addr bp_ciaddr; /* client IP address */ - struct in_addr bp_yiaddr; /* 'your' IP address */ - struct in_addr bp_siaddr; /* server IP address */ - struct in_addr bp_giaddr; /* gateway IP address */ - uint8_t bp_chaddr[16]; /* client hardware address */ - uint8_t bp_sname[64]; /* server host name */ - uint8_t bp_file[128]; /* boot file name */ - uint8_t bp_vend[64]; /* vendor-specific area */ -} UNALIGNED; - -/* - * UDP port numbers, server and client. - */ -#define IPPORT_BOOTPS 67 -#define IPPORT_BOOTPC 68 - -#define BOOTPREPLY 2 -#define BOOTPREQUEST 1 - -/* - * Vendor magic cookie (v_magic) for CMU - */ -#define VM_CMU "CMU" - -/* - * Vendor magic cookie (v_magic) for RFC1048 - */ -#define VM_RFC1048 { 99, 130, 83, 99 } - - - -/* - * RFC1048 tag values used to specify what information is being supplied in - * the vendor field of the packet. - */ - -#define TAG_PAD ((uint8_t) 0) -#define TAG_SUBNET_MASK ((uint8_t) 1) -#define TAG_TIME_OFFSET ((uint8_t) 2) -#define TAG_GATEWAY ((uint8_t) 3) -#define TAG_TIME_SERVER ((uint8_t) 4) -#define TAG_NAME_SERVER ((uint8_t) 5) -#define TAG_DOMAIN_SERVER ((uint8_t) 6) -#define TAG_LOG_SERVER ((uint8_t) 7) -#define TAG_COOKIE_SERVER ((uint8_t) 8) -#define TAG_LPR_SERVER ((uint8_t) 9) -#define TAG_IMPRESS_SERVER ((uint8_t) 10) -#define TAG_RLP_SERVER ((uint8_t) 11) -#define TAG_HOSTNAME ((uint8_t) 12) -#define TAG_BOOTSIZE ((uint8_t) 13) -#define TAG_END ((uint8_t) 255) -/* RFC1497 tags */ -#define TAG_DUMPPATH ((uint8_t) 14) -#define TAG_DOMAINNAME ((uint8_t) 15) -#define TAG_SWAP_SERVER ((uint8_t) 16) -#define TAG_ROOTPATH ((uint8_t) 17) -#define TAG_EXTPATH ((uint8_t) 18) -/* RFC2132 */ -#define TAG_IP_FORWARD ((uint8_t) 19) -#define TAG_NL_SRCRT ((uint8_t) 20) -#define TAG_PFILTERS ((uint8_t) 21) -#define TAG_REASS_SIZE ((uint8_t) 22) -#define TAG_DEF_TTL ((uint8_t) 23) -#define TAG_MTU_TIMEOUT ((uint8_t) 24) -#define TAG_MTU_TABLE ((uint8_t) 25) -#define TAG_INT_MTU ((uint8_t) 26) -#define TAG_LOCAL_SUBNETS ((uint8_t) 27) -#define TAG_BROAD_ADDR ((uint8_t) 28) -#define TAG_DO_MASK_DISC ((uint8_t) 29) -#define TAG_SUPPLY_MASK ((uint8_t) 30) -#define TAG_DO_RDISC ((uint8_t) 31) -#define TAG_RTR_SOL_ADDR ((uint8_t) 32) -#define TAG_STATIC_ROUTE ((uint8_t) 33) -#define TAG_USE_TRAILERS ((uint8_t) 34) -#define TAG_ARP_TIMEOUT ((uint8_t) 35) -#define TAG_ETH_ENCAP ((uint8_t) 36) -#define TAG_TCP_TTL ((uint8_t) 37) -#define TAG_TCP_KEEPALIVE ((uint8_t) 38) -#define TAG_KEEPALIVE_GO ((uint8_t) 39) -#define TAG_NIS_DOMAIN ((uint8_t) 40) -#define TAG_NIS_SERVERS ((uint8_t) 41) -#define TAG_NTP_SERVERS ((uint8_t) 42) -#define TAG_VENDOR_OPTS ((uint8_t) 43) -#define TAG_NETBIOS_NS ((uint8_t) 44) -#define TAG_NETBIOS_DDS ((uint8_t) 45) -#define TAG_NETBIOS_NODE ((uint8_t) 46) -#define TAG_NETBIOS_SCOPE ((uint8_t) 47) -#define TAG_XWIN_FS ((uint8_t) 48) -#define TAG_XWIN_DM ((uint8_t) 49) -#define TAG_NIS_P_DOMAIN ((uint8_t) 64) -#define TAG_NIS_P_SERVERS ((uint8_t) 65) -#define TAG_MOBILE_HOME ((uint8_t) 68) -#define TAG_SMPT_SERVER ((uint8_t) 69) -#define TAG_POP3_SERVER ((uint8_t) 70) -#define TAG_NNTP_SERVER ((uint8_t) 71) -#define TAG_WWW_SERVER ((uint8_t) 72) -#define TAG_FINGER_SERVER ((uint8_t) 73) -#define TAG_IRC_SERVER ((uint8_t) 74) -#define TAG_STREETTALK_SRVR ((uint8_t) 75) -#define TAG_STREETTALK_STDA ((uint8_t) 76) -/* DHCP options */ -#define TAG_REQUESTED_IP ((uint8_t) 50) -#define TAG_IP_LEASE ((uint8_t) 51) -#define TAG_OPT_OVERLOAD ((uint8_t) 52) -#define TAG_TFTP_SERVER ((uint8_t) 66) -#define TAG_BOOTFILENAME ((uint8_t) 67) -#define TAG_DHCP_MESSAGE ((uint8_t) 53) -#define TAG_SERVER_ID ((uint8_t) 54) -#define TAG_PARM_REQUEST ((uint8_t) 55) -#define TAG_MESSAGE ((uint8_t) 56) -#define TAG_MAX_MSG_SIZE ((uint8_t) 57) -#define TAG_RENEWAL_TIME ((uint8_t) 58) -#define TAG_REBIND_TIME ((uint8_t) 59) -#define TAG_VENDOR_CLASS ((uint8_t) 60) -#define TAG_CLIENT_ID ((uint8_t) 61) -/* RFC 2241 */ -#define TAG_NDS_SERVERS ((uint8_t) 85) -#define TAG_NDS_TREE_NAME ((uint8_t) 86) -#define TAG_NDS_CONTEXT ((uint8_t) 87) -/* RFC 2242 */ -#define TAG_NDS_IPDOMAIN ((uint8_t) 62) -#define TAG_NDS_IPINFO ((uint8_t) 63) -/* RFC 2485 */ -#define TAG_OPEN_GROUP_UAP ((uint8_t) 98) -/* RFC 2563 */ -#define TAG_DISABLE_AUTOCONF ((uint8_t) 116) -/* RFC 2610 */ -#define TAG_SLP_DA ((uint8_t) 78) -#define TAG_SLP_SCOPE ((uint8_t) 79) -/* RFC 2937 */ -#define TAG_NS_SEARCH ((uint8_t) 117) -/* RFC 3011 */ -#define TAG_IP4_SUBNET_SELECT ((uint8_t) 118) -/* RFC 3442 */ -#define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121) -#define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249) -/* ftp://ftp.isi.edu/.../assignments/bootp-dhcp-extensions */ -#define TAG_USER_CLASS ((uint8_t) 77) -#define TAG_SLP_NAMING_AUTH ((uint8_t) 80) -#define TAG_CLIENT_FQDN ((uint8_t) 81) -#define TAG_AGENT_CIRCUIT ((uint8_t) 82) -#define TAG_AGENT_REMOTE ((uint8_t) 83) -#define TAG_AGENT_MASK ((uint8_t) 84) -#define TAG_TZ_STRING ((uint8_t) 88) -#define TAG_FQDN_OPTION ((uint8_t) 89) -#define TAG_AUTH ((uint8_t) 90) -#define TAG_VINES_SERVERS ((uint8_t) 91) -#define TAG_SERVER_RANK ((uint8_t) 92) -#define TAG_CLIENT_ARCH ((uint8_t) 93) -#define TAG_CLIENT_NDI ((uint8_t) 94) -#define TAG_CLIENT_GUID ((uint8_t) 97) -#define TAG_LDAP_URL ((uint8_t) 95) -#define TAG_6OVER4 ((uint8_t) 96) -#define TAG_PRINTER_NAME ((uint8_t) 100) -#define TAG_MDHCP_SERVER ((uint8_t) 101) -#define TAG_IPX_COMPAT ((uint8_t) 110) -#define TAG_NETINFO_PARENT ((uint8_t) 112) -#define TAG_NETINFO_PARENT_TAG ((uint8_t) 113) -#define TAG_URL ((uint8_t) 114) -#define TAG_FAILOVER ((uint8_t) 115) -#define TAG_EXTENDED_REQUEST ((uint8_t) 126) -#define TAG_EXTENDED_OPTION ((uint8_t) 127) - - -/* DHCP Message types (values for TAG_DHCP_MESSAGE option) */ -#define DHCPDISCOVER 1 -#define DHCPOFFER 2 -#define DHCPREQUEST 3 -#define DHCPDECLINE 4 -#define DHCPACK 5 -#define DHCPNAK 6 -#define DHCPRELEASE 7 -#define DHCPINFORM 8 - - -/* - * "vendor" data permitted for CMU bootp clients. - */ - -struct cmu_vend { - uint8_t v_magic[4]; /* magic number */ - uint32_t v_flags; /* flags/opcodes, etc. */ - struct in_addr v_smask; /* Subnet mask */ - struct in_addr v_dgate; /* Default gateway */ - struct in_addr v_dns1, v_dns2; /* Domain name servers */ - struct in_addr v_ins1, v_ins2; /* IEN-116 name servers */ - struct in_addr v_ts1, v_ts2; /* Time servers */ - uint8_t v_unused[24]; /* currently unused */ -} UNALIGNED; - - -/* v_flags values */ -#define VF_SMASK 1 /* Subnet mask field contains valid data */ - -/* RFC 4702 DHCP Client FQDN Option */ - -#define CLIENT_FQDN_FLAGS_S 0x01 -#define CLIENT_FQDN_FLAGS_O 0x02 -#define CLIENT_FQDN_FLAGS_E 0x04 -#define CLIENT_FQDN_FLAGS_N 0x08 Index: head/contrib/tcpdump/config.h.in =================================================================== --- head/contrib/tcpdump/config.h.in +++ head/contrib/tcpdump/config.h.in @@ -18,8 +18,8 @@ /* Define to 1 if you have the `cap_ioctls_limit' function. */ #undef HAVE_CAP_IOCTLS_LIMIT -/* Define to 1 if you have the `cap_rights_init' function. */ -#undef HAVE_CAP_RIGHTS_INIT +/* Define to 1 if you have the header file. */ +#undef HAVE_CAP_NG_H /* Define to 1 if you have the `cap_rights_limit' function. */ #undef HAVE_CAP_RIGHTS_LIMIT @@ -55,6 +55,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H +/* Define to 1 if you have the `cap-ng' library (-lcap-ng). */ +#undef HAVE_LIBCAP_NG + /* Define to 1 if you have the `crypto' library (-lcrypto). */ #undef HAVE_LIBCRYPTO @@ -136,6 +139,9 @@ /* Define to 1 if you have the `pcap_set_datalink' function. */ #undef HAVE_PCAP_SET_DATALINK +/* Define to 1 if you have the `pcap_set_immediate_mode' function. */ +#undef HAVE_PCAP_SET_IMMEDIATE_MODE + /* Define to 1 if you have the `pcap_set_tstamp_precision' function. */ #undef HAVE_PCAP_SET_TSTAMP_PRECISION @@ -211,6 +217,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H +/* Define to 1 if the system has the type `uintptr_t'. */ +#undef HAVE_UINTPTR_T + /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H @@ -382,3 +391,7 @@ /* Define to the type of an unsigned integer type of width exactly 8 bits if such a type exists and the standard includes do not define it. */ #undef uint8_t + +/* Define to the type of an unsigned integer type wide enough to hold a + pointer, if such a type exists, and if the system does not define it. */ +#undef uintptr_t Index: head/contrib/tcpdump/config.guess =================================================================== --- head/contrib/tcpdump/config.guess +++ head/contrib/tcpdump/config.guess @@ -1,14 +1,12 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, -# 2011, 2012 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2012-02-10' +timestamp='2015-02-23' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or +# the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -22,19 +20,17 @@ # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - - -# Originally written by Per Bothner. Please send patches (context -# diff format) to and include a ChangeLog -# entry. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). # -# This script attempts to guess a canonical system name similar to -# config.sub. If it succeeds, it prints the system name on stdout, and -# exits with 0. Otherwise, it exits with 1. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches to . + me=`echo "$0" | sed -e 's,.*/,,'` @@ -54,9 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -138,6 +132,27 @@ UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + ;; +esac + # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -153,20 +168,27 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -182,6 +204,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -198,7 +227,11 @@ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` @@ -302,7 +335,7 @@ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; - arm:riscos:*:*|arm:RISCOS:*:*) + arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) @@ -560,8 +593,9 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -801,10 +835,13 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -852,21 +889,21 @@ exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -879,59 +916,54 @@ EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi - echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi else - echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-gnu + echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:Linux:*:*) - LIBC=gnu - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #ifdef __dietlibc__ - LIBC=dietlibc - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -950,54 +982,63 @@ #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-gnu + echo sparc-unknown-linux-${LIBC} exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-gnu + echo hppa64-unknown-linux-${LIBC} exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-gnu ;; - PA8*) echo hppa2.0-unknown-linux-gnu ;; - *) echo hppa-unknown-linux-gnu ;; + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-gnu + echo powerpc64-unknown-linux-${LIBC} exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-gnu + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-gnu + echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1201,6 +1242,9 @@ BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1227,19 +1271,31 @@ exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - case $UNAME_PROCESSOR in - i386) - eval $set_cc_for_build - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - UNAME_PROCESSOR="x86_64" - fi - fi ;; - unknown) UNAME_PROCESSOR=powerpc ;; - esac + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) @@ -1256,7 +1312,7 @@ NEO-?:NONSTOP_KERNEL:*:*) echo neo-tandem-nsk${UNAME_RELEASE} exit ;; - NSE-?:NONSTOP_KERNEL:*:*) + NSE-*:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) @@ -1330,157 +1386,6 @@ exit ;; esac -#echo '(No uname command or uname output not recognized.)' 1>&2 -#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 - -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. @@ -26,11 +20,12 @@ # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches to . Submit a context -# diff and a properly formatted GNU ChangeLog entry. +# Please send patches to . # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -73,9 +68,7 @@ version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 -Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -123,8 +116,8 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -156,7 +149,7 @@ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ - -apple | -axis | -knuth | -cray | -microblaze) + -apple | -axis | -knuth | -cray | -microblaze*) os= basic_machine=$1 ;; @@ -259,21 +252,24 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ - | be32 | be64 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ | bfin \ - | c4x | clipper \ + | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ - | fido | fr30 | frv \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore | mep | metag \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -287,23 +283,26 @@ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 \ + | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -314,6 +313,7 @@ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -328,7 +328,10 @@ c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -370,13 +373,13 @@ | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | clipper-* | craynv-* | cydra-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ @@ -385,11 +388,13 @@ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ @@ -403,18 +408,22 @@ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -432,6 +441,7 @@ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -769,6 +779,9 @@ basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -788,11 +801,15 @@ basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze*) basic_machine=microblaze-xilinx ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; mingw32) - basic_machine=i386-pc + basic_machine=i686-pc os=-mingw32 ;; mingw32ce) @@ -820,6 +837,10 @@ basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -828,7 +849,7 @@ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; msys) - basic_machine=i386-pc + basic_machine=i686-pc os=-msys ;; mvs) @@ -1019,7 +1040,11 @@ basic_machine=i586-unknown os=-pw32 ;; - rdos) + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) basic_machine=i386-pc os=-rdos ;; @@ -1346,29 +1371,29 @@ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* \ + | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -openbsd* | -solidbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -linux-gnu* | -linux-android* \ - | -linux-newlib* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1492,9 +1517,6 @@ -aros*) os=-aros ;; - -kaos*) - os=-kaos - ;; -zvmoe) os=-zvmoe ;; @@ -1543,6 +1565,12 @@ c4x-* | tic4x-*) os=-coff ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; tic54x-*) os=-coff ;; Index: head/contrib/tcpdump/configure =================================================================== --- head/contrib/tcpdump/configure +++ head/contrib/tcpdump/configure @@ -705,7 +705,9 @@ with_chroot with_sandbox_capsicum enable_ipv6 +with_system_libpcap with_crypto +with_cap_ng ' ac_precious_vars='build_alias host_alias @@ -1341,8 +1343,11 @@ --without-smi don't link with libsmi --with-user=USERNAME drop privileges by default to USERNAME --with-chroot=DIRECTORY when dropping privileges, chroot to DIRECTORY - --with-sandbox-capsicum + --with-sandbox-capsicum use Capsicum security functions [default=yes, if + available] + --with-system-libpcap don't use local pcap library --with-crypto use OpenSSL libcrypto [default=yes, if available] + --with-cap-ng use libcap-ng [default=yes, if available] Some influential environment variables: CC C compiler command @@ -4531,10 +4536,18 @@ # ac_lbl_capsicum_function_seen to yes; if any are not, set # ac_lbl_capsicum_function_not_seen to yes. # -# All of them must be available in order to enable capsicum sandboxing. +# We don't check cap_rights_init(), as it's a macro, wrapping another +# function, in at least some versions of FreeBSD, and AC_CHECK_FUNCS() +# doesn't handle that. +# +# All of the ones we check for must be available in order to enable +# capsicum sandboxing. +# +# XXX - do we need to check for all of them, or are there some that, if +# present, imply others are present? # if test ! -z "$with_sandbox-capsicum" && test "$with_sandbox-capsicum" != "no" ; then - for ac_func in cap_enter cap_rights_init cap_rights_limit cap_ioctls_limit openat + for ac_func in cap_enter cap_rights_limit cap_ioctls_limit openat do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -4836,7 +4849,7 @@ enableval=$enable_ipv6; case "$enableval" in yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - LOCALSRC="print-ip6.c print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" + LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" $as_echo "#define INET6 1" >>confdefs.h @@ -4871,7 +4884,7 @@ if ac_fn_c_try_compile "$LINENO"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - LOCALSRC="print-ip6.c print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" + LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" $as_echo "#define INET6 1" >>confdefs.h @@ -5107,7 +5120,7 @@ $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : - td_cv_buggygetaddrinfo=yes + td_cv_buggygetaddrinfo=unknown else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5221,6 +5234,9 @@ if test "$td_cv_buggygetaddrinfo" = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: good" >&5 $as_echo "good" >&6; } + elif test "$td_cv_buggygetaddrinfo" = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown (cross-compiling)" >&5 +$as_echo "unknown (cross-compiling)" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: buggy" >&5 $as_echo "buggy" >&6; } @@ -5799,26 +5815,34 @@ LIBS="$LIBS $pfopen" fi fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5 + libpcap=FAIL + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for local pcap library" >&5 $as_echo_n "checking for local pcap library... " >&6; } - libpcap=FAIL - lastdir=FAIL - places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ - egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` - places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ - egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` - for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do - basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \ - sed -e 's/-PRE-GIT$//' ` - if test $lastdir = $basedir ; then - continue; - fi - lastdir=$dir - if test -r $dir/libpcap.a ; then - libpcap=$dir/libpcap.a - d=$dir - fi - done + +# Check whether --with-system-libpcap was given. +if test "${with_system_libpcap+set}" = set; then : + withval=$with_system_libpcap; +fi + + if test "x$with_system_libpcap" != xyes ; then + lastdir=FAIL + places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ + egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` + places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ + egrep '/libpcap-[0-9]+\.[0-9]+(\.[0-9]*)?([ab][0-9]*|-PRE-GIT)?$'` + for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do + basedir=`echo $dir | sed -e 's/[ab][0-9]*$//' | \ + sed -e 's/-PRE-GIT$//' ` + if test $lastdir = $basedir ; then + continue; + fi + lastdir=$dir + if test -r $dir/libpcap.a ; then + libpcap=$dir/libpcap.a + d=$dir + fi + done + fi if test $libpcap = FAIL ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } @@ -6134,110 +6158,6 @@ fi - ac_fn_c_check_func "$LINENO" "pcap_list_datalinks" "ac_cv_func_pcap_list_datalinks" -if test "x$ac_cv_func_pcap_list_datalinks" = xyes; then : - - -$as_echo "#define HAVE_PCAP_LIST_DATALINKS 1" >>confdefs.h - - for ac_func in pcap_free_datalinks -do : - ac_fn_c_check_func "$LINENO" "pcap_free_datalinks" "ac_cv_func_pcap_free_datalinks" -if test "x$ac_cv_func_pcap_free_datalinks" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PCAP_FREE_DATALINKS 1 -_ACEOF - -fi -done - - -else - - case " $LIBOBJS " in - *" datalinks.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS datalinks.$ac_objext" - ;; -esac - - -fi - - for ac_func in pcap_set_datalink -do : - ac_fn_c_check_func "$LINENO" "pcap_set_datalink" "ac_cv_func_pcap_set_datalink" -if test "x$ac_cv_func_pcap_set_datalink" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PCAP_SET_DATALINK 1 -_ACEOF - -fi -done - - ac_fn_c_check_func "$LINENO" "pcap_datalink_name_to_val" "ac_cv_func_pcap_datalink_name_to_val" -if test "x$ac_cv_func_pcap_datalink_name_to_val" = xyes; then : - - -$as_echo "#define HAVE_PCAP_DATALINK_NAME_TO_VAL 1" >>confdefs.h - - ac_fn_c_check_func "$LINENO" "pcap_datalink_val_to_description" "ac_cv_func_pcap_datalink_val_to_description" -if test "x$ac_cv_func_pcap_datalink_val_to_description" = xyes; then : - -$as_echo "#define HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION 1" >>confdefs.h - -else - - case " $LIBOBJS " in - *" dlnames.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS dlnames.$ac_objext" - ;; -esac - - -fi - - -else - - case " $LIBOBJS " in - *" dlnames.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS dlnames.$ac_objext" - ;; -esac - - -fi - - - for ac_func in pcap_breakloop -do : - ac_fn_c_check_func "$LINENO" "pcap_breakloop" "ac_cv_func_pcap_breakloop" -if test "x$ac_cv_func_pcap_breakloop" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PCAP_BREAKLOOP 1 -_ACEOF - -fi -done - - - ac_fn_c_check_func "$LINENO" "pcap_dump_ftell" "ac_cv_func_pcap_dump_ftell" -if test "x$ac_cv_func_pcap_dump_ftell" = xyes; then : - -$as_echo "#define HAVE_PCAP_DUMP_FTELL 1" >>confdefs.h - -else - - case " $LIBOBJS " in - *" pcap_dump_ftell.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS pcap_dump_ftell.$ac_objext" - ;; -esac - - -fi - - # # Check for these after AC_LBL_LIBPCAP, so we link with the appropriate @@ -6606,6 +6526,110 @@ missing_includes=yes fi +ac_fn_c_check_func "$LINENO" "pcap_list_datalinks" "ac_cv_func_pcap_list_datalinks" +if test "x$ac_cv_func_pcap_list_datalinks" = xyes; then : + + +$as_echo "#define HAVE_PCAP_LIST_DATALINKS 1" >>confdefs.h + + for ac_func in pcap_free_datalinks +do : + ac_fn_c_check_func "$LINENO" "pcap_free_datalinks" "ac_cv_func_pcap_free_datalinks" +if test "x$ac_cv_func_pcap_free_datalinks" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PCAP_FREE_DATALINKS 1 +_ACEOF + +fi +done + + +else + + case " $LIBOBJS " in + *" datalinks.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS datalinks.$ac_objext" + ;; +esac + + +fi + +for ac_func in pcap_set_datalink +do : + ac_fn_c_check_func "$LINENO" "pcap_set_datalink" "ac_cv_func_pcap_set_datalink" +if test "x$ac_cv_func_pcap_set_datalink" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PCAP_SET_DATALINK 1 +_ACEOF + +fi +done + +ac_fn_c_check_func "$LINENO" "pcap_datalink_name_to_val" "ac_cv_func_pcap_datalink_name_to_val" +if test "x$ac_cv_func_pcap_datalink_name_to_val" = xyes; then : + + +$as_echo "#define HAVE_PCAP_DATALINK_NAME_TO_VAL 1" >>confdefs.h + + ac_fn_c_check_func "$LINENO" "pcap_datalink_val_to_description" "ac_cv_func_pcap_datalink_val_to_description" +if test "x$ac_cv_func_pcap_datalink_val_to_description" = xyes; then : + +$as_echo "#define HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION 1" >>confdefs.h + +else + + case " $LIBOBJS " in + *" dlnames.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS dlnames.$ac_objext" + ;; +esac + + +fi + + +else + + case " $LIBOBJS " in + *" dlnames.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS dlnames.$ac_objext" + ;; +esac + + +fi + + +for ac_func in pcap_breakloop +do : + ac_fn_c_check_func "$LINENO" "pcap_breakloop" "ac_cv_func_pcap_breakloop" +if test "x$ac_cv_func_pcap_breakloop" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PCAP_BREAKLOOP 1 +_ACEOF + +fi +done + + +ac_fn_c_check_func "$LINENO" "pcap_dump_ftell" "ac_cv_func_pcap_dump_ftell" +if test "x$ac_cv_func_pcap_dump_ftell" = xyes; then : + +$as_echo "#define HAVE_PCAP_DUMP_FTELL 1" >>confdefs.h + +else + + case " $LIBOBJS " in + *" pcap_dump_ftell.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS pcap_dump_ftell.$ac_objext" + ;; +esac + + +fi + + # # Do we have the new open API? Check for pcap_create, and assume that, # if we do, we also have pcap_activate() and the other new routines @@ -6655,7 +6679,11 @@ fi -for ac_func in pcap_findalldevs pcap_dump_flush pcap_lib_version pcap_setdirection +# +# Check for a miscellaneous collection of functions which we use +# if we have them. +# +for ac_func in pcap_findalldevs pcap_dump_flush pcap_lib_version pcap_setdirection pcap_set_immediate_mode do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -6710,7 +6738,7 @@ rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "$ac_lbl_cv_pcap_version_defined" = yes ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } $as_echo "#define HAVE_PCAP_VERSION 1" >>confdefs.h @@ -6970,6 +6998,48 @@ # +# Make sure we have a definition for C99's uintptr_t (regardless of +# whether the environment is a C99 environment or not). +# + + ac_fn_c_check_type "$LINENO" "uintptr_t" "ac_cv_type_uintptr_t" "$ac_includes_default" +if test "x$ac_cv_type_uintptr_t" = xyes; then : + +$as_echo "#define HAVE_UINTPTR_T 1" >>confdefs.h + +else + for ac_type in 'unsigned int' 'unsigned long int' \ + 'unsigned long long int'; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +static int test_array [1 - 2 * !(sizeof (void *) <= sizeof ($ac_type))]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +cat >>confdefs.h <<_ACEOF +#define uintptr_t $ac_type +_ACEOF + + ac_type= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test -z "$ac_type" && break + done +fi + + + +# # Define the old BSD specified-width types in terms of the C99 types; # we may need them with libpcap include files. # @@ -8150,6 +8220,98 @@ fi +# Check for libcap-ng +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use libcap-ng" >&5 +$as_echo_n "checking whether to use libcap-ng... " >&6; } +# Specify location for both includes and libraries. +want_libcap_ng=ifavailable + +# Check whether --with-cap_ng was given. +if test "${with_cap_ng+set}" = set; then : + withval=$with_cap_ng; + if test $withval = no + then + want_libcap_ng=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + elif test $withval = yes + then + want_libcap_ng=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + +else + + # + # Use libcap-ng if it's present, otherwise don't. + # + want_libcap_ng=ifavailable + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, if available" >&5 +$as_echo "yes, if available" >&6; } + +fi + +if test "$want_libcap_ng" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for capng_change_id in -lcap-ng" >&5 +$as_echo_n "checking for capng_change_id in -lcap-ng... " >&6; } +if ${ac_cv_lib_cap_ng_capng_change_id+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcap-ng $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char capng_change_id (); +int +main () +{ +return capng_change_id (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_cap_ng_capng_change_id=yes +else + ac_cv_lib_cap_ng_capng_change_id=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_ng_capng_change_id" >&5 +$as_echo "$ac_cv_lib_cap_ng_capng_change_id" >&6; } +if test "x$ac_cv_lib_cap_ng_capng_change_id" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBCAP_NG 1 +_ACEOF + + LIBS="-lcap-ng $LIBS" + +fi + + for ac_header in cap-ng.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "cap-ng.h" "ac_cv_header_cap_ng_h" "$ac_includes_default" +if test "x$ac_cv_header_cap_ng_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CAP_NG_H 1 +_ACEOF + +fi + +done + +fi + if test "$missing_includes" = "yes"; then CPPFLAGS="$CPPFLAGS -I$srcdir/missing" V_INCLS="$V_INCLS -I$srcdir/missing" Index: head/contrib/tcpdump/configure.in =================================================================== --- head/contrib/tcpdump/configure.in +++ head/contrib/tcpdump/configure.in @@ -197,16 +197,26 @@ AC_MSG_RESULT(no) fi -AC_ARG_WITH(sandbox-capsicum, [ --with-sandbox-capsicum ]) +AC_ARG_WITH(sandbox-capsicum, + AS_HELP_STRING([--with-sandbox-capsicum], + [use Capsicum security functions @<:@default=yes, if available@:>@])) # # Check whether various functions are available. If any are, set # ac_lbl_capsicum_function_seen to yes; if any are not, set # ac_lbl_capsicum_function_not_seen to yes. # -# All of them must be available in order to enable capsicum sandboxing. +# We don't check cap_rights_init(), as it's a macro, wrapping another +# function, in at least some versions of FreeBSD, and AC_CHECK_FUNCS() +# doesn't handle that. +# +# All of the ones we check for must be available in order to enable +# capsicum sandboxing. +# +# XXX - do we need to check for all of them, or are there some that, if +# present, imply others are present? # if test ! -z "$with_sandbox-capsicum" && test "$with_sandbox-capsicum" != "no" ; then - AC_CHECK_FUNCS(cap_enter cap_rights_init cap_rights_limit cap_ioctls_limit openat, + AC_CHECK_FUNCS(cap_enter cap_rights_limit cap_ioctls_limit openat, ac_lbl_capsicum_function_seen=yes, ac_lbl_capsicum_function_not_seen=yes) fi @@ -231,7 +241,7 @@ --disable-ipv6 disable ipv6 support], [ case "$enableval" in yes) AC_MSG_RESULT(yes) - LOCALSRC="print-ip6.c print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" + LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" AC_DEFINE(INET6, 1, [Define if you enable IPv6 support]) ipv6=yes ;; @@ -260,7 +270,7 @@ ]]) ], [ AC_MSG_RESULT(yes) - LOCALSRC="print-ip6.c print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" + LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC" AC_DEFINE(INET6, 1, [Define if you enable IPv6 support]) ipv6=yes], [ AC_MSG_RESULT(no) @@ -495,9 +505,11 @@ ], td_cv_buggygetaddrinfo=no, td_cv_buggygetaddrinfo=yes, - td_cv_buggygetaddrinfo=yes)]) + td_cv_buggygetaddrinfo=unknown)]) if test "$td_cv_buggygetaddrinfo" = no; then AC_MSG_RESULT(good) + elif test "$td_cv_buggygetaddrinfo" = unknown; then + AC_MSG_RESULT([unknown (cross-compiling)]) else AC_MSG_RESULT(buggy) fi @@ -749,6 +761,54 @@ missing_includes=yes fi +dnl +dnl Check for "pcap_list_datalinks()", "pcap_set_datalink()", +dnl and "pcap_datalink_name_to_val()", and use substitute versions +dnl if they're not present. +dnl +AC_CHECK_FUNC(pcap_list_datalinks, + [ + AC_DEFINE(HAVE_PCAP_LIST_DATALINKS, 1, + [define if libpcap has pcap_list_datalinks()]) + AC_CHECK_FUNCS(pcap_free_datalinks) + ], + [ + AC_LIBOBJ(datalinks) + ]) +AC_CHECK_FUNCS(pcap_set_datalink) +AC_CHECK_FUNC(pcap_datalink_name_to_val, + [ + AC_DEFINE(HAVE_PCAP_DATALINK_NAME_TO_VAL, 1, + [define if libpcap has pcap_datalink_name_to_val()]) + AC_CHECK_FUNC(pcap_datalink_val_to_description, + AC_DEFINE(HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION, 1, + [define if libpcap has pcap_datalink_val_to_description()]), + [ + AC_LIBOBJ(dlnames) + ]) + ], + [ + AC_LIBOBJ(dlnames) + ]) + +dnl +dnl Check for "pcap_breakloop()"; you can't substitute for it if +dnl it's absent (it has hooks into the live capture routines), +dnl so just define the HAVE_ value if it's there. +dnl +AC_CHECK_FUNCS(pcap_breakloop) + +dnl +dnl Check for "pcap_dump_ftell()" and use a substitute version +dnl if it's not present. +dnl +AC_CHECK_FUNC(pcap_dump_ftell, + AC_DEFINE(HAVE_PCAP_DUMP_FTELL, 1, + [define if libpcap has pcap_dump_ftell()]), + [ + AC_LIBOBJ(pcap_dump_ftell) + ]) + # # Do we have the new open API? Check for pcap_create, and assume that, # if we do, we also have pcap_activate() and the other new routines @@ -768,7 +828,11 @@ AC_CHECK_FUNCS(pcap_set_tstamp_precision) fi -AC_CHECK_FUNCS(pcap_findalldevs pcap_dump_flush pcap_lib_version pcap_setdirection) +# +# Check for a miscellaneous collection of functions which we use +# if we have them. +# +AC_CHECK_FUNCS(pcap_findalldevs pcap_dump_flush pcap_lib_version pcap_setdirection pcap_set_immediate_mode) if test $ac_cv_func_pcap_findalldevs = "yes" ; then dnl Check for Mac OS X, which may ship pcap.h from 0.6 but libpcap may dnl be 0.8; this means that lib has pcap_findalldevs but header doesn't @@ -790,7 +854,7 @@ ac_lbl_cv_pcap_version_defined=yes, ac_lbl_cv_pcap_version_defined=no) if test "$ac_lbl_cv_pcap_version_defined" = yes ; then - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) AC_DEFINE(HAVE_PCAP_VERSION, 1, [define if libpcap has pcap_version]) else AC_MSG_RESULT(no) @@ -905,6 +969,12 @@ AC_TYPE_UINT64_T # +# Make sure we have a definition for C99's uintptr_t (regardless of +# whether the environment is a C99 environment or not). +# +AC_TYPE_UINTPTR_T + +# # Define the old BSD specified-width types in terms of the C99 types; # we may need them with libpcap include files. # @@ -1046,6 +1116,35 @@ AC_CHECK_HEADERS(openssl/evp.h) fi +# Check for libcap-ng +AC_MSG_CHECKING(whether to use libcap-ng) +# Specify location for both includes and libraries. +want_libcap_ng=ifavailable +AC_ARG_WITH(cap_ng, + AS_HELP_STRING([--with-cap-ng], + [use libcap-ng @<:@default=yes, if available@:>@]), +[ + if test $withval = no + then + want_libcap_ng=no + AC_MSG_RESULT(no) + elif test $withval = yes + then + want_libcap_ng=yes + AC_MSG_RESULT(yes) + fi +],[ + # + # Use libcap-ng if it's present, otherwise don't. + # + want_libcap_ng=ifavailable + AC_MSG_RESULT([yes, if available]) +]) +if test "$want_libcap_ng" != "no"; then + AC_CHECK_LIB(cap-ng, capng_change_id) + AC_CHECK_HEADERS(cap-ng.h) +fi + dnl dnl set additional include path if necessary if test "$missing_includes" = "yes"; then Index: head/contrib/tcpdump/extract.h =================================================================== --- head/contrib/tcpdump/extract.h +++ head/contrib/tcpdump/extract.h @@ -116,22 +116,22 @@ * assemble them. */ #define EXTRACT_16BITS(p) \ - ((uint16_t)((uint16_t)*((const uint8_t *)(p) + 0) << 8 | \ - (uint16_t)*((const uint8_t *)(p) + 1))) + ((uint16_t)(((uint16_t)(*((const uint8_t *)(p) + 0)) << 8) | \ + ((uint16_t)(*((const uint8_t *)(p) + 1)) << 0))) #define EXTRACT_32BITS(p) \ - ((uint32_t)((uint32_t)*((const uint8_t *)(p) + 0) << 24 | \ - (uint32_t)*((const uint8_t *)(p) + 1) << 16 | \ - (uint32_t)*((const uint8_t *)(p) + 2) << 8 | \ - (uint32_t)*((const uint8_t *)(p) + 3))) + ((uint32_t)(((uint32_t)(*((const uint8_t *)(p) + 0)) << 24) | \ + ((uint32_t)(*((const uint8_t *)(p) + 1)) << 16) | \ + ((uint32_t)(*((const uint8_t *)(p) + 2)) << 8) | \ + ((uint32_t)(*((const uint8_t *)(p) + 3)) << 0))) #define EXTRACT_64BITS(p) \ - ((uint64_t)((uint64_t)*((const uint8_t *)(p) + 0) << 56 | \ - (uint64_t)*((const uint8_t *)(p) + 1) << 48 | \ - (uint64_t)*((const uint8_t *)(p) + 2) << 40 | \ - (uint64_t)*((const uint8_t *)(p) + 3) << 32 | \ - (uint64_t)*((const uint8_t *)(p) + 4) << 24 | \ - (uint64_t)*((const uint8_t *)(p) + 5) << 16 | \ - (uint64_t)*((const uint8_t *)(p) + 6) << 8 | \ - (uint64_t)*((const uint8_t *)(p) + 7))) + ((uint64_t)(((uint64_t)(*((const uint8_t *)(p) + 0)) << 56) | \ + ((uint64_t)(*((const uint8_t *)(p) + 1)) << 48) | \ + ((uint64_t)(*((const uint8_t *)(p) + 2)) << 40) | \ + ((uint64_t)(*((const uint8_t *)(p) + 3)) << 32) | \ + ((uint64_t)(*((const uint8_t *)(p) + 4)) << 24) | \ + ((uint64_t)(*((const uint8_t *)(p) + 5)) << 16) | \ + ((uint64_t)(*((const uint8_t *)(p) + 6)) << 8) | \ + ((uint64_t)(*((const uint8_t *)(p) + 7)) << 0))) #endif /* must special-case unaligned accesses */ #else /* LBL_ALIGN */ /* @@ -161,33 +161,33 @@ #endif /* LBL_ALIGN */ #define EXTRACT_24BITS(p) \ - ((uint32_t)((uint32_t)*((const uint8_t *)(p) + 0) << 16 | \ - (uint32_t)*((const uint8_t *)(p) + 1) << 8 | \ - (uint32_t)*((const uint8_t *)(p) + 2))) + ((uint32_t)(((uint32_t)(*((const uint8_t *)(p) + 0)) << 16) | \ + ((uint32_t)(*((const uint8_t *)(p) + 1)) << 8) | \ + ((uint32_t)(*((const uint8_t *)(p) + 2)) << 0))) #define EXTRACT_40BITS(p) \ - ((uint64_t)((uint64_t)*((const uint8_t *)(p) + 0) << 32 | \ - (uint64_t)*((const uint8_t *)(p) + 1) << 24 | \ - (uint64_t)*((const uint8_t *)(p) + 2) << 16 | \ - (uint64_t)*((const uint8_t *)(p) + 3) << 8 | \ - (uint64_t)*((const uint8_t *)(p) + 4))) + ((uint64_t)(((uint64_t)(*((const uint8_t *)(p) + 0)) << 32) | \ + ((uint64_t)(*((const uint8_t *)(p) + 1)) << 24) | \ + ((uint64_t)(*((const uint8_t *)(p) + 2)) << 16) | \ + ((uint64_t)(*((const uint8_t *)(p) + 3)) << 8) | \ + ((uint64_t)(*((const uint8_t *)(p) + 4)) << 0))) #define EXTRACT_48BITS(p) \ - ((uint64_t)((uint64_t)*((const uint8_t *)(p) + 0) << 40 | \ - (uint64_t)*((const uint8_t *)(p) + 1) << 32 | \ - (uint64_t)*((const uint8_t *)(p) + 2) << 24 | \ - (uint64_t)*((const uint8_t *)(p) + 3) << 16 | \ - (uint64_t)*((const uint8_t *)(p) + 4) << 8 | \ - (uint64_t)*((const uint8_t *)(p) + 5))) + ((uint64_t)(((uint64_t)(*((const uint8_t *)(p) + 0)) << 40) | \ + ((uint64_t)(*((const uint8_t *)(p) + 1)) << 32) | \ + ((uint64_t)(*((const uint8_t *)(p) + 2)) << 24) | \ + ((uint64_t)(*((const uint8_t *)(p) + 3)) << 16) | \ + ((uint64_t)(*((const uint8_t *)(p) + 4)) << 8) | \ + ((uint64_t)(*((const uint8_t *)(p) + 5)) << 0))) #define EXTRACT_56BITS(p) \ - ((uint64_t)((uint64_t)*((const uint8_t *)(p) + 0) << 48 | \ - (uint64_t)*((const uint8_t *)(p) + 1) << 40 | \ - (uint64_t)*((const uint8_t *)(p) + 2) << 32 | \ - (uint64_t)*((const uint8_t *)(p) + 3) << 24 | \ - (uint64_t)*((const uint8_t *)(p) + 4) << 16 | \ - (uint64_t)*((const uint8_t *)(p) + 5) << 8 | \ - (uint64_t)*((const uint8_t *)(p) + 6))) + ((uint64_t)(((uint64_t)(*((const uint8_t *)(p) + 0)) << 48) | \ + ((uint64_t)(*((const uint8_t *)(p) + 1)) << 40) | \ + ((uint64_t)(*((const uint8_t *)(p) + 2)) << 32) | \ + ((uint64_t)(*((const uint8_t *)(p) + 3)) << 24) | \ + ((uint64_t)(*((const uint8_t *)(p) + 4)) << 16) | \ + ((uint64_t)(*((const uint8_t *)(p) + 5)) << 8) | \ + ((uint64_t)(*((const uint8_t *)(p) + 6)) << 0))) /* * Macros to extract possibly-unaligned little-endian integral values. @@ -195,23 +195,23 @@ */ #define EXTRACT_LE_8BITS(p) (*(p)) #define EXTRACT_LE_16BITS(p) \ - ((uint16_t)((uint16_t)*((const uint8_t *)(p) + 1) << 8 | \ - (uint16_t)*((const uint8_t *)(p) + 0))) + ((uint16_t)(((uint16_t)(*((const uint8_t *)(p) + 1)) << 8) | \ + ((uint16_t)(*((const uint8_t *)(p) + 0)) << 0))) #define EXTRACT_LE_32BITS(p) \ - ((uint32_t)((uint32_t)*((const uint8_t *)(p) + 3) << 24 | \ - (uint32_t)*((const uint8_t *)(p) + 2) << 16 | \ - (uint32_t)*((const uint8_t *)(p) + 1) << 8 | \ - (uint32_t)*((const uint8_t *)(p) + 0))) + ((uint32_t)(((uint32_t)(*((const uint8_t *)(p) + 3)) << 24) | \ + ((uint32_t)(*((const uint8_t *)(p) + 2)) << 16) | \ + ((uint32_t)(*((const uint8_t *)(p) + 1)) << 8) | \ + ((uint32_t)(*((const uint8_t *)(p) + 0)) << 0))) #define EXTRACT_LE_24BITS(p) \ - ((uint32_t)((uint32_t)*((const uint8_t *)(p) + 2) << 16 | \ - (uint32_t)*((const uint8_t *)(p) + 1) << 8 | \ - (uint32_t)*((const uint8_t *)(p) + 0))) + ((uint32_t)(((uint32_t)(*((const uint8_t *)(p) + 2)) << 16) | \ + ((uint32_t)(*((const uint8_t *)(p) + 1)) << 8) | \ + ((uint32_t)(*((const uint8_t *)(p) + 0)) << 0))) #define EXTRACT_LE_64BITS(p) \ - ((uint64_t)((uint64_t)*((const uint8_t *)(p) + 7) << 56 | \ - (uint64_t)*((const uint8_t *)(p) + 6) << 48 | \ - (uint64_t)*((const uint8_t *)(p) + 5) << 40 | \ - (uint64_t)*((const uint8_t *)(p) + 4) << 32 | \ - (uint64_t)*((const uint8_t *)(p) + 3) << 24 | \ - (uint64_t)*((const uint8_t *)(p) + 2) << 16 | \ - (uint64_t)*((const uint8_t *)(p) + 1) << 8 | \ - (uint64_t)*((const uint8_t *)(p) + 0))) + ((uint64_t)(((uint64_t)(*((const uint8_t *)(p) + 7)) << 56) | \ + ((uint64_t)(*((const uint8_t *)(p) + 6)) << 48) | \ + ((uint64_t)(*((const uint8_t *)(p) + 5)) << 40) | \ + ((uint64_t)(*((const uint8_t *)(p) + 4)) << 32) | \ + ((uint64_t)(*((const uint8_t *)(p) + 3)) << 24) | \ + ((uint64_t)(*((const uint8_t *)(p) + 2)) << 16) | \ + ((uint64_t)(*((const uint8_t *)(p) + 1)) << 8) | \ + ((uint64_t)(*((const uint8_t *)(p) + 0)) << 0))) Index: head/contrib/tcpdump/interface.h =================================================================== --- head/contrib/tcpdump/interface.h +++ head/contrib/tcpdump/interface.h @@ -104,9 +104,21 @@ * that "snapend - (l)" underflows. * * The check is for <= rather than < because "l" might be 0. + * + * We cast the pointers to uintptr_t to make sure that the compiler + * doesn't optimize away any of these tests (which it is allowed to + * do, as adding an integer to, or subtracting an integer from, a + * pointer assumes that the pointer is a pointer to an element of an + * array and that the result of the addition or subtraction yields a + * pointer to another member of the array, so that, for example, if + * you subtract a positive integer from a pointer, the result is + * guaranteed to be less than the original pointer value). See + * + * http://www.kb.cert.org/vuls/id/162289 */ -#define TTEST2(var, l) (snapend - (l) <= snapend && \ - (const u_char *)&(var) <= snapend - (l)) +#define TTEST2(var, l) \ + ((uintptr_t)snapend - (l) <= (uintptr_t)snapend && \ + (uintptr_t)&(var) <= (uintptr_t)snapend - (l)) /* True if "var" was captured */ #define TTEST(var) TTEST2(var, sizeof(var)) @@ -148,7 +160,6 @@ #include -extern char *q922_string(const u_char *); extern char *smb_errstr(int, int); extern const char *nt_errstr(uint32_t); Index: head/contrib/tcpdump/ip.h =================================================================== --- head/contrib/tcpdump/ip.h +++ head/contrib/tcpdump/ip.h @@ -36,6 +36,8 @@ #ifndef TCPDUMP_IP_H #define TCPDUMP_IP_H +#include "tcpdump-stdinc.h" + /* * Definitions for internet protocol version 4. * Per RFC 791, September 1981. Index: head/contrib/tcpdump/machdep.c =================================================================== --- head/contrib/tcpdump/machdep.c +++ head/contrib/tcpdump/machdep.c @@ -50,6 +50,15 @@ #include "machdep.h" +/* + * On platforms where the CPU doesn't support unaligned loads, force + * unaligned accesses to abort with SIGBUS, rather than being fixed + * up (slowly) by the OS kernel; on those platforms, misaligned accesses + * are bugs, and we want tcpdump to crash so that the bugs are reported. + * + * The only OS on which this is necessary is DEC OSF/1^W^WDigital + * UNIX^W^WTru64 UNIX. + */ int abort_on_misalignment(char *ebuf _U_, size_t ebufsiz _U_) { Index: head/contrib/tcpdump/missing/strsep.c =================================================================== --- head/contrib/tcpdump/missing/strsep.c +++ head/contrib/tcpdump/missing/strsep.c @@ -39,6 +39,8 @@ #include +#include "interface.h" + /* * Get next token from string *stringp, where tokens are possibly-empty * strings separated by characters from delim. Index: head/contrib/tcpdump/mkdep =================================================================== --- head/contrib/tcpdump/mkdep +++ head/contrib/tcpdump/mkdep @@ -13,9 +13,6 @@ # @(#)mkdep.sh 5.11 (Berkeley) 5/5/88 # -PATH=/bin:/usr/bin:/usr/ucb:/usr/local:/usr/local/bin -export PATH - MAKE=Makefile # default makefile name is "Makefile" CC=cc # default C compiler is "cc" DEPENDENCY_CFLAG=-M # default dependency-generation flag is -M Index: head/contrib/tcpdump/netdissect.h =================================================================== --- head/contrib/tcpdump/netdissect.h +++ head/contrib/tcpdump/netdissect.h @@ -81,9 +81,9 @@ char *buf, size_t bufsize); /* tok2str is deprecated */ -extern const char *tok2str(const struct tok *, const char *, int); -extern char *bittok2str(const struct tok *, const char *, int); -extern char *bittok2str_nosep(const struct tok *, const char *, int); +extern const char *tok2str(const struct tok *, const char *, u_int); +extern char *bittok2str(const struct tok *, const char *, u_int); +extern char *bittok2str_nosep(const struct tok *, const char *, u_int); typedef struct netdissect_options netdissect_options; @@ -115,6 +115,7 @@ int ndo_dlt; /* if != -1, ask libpcap for the DLT it names*/ int ndo_jflag; /* packet time stamp source */ int ndo_pflag; /* don't go promiscuous */ + int ndo_immediate; /* use immediate mode */ int ndo_Cflag; /* rotate dump files after this many bytes */ int ndo_Cflag_count; /* Keep track of which file number we're writing */ @@ -156,14 +157,18 @@ /* pointer to void function to output stuff */ void (*ndo_default_print)(netdissect_options *, register const u_char *bp, register u_int length); + + /* pointer to function to print ^T output */ void (*ndo_info)(netdissect_options *, int verbose); + /* pointer to function to do regular output */ int (*ndo_printf)(netdissect_options *, const char *fmt, ...) #ifdef __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS __attribute__ ((format (printf, 2, 3))) #endif ; + /* pointer to function to output errors */ void (*ndo_error)(netdissect_options *, const char *fmt, ...) #ifdef __ATTRIBUTE___NORETURN_OK_FOR_FUNCTION_POINTERS @@ -173,6 +178,7 @@ __attribute__ ((format (printf, 2, 3))) #endif /* __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS */ ; + /* pointer to function to output warnings */ void (*ndo_warning)(netdissect_options *, const char *fmt, ...) #ifdef __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS @@ -252,9 +258,22 @@ * "l" isn't so large that "ndo->ndo_snapend - (l)" underflows. * * The check is for <= rather than < because "l" might be 0. + * + * We cast the pointers to uintptr_t to make sure that the compiler + * doesn't optimize away any of these tests (which it is allowed to + * do, as adding an integer to, or subtracting an integer from, a + * pointer assumes that the pointer is a pointer to an element of an + * array and that the result of the addition or subtraction yields a + * pointer to another member of the array, so that, for example, if + * you subtract a positive integer from a pointer, the result is + * guaranteed to be less than the original pointer value). See + * + * http://www.kb.cert.org/vuls/id/162289 */ -#define ND_TTEST2(var, l) (ndo->ndo_snapend - (l) <= ndo->ndo_snapend && \ - (const u_char *)&(var) <= ndo->ndo_snapend - (l)) +#define ND_TTEST2(var, l) \ + ((l) >= 0 && \ + ((uintptr_t)ndo->ndo_snapend - (l) <= (uintptr_t)ndo->ndo_snapend && \ + (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l))) /* True if "var" was captured */ #define ND_TTEST(var) ND_TTEST2(var, sizeof(var)) @@ -274,7 +293,14 @@ extern int fn_print(netdissect_options *, const u_char *, const u_char *); extern int fn_printn(netdissect_options *, const u_char *, u_int, const u_char *); extern int fn_printzp(netdissect_options *, const u_char *, u_int, const u_char *); -extern const char *tok2str(const struct tok *, const char *, int); + +/* + * Flags for txtproto_print(). + */ +#define RESP_CODE_SECOND_TOKEN 0x00000001 /* response code is second token in response line */ + +extern void txtproto_print(netdissect_options *, const u_char *, u_int, + const char *, const char **, u_int); #if 0 extern char *read_infile(netdissect_options *, char *); @@ -332,6 +358,8 @@ #include +extern char *q922_string(netdissect_options *ndo, const u_char *, u_int); + typedef u_int (*if_ndo_printer)(struct netdissect_options *ndo, const struct pcap_pkthdr *, const u_char *); typedef u_int (*if_printer)(const struct pcap_pkthdr *, const u_char *); @@ -465,7 +493,7 @@ extern void vtp_print(netdissect_options *, const u_char *, u_int); extern int mptcp_print(netdissect_options *, const u_char *, u_int, u_char); extern void ntp_print(netdissect_options *, const u_char *, u_int); -extern void cnfp_print(netdissect_options *, const u_char *, const u_char *); +extern void cnfp_print(netdissect_options *, const u_char *); extern void dvmrp_print(netdissect_options *, const u_char *, u_int); extern void egp_print(netdissect_options *, const u_char *, u_int); extern u_int enc_if_print(netdissect_options *, const struct pcap_pkthdr *, const u_char *); @@ -539,6 +567,11 @@ extern void timed_print(netdissect_options *, const u_char *); extern void m3ua_print(netdissect_options *, const u_char *, const u_int); extern void aoe_print(netdissect_options *, const u_char *, const u_int); +extern void ftp_print(netdissect_options *, const u_char *, u_int); +extern void http_print(netdissect_options *, const u_char *, u_int); +extern void rtsp_print(netdissect_options *, const u_char *, u_int); +extern void smtp_print(netdissect_options *, const u_char *, u_int); +extern void geneve_print(netdissect_options *, const u_char *, u_int); extern void pfsync_ip_print(netdissect_options *, const u_char *, u_int); @@ -561,8 +594,8 @@ extern u_int ieee802_11_radio_avs_if_print(netdissect_options *, const struct pcap_pkthdr *, const u_char *); extern u_int prism_if_print(netdissect_options *, const struct pcap_pkthdr *, const u_char *); -#ifdef INET6 extern void ip6_print(netdissect_options *,const u_char *, u_int); +#ifdef INET6 extern int frag6_print(netdissect_options *, const u_char *, const u_char *); extern int rt6_print(netdissect_options *, const u_char *, const u_char *); extern int hbhopt_print(netdissect_options *, const u_char *); Index: head/contrib/tcpdump/openflow.h =================================================================== --- head/contrib/tcpdump/openflow.h +++ head/contrib/tcpdump/openflow.h @@ -32,9 +32,20 @@ #define OF_HEADER_LEN 8 +#define ONF_EXP_ONF 0x4f4e4600 +#define ONF_EXP_BUTE 0xff000001 +#define ONF_EXP_NOVIFLOW 0xff000002 +#define ONF_EXP_L3 0xff000003 +#define ONF_EXP_L4L7 0xff000004 +#define ONF_EXP_WMOB 0xff000005 +#define ONF_EXP_FABS 0xff000006 +#define ONF_EXP_OTRANS 0xff000007 +extern const struct tok onf_exp_str[]; + /* * Routines to print packets for various versions of OpenFlow. */ extern const u_char *of10_header_body_print(netdissect_options *ndo, const u_char *, const u_char *, const uint8_t, const uint16_t, const uint32_t); +extern const char * of_vendor_name(const uint32_t); Index: head/contrib/tcpdump/oui.h =================================================================== --- head/contrib/tcpdump/oui.h +++ head/contrib/tcpdump/oui.h @@ -30,6 +30,15 @@ #define OUI_IEEE_8023_PRIVATE 0x00120f /* IEEE 802.3 Organisation Specific - Annex G */ #define OUI_TIA 0x0012bb /* TIA - Telecommunications Industry Association - ANSI/TIA-1057- 2006 */ #define OUI_DCBX 0x001B21 /* DCBX */ +#define OUI_NICIRA 0x002320 /* Nicira Networks */ +#define OUI_BSN 0x5c16c7 /* Big Switch Networks */ +#define OUI_VELLO 0xb0d2f5 /* Vello Systems */ +#define OUI_HP2 0x002481 /* HP too */ +#define OUI_HPLABS 0x0004ea /* HP-Labs */ +#define OUI_INFOBLOX 0x748771 /* Infoblox Inc */ +#define OUI_ONLAB 0xa42305 /* Open Networking Lab */ +#define OUI_FREESCALE 0x00049f /* Freescale */ +#define OUI_NETRONOME 0x0015ad /* Netronome */ /* * These are SMI Network Management Private Enterprise Codes for Index: head/contrib/tcpdump/oui.c =================================================================== --- head/contrib/tcpdump/oui.c +++ head/contrib/tcpdump/oui.c @@ -39,6 +39,15 @@ { OUI_IEEE_8023_PRIVATE, "IEEE 802.3 Private"}, { OUI_TIA, "ANSI/TIA"}, { OUI_DCBX, "DCBX"}, + { OUI_NICIRA, "Nicira Networks" }, + { OUI_BSN, "Big Switch Networks" }, + { OUI_VELLO, "Vello Systems" }, + { OUI_HP2, "HP" }, + { OUI_HPLABS, "HP-Labs" }, + { OUI_INFOBLOX, "Infoblox Inc" }, + { OUI_ONLAB, "Open Networking Lab" }, + { OUI_FREESCALE, "Freescale" }, + { OUI_NETRONOME, "Netronome" }, { 0, NULL } }; Index: head/contrib/tcpdump/print-ahcp.c =================================================================== --- head/contrib/tcpdump/print-ahcp.c +++ head/contrib/tcpdump/print-ahcp.c @@ -100,7 +100,8 @@ }; static int -ahcp_time_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_time_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ time_t t; struct tm *tm; char buf[BUFSIZE]; @@ -127,7 +128,8 @@ } static int -ahcp_seconds_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_seconds_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ if (cp + 4 != ep) goto corrupt; ND_TCHECK2(*cp, 4); @@ -144,7 +146,8 @@ } static int -ahcp_ipv6_addresses_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_ipv6_addresses_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ const char *sep = ": "; while (cp < ep) { @@ -171,7 +174,8 @@ } static int -ahcp_ipv4_addresses_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_ipv4_addresses_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ const char *sep = ": "; while (cp < ep) { @@ -194,7 +198,8 @@ } static int -ahcp_ipv6_prefixes_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_ipv6_prefixes_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ const char *sep = ": "; while (cp < ep) { @@ -221,7 +226,8 @@ } static int -ahcp_ipv4_prefixes_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp_ipv4_prefixes_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ const char *sep = ": "; while (cp < ep) { @@ -263,7 +269,8 @@ }; static void -ahcp1_options_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp1_options_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ uint8_t option_no, option_len; while (cp < ep) { @@ -303,7 +310,8 @@ } static void -ahcp1_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +ahcp1_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ uint8_t type, mbz; uint16_t body_len; @@ -347,7 +355,8 @@ } void -ahcp_print(netdissect_options *ndo, const u_char *cp, const u_int len) { +ahcp_print(netdissect_options *ndo, const u_char *cp, const u_int len) +{ const u_char *ep = cp + len; uint8_t version; @@ -410,4 +419,3 @@ trunc: ND_PRINT((ndo, "%s", tstr)); } - Index: head/contrib/tcpdump/print-aodv.c =================================================================== --- head/contrib/tcpdump/print-aodv.c +++ head/contrib/tcpdump/print-aodv.c @@ -37,9 +37,6 @@ #include -/* for offsetof */ -#include - #include "interface.h" #include "addrtoname.h" #include "extract.h" /* must come after interface.h */ @@ -146,13 +143,6 @@ uint8_t rerr_flags; /* various flags */ uint8_t rerr_zero0; /* reserved, set to zero */ uint8_t rerr_dc; /* destination count */ - union { - struct rerr_unreach dest[1]; -#ifdef INET6 - struct rerr_unreach6 dest6[1]; - struct rerr_unreach6_draft_01 dest6_draft_01[1]; -#endif - } r; }; #define RERR_NODELETE 0x80 /* don't delete the link */ @@ -163,19 +153,6 @@ uint8_t ra_zero0; }; -union aodv { - struct aodv_rreq rreq; - struct aodv_rrep rrep; - struct aodv_rerr rerr; - struct aodv_rrep_ack rrep_ack; -#ifdef INET6 - struct aodv_rreq6 rreq6; - struct aodv_rreq6_draft_01 rreq6_draft_01; - struct aodv_rrep6 rrep6; - struct aodv_rrep6_draft_01 rrep6_draft_01; -#endif -}; - #define AODV_RREQ 1 /* route request */ #define AODV_RREP 2 /* route response */ #define AODV_RERR 3 /* error report */ @@ -204,22 +181,14 @@ aodv_extension(netdissect_options *ndo, const struct aodv_ext *ep, u_int length) { - u_int i; const struct aodv_hello *ah; switch (ep->type) { case AODV_EXT_HELLO: - if (ndo->ndo_snapend < (u_char *) ep) { - ND_PRINT((ndo, " [|hello]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - (u_char *)ep)); - if (i < sizeof(struct aodv_hello)) { - ND_PRINT((ndo, " [|hello]")); - return; - } - i -= sizeof(struct aodv_hello); - ah = (void *)ep; + ah = (const struct aodv_hello *)(const void *)ep; + ND_TCHECK(*ah); + if (length < sizeof(struct aodv_hello)) + goto trunc; ND_PRINT((ndo, "\n\text HELLO %ld ms", (unsigned long)EXTRACT_32BITS(&ah->interval))); break; @@ -228,141 +197,135 @@ ND_PRINT((ndo, "\n\text %u %u", ep->type, ep->length)); break; } + return; + +trunc: + ND_PRINT((ndo, " [|hello]")); } static void -aodv_rreq(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_rreq(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i; + const struct aodv_rreq *ap = (const struct aodv_rreq *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rreq)) { - ND_PRINT((ndo, " [|rreq]")); - return; - } - i -= sizeof(ap->rreq); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_id), - ipaddr_string(ndo, &ap->rreq.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_ds), - ipaddr_string(ndo, &ap->rreq.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_os))); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ipaddr_string(ndo, &ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ipaddr_string(ndo, &ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rreq + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); } static void -aodv_rrep(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_rrep(netdissect_options *ndo, const u_char *dat, u_int length) { u_int i; + const struct aodv_rrep *ap = (const struct aodv_rrep *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rrep)) { - ND_PRINT((ndo, " [|rrep]")); - return; - } - i -= sizeof(ap->rrep); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep.rrep_ps & RREP_PREFIX_MASK, - ap->rrep.rrep_hops, - ipaddr_string(ndo, &ap->rrep.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_ds), - ipaddr_string(ndo, &ap->rrep.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_life))); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ipaddr_string(ndo, &ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ipaddr_string(ndo, &ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rrep + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); } static void -aodv_rerr(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_rerr(netdissect_options *ndo, const u_char *dat, u_int length) { - u_int i; - const struct rerr_unreach *dp = NULL; - int n, trunc; - - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < offsetof(struct aodv_rerr, r)) { - ND_PRINT((ndo, " [|rerr]")); - return; - } - i -= offsetof(struct aodv_rerr, r); - dp = &ap->rerr.r.dest[0]; - n = ap->rerr.rerr_dc * sizeof(ap->rerr.r.dest[0]); + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach *dp; + + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length)); - trunc = n - (i/sizeof(ap->rerr.r.dest[0])); - for (; i >= sizeof(ap->rerr.r.dest[0]); - ++dp, i -= sizeof(ap->rerr.r.dest[0])) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length)); + dp = (struct rerr_unreach *)(dat + sizeof(*ap)); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + ND_TCHECK(*dp); + if (i < sizeof(*dp)) + goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ipaddr_string(ndo, &dp->u_da), (unsigned long)EXTRACT_32BITS(&dp->u_ds))); + dp++; + i -= sizeof(*dp); } - if (trunc) - ND_PRINT((ndo, "[|rerr]")); + return; + +trunc: + ND_PRINT((ndo, "[|rerr]")); } static void #ifdef INET6 -aodv_v6_rreq(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rreq(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_rreq(netdissect_options *ndo, - const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rreq6 *ap = (const struct aodv_rreq6 *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rreq6)) { - ND_PRINT((ndo, " [|rreq6]")); - return; - } - i -= sizeof(ap->rreq6); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_id), - ip6addr_string(ndo, &ap->rreq6.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_ds), - ip6addr_string(ndo, &ap->rreq6.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_os))); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(ndo, &ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(ndo, &ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rreq6 + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " v6 rreq %u", length)); #endif @@ -370,38 +333,35 @@ static void #ifdef INET6 -aodv_v6_rrep(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rrep(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_rrep(netdissect_options *ndo, - const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rrep6 *ap = (const struct aodv_rrep6 *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rrep6)) { - ND_PRINT((ndo, " [|rrep6]")); - return; - } - i -= sizeof(ap->rrep6); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6.rrep_hops, - ip6addr_string(ndo, &ap->rrep6.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_ds), - ip6addr_string(ndo, &ap->rrep6.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_life))); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(ndo, &ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(ndo, &ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rrep6 + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rrep %u", length)); #endif @@ -409,31 +369,37 @@ static void #ifdef INET6 -aodv_v6_rerr(netdissect_options *ndo, - const union aodv *ap, u_int length) +aodv_v6_rerr(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_rerr(netdissect_options *ndo, - const union aodv *ap _U_, u_int length) +aodv_v6_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach6 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6[0]); - dp6 = &ap->rerr.r.dest6[0]; - n = ap->rerr.rerr_dc * j; + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length)); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length)); + dp6 = (struct rerr_unreach6 *)(void *)(ap + 1); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + ND_TCHECK(*dp6); + if (i < sizeof(*dp6)) + goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); + dp6++; + i -= sizeof(*dp6); } - if (trunc) - ND_PRINT((ndo, "[|rerr]")); + return; + +trunc: + ND_PRINT((ndo, "[|rerr]")); #else ND_PRINT((ndo, " rerr %u", length)); #endif @@ -441,42 +407,38 @@ static void #ifdef INET6 -aodv_v6_draft_01_rreq(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rreq(netdissect_options *ndo, - const union aodv *ap _U_, const u_char *dat _U_, - u_int length) +aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rreq6_draft_01 *ap = (const struct aodv_rreq6_draft_01 *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rreq6_draft_01)) { - ND_PRINT((ndo, " [|rreq6]")); - return; - } - i -= sizeof(ap->rreq6_draft_01); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6_draft_01.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6_draft_01.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_id), - ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_ds), - ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_os))); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(ndo, &ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(ndo, &ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rreq6_draft_01 + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rreq %u", length)); #endif @@ -484,39 +446,35 @@ static void #ifdef INET6 -aodv_v6_draft_01_rrep(netdissect_options *ndo, - const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rrep(netdissect_options *ndo, - const union aodv *ap _U_, const u_char *dat _U_, - u_int length) +aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 u_int i; + const struct aodv_rrep6_draft_01 *ap = (const struct aodv_rrep6_draft_01 *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - i = min(length, (u_int)(ndo->ndo_snapend - dat)); - if (i < sizeof(ap->rrep6_draft_01)) { - ND_PRINT((ndo, " [|rrep6]")); - return; - } - i -= sizeof(ap->rrep6_draft_01); + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6_draft_01.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6_draft_01.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6_draft_01.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6_draft_01.rrep_hops, - ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_ds), - ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_life))); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(ndo, &ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(ndo, &ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); + i = length - sizeof(*ap); if (i >= sizeof(struct aodv_ext)) - aodv_extension(ndo, (void *)(&ap->rrep6_draft_01 + 1), i); + aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); + return; + +trunc: + ND_PRINT((ndo, " [|rreq")); #else ND_PRINT((ndo, " rrep %u", length)); #endif @@ -524,31 +482,37 @@ static void #ifdef INET6 -aodv_v6_draft_01_rerr(netdissect_options *ndo, - const union aodv *ap, u_int length) +aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rerr(netdissect_options *ndo, - const union aodv *ap _U_, u_int length) +aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6_draft_01 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; + const struct rerr_unreach6_draft_01 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6_draft_01[0]); - dp6 = &ap->rerr.r.dest6_draft_01[0]; - n = ap->rerr.rerr_dc * j; + ND_TCHECK(*ap); + if (length < sizeof(*ap)) + goto trunc; ND_PRINT((ndo, " rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length)); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length)); + dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1); + i = length - sizeof(*ap); + for (dc = ap->rerr_dc; dc != 0; dc--) { + ND_TCHECK(*dp6); + if (i < sizeof(*dp6)) + goto trunc; ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); + dp6++; + i -= sizeof(*dp6); } - if (trunc) - ND_PRINT((ndo, "[|rerr]")); + return; + +trunc: + ND_PRINT((ndo, "[|rerr]")); #else ND_PRINT((ndo, " rerr %u", length)); #endif @@ -558,40 +522,37 @@ aodv_print(netdissect_options *ndo, const u_char *dat, u_int length, int is_ip6) { - const union aodv *ap; + uint8_t msg_type; - ap = (union aodv *)dat; - if (ndo->ndo_snapend < dat) { - ND_PRINT((ndo, " [|aodv]")); - return; - } - if (min(length, (u_int)(ndo->ndo_snapend - dat)) < sizeof(ap->rrep_ack)) { - ND_PRINT((ndo, " [|aodv]")); - return; - } + /* + * The message type is the first byte; make sure we have it + * and then fetch it. + */ + ND_TCHECK(*dat); + msg_type = *dat; ND_PRINT((ndo, " aodv")); - switch (ap->rerr.rerr_type) { + switch (msg_type) { case AODV_RREQ: if (is_ip6) - aodv_v6_rreq(ndo, ap, dat, length); + aodv_v6_rreq(ndo, dat, length); else - aodv_rreq(ndo, ap, dat, length); + aodv_rreq(ndo, dat, length); break; case AODV_RREP: if (is_ip6) - aodv_v6_rrep(ndo, ap, dat, length); + aodv_v6_rrep(ndo, dat, length); else - aodv_rrep(ndo, ap, dat, length); + aodv_rrep(ndo, dat, length); break; case AODV_RERR: if (is_ip6) - aodv_v6_rerr(ndo, ap, length); + aodv_v6_rerr(ndo, dat, length); else - aodv_rerr(ndo, ap, dat, length); + aodv_rerr(ndo, dat, length); break; case AODV_RREP_ACK: @@ -599,15 +560,15 @@ break; case AODV_V6_DRAFT_01_RREQ: - aodv_v6_draft_01_rreq(ndo, ap, dat, length); + aodv_v6_draft_01_rreq(ndo, dat, length); break; case AODV_V6_DRAFT_01_RREP: - aodv_v6_draft_01_rrep(ndo, ap, dat, length); + aodv_v6_draft_01_rrep(ndo, dat, length); break; case AODV_V6_DRAFT_01_RERR: - aodv_v6_draft_01_rerr(ndo, ap, length); + aodv_v6_draft_01_rerr(ndo, dat, length); break; case AODV_V6_DRAFT_01_RREP_ACK: @@ -615,6 +576,10 @@ break; default: - ND_PRINT((ndo, " %u %u", ap->rreq.rreq_type, length)); + ND_PRINT((ndo, " type %u %u", msg_type, length)); } + return; + +trunc: + ND_PRINT((ndo, " [|aodv]")); } Index: head/contrib/tcpdump/print-arcnet.c =================================================================== --- head/contrib/tcpdump/print-arcnet.c +++ head/contrib/tcpdump/print-arcnet.c @@ -181,7 +181,7 @@ u_int seqid = 0; u_char arc_type; - if (caplen < ARC_HDRLEN) { + if (caplen < ARC_HDRLEN || length < ARC_HDRLEN) { ND_PRINT((ndo, "[|arcnet]")); return (caplen); } @@ -202,14 +202,14 @@ } if (phds) { - if (caplen < ARC_HDRNEWLEN) { + if (caplen < ARC_HDRNEWLEN || length < ARC_HDRNEWLEN) { arcnet_print(ndo, p, length, 0, 0, 0); ND_PRINT((ndo, "[|phds]")); return (caplen); } if (ap->arc_flag == 0xff) { - if (caplen < ARC_HDRNEWLEN_EXC) { + if (caplen < ARC_HDRNEWLEN_EXC || length < ARC_HDRNEWLEN_EXC) { arcnet_print(ndo, p, length, 0, 0, 0); ND_PRINT((ndo, "[|phds extended]")); return (caplen); @@ -268,7 +268,7 @@ int archdrlen = 0; u_char arc_type; - if (caplen < ARC_LINUX_HDRLEN) { + if (caplen < ARC_LINUX_HDRLEN || length < ARC_LINUX_HDRLEN) { ND_PRINT((ndo, "[|arcnet]")); return (caplen); } @@ -279,7 +279,7 @@ switch (arc_type) { default: archdrlen = ARC_LINUX_HDRNEWLEN; - if (caplen < ARC_LINUX_HDRNEWLEN) { + if (caplen < ARC_LINUX_HDRNEWLEN || length < ARC_LINUX_HDRNEWLEN) { ND_PRINT((ndo, "[|arcnet]")); return (caplen); } @@ -326,11 +326,9 @@ ip_print(ndo, p, length); return (1); -#ifdef INET6 case ARCTYPE_INET6: ip6_print(ndo, p, length); return (1); -#endif /*INET6*/ case ARCTYPE_ARP_OLD: case ARCTYPE_ARP: Index: head/contrib/tcpdump/print-arp.c =================================================================== --- head/contrib/tcpdump/print-arp.c +++ head/contrib/tcpdump/print-arp.c @@ -391,8 +391,8 @@ case ARPOP_INVREPLY: ND_PRINT((ndo,"%s at %s", - linkaddr_string(ndo, THA(ap), linkaddr, HRD_LEN(ap)), - ipaddr_string(ndo, TPA(ap)))); + linkaddr_string(ndo, SHA(ap), linkaddr, HRD_LEN(ap)), + ipaddr_string(ndo, SPA(ap)))); break; default: Index: head/contrib/tcpdump/print-ascii.c =================================================================== --- head/contrib/tcpdump/print-ascii.c +++ head/contrib/tcpdump/print-ascii.c @@ -57,8 +57,12 @@ ascii_print(netdissect_options *ndo, const u_char *cp, u_int length) { + u_int caplength; register u_char s; + caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; + if (length > caplength) + length = caplength; ND_PRINT((ndo, "\n")); while (length > 0) { s = *cp++; @@ -89,12 +93,16 @@ hex_and_ascii_print_with_offset(netdissect_options *ndo, register const char *ident, register const u_char *cp, register u_int length, register u_int oset) { + u_int caplength; register u_int i; register int s1, s2; register int nshorts; char hexstuff[HEXDUMP_SHORTS_PER_LINE*HEXDUMP_HEXSTUFF_PER_SHORT+1], *hsp; char asciistuff[ASCII_LINELENGTH+1], *asp; + caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; + if (length > caplength) + length = caplength; nshorts = length / sizeof(u_short); i = 0; hsp = hexstuff; asp = asciistuff; @@ -147,9 +155,13 @@ const char *ident, const u_char *cp, u_int length, u_int oset) { + u_int caplength; register u_int i, s; register int nshorts; + caplength = (ndo->ndo_snapend >= cp) ? ndo->ndo_snapend - cp : 0; + if (length > caplength) + length = caplength; nshorts = (u_int) length / sizeof(u_short); i = 0; while (--nshorts >= 0) { Index: head/contrib/tcpdump/print-atm.c =================================================================== --- head/contrib/tcpdump/print-atm.c +++ head/contrib/tcpdump/print-atm.c @@ -364,8 +364,8 @@ int oam_print (netdissect_options *ndo, - const u_char *p, u_int length, u_int hec) { - + const u_char *p, u_int length, u_int hec) +{ uint32_t cell_header; uint16_t vpi, vci, cksum, cksum_shouldbe, idx; uint8_t cell_type, func_type, payload, clp; Index: head/contrib/tcpdump/print-babel.c =================================================================== --- head/contrib/tcpdump/print-babel.c +++ head/contrib/tcpdump/print-babel.c @@ -46,7 +46,8 @@ void babel_print(netdissect_options *ndo, - const u_char *cp, u_int length) { + const u_char *cp, u_int length) +{ ND_PRINT((ndo, "babel")); ND_TCHECK2(*cp, 4); @@ -270,7 +271,8 @@ */ static void subtlvs_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const uint8_t tlv_type) { + const u_char *cp, const u_char *ep, const uint8_t tlv_type) +{ uint8_t subtype, sublen; const char *sep; uint32_t t1, t2; @@ -340,7 +342,8 @@ static void babel_print_v2(netdissect_options *ndo, - const u_char *cp, u_int length) { + const u_char *cp, u_int length) +{ u_int i; u_short bodylen; u_char v4_prefix[16] = Index: head/contrib/tcpdump/print-bgp.c =================================================================== --- head/contrib/tcpdump/print-bgp.c +++ head/contrib/tcpdump/print-bgp.c @@ -530,7 +530,7 @@ is added to the prefix length; we also do only read out just one label - there is no real application for advertisement of - stacked labels in a a single BGP message + stacked labels in a single BGP message */ if (24 > plen) @@ -574,7 +574,8 @@ */ static char * bgp_vpn_ip_print(netdissect_options *ndo, - const u_char *pptr, u_int addr_length) { + const u_char *pptr, u_int addr_length) +{ /* worst case string is s fully formatted v6 address */ static char addr[sizeof("1234:5678:89ab:cdef:1234:5678:89ab:cdef")]; @@ -622,8 +623,8 @@ */ static int bgp_vpn_sg_print(netdissect_options *ndo, - const u_char *pptr, char *buf, u_int buflen) { - + const u_char *pptr, char *buf, u_int buflen) +{ uint8_t addr_length; u_int total_length, offset; @@ -667,8 +668,8 @@ * printing route targets inside a NLRI */ char * bgp_vpn_rd_print(netdissect_options *ndo, - const u_char *pptr) { - + const u_char *pptr) +{ /* allocate space for the largest possible string */ static char rd[sizeof("xxxxxxxxxx:xxxxx (xxx.xxx.xxx.xxx:xxxxx)")]; char *pos = rd; @@ -716,8 +717,10 @@ ND_TCHECK(pptr[0]); plen = pptr[0]; /* get prefix length */ - if (0 == plen) - return 1; /* default route target */ + if (0 == plen) { + snprintf(buf, buflen, "default route target"); + return 1; + } if (32 > plen) return -1; @@ -2617,8 +2620,8 @@ static void bgp_route_refresh_print(netdissect_options *ndo, - const u_char *pptr, int len) { - + const u_char *pptr, int len) +{ const struct bgp_route_refresh *bgp_route_refresh_header; char tokbuf[TOKBUFSIZE]; char tokbuf2[TOKBUFSIZE]; @@ -2715,7 +2718,7 @@ if (ndo->ndo_snapend < dat + length) ep = ndo->ndo_snapend; - ND_PRINT((ndo, ": BGP, length: %u", length)); + ND_PRINT((ndo, ": BGP")); if (ndo->ndo_vflag < 1) /* lets be less chatty */ return; Index: head/contrib/tcpdump/print-bootp.c =================================================================== --- head/contrib/tcpdump/print-bootp.c +++ head/contrib/tcpdump/print-bootp.c @@ -35,23 +35,246 @@ #include "interface.h" #include "addrtoname.h" #include "extract.h" -#include "bootp.h" static const char tstr[] = " [|bootp]"; +/* + * Bootstrap Protocol (BOOTP). RFC951 and RFC1048. + * + * This file specifies the "implementation-independent" BOOTP protocol + * information which is common to both client and server. + * + * Copyright 1988 by Carnegie Mellon. + * + * Permission to use, copy, modify, and distribute this program for any + * purpose and without fee is hereby granted, provided that this copyright + * and permission notice appear on all copies and supporting documentation, + * the name of Carnegie Mellon not be used in advertising or publicity + * pertaining to distribution of the program without specific prior + * permission, and notice be given in supporting documentation that copying + * and distribution is by permission of Carnegie Mellon and Stanford + * University. Carnegie Mellon makes no representations about the + * suitability of this software for any purpose. It is provided "as is" + * without express or implied warranty. + */ + +struct bootp { + uint8_t bp_op; /* packet opcode type */ + uint8_t bp_htype; /* hardware addr type */ + uint8_t bp_hlen; /* hardware addr length */ + uint8_t bp_hops; /* gateway hops */ + uint32_t bp_xid; /* transaction ID */ + uint16_t bp_secs; /* seconds since boot began */ + uint16_t bp_flags; /* flags - see bootp_flag_values[] + in print-bootp.c */ + struct in_addr bp_ciaddr; /* client IP address */ + struct in_addr bp_yiaddr; /* 'your' IP address */ + struct in_addr bp_siaddr; /* server IP address */ + struct in_addr bp_giaddr; /* gateway IP address */ + uint8_t bp_chaddr[16]; /* client hardware address */ + uint8_t bp_sname[64]; /* server host name */ + uint8_t bp_file[128]; /* boot file name */ + uint8_t bp_vend[64]; /* vendor-specific area */ +} UNALIGNED; + +#define BOOTPREPLY 2 +#define BOOTPREQUEST 1 + +/* + * Vendor magic cookie (v_magic) for CMU + */ +#define VM_CMU "CMU" + +/* + * Vendor magic cookie (v_magic) for RFC1048 + */ +#define VM_RFC1048 { 99, 130, 83, 99 } + +/* + * RFC1048 tag values used to specify what information is being supplied in + * the vendor field of the packet. + */ + +#define TAG_PAD ((uint8_t) 0) +#define TAG_SUBNET_MASK ((uint8_t) 1) +#define TAG_TIME_OFFSET ((uint8_t) 2) +#define TAG_GATEWAY ((uint8_t) 3) +#define TAG_TIME_SERVER ((uint8_t) 4) +#define TAG_NAME_SERVER ((uint8_t) 5) +#define TAG_DOMAIN_SERVER ((uint8_t) 6) +#define TAG_LOG_SERVER ((uint8_t) 7) +#define TAG_COOKIE_SERVER ((uint8_t) 8) +#define TAG_LPR_SERVER ((uint8_t) 9) +#define TAG_IMPRESS_SERVER ((uint8_t) 10) +#define TAG_RLP_SERVER ((uint8_t) 11) +#define TAG_HOSTNAME ((uint8_t) 12) +#define TAG_BOOTSIZE ((uint8_t) 13) +#define TAG_END ((uint8_t) 255) +/* RFC1497 tags */ +#define TAG_DUMPPATH ((uint8_t) 14) +#define TAG_DOMAINNAME ((uint8_t) 15) +#define TAG_SWAP_SERVER ((uint8_t) 16) +#define TAG_ROOTPATH ((uint8_t) 17) +#define TAG_EXTPATH ((uint8_t) 18) +/* RFC2132 */ +#define TAG_IP_FORWARD ((uint8_t) 19) +#define TAG_NL_SRCRT ((uint8_t) 20) +#define TAG_PFILTERS ((uint8_t) 21) +#define TAG_REASS_SIZE ((uint8_t) 22) +#define TAG_DEF_TTL ((uint8_t) 23) +#define TAG_MTU_TIMEOUT ((uint8_t) 24) +#define TAG_MTU_TABLE ((uint8_t) 25) +#define TAG_INT_MTU ((uint8_t) 26) +#define TAG_LOCAL_SUBNETS ((uint8_t) 27) +#define TAG_BROAD_ADDR ((uint8_t) 28) +#define TAG_DO_MASK_DISC ((uint8_t) 29) +#define TAG_SUPPLY_MASK ((uint8_t) 30) +#define TAG_DO_RDISC ((uint8_t) 31) +#define TAG_RTR_SOL_ADDR ((uint8_t) 32) +#define TAG_STATIC_ROUTE ((uint8_t) 33) +#define TAG_USE_TRAILERS ((uint8_t) 34) +#define TAG_ARP_TIMEOUT ((uint8_t) 35) +#define TAG_ETH_ENCAP ((uint8_t) 36) +#define TAG_TCP_TTL ((uint8_t) 37) +#define TAG_TCP_KEEPALIVE ((uint8_t) 38) +#define TAG_KEEPALIVE_GO ((uint8_t) 39) +#define TAG_NIS_DOMAIN ((uint8_t) 40) +#define TAG_NIS_SERVERS ((uint8_t) 41) +#define TAG_NTP_SERVERS ((uint8_t) 42) +#define TAG_VENDOR_OPTS ((uint8_t) 43) +#define TAG_NETBIOS_NS ((uint8_t) 44) +#define TAG_NETBIOS_DDS ((uint8_t) 45) +#define TAG_NETBIOS_NODE ((uint8_t) 46) +#define TAG_NETBIOS_SCOPE ((uint8_t) 47) +#define TAG_XWIN_FS ((uint8_t) 48) +#define TAG_XWIN_DM ((uint8_t) 49) +#define TAG_NIS_P_DOMAIN ((uint8_t) 64) +#define TAG_NIS_P_SERVERS ((uint8_t) 65) +#define TAG_MOBILE_HOME ((uint8_t) 68) +#define TAG_SMPT_SERVER ((uint8_t) 69) +#define TAG_POP3_SERVER ((uint8_t) 70) +#define TAG_NNTP_SERVER ((uint8_t) 71) +#define TAG_WWW_SERVER ((uint8_t) 72) +#define TAG_FINGER_SERVER ((uint8_t) 73) +#define TAG_IRC_SERVER ((uint8_t) 74) +#define TAG_STREETTALK_SRVR ((uint8_t) 75) +#define TAG_STREETTALK_STDA ((uint8_t) 76) +/* DHCP options */ +#define TAG_REQUESTED_IP ((uint8_t) 50) +#define TAG_IP_LEASE ((uint8_t) 51) +#define TAG_OPT_OVERLOAD ((uint8_t) 52) +#define TAG_TFTP_SERVER ((uint8_t) 66) +#define TAG_BOOTFILENAME ((uint8_t) 67) +#define TAG_DHCP_MESSAGE ((uint8_t) 53) +#define TAG_SERVER_ID ((uint8_t) 54) +#define TAG_PARM_REQUEST ((uint8_t) 55) +#define TAG_MESSAGE ((uint8_t) 56) +#define TAG_MAX_MSG_SIZE ((uint8_t) 57) +#define TAG_RENEWAL_TIME ((uint8_t) 58) +#define TAG_REBIND_TIME ((uint8_t) 59) +#define TAG_VENDOR_CLASS ((uint8_t) 60) +#define TAG_CLIENT_ID ((uint8_t) 61) +/* RFC 2241 */ +#define TAG_NDS_SERVERS ((uint8_t) 85) +#define TAG_NDS_TREE_NAME ((uint8_t) 86) +#define TAG_NDS_CONTEXT ((uint8_t) 87) +/* RFC 2242 */ +#define TAG_NDS_IPDOMAIN ((uint8_t) 62) +#define TAG_NDS_IPINFO ((uint8_t) 63) +/* RFC 2485 */ +#define TAG_OPEN_GROUP_UAP ((uint8_t) 98) +/* RFC 2563 */ +#define TAG_DISABLE_AUTOCONF ((uint8_t) 116) +/* RFC 2610 */ +#define TAG_SLP_DA ((uint8_t) 78) +#define TAG_SLP_SCOPE ((uint8_t) 79) +/* RFC 2937 */ +#define TAG_NS_SEARCH ((uint8_t) 117) +/* RFC 3004 - The User Class Option for DHCP */ +#define TAG_USER_CLASS ((uint8_t) 77) +/* RFC 3011 */ +#define TAG_IP4_SUBNET_SELECT ((uint8_t) 118) +/* RFC 3442 */ +#define TAG_CLASSLESS_STATIC_RT ((uint8_t) 121) +#define TAG_CLASSLESS_STA_RT_MS ((uint8_t) 249) +/* RFC 5859 - TFTP Server Address Option for DHCPv4 */ +#define TAG_TFTP_SERVER_ADDRESS ((uint8_t) 150) +/* ftp://ftp.isi.edu/.../assignments/bootp-dhcp-extensions */ +#define TAG_SLP_NAMING_AUTH ((uint8_t) 80) +#define TAG_CLIENT_FQDN ((uint8_t) 81) +#define TAG_AGENT_CIRCUIT ((uint8_t) 82) +#define TAG_AGENT_REMOTE ((uint8_t) 83) +#define TAG_AGENT_MASK ((uint8_t) 84) +#define TAG_TZ_STRING ((uint8_t) 88) +#define TAG_FQDN_OPTION ((uint8_t) 89) +#define TAG_AUTH ((uint8_t) 90) +#define TAG_VINES_SERVERS ((uint8_t) 91) +#define TAG_SERVER_RANK ((uint8_t) 92) +#define TAG_CLIENT_ARCH ((uint8_t) 93) +#define TAG_CLIENT_NDI ((uint8_t) 94) +#define TAG_CLIENT_GUID ((uint8_t) 97) +#define TAG_LDAP_URL ((uint8_t) 95) +#define TAG_6OVER4 ((uint8_t) 96) +#define TAG_PRINTER_NAME ((uint8_t) 100) +#define TAG_MDHCP_SERVER ((uint8_t) 101) +#define TAG_IPX_COMPAT ((uint8_t) 110) +#define TAG_NETINFO_PARENT ((uint8_t) 112) +#define TAG_NETINFO_PARENT_TAG ((uint8_t) 113) +#define TAG_URL ((uint8_t) 114) +#define TAG_FAILOVER ((uint8_t) 115) +#define TAG_EXTENDED_REQUEST ((uint8_t) 126) +#define TAG_EXTENDED_OPTION ((uint8_t) 127) + +/* DHCP Message types (values for TAG_DHCP_MESSAGE option) */ +#define DHCPDISCOVER 1 +#define DHCPOFFER 2 +#define DHCPREQUEST 3 +#define DHCPDECLINE 4 +#define DHCPACK 5 +#define DHCPNAK 6 +#define DHCPRELEASE 7 +#define DHCPINFORM 8 + +/* + * "vendor" data permitted for CMU bootp clients. + */ + +struct cmu_vend { + uint8_t v_magic[4]; /* magic number */ + uint32_t v_flags; /* flags/opcodes, etc. */ + struct in_addr v_smask; /* Subnet mask */ + struct in_addr v_dgate; /* Default gateway */ + struct in_addr v_dns1, v_dns2; /* Domain name servers */ + struct in_addr v_ins1, v_ins2; /* IEN-116 name servers */ + struct in_addr v_ts1, v_ts2; /* Time servers */ + uint8_t v_unused[24]; /* currently unused */ +} UNALIGNED; + + +/* v_flags values */ +#define VF_SMASK 1 /* Subnet mask field contains valid data */ + +/* RFC 4702 DHCP Client FQDN Option */ + +#define CLIENT_FQDN_FLAGS_S 0x01 +#define CLIENT_FQDN_FLAGS_O 0x02 +#define CLIENT_FQDN_FLAGS_E 0x04 +#define CLIENT_FQDN_FLAGS_N 0x08 +/* end of original bootp.h */ + static void rfc1048_print(netdissect_options *, const u_char *); static void cmu_print(netdissect_options *, const u_char *); static char *client_fqdn_flags(u_int flags); static const struct tok bootp_flag_values[] = { - { 0x8000, "Broadcast" }, - { 0, NULL} + { 0x8000, "Broadcast" }, + { 0, NULL} }; static const struct tok bootp_op_values[] = { - { BOOTPREQUEST, "Request" }, - { BOOTPREPLY, "Reply" }, - { 0, NULL} + { BOOTPREQUEST, "Request" }, + { BOOTPREPLY, "Reply" }, + { 0, NULL} }; /* @@ -59,7 +282,7 @@ */ void bootp_print(netdissect_options *ndo, - register const u_char *cp, u_int length) + register const u_char *cp, u_int length) { register const struct bootp *bp; static const u_char vm_cmu[4] = VM_CMU; @@ -69,7 +292,7 @@ ND_TCHECK(bp->bp_op); ND_PRINT((ndo, "BOOTP/DHCP, %s", - tok2str(bootp_op_values, "unknown (0x%02x)", bp->bp_op))); + tok2str(bootp_op_values, "unknown (0x%02x)", bp->bp_op))); if (bp->bp_htype == 1 && bp->bp_hlen == 6 && bp->bp_op == BOOTPREQUEST) { ND_TCHECK2(bp->bp_chaddr[0], 6); @@ -100,7 +323,7 @@ ND_PRINT((ndo, ", secs %d", EXTRACT_16BITS(&bp->bp_secs))); ND_PRINT((ndo, ", Flags [%s]", - bittok2str(bootp_flag_values, "none", EXTRACT_16BITS(&bp->bp_flags)))); + bittok2str(bootp_flag_values, "none", EXTRACT_16BITS(&bp->bp_flags)))); if (ndo->ndo_vflag > 1) ND_PRINT((ndo, " (0x%04x)", EXTRACT_16BITS(&bp->bp_flags))); @@ -154,10 +377,10 @@ /* Decode the vendor buffer */ ND_TCHECK(bp->bp_vend[0]); if (memcmp((const char *)bp->bp_vend, vm_rfc1048, - sizeof(uint32_t)) == 0) + sizeof(uint32_t)) == 0) rfc1048_print(ndo, bp->bp_vend); else if (memcmp((const char *)bp->bp_vend, vm_cmu, - sizeof(uint32_t)) == 0) + sizeof(uint32_t)) == 0) cmu_print(ndo, bp->bp_vend); else { uint32_t ul; @@ -274,13 +497,16 @@ { TAG_SLP_SCOPE, "bSLP-SCOPE" }, /*"b" is a little wrong */ /* RFC 2937 */ { TAG_NS_SEARCH, "sNSSEARCH" }, /* XXX 's' */ +/* RFC 3004 - The User Class Option for DHCP */ + { TAG_USER_CLASS, "$User-Class" }, /* RFC 3011 */ { TAG_IP4_SUBNET_SELECT, "iSUBNET" }, /* RFC 3442 */ { TAG_CLASSLESS_STATIC_RT, "$Classless-Static-Route" }, { TAG_CLASSLESS_STA_RT_MS, "$Classless-Static-Route-Microsoft" }, +/* RFC 5859 - TFTP Server Address Option for DHCPv4 */ + { TAG_TFTP_SERVER_ADDRESS, "iTFTP-Server-Address" }, /* http://www.iana.org/assignments/bootp-dhcp-extensions/index.htm */ - { TAG_USER_CLASS, "aCLASS" }, { TAG_SLP_NAMING_AUTH, "aSLP-NA" }, { TAG_CLIENT_FQDN, "$FQDN" }, { TAG_AGENT_CIRCUIT, "$Agent-Information" }, @@ -303,67 +529,67 @@ { TAG_NETINFO_PARENT_TAG, "aNITAG" }, { TAG_URL, "aURL" }, { TAG_FAILOVER, "bFAIL" }, /* XXX 'b' */ - { 0, NULL } + { 0, NULL } }; /* 2-byte extended tags */ static const struct tok xtag2str[] = { - { 0, NULL } + { 0, NULL } }; /* DHCP "options overload" types */ static const struct tok oo2str[] = { - { 1, "file" }, - { 2, "sname" }, - { 3, "file+sname" }, - { 0, NULL } + { 1, "file" }, + { 2, "sname" }, + { 3, "file+sname" }, + { 0, NULL } }; /* NETBIOS over TCP/IP node type options */ static const struct tok nbo2str[] = { - { 0x1, "b-node" }, - { 0x2, "p-node" }, - { 0x4, "m-node" }, - { 0x8, "h-node" }, - { 0, NULL } + { 0x1, "b-node" }, + { 0x2, "p-node" }, + { 0x4, "m-node" }, + { 0x8, "h-node" }, + { 0, NULL } }; /* ARP Hardware types, for Client-ID option */ static const struct tok arp2str[] = { - { 0x1, "ether" }, - { 0x6, "ieee802" }, - { 0x7, "arcnet" }, - { 0xf, "frelay" }, - { 0x17, "strip" }, - { 0x18, "ieee1394" }, - { 0, NULL } + { 0x1, "ether" }, + { 0x6, "ieee802" }, + { 0x7, "arcnet" }, + { 0xf, "frelay" }, + { 0x17, "strip" }, + { 0x18, "ieee1394" }, + { 0, NULL } }; static const struct tok dhcp_msg_values[] = { - { DHCPDISCOVER, "Discover" }, - { DHCPOFFER, "Offer" }, - { DHCPREQUEST, "Request" }, - { DHCPDECLINE, "Decline" }, - { DHCPACK, "ACK" }, - { DHCPNAK, "NACK" }, - { DHCPRELEASE, "Release" }, - { DHCPINFORM, "Inform" }, - { 0, NULL } + { DHCPDISCOVER, "Discover" }, + { DHCPOFFER, "Offer" }, + { DHCPREQUEST, "Request" }, + { DHCPDECLINE, "Decline" }, + { DHCPACK, "ACK" }, + { DHCPNAK, "NACK" }, + { DHCPRELEASE, "Release" }, + { DHCPINFORM, "Inform" }, + { 0, NULL } }; -#define AGENT_SUBOPTION_CIRCUIT_ID 1 /* RFC 3046 */ -#define AGENT_SUBOPTION_REMOTE_ID 2 /* RFC 3046 */ -#define AGENT_SUBOPTION_SUBSCRIBER_ID 6 /* RFC 3993 */ +#define AGENT_SUBOPTION_CIRCUIT_ID 1 /* RFC 3046 */ +#define AGENT_SUBOPTION_REMOTE_ID 2 /* RFC 3046 */ +#define AGENT_SUBOPTION_SUBSCRIBER_ID 6 /* RFC 3993 */ static const struct tok agent_suboption_values[] = { - { AGENT_SUBOPTION_CIRCUIT_ID, "Circuit-ID" }, - { AGENT_SUBOPTION_REMOTE_ID, "Remote-ID" }, - { AGENT_SUBOPTION_SUBSCRIBER_ID, "Subscriber-ID" }, - { 0, NULL } + { AGENT_SUBOPTION_CIRCUIT_ID, "Circuit-ID" }, + { AGENT_SUBOPTION_REMOTE_ID, "Remote-ID" }, + { AGENT_SUBOPTION_SUBSCRIBER_ID, "Subscriber-ID" }, + { 0, NULL } }; static void rfc1048_print(netdissect_options *ndo, - register const u_char *bp) + register const u_char *bp) { register uint16_t tag; register u_int len; @@ -408,7 +634,7 @@ } ND_PRINT((ndo, "\n\t %s Option %u, length %u%s", cp, tag, len, - len > 0 ? ": " : "")); + len > 0 ? ": " : "")); if (tag == TAG_PAD && ndo->ndo_vflag > 2) { u_int ntag = 1; @@ -581,9 +807,8 @@ case TAG_NETBIOS_NODE: /* this option should be at least 1 byte long */ - if (len < 1) { - ND_PRINT((ndo, "ERROR: option %u len %u < 1 bytes", - TAG_NETBIOS_NODE, len)); + if (len < 1) { + ND_PRINT((ndo, "ERROR: length < 1 bytes")); break; } tag = *bp++; @@ -593,9 +818,8 @@ case TAG_OPT_OVERLOAD: /* this option should be at least 1 byte long */ - if (len < 1) { - ND_PRINT((ndo, "ERROR: option %u len %u < 1 bytes", - TAG_OPT_OVERLOAD, len)); + if (len < 1) { + ND_PRINT((ndo, "ERROR: length < 1 bytes")); break; } tag = *bp++; @@ -605,9 +829,8 @@ case TAG_CLIENT_FQDN: /* this option should be at least 3 bytes long */ - if (len < 3) { - ND_PRINT((ndo, "ERROR: option %u len %u < 3 bytes", - TAG_CLIENT_FQDN, len)); + if (len < 3) { + ND_PRINT((ndo, "ERROR: length < 3 bytes")); bp += len; len = 0; break; @@ -629,12 +852,12 @@ break; case TAG_CLIENT_ID: - { int type; + { + int type; /* this option should be at least 1 byte long */ - if (len < 1) { - ND_PRINT((ndo, "ERROR: option %u len %u < 1 bytes", - TAG_CLIENT_ID, len)); + if (len < 1) { + ND_PRINT((ndo, "ERROR: length < 1 bytes")); break; } type = *bp++; @@ -670,23 +893,24 @@ len -= 2; if (suboptlen > len) { ND_PRINT((ndo, "\n\t %s SubOption %u, length %u: length goes past end of option", - tok2str(agent_suboption_values, "Unknown", subopt), - subopt, - suboptlen)); + tok2str(agent_suboption_values, "Unknown", subopt), + subopt, + suboptlen)); bp += len; len = 0; break; } ND_PRINT((ndo, "\n\t %s SubOption %u, length %u: ", - tok2str(agent_suboption_values, "Unknown", subopt), - subopt, - suboptlen)); + tok2str(agent_suboption_values, "Unknown", subopt), + subopt, + suboptlen)); switch (subopt) { case AGENT_SUBOPTION_CIRCUIT_ID: /* fall through */ case AGENT_SUBOPTION_REMOTE_ID: case AGENT_SUBOPTION_SUBSCRIBER_ID: - fn_printn(ndo, bp, suboptlen, NULL); + if (fn_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) + goto trunc; break; default: @@ -695,18 +919,17 @@ len -= suboptlen; bp += suboptlen; - } - break; + } + break; case TAG_CLASSLESS_STATIC_RT: case TAG_CLASSLESS_STA_RT_MS: - { + { u_int mask_width, significant_octets, i; /* this option should be at least 5 bytes long */ - if (len < 5) { - ND_PRINT((ndo, "ERROR: option %u len %u < 5 bytes", - TAG_CLASSLESS_STATIC_RT, len)); + if (len < 5) { + ND_PRINT((ndo, "ERROR: length < 5 bytes")); bp += len; len = 0; break; @@ -718,7 +941,7 @@ len--; /* mask_width <= 32 */ if (mask_width > 32) { - ND_PRINT((ndo, "[ERROR: Mask width (%d) > 32]", mask_width)); + ND_PRINT((ndo, "[ERROR: Mask width (%d) > 32]", mask_width)); bp += len; len = 0; break; @@ -726,7 +949,7 @@ significant_octets = (mask_width + 7) / 8; /* significant octets + router(4) */ if (len < significant_octets + 4) { - ND_PRINT((ndo, "[ERROR: Remaining length (%u) < %u bytes]", len, significant_octets + 4)); + ND_PRINT((ndo, "[ERROR: Remaining length (%u) < %u bytes]", len, significant_octets + 4)); bp += len; len = 0; break; @@ -750,12 +973,54 @@ len -= (significant_octets + 4); first = 0; } - } - break; + break; + } + + case TAG_USER_CLASS: + { + u_int suboptnumber = 1; + + first = 1; + if (len < 2) { + ND_PRINT((ndo, "ERROR: length < 2 bytes")); + bp += len; + len = 0; + break; + } + while (len > 0) { + suboptlen = *bp++; + len--; + ND_PRINT((ndo, "\n\t ")); + ND_PRINT((ndo, "instance#%u: ", suboptnumber)); + if (suboptlen == 0) { + ND_PRINT((ndo, "ERROR: suboption length must be non-zero")); + bp += len; + len = 0; + break; + } + if (len < suboptlen) { + ND_PRINT((ndo, "ERROR: malformed option")); + bp += len; + len = 0; + break; + } + ND_PRINT((ndo, "\"")); + if (fn_printn(ndo, bp, suboptlen, ndo->ndo_snapend)) { + ND_PRINT((ndo, "\"")); + goto trunc; + } + ND_PRINT((ndo, "\"")); + ND_PRINT((ndo, ", length %d", suboptlen)); + suboptnumber++; + len -= suboptlen; + bp += suboptlen; + } + break; + } default: ND_PRINT((ndo, "[unknown special tag %u, size %u]", - tag, len)); + tag, len)); bp += len; len = 0; break; @@ -775,7 +1040,7 @@ static void cmu_print(netdissect_options *ndo, - register const u_char *bp) + register const u_char *bp) { register const struct cmu_vend *cmu; Index: head/contrib/tcpdump/print-cdp.c =================================================================== --- head/contrib/tcpdump/print-cdp.c +++ head/contrib/tcpdump/print-cdp.c @@ -40,7 +40,14 @@ static const char tstr[] = "[|cdp]"; -#define CDP_HEADER_LEN 4 +#define CDP_HEADER_LEN 4 +#define CDP_HEADER_VERSION_OFFSET 0 +#define CDP_HEADER_TTL_OFFSET 1 +#define CDP_HEADER_CHECKSUM_OFFSET 2 + +#define CDP_TLV_HEADER_LEN 4 +#define CDP_TLV_TYPE_OFFSET 0 +#define CDP_TLV_LEN_OFFSET 2 static const struct tok cdp_tlv_values[] = { { 0x01, "Device-ID"}, @@ -87,140 +94,167 @@ const u_char *pptr, u_int length, u_int caplen) { int type, len, i, j; - const u_char *tptr; + const u_char *tptr; if (caplen < CDP_HEADER_LEN) { ND_PRINT((ndo, "%s", tstr)); return; } - tptr = pptr; /* temporary pointer */ + tptr = pptr; /* temporary pointer */ ND_TCHECK2(*tptr, CDP_HEADER_LEN); - ND_PRINT((ndo, "CDPv%u, ttl: %us", *tptr, *(tptr + 1))); + ND_PRINT((ndo, "CDPv%u, ttl: %us", *(tptr + CDP_HEADER_VERSION_OFFSET), + *(tptr + CDP_HEADER_TTL_OFFSET))); if (ndo->ndo_vflag) - ND_PRINT((ndo, ", checksum: %u (unverified), length %u", EXTRACT_16BITS(tptr), length)); + ND_PRINT((ndo, ", checksum: 0x%04x (unverified), length %u", EXTRACT_16BITS(tptr+CDP_HEADER_CHECKSUM_OFFSET), length)); tptr += CDP_HEADER_LEN; while (tptr < (pptr+length)) { - ND_TCHECK2(*tptr, 4); /* read out Type and Length */ - type = EXTRACT_16BITS(tptr); - len = EXTRACT_16BITS(tptr+2); /* object length includes the 4 bytes header length */ - tptr += 4; - len -= 4; + ND_TCHECK2(*tptr, CDP_TLV_HEADER_LEN); /* read out Type and Length */ + type = EXTRACT_16BITS(tptr+CDP_TLV_TYPE_OFFSET); + len = EXTRACT_16BITS(tptr+CDP_TLV_LEN_OFFSET); /* object length includes the 4 bytes header length */ + if (len < CDP_TLV_HEADER_LEN) { + if (ndo->ndo_vflag) + ND_PRINT((ndo, "\n\t%s (0x%02x), TLV length: %u byte%s (too short)", + tok2str(cdp_tlv_values,"unknown field type", type), + type, + len, + PLURAL_SUFFIX(len))); /* plural */ + else + ND_PRINT((ndo, ", %s TLV length %u too short", + tok2str(cdp_tlv_values,"unknown field type", type), + len)); + break; + } + tptr += CDP_TLV_HEADER_LEN; + len -= CDP_TLV_HEADER_LEN; ND_TCHECK2(*tptr, len); - if (ndo->ndo_vflag || type == 1) { /* in non-verbose mode just print Device-ID */ + if (ndo->ndo_vflag || type == 1) { /* in non-verbose mode just print Device-ID */ - if (ndo->ndo_vflag) - ND_PRINT((ndo, "\n\t%s (0x%02x), length: %u byte%s: ", - tok2str(cdp_tlv_values,"unknown field type", type), - type, - len, - PLURAL_SUFFIX(len))); /* plural */ - - switch (type) { - - case 0x01: /* Device-ID */ - if (!ndo->ndo_vflag) - ND_PRINT((ndo, ", Device-ID ")); - ND_PRINT((ndo, "'")); - fn_printn(ndo, tptr, len, NULL); - ND_PRINT((ndo, "'")); - break; - case 0x02: /* Address */ - if (cdp_print_addr(ndo, tptr, len) < 0) - goto trunc; - break; - case 0x03: /* Port-ID */ - ND_PRINT((ndo, "'")); - fn_printn(ndo, tptr, len, NULL); - ND_PRINT((ndo, "'")); + if (ndo->ndo_vflag) + ND_PRINT((ndo, "\n\t%s (0x%02x), value length: %u byte%s: ", + tok2str(cdp_tlv_values,"unknown field type", type), + type, + len, + PLURAL_SUFFIX(len))); /* plural */ + + switch (type) { + + case 0x01: /* Device-ID */ + if (!ndo->ndo_vflag) + ND_PRINT((ndo, ", Device-ID ")); + ND_PRINT((ndo, "'")); + (void)fn_printn(ndo, tptr, len, NULL); + ND_PRINT((ndo, "'")); + break; + case 0x02: /* Address */ + if (cdp_print_addr(ndo, tptr, len) < 0) + goto trunc; break; - case 0x04: /* Capabilities */ + case 0x03: /* Port-ID */ + ND_PRINT((ndo, "'")); + (void)fn_printn(ndo, tptr, len, NULL); + ND_PRINT((ndo, "'")); + break; + case 0x04: /* Capabilities */ + if (len < 4) + goto trunc; ND_PRINT((ndo, "(0x%08x): %s", - EXTRACT_32BITS(tptr), - bittok2str(cdp_capability_values, "none", EXTRACT_32BITS(tptr)))); + EXTRACT_32BITS(tptr), + bittok2str(cdp_capability_values, "none", EXTRACT_32BITS(tptr)))); break; - case 0x05: /* Version */ - ND_PRINT((ndo, "\n\t ")); - for (i=0;i 1) { ND_PRINT((ndo, "/")); - fn_printn(ndo, tptr + 1, len - 1, NULL); - } + (void)fn_printn(ndo, tptr + 1, len - 1, NULL); + } break; - default: - print_unknown_data(ndo, tptr, "\n\t ", len); - break; - } - } - /* avoid infinite loop */ - if (len == 0) + default: + print_unknown_data(ndo, tptr, "\n\t ", len); break; + } + } tptr = tptr+len; } - if (ndo->ndo_vflag < 1) - ND_PRINT((ndo, ", length %u", caplen)); + if (ndo->ndo_vflag < 1) + ND_PRINT((ndo, ", length %u", caplen)); return; trunc: @@ -240,7 +274,7 @@ static int cdp_print_addr(netdissect_options *ndo, - const u_char * p, int l) + const u_char * p, int l) { int pt, pl, al, num; const u_char *endp = p + l; @@ -250,7 +284,9 @@ }; #endif - ND_TCHECK2(*p, 2); + ND_TCHECK2(*p, 4); + if (p + 4 > endp) + goto trunc; num = EXTRACT_32BITS(p); p += 4; @@ -335,7 +371,7 @@ static int cdp_print_prefixes(netdissect_options *ndo, - const u_char * p, int l) + const u_char * p, int l) { if (l % 5) goto trunc; Index: head/contrib/tcpdump/print-cfm.c =================================================================== --- head/contrib/tcpdump/print-cfm.c +++ head/contrib/tcpdump/print-cfm.c @@ -227,8 +227,8 @@ static int cfm_mgmt_addr_print(netdissect_options *ndo, - register const u_char *tptr) { - + register const u_char *tptr) +{ u_int mgmt_addr_type; u_int hexdump = FALSE; @@ -268,7 +268,8 @@ * The egress-ID string is a 16-Bit string plus a MAC address. */ static const char * -cfm_egress_id_string(netdissect_options *ndo, register const u_char *tptr) { +cfm_egress_id_string(netdissect_options *ndo, register const u_char *tptr) +{ static char egress_id_buffer[80]; snprintf(egress_id_buffer, sizeof(egress_id_buffer), @@ -281,8 +282,8 @@ void cfm_print(netdissect_options *ndo, - register const u_char *pptr, register u_int length) { - + register const u_char *pptr, register u_int length) +{ const struct cfm_common_header_t *cfm_common_header; const struct cfm_tlv_header_t *cfm_tlv_header; const uint8_t *tptr, *tlv_ptr, *ma_name, *ma_nameformat, *ma_namelength; Index: head/contrib/tcpdump/print-chdlc.c =================================================================== --- head/contrib/tcpdump/print-chdlc.c +++ head/contrib/tcpdump/print-chdlc.c @@ -56,7 +56,8 @@ } u_int -chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length) { +chdlc_print(netdissect_options *ndo, register const u_char *p, u_int length) +{ u_int proto; proto = EXTRACT_16BITS(&p[2]); @@ -75,11 +76,9 @@ case ETHERTYPE_IP: ip_print(ndo, p, length); break; -#ifdef INET6 case ETHERTYPE_IPV6: ip6_print(ndo, p, length); break; -#endif case CHDLC_TYPE_SLARP: chdlc_slarp_print(ndo, p, length); break; Index: head/contrib/tcpdump/print-cnfp.c =================================================================== --- head/contrib/tcpdump/print-cnfp.c +++ head/contrib/tcpdump/print-cnfp.c @@ -30,7 +30,13 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* Cisco NetFlow protocol */ +/* + * Cisco NetFlow protocol + * + * See + * + * http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html#wp1005892 + */ #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H @@ -49,8 +55,73 @@ #include "tcp.h" #include "ipproto.h" -struct nfhdr { - uint32_t ver_cnt; /* version [15], and # of records */ +struct nfhdr_v1 { + uint16_t version; /* version number */ + uint16_t count; /* # of records */ + uint32_t msys_uptime; + uint32_t utc_sec; + uint32_t utc_nsec; +}; + +struct nfrec_v1 { + struct in_addr src_ina; + struct in_addr dst_ina; + struct in_addr nhop_ina; + uint16_t input; /* SNMP index of input interface */ + uint16_t output; /* SNMP index of output interface */ + uint32_t packets; /* packets in the flow */ + uint32_t octets; /* layer 3 octets in the packets of the flow */ + uint32_t start_time; /* sys_uptime value at start of flow */ + uint32_t last_time; /* sys_uptime value when last packet of flow was received */ + uint16_t srcport; /* TCP/UDP source port or equivalent */ + uint16_t dstport; /* TCP/UDP source port or equivalent */ + uint16_t pad1; /* pad */ + uint8_t proto; /* IP protocol type */ + uint8_t tos; /* IP type of service */ + uint8_t tcp_flags; /* cumulative OR of TCP flags */ + uint8_t pad[3]; /* padding */ + uint32_t reserved; /* unused */ +}; + +struct nfhdr_v5 { + uint16_t version; /* version number */ + uint16_t count; /* # of records */ + uint32_t msys_uptime; + uint32_t utc_sec; + uint32_t utc_nsec; + uint32_t sequence; /* flow sequence number */ + uint8_t engine_type; /* type of flow-switching engine */ + uint8_t engine_id; /* slot number of the flow-switching engine */ + uint16_t sampling_interval; /* sampling mode and interval */ +}; + +struct nfrec_v5 { + struct in_addr src_ina; + struct in_addr dst_ina; + struct in_addr nhop_ina; + uint16_t input; /* SNMP index of input interface */ + uint16_t output; /* SNMP index of output interface */ + uint32_t packets; /* packets in the flow */ + uint32_t octets; /* layer 3 octets in the packets of the flow */ + uint32_t start_time; /* sys_uptime value at start of flow */ + uint32_t last_time; /* sys_uptime value when last packet of flow was received */ + uint16_t srcport; /* TCP/UDP source port or equivalent */ + uint16_t dstport; /* TCP/UDP source port or equivalent */ + uint8_t pad1; /* pad */ + uint8_t tcp_flags; /* cumulative OR of TCP flags */ + uint8_t proto; /* IP protocol type */ + uint8_t tos; /* IP type of service */ + uint16_t src_as; /* AS number of the source */ + uint16_t dst_as; /* AS number of the destination */ + uint8_t src_mask; /* source address mask bits */ + uint8_t dst_mask; /* destination address prefix mask bits */ + uint16_t pad2; + struct in_addr peer_nexthop; /* v6: IP address of the nexthop within the peer (FIB)*/ +}; + +struct nfhdr_v6 { + uint16_t version; /* version number */ + uint16_t count; /* # of records */ uint32_t msys_uptime; uint32_t utc_sec; uint32_t utc_nsec; @@ -58,41 +129,46 @@ uint32_t reserved; /* v5 only */ }; -struct nfrec { +struct nfrec_v6 { struct in_addr src_ina; struct in_addr dst_ina; struct in_addr nhop_ina; - uint32_t ifaces; /* src,dst ifaces */ - uint32_t packets; - uint32_t octets; - uint32_t start_time; /* sys_uptime value */ - uint32_t last_time; /* sys_uptime value */ - uint32_t ports; /* src,dst ports */ - uint32_t proto_tos; /* proto, tos, pad, flags(v5) */ - uint32_t asses; /* v1: flags; v5: src,dst AS */ - uint32_t masks; /* src,dst addr prefix; v6: encaps */ + uint16_t input; /* SNMP index of input interface */ + uint16_t output; /* SNMP index of output interface */ + uint32_t packets; /* packets in the flow */ + uint32_t octets; /* layer 3 octets in the packets of the flow */ + uint32_t start_time; /* sys_uptime value at start of flow */ + uint32_t last_time; /* sys_uptime value when last packet of flow was received */ + uint16_t srcport; /* TCP/UDP source port or equivalent */ + uint16_t dstport; /* TCP/UDP source port or equivalent */ + uint8_t pad1; /* pad */ + uint8_t tcp_flags; /* cumulative OR of TCP flags */ + uint8_t proto; /* IP protocol type */ + uint8_t tos; /* IP type of service */ + uint16_t src_as; /* AS number of the source */ + uint16_t dst_as; /* AS number of the destination */ + uint8_t src_mask; /* source address mask bits */ + uint8_t dst_mask; /* destination address prefix mask bits */ + uint16_t flags; struct in_addr peer_nexthop; /* v6: IP address of the nexthop within the peer (FIB)*/ }; -void -cnfp_print(netdissect_options *ndo, - const u_char *cp, const u_char *bp _U_) +static void +cnfp_v1_print(netdissect_options *ndo, const u_char *cp) { - register const struct nfhdr *nh; - register const struct nfrec *nr; + register const struct nfhdr_v1 *nh; + register const struct nfrec_v1 *nr; struct protoent *pent; int nrecs, ver; #if 0 time_t t; #endif - nh = (const struct nfhdr *)cp; - - if ((const u_char *)(nh + 1) > ndo->ndo_snapend) - return; + nh = (const struct nfhdr_v1 *)cp; + ND_TCHECK(*nh); - nrecs = EXTRACT_32BITS(&nh->ver_cnt) & 0xffff; - ver = (EXTRACT_32BITS(&nh->ver_cnt) & 0xffff0000) >> 16; + ver = EXTRACT_16BITS(&nh->version); + nrecs = EXTRACT_32BITS(&nh->count); #if 0 /* * This is seconds since the UN*X epoch, and is followed by @@ -107,21 +183,18 @@ EXTRACT_32BITS(&nh->msys_uptime)%1000, EXTRACT_32BITS(&nh->utc_sec), EXTRACT_32BITS(&nh->utc_nsec))); - if (ver == 5 || ver == 6) { - ND_PRINT((ndo, "#%u, ", EXTRACT_32BITS(&nh->sequence))); - nr = (const struct nfrec *)&nh[1]; - ndo->ndo_snaplen -= 24; - } else { - nr = (const struct nfrec *)&nh->sequence; - ndo->ndo_snaplen -= 16; - } + nr = (const struct nfrec_v1 *)&nh[1]; ND_PRINT((ndo, "%2u recs", nrecs)); - for (; nrecs-- && (const u_char *)(nr + 1) <= ndo->ndo_snapend; nr++) { + for (; nrecs != 0; nr++, nrecs--) { char buf[20]; char asbuf[20]; + /* + * Make sure we have the entire record. + */ + ND_TCHECK(*nr); ND_PRINT((ndo, "\n started %u.%03u, last %u.%03u", EXTRACT_32BITS(&nr->start_time)/1000, EXTRACT_32BITS(&nr->start_time)%1000, @@ -129,40 +202,121 @@ EXTRACT_32BITS(&nr->last_time)%1000)); asbuf[0] = buf[0] = '\0'; - if (ver == 5 || ver == 6) { - snprintf(buf, sizeof(buf), "/%u", - (EXTRACT_32BITS(&nr->masks) >> 24) & 0xff); - snprintf(asbuf, sizeof(asbuf), ":%u", - (EXTRACT_32BITS(&nr->asses) >> 16) & 0xffff); - } ND_PRINT((ndo, "\n %s%s%s:%u ", intoa(nr->src_ina.s_addr), buf, asbuf, - EXTRACT_32BITS(&nr->ports) >> 16)); + EXTRACT_16BITS(&nr->srcport))); + + ND_PRINT((ndo, "> %s%s%s:%u ", intoa(nr->dst_ina.s_addr), buf, asbuf, + EXTRACT_16BITS(&nr->dstport))); + + ND_PRINT((ndo, ">> %s\n ", intoa(nr->nhop_ina.s_addr))); - if (ver == 5 || ver ==6) { - snprintf(buf, sizeof(buf), "/%d", - (EXTRACT_32BITS(&nr->masks) >> 16) & 0xff); - snprintf(asbuf, sizeof(asbuf), ":%u", - EXTRACT_32BITS(&nr->asses) & 0xffff); + pent = getprotobynumber(nr->proto); + if (!pent || ndo->ndo_nflag) + ND_PRINT((ndo, "%u ", nr->proto)); + else + ND_PRINT((ndo, "%s ", pent->p_name)); + + /* tcp flags for tcp only */ + if (pent && pent->p_proto == IPPROTO_TCP) { + int flags; + flags = nr->tcp_flags; + ND_PRINT((ndo, "%s%s%s%s%s%s%s", + flags & TH_FIN ? "F" : "", + flags & TH_SYN ? "S" : "", + flags & TH_RST ? "R" : "", + flags & TH_PUSH ? "P" : "", + flags & TH_ACK ? "A" : "", + flags & TH_URG ? "U" : "", + flags ? " " : "")); } + + buf[0]='\0'; + ND_PRINT((ndo, "tos %u, %u (%u octets) %s", + nr->tos, + EXTRACT_32BITS(&nr->packets), + EXTRACT_32BITS(&nr->octets), buf)); + } + return; + +trunc: + ND_PRINT((ndo, "[|cnfp]")); + return; +} + +static void +cnfp_v5_print(netdissect_options *ndo, const u_char *cp) +{ + register const struct nfhdr_v5 *nh; + register const struct nfrec_v5 *nr; + struct protoent *pent; + int nrecs, ver; +#if 0 + time_t t; +#endif + + nh = (const struct nfhdr_v5 *)cp; + ND_TCHECK(*nh); + + ver = EXTRACT_16BITS(&nh->version); + nrecs = EXTRACT_32BITS(&nh->count); +#if 0 + /* + * This is seconds since the UN*X epoch, and is followed by + * nanoseconds. XXX - format it, rather than just dumping the + * raw seconds-since-the-Epoch. + */ + t = EXTRACT_32BITS(&nh->utc_sec); +#endif + + ND_PRINT((ndo, "NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver, + EXTRACT_32BITS(&nh->msys_uptime)/1000, + EXTRACT_32BITS(&nh->msys_uptime)%1000, + EXTRACT_32BITS(&nh->utc_sec), EXTRACT_32BITS(&nh->utc_nsec))); + + ND_PRINT((ndo, "#%u, ", EXTRACT_32BITS(&nh->sequence))); + nr = (const struct nfrec_v5 *)&nh[1]; + + ND_PRINT((ndo, "%2u recs", nrecs)); + + for (; nrecs != 0; nr++, nrecs--) { + char buf[20]; + char asbuf[20]; + + /* + * Make sure we have the entire record. + */ + ND_TCHECK(*nr); + ND_PRINT((ndo, "\n started %u.%03u, last %u.%03u", + EXTRACT_32BITS(&nr->start_time)/1000, + EXTRACT_32BITS(&nr->start_time)%1000, + EXTRACT_32BITS(&nr->last_time)/1000, + EXTRACT_32BITS(&nr->last_time)%1000)); + + asbuf[0] = buf[0] = '\0'; + snprintf(buf, sizeof(buf), "/%u", nr->src_mask); + snprintf(asbuf, sizeof(asbuf), ":%u", + EXTRACT_16BITS(&nr->src_as)); + ND_PRINT((ndo, "\n %s%s%s:%u ", intoa(nr->src_ina.s_addr), buf, asbuf, + EXTRACT_16BITS(&nr->srcport))); + + snprintf(buf, sizeof(buf), "/%d", nr->dst_mask); + snprintf(asbuf, sizeof(asbuf), ":%u", + EXTRACT_16BITS(&nr->dst_as)); ND_PRINT((ndo, "> %s%s%s:%u ", intoa(nr->dst_ina.s_addr), buf, asbuf, - EXTRACT_32BITS(&nr->ports) & 0xffff)); + EXTRACT_16BITS(&nr->dstport))); ND_PRINT((ndo, ">> %s\n ", intoa(nr->nhop_ina.s_addr))); - pent = getprotobynumber((EXTRACT_32BITS(&nr->proto_tos) >> 8) & 0xff); + pent = getprotobynumber(nr->proto); if (!pent || ndo->ndo_nflag) - ND_PRINT((ndo, "%u ", - (EXTRACT_32BITS(&nr->proto_tos) >> 8) & 0xff)); + ND_PRINT((ndo, "%u ", nr->proto)); else ND_PRINT((ndo, "%s ", pent->p_name)); /* tcp flags for tcp only */ if (pent && pent->p_proto == IPPROTO_TCP) { int flags; - if (ver == 1) - flags = (EXTRACT_32BITS(&nr->asses) >> 24) & 0xff; - else - flags = (EXTRACT_32BITS(&nr->proto_tos) >> 16) & 0xff; + flags = nr->tcp_flags; ND_PRINT((ndo, "%s%s%s%s%s%s%s", flags & TH_FIN ? "F" : "", flags & TH_SYN ? "S" : "", @@ -174,14 +328,149 @@ } buf[0]='\0'; - if (ver == 6) { - snprintf(buf, sizeof(buf), "(%u<>%u encaps)", - (EXTRACT_32BITS(&nr->masks) >> 8) & 0xff, - (EXTRACT_32BITS(&nr->masks)) & 0xff); + ND_PRINT((ndo, "tos %u, %u (%u octets) %s", + nr->tos, + EXTRACT_32BITS(&nr->packets), + EXTRACT_32BITS(&nr->octets), buf)); + } + return; + +trunc: + ND_PRINT((ndo, "[|cnfp]")); + return; +} + +static void +cnfp_v6_print(netdissect_options *ndo, const u_char *cp) +{ + register const struct nfhdr_v6 *nh; + register const struct nfrec_v6 *nr; + struct protoent *pent; + int nrecs, ver; +#if 0 + time_t t; +#endif + + nh = (const struct nfhdr_v6 *)cp; + ND_TCHECK(*nh); + + ver = EXTRACT_16BITS(&nh->version); + nrecs = EXTRACT_32BITS(&nh->count); +#if 0 + /* + * This is seconds since the UN*X epoch, and is followed by + * nanoseconds. XXX - format it, rather than just dumping the + * raw seconds-since-the-Epoch. + */ + t = EXTRACT_32BITS(&nh->utc_sec); +#endif + + ND_PRINT((ndo, "NetFlow v%x, %u.%03u uptime, %u.%09u, ", ver, + EXTRACT_32BITS(&nh->msys_uptime)/1000, + EXTRACT_32BITS(&nh->msys_uptime)%1000, + EXTRACT_32BITS(&nh->utc_sec), EXTRACT_32BITS(&nh->utc_nsec))); + + ND_PRINT((ndo, "#%u, ", EXTRACT_32BITS(&nh->sequence))); + nr = (const struct nfrec_v6 *)&nh[1]; + + ND_PRINT((ndo, "%2u recs", nrecs)); + + for (; nrecs != 0; nr++, nrecs--) { + char buf[20]; + char asbuf[20]; + + /* + * Make sure we have the entire record. + */ + ND_TCHECK(*nr); + ND_PRINT((ndo, "\n started %u.%03u, last %u.%03u", + EXTRACT_32BITS(&nr->start_time)/1000, + EXTRACT_32BITS(&nr->start_time)%1000, + EXTRACT_32BITS(&nr->last_time)/1000, + EXTRACT_32BITS(&nr->last_time)%1000)); + + asbuf[0] = buf[0] = '\0'; + snprintf(buf, sizeof(buf), "/%u", nr->src_mask); + snprintf(asbuf, sizeof(asbuf), ":%u", + EXTRACT_16BITS(&nr->src_as)); + ND_PRINT((ndo, "\n %s%s%s:%u ", intoa(nr->src_ina.s_addr), buf, asbuf, + EXTRACT_16BITS(&nr->srcport))); + + snprintf(buf, sizeof(buf), "/%d", nr->dst_mask); + snprintf(asbuf, sizeof(asbuf), ":%u", + EXTRACT_16BITS(&nr->dst_as)); + ND_PRINT((ndo, "> %s%s%s:%u ", intoa(nr->dst_ina.s_addr), buf, asbuf, + EXTRACT_16BITS(&nr->dstport))); + + ND_PRINT((ndo, ">> %s\n ", intoa(nr->nhop_ina.s_addr))); + + pent = getprotobynumber(nr->proto); + if (!pent || ndo->ndo_nflag) + ND_PRINT((ndo, "%u ", nr->proto)); + else + ND_PRINT((ndo, "%s ", pent->p_name)); + + /* tcp flags for tcp only */ + if (pent && pent->p_proto == IPPROTO_TCP) { + int flags; + flags = nr->tcp_flags; + ND_PRINT((ndo, "%s%s%s%s%s%s%s", + flags & TH_FIN ? "F" : "", + flags & TH_SYN ? "S" : "", + flags & TH_RST ? "R" : "", + flags & TH_PUSH ? "P" : "", + flags & TH_ACK ? "A" : "", + flags & TH_URG ? "U" : "", + flags ? " " : "")); } + + buf[0]='\0'; + snprintf(buf, sizeof(buf), "(%u<>%u encaps)", + (EXTRACT_16BITS(&nr->flags) >> 8) & 0xff, + (EXTRACT_16BITS(&nr->flags)) & 0xff); ND_PRINT((ndo, "tos %u, %u (%u octets) %s", - EXTRACT_32BITS(&nr->proto_tos) & 0xff, + nr->tos, EXTRACT_32BITS(&nr->packets), EXTRACT_32BITS(&nr->octets), buf)); } + return; + +trunc: + ND_PRINT((ndo, "[|cnfp]")); + return; +} + +void +cnfp_print(netdissect_options *ndo, const u_char *cp) +{ + int ver; + + /* + * First 2 bytes are the version number. + */ + ND_TCHECK2(*cp, 2); + ver = EXTRACT_16BITS(cp); + switch (ver) { + + case 1: + cnfp_v1_print(ndo, cp); + break; + + case 5: + cnfp_v5_print(ndo, cp); + break; + + case 6: + cnfp_v6_print(ndo, cp); + break; + + default: + ND_PRINT((ndo, "NetFlow v%x", ver)); + break; + } + return; + +trunc: + ND_PRINT((ndo, "[|cnfp]")); + return; } Index: head/contrib/tcpdump/print-dccp.c =================================================================== --- head/contrib/tcpdump/print-dccp.c +++ head/contrib/tcpdump/print-dccp.c @@ -26,6 +26,8 @@ #endif #include "ipproto.h" +/* RFC4340: Datagram Congestion Control Protocol (DCCP) */ + /** * struct dccp_hdr - generic part of DCCP packet header, with a 24-bit * sequence number @@ -123,8 +125,21 @@ DCCP_PKT_CLOSE, DCCP_PKT_RESET, DCCP_PKT_SYNC, - DCCP_PKT_SYNCACK, - DCCP_PKT_INVALID + DCCP_PKT_SYNCACK +}; + +static const struct tok dccp_pkt_type_str[] = { + { DCCP_PKT_REQUEST, "DCCP-Request" }, + { DCCP_PKT_RESPONSE, "DCCP-Response" }, + { DCCP_PKT_DATA, "DCCP-Data" }, + { DCCP_PKT_ACK, "DCCP-Ack" }, + { DCCP_PKT_DATAACK, "DCCP-DataAck" }, + { DCCP_PKT_CLOSEREQ, "DCCP-CloseReq" }, + { DCCP_PKT_CLOSE, "DCCP-Close" }, + { DCCP_PKT_RESET, "DCCP-Reset" }, + { DCCP_PKT_SYNC, "DCCP-Sync" }, + { DCCP_PKT_SYNCACK, "DCCP-SyncAck" }, + { 0, NULL} }; enum dccp_reset_codes { @@ -253,7 +268,7 @@ * @len - lenght of ip packet */ void dccp_print(netdissect_options *ndo, const u_char *bp, const u_char *data2, - u_int len) + u_int len) { const struct dccp_hdr *dh; const struct ip *ip; @@ -264,6 +279,7 @@ u_short sport, dport; u_int hlen; u_int fixed_hdrlen; + uint8_t dccph_type; dh = (const struct dccp_hdr *)bp; @@ -283,7 +299,7 @@ } if (len < sizeof(struct dccp_hdr)) { ND_PRINT((ndo, "truncated-dccp - %u bytes missing!", - len - (u_int)sizeof(struct dccp_hdr))); + len - (u_int)sizeof(struct dccp_hdr))); return; } @@ -291,7 +307,7 @@ fixed_hdrlen = dccp_basic_hdr_len(dh); if (len < fixed_hdrlen) { ND_PRINT((ndo, "truncated-dccp - %u bytes missing!", - len - fixed_hdrlen)); + len - fixed_hdrlen)); return; } ND_TCHECK2(*dh, fixed_hdrlen); @@ -303,28 +319,30 @@ #ifdef INET6 if (ip6) { ND_PRINT((ndo, "%s.%d > %s.%d: ", - ip6addr_string(ndo, &ip6->ip6_src), sport, - ip6addr_string(ndo, &ip6->ip6_dst), dport)); + ip6addr_string(ndo, &ip6->ip6_src), sport, + ip6addr_string(ndo, &ip6->ip6_dst), dport)); } else #endif /*INET6*/ { ND_PRINT((ndo, "%s.%d > %s.%d: ", - ipaddr_string(ndo, &ip->ip_src), sport, - ipaddr_string(ndo, &ip->ip_dst), dport)); + ipaddr_string(ndo, &ip->ip_src), sport, + ipaddr_string(ndo, &ip->ip_dst), dport)); } + ND_PRINT((ndo, "DCCP")); + if (ndo->ndo_qflag) { ND_PRINT((ndo, " %d", len - hlen)); if (hlen > len) { - ND_PRINT((ndo, "dccp [bad hdr length %u - too long, > %u]", - hlen, len)); + ND_PRINT((ndo, " [bad hdr length %u - too long, > %u]", + hlen, len)); } return; } /* other variables in generic header */ if (ndo->ndo_vflag) { - ND_PRINT((ndo, "CCVal %d, CsCov %d, ", DCCPH_CCVAL(dh), DCCPH_CSCOV(dh))); + ND_PRINT((ndo, " (CCVal %d, CsCov %d, ", DCCPH_CCVAL(dh), DCCPH_CSCOV(dh))); } /* checksum calculation */ @@ -340,24 +358,31 @@ sum = dccp6_cksum(ip6, dh, len); #endif if (sum != 0) - ND_PRINT((ndo, "(incorrect -> 0x%04x), ",in_cksum_shouldbe(dccp_sum, sum))); + ND_PRINT((ndo, "(incorrect -> 0x%04x)",in_cksum_shouldbe(dccp_sum, sum))); else - ND_PRINT((ndo, "(correct), ")); + ND_PRINT((ndo, "(correct)")); } - switch (DCCPH_TYPE(dh)) { + if (ndo->ndo_vflag) + ND_PRINT((ndo, ")")); + ND_PRINT((ndo, " ")); + + dccph_type = DCCPH_TYPE(dh); + switch (dccph_type) { case DCCP_PKT_REQUEST: { struct dccp_hdr_request *dhr = (struct dccp_hdr_request *)(bp + fixed_hdrlen); fixed_hdrlen += 4; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp request - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } ND_TCHECK(*dhr); - ND_PRINT((ndo, "request (service=%d) ", - EXTRACT_32BITS(&dhr->dccph_req_service))); + ND_PRINT((ndo, "%s (service=%d) ", + tok2str(dccp_pkt_type_str, "", dccph_type), + EXTRACT_32BITS(&dhr->dccph_req_service))); break; } case DCCP_PKT_RESPONSE: { @@ -365,90 +390,100 @@ (struct dccp_hdr_response *)(bp + fixed_hdrlen); fixed_hdrlen += 12; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp response - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } ND_TCHECK(*dhr); - ND_PRINT((ndo, "response (service=%d) ", - EXTRACT_32BITS(&dhr->dccph_resp_service))); + ND_PRINT((ndo, "%s (service=%d) ", + tok2str(dccp_pkt_type_str, "", dccph_type), + EXTRACT_32BITS(&dhr->dccph_resp_service))); break; } case DCCP_PKT_DATA: - ND_PRINT((ndo, "data ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; case DCCP_PKT_ACK: { fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp ack - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "ack ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; } case DCCP_PKT_DATAACK: { fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp dataack - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "dataack ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; } case DCCP_PKT_CLOSEREQ: fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp closereq - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "closereq ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; case DCCP_PKT_CLOSE: fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp close - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "close ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; case DCCP_PKT_RESET: { struct dccp_hdr_reset *dhr = (struct dccp_hdr_reset *)(bp + fixed_hdrlen); fixed_hdrlen += 12; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp reset - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } ND_TCHECK(*dhr); - ND_PRINT((ndo, "reset (code=%s) ", - dccp_reset_code(dhr->dccph_reset_code))); + ND_PRINT((ndo, "%s (code=%s) ", + tok2str(dccp_pkt_type_str, "", dccph_type), + dccp_reset_code(dhr->dccph_reset_code))); break; } case DCCP_PKT_SYNC: fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp sync - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "sync ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; case DCCP_PKT_SYNCACK: fixed_hdrlen += 8; if (len < fixed_hdrlen) { - ND_PRINT((ndo, "truncated-dccp syncack - %u bytes missing!", - len - fixed_hdrlen)); + ND_PRINT((ndo, "truncated-%s - %u bytes missing!", + tok2str(dccp_pkt_type_str, "", dccph_type), + len - fixed_hdrlen)); return; } - ND_PRINT((ndo, "syncack ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "", dccph_type))); break; default: - ND_PRINT((ndo, "invalid ")); + ND_PRINT((ndo, "%s ", tok2str(dccp_pkt_type_str, "unknown-type-%u", dccph_type))); break; } @@ -504,7 +539,7 @@ { 42, "timestamp_echo" }, { 43, "elapsed_time" }, { 44, "data_checksum" }, - { 0, NULL } + { 0, NULL } }; static int dccp_print_option(netdissect_options *ndo, const u_char *option, u_int hlen) @@ -521,7 +556,7 @@ ND_PRINT((ndo, "CCID option %u optlen too short", *option)); else ND_PRINT((ndo, "%s optlen too short", - tok2str(dccp_option_values, "Option %u", *option))); + tok2str(dccp_option_values, "Option %u", *option))); return 0; } } else @@ -530,10 +565,10 @@ if (hlen < optlen) { if (*option >= 128) ND_PRINT((ndo, "CCID option %u optlen goes past header length", - *option)); + *option)); else ND_PRINT((ndo, "%s optlen goes past header length", - tok2str(dccp_option_values, "Option %u", *option))); + tok2str(dccp_option_values, "Option %u", *option))); return 0; } ND_TCHECK2(*option, optlen); Index: head/contrib/tcpdump/print-decnet.c =================================================================== --- head/contrib/tcpdump/print-decnet.c +++ head/contrib/tcpdump/print-decnet.c @@ -271,7 +271,7 @@ /* Macros for decoding routing-info fields */ #define RI_COST(x) ((x)&0777) #define RI_HOPS(x) (((x)>>10)&037) - + /* * NSP protocol fields and values. */ @@ -1315,10 +1315,15 @@ { #ifdef HAVE_DNET_HTOA struct dn_naddr dna; + char *dnname; dna.a_len = sizeof(short); memcpy((char *)dna.a_addr, (char *)&dnaddr, sizeof(short)); - return (strdup(dnet_htoa(&dna))); + dnname = dnet_htoa(&dna); + if(dnname != NULL) + return (strdup(dnname)); + else + return(dnnum_string(dnaddr)); #else return(dnnum_string(dnaddr)); /* punt */ #endif Index: head/contrib/tcpdump/print-eigrp.c =================================================================== --- head/contrib/tcpdump/print-eigrp.c +++ head/contrib/tcpdump/print-eigrp.c @@ -205,8 +205,8 @@ }; void -eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { - +eigrp_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) +{ const struct eigrp_common_header *eigrp_com_header; const struct eigrp_tlv_header *eigrp_tlv_header; const u_char *tptr,*tlv_tptr; Index: head/contrib/tcpdump/print-enc.c =================================================================== --- head/contrib/tcpdump/print-enc.c +++ head/contrib/tcpdump/print-enc.c @@ -117,11 +117,11 @@ case AF_INET: ip_print(ndo, p, length); break; -#ifdef INET6 +#ifdef AF_INET6 case AF_INET6: ip6_print(ndo, p, length); break; -#endif /*INET6*/ +#endif } out: Index: head/contrib/tcpdump/print-ether.c =================================================================== --- head/contrib/tcpdump/print-ether.c +++ head/contrib/tcpdump/print-ether.c @@ -187,10 +187,7 @@ if (ndo->ndo_eflag) { uint16_t tag = EXTRACT_16BITS(p); - ND_PRINT((ndo, "vlan %u, p %u%s, ", - tag & 0xfff, - tag >> 13, - (tag & 0x1000) ? ", CFI" : "")); + ND_PRINT((ndo, "%s, ", ieee8021q_tci_string(tag))); } ether_type = EXTRACT_16BITS(p + 2); @@ -328,11 +325,9 @@ ip_print(ndo, p, length); return (1); -#ifdef INET6 case ETHERTYPE_IPV6: ip6_print(ndo, p, length); return (1); -#endif /*INET6*/ case ETHERTYPE_ARP: case ETHERTYPE_REVARP: Index: head/contrib/tcpdump/print-forces.c =================================================================== --- head/contrib/tcpdump/print-forces.c +++ head/contrib/tcpdump/print-forces.c @@ -27,8 +27,8 @@ static const char tstr[] = "[|forces]"; /* - * Per draft-ietf-forces-protocol-22 -*/ + * RFC5810: Forwarding and Control Element Separation (ForCES) Protocol + */ #define ForCES_VERS 1 #define ForCES_HDRL 24 #define ForCES_ALNL 4U @@ -187,26 +187,28 @@ {0, NULL} }; +/* this is defined in RFC5810 section A.2 */ +/* http://www.iana.org/assignments/forces/forces.xhtml#oper-tlv-types */ enum { - F_OP_RSV, - F_OP_SET, - F_OP_SETPROP, - F_OP_SETRESP, - F_OP_SETPRESP, - F_OP_DEL, - F_OP_DELRESP, - F_OP_GET, - F_OP_GETPROP, - F_OP_GETRESP, - F_OP_GETPRESP, - F_OP_REPORT, - F_OP_COMMIT, - F_OP_RCOMMIT, - F_OP_RTRCOMP, + F_OP_RSV = 0, + F_OP_SET = 1, + F_OP_SETPROP = 2, + F_OP_SETRESP = 3, + F_OP_SETPRESP = 4, + F_OP_DEL = 5, + F_OP_DELRESP = 6, + F_OP_GET = 7, + F_OP_GETPROP = 8, + F_OP_GETRESP = 9, + F_OP_GETPRESP = 10, + F_OP_REPORT = 11, + F_OP_COMMIT = 12, + F_OP_RCOMMIT = 13, + F_OP_RTRCOMP = 14, _F_OP_MAX }; - #define F_OP_MAX (_F_OP_MAX - 1) + enum { B_OP_SET = 1 << (F_OP_SET - 1), B_OP_SETPROP = 1 << (F_OP_SETPROP - 1), @@ -1187,12 +1189,6 @@ ND_PRINT((ndo, "%sOper TLV %s(0x%x) length %d\n", ib, ops->s, type, EXTRACT_16BITS(&otlv->length))); } - /* empty TLVs like COMMIT and TRCOMMIT are empty, we stop here .. */ - if (!ops->flags & ZERO_TTLV) { - if (tll != 0) /* instead of "if (tll)" - for readability .. */ - ND_PRINT((ndo, "%s: Illegal - MUST be empty\n", ops->s)); - return rc; - } /* rest of ops must at least have 12B {pathinfo} */ if (tll < OP_MIN_SIZ) { ND_PRINT((ndo, "\t\tOper TLV %s(0x%x) length %d\n", ops->s, type, @@ -1203,7 +1199,10 @@ } - rc = ops->print(ndo, dp, tll, ops->op_msk, indent + 1); + /* XXX - do anything with ops->flags? */ + if(ops->print) { + rc = ops->print(ndo, dp, tll, ops->op_msk, indent + 1); + } return rc; trunc: Index: head/contrib/tcpdump/print-fr.c =================================================================== --- head/contrib/tcpdump/print-fr.c +++ head/contrib/tcpdump/print-fr.c @@ -34,6 +34,7 @@ #include "interface.h" #include "addrtoname.h" #include "ethertype.h" +#include "llc.h" #include "nlpid.h" #include "extract.h" #include "oui.h" @@ -94,15 +95,21 @@ { 0, NULL } }; -/* Finds out Q.922 address length, DLCI and flags. Returns 0 on success +/* Finds out Q.922 address length, DLCI and flags. Returns 1 on success, + * 0 on invalid address, -1 on truncated packet * save the flags dep. on address length */ -static int parse_q922_addr(const u_char *p, u_int *dlci, - u_int *addr_len, uint8_t *flags) +static int parse_q922_addr(netdissect_options *ndo, + const u_char *p, u_int *dlci, + u_int *addr_len, uint8_t *flags, u_int length) { - if ((p[0] & FR_EA_BIT)) + if (!ND_TTEST(p[0]) || length < 1) return -1; + if ((p[0] & FR_EA_BIT)) + return 0; + if (!ND_TTEST(p[1]) || length < 2) + return -1; *addr_len = 2; *dlci = ((p[0] & 0xFC) << 2) | ((p[1] & 0xF0) >> 4); @@ -112,34 +119,42 @@ flags[3] = 0; if (p[1] & FR_EA_BIT) - return 0; /* 2-byte Q.922 address */ + return 1; /* 2-byte Q.922 address */ p += 2; + length -= 2; + if (!ND_TTEST(p[0]) || length < 1) + return -1; (*addr_len)++; /* 3- or 4-byte Q.922 address */ if ((p[0] & FR_EA_BIT) == 0) { *dlci = (*dlci << 7) | (p[0] >> 1); (*addr_len)++; /* 4-byte Q.922 address */ p++; + length--; } + if (!ND_TTEST(p[0]) || length < 1) + return -1; if ((p[0] & FR_EA_BIT) == 0) - return -1; /* more than 4 bytes of Q.922 address? */ + return 0; /* more than 4 bytes of Q.922 address? */ flags[3] = p[0] & 0x02; *dlci = (*dlci << 6) | (p[0] >> 2); - return 0; + return 1; } -char *q922_string(const u_char *p) { +char * +q922_string(netdissect_options *ndo, const u_char *p, u_int length) +{ static u_int dlci, addr_len; static uint8_t flags[4]; static char buffer[sizeof("DLCI xxxxxxxxxx")]; memset(buffer, 0, sizeof(buffer)); - if (parse_q922_addr(p, &dlci, &addr_len, flags) == 0){ + if (parse_q922_addr(ndo, p, &dlci, &addr_len, flags, length) == 1){ snprintf(buffer, sizeof(buffer), "DLCI %u", dlci); } @@ -173,15 +188,6 @@ may optionally be increased to three or four octets. */ -static u_int -fr_hdrlen(const u_char *p, u_int addr_len) -{ - if (!p[addr_len + 1] /* pad exist */) - return addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */; - else - return addr_len + 1 /* UI */ + 1 /* NLPID */; -} - static void fr_hdr_print(netdissect_options *ndo, int length, u_int addr_len, u_int dlci, uint8_t *flags, uint16_t nlpid) @@ -232,6 +238,7 @@ fr_print(netdissect_options *ndo, register const u_char *p, u_int length) { + int ret; uint16_t extracted_ethertype; u_int dlci; u_int addr_len; @@ -239,39 +246,70 @@ u_int hdr_len; uint8_t flags[4]; - if (parse_q922_addr(p, &dlci, &addr_len, flags)) { + ret = parse_q922_addr(ndo, p, &dlci, &addr_len, flags, length); + if (ret == -1) + goto trunc; + if (ret == 0) { ND_PRINT((ndo, "Q.922, invalid address")); return 0; } - ND_TCHECK2(*p, addr_len+1+1); - hdr_len = fr_hdrlen(p, addr_len); - ND_TCHECK2(*p, hdr_len); - - if (p[addr_len] != 0x03 && dlci != 0) { - - /* lets figure out if we have cisco style encapsulation: */ - extracted_ethertype = EXTRACT_16BITS(p+addr_len); - - if (ndo->ndo_eflag) - fr_hdr_print(ndo, length, addr_len, dlci, flags, extracted_ethertype); - - if (ethertype_print(ndo, extracted_ethertype, - p+addr_len+ETHERTYPE_LEN, - length-addr_len-ETHERTYPE_LEN, - length-addr_len-ETHERTYPE_LEN) == 0) - /* ether_type not known, probably it wasn't one */ - ND_PRINT((ndo, "UI %02x! ", p[addr_len])); - else - return hdr_len; + ND_TCHECK(p[addr_len]); + if (length < addr_len + 1) + goto trunc; + + if (p[addr_len] != LLC_UI && dlci != 0) { + /* + * Let's figure out if we have Cisco-style encapsulation, + * with an Ethernet type (Cisco HDLC type?) following the + * address. + */ + if (!ND_TTEST2(p[addr_len], 2) || length < addr_len + 2) { + /* no Ethertype */ + ND_PRINT((ndo, "UI %02x! ", p[addr_len])); + } else { + extracted_ethertype = EXTRACT_16BITS(p+addr_len); + + if (ndo->ndo_eflag) + fr_hdr_print(ndo, length, addr_len, dlci, + flags, extracted_ethertype); + + if (ethertype_print(ndo, extracted_ethertype, + p+addr_len+ETHERTYPE_LEN, + length-addr_len-ETHERTYPE_LEN, + length-addr_len-ETHERTYPE_LEN) == 0) + /* ether_type not known, probably it wasn't one */ + ND_PRINT((ndo, "UI %02x! ", p[addr_len])); + else + return addr_len + 2; + } } - if (!p[addr_len + 1]) { /* pad byte should be used with 3-byte Q.922 */ + ND_TCHECK(p[addr_len+1]); + if (length < addr_len + 2) + goto trunc; + + if (p[addr_len + 1] == 0) { + /* + * Assume a pad byte after the control (UI) byte. + * A pad byte should only be used with 3-byte Q.922. + */ if (addr_len != 3) ND_PRINT((ndo, "Pad! ")); - } else if (addr_len == 3) - ND_PRINT((ndo, "No pad! ")); + hdr_len = addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */; + } else { + /* + * Not a pad byte. + * A pad byte should be used with 3-byte Q.922. + */ + if (addr_len == 3) + ND_PRINT((ndo, "No pad! ")); + hdr_len = addr_len + 1 /* UI */ + 1 /* NLPID */; + } + ND_TCHECK(p[hdr_len - 1]); + if (length < hdr_len) + goto trunc; nlpid = p[hdr_len - 1]; if (ndo->ndo_eflag) @@ -284,11 +322,10 @@ ip_print(ndo, p, length); break; -#ifdef INET6 case NLPID_IP6: ip6_print(ndo, p, length); break; -#endif + case NLPID_CLNP: case NLPID_ESIS: case NLPID_ISIS: @@ -558,8 +595,8 @@ static void frf15_print(netdissect_options *ndo, - const u_char *p, u_int length) { - + const u_char *p, u_int length) +{ uint16_t sequence_num, flags; flags = p[0]&MFR_BEC_MASK; Index: head/contrib/tcpdump/print-ftp.c =================================================================== --- head/contrib/tcpdump/print-ftp.c +++ head/contrib/tcpdump/print-ftp.c @@ -0,0 +1,35 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +#ifndef lint +static const char rcsid[] _U_ = + "@(#) $Header$"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include + +#include "netdissect.h" +#include "extract.h" + +void +ftp_print(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + txtproto_print(ndo, pptr, len, "ftp", NULL, 0); +} Index: head/contrib/tcpdump/print-geneve.c =================================================================== --- head/contrib/tcpdump/print-geneve.c +++ head/contrib/tcpdump/print-geneve.c @@ -0,0 +1,223 @@ +/* + * Copyright (c) 2014 VMware, Inc. All Rights Reserved. + * + * Jesse Gross + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +#define NETDISSECT_REWORKED +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include "interface.h" +#include "extract.h" +#include "ethertype.h" + +/* + * Geneve header, draft-gross-geneve-02 + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * |Ver| Opt Len |O|C| Rsvd. | Protocol Type | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Virtual Network Identifier (VNI) | Reserved | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Variable Length Options | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * Options: + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Option Class | Type |R|R|R| Length | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Variable Option Data | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + */ + +#define VER_SHIFT 6 +#define HDR_OPTS_LEN_MASK 0x3F + +#define FLAG_OAM (1 << 7) +#define FLAG_CRITICAL (1 << 6) +#define FLAG_R1 (1 << 5) +#define FLAG_R2 (1 << 4) +#define FLAG_R3 (1 << 3) +#define FLAG_R4 (1 << 2) +#define FLAG_R5 (1 << 1) +#define FLAG_R6 (1 << 0) + +#define OPT_TYPE_CRITICAL (1 << 7) +#define OPT_LEN_MASK 0x1F + +static const struct tok geneve_flag_values[] = { + { FLAG_OAM, "O" }, + { FLAG_CRITICAL, "C" }, + { FLAG_R1, "R1" }, + { FLAG_R2, "R2" }, + { FLAG_R3, "R3" }, + { FLAG_R4, "R4" }, + { FLAG_R5, "R5" }, + { FLAG_R6, "R6" }, + { 0, NULL } +}; + +static const char * +format_opt_class(uint16_t opt_class) +{ + if (opt_class <= 0xff) + return "Standard"; + else if (opt_class == 0xffff) + return "Experimental"; + else + return "Unknown"; +} + +static void +geneve_opts_print(netdissect_options *ndo, const u_char *bp, u_int len) +{ + const char *sep = ""; + + while (len > 0) { + uint16_t opt_class; + uint8_t opt_type; + uint8_t opt_len; + + ND_PRINT((ndo, "%s", sep)); + sep = ", "; + + opt_class = EXTRACT_16BITS(bp); + opt_type = *(bp + 2); + opt_len = 4 + ((*(bp + 3) & OPT_LEN_MASK) * 4); + + ND_PRINT((ndo, "class %s (0x%x) type 0x%x%s len %u", + format_opt_class(opt_class), opt_class, opt_type, + opt_type & OPT_TYPE_CRITICAL ? "(C)" : "", opt_len)); + + if (opt_len > len) { + ND_PRINT((ndo, " [bad length]")); + return; + } + + if (ndo->ndo_vflag > 1 && opt_len > 4) { + uint32_t *print_data = (uint32_t *)(bp + 4); + int i; + + ND_PRINT((ndo, " data")); + + for (i = 4; i < opt_len; i += 4) { + ND_PRINT((ndo, " %08x", EXTRACT_32BITS(print_data))); + print_data++; + } + } + + bp += opt_len; + len -= opt_len; + } +} + +void +geneve_print(netdissect_options *ndo, const u_char *bp, u_int len) +{ + uint8_t ver_opt; + uint version; + uint8_t flags; + uint16_t prot; + uint32_t vni; + uint8_t reserved; + u_int opts_len; + + ND_PRINT((ndo, "Geneve")); + + ND_TCHECK2(*bp, 8); + + ver_opt = *bp; + bp += 1; + len -= 1; + + version = ver_opt >> VER_SHIFT; + if (version != 0) { + ND_PRINT((ndo, " ERROR: unknown-version %u", version)); + return; + } + + flags = *bp; + bp += 1; + len -= 1; + + prot = EXTRACT_16BITS(bp); + bp += 2; + len -= 2; + + vni = EXTRACT_24BITS(bp); + bp += 3; + len -= 3; + + reserved = *bp; + bp += 1; + len -= 1; + + ND_PRINT((ndo, ", Flags [%s]", + bittok2str_nosep(geneve_flag_values, "none", flags))); + ND_PRINT((ndo, ", vni 0x%x", vni)); + + if (reserved) + ND_PRINT((ndo, ", rsvd 0x%x", reserved)); + + if (ndo->ndo_eflag) + ND_PRINT((ndo, ", proto %s (0x%04x)", + tok2str(ethertype_values, "unknown", prot), prot)); + + opts_len = (ver_opt & HDR_OPTS_LEN_MASK) * 4; + + if (len < opts_len) { + ND_PRINT((ndo, " truncated-geneve - %u bytes missing", + len - opts_len)); + return; + } + + ND_TCHECK2(*bp, opts_len); + + if (opts_len > 0) { + ND_PRINT((ndo, ", options [")); + + if (ndo->ndo_vflag) + geneve_opts_print(ndo, bp, opts_len); + else + ND_PRINT((ndo, "%u bytes", opts_len)); + + ND_PRINT((ndo, "]")); + } + + bp += opts_len; + len -= opts_len; + + if (ndo->ndo_vflag < 1) + ND_PRINT((ndo, ": ")); + else + ND_PRINT((ndo, "\n\t")); + + if (ethertype_print(ndo, prot, bp, len, len) == 0) { + if (prot == ETHERTYPE_TEB) + ether_print(ndo, bp, len, len, NULL, NULL); + else + ND_PRINT((ndo, "geneve-proto-0x%x", prot)); + } + + return; + +trunc: + ND_PRINT((ndo, " [|geneve]")); +} Index: head/contrib/tcpdump/print-geonet.c =================================================================== --- head/contrib/tcpdump/print-geonet.c +++ head/contrib/tcpdump/print-geonet.c @@ -56,16 +56,12 @@ static void print_btp_body(netdissect_options *ndo, - const u_char *bp, u_int length) + const u_char *bp) { int version; int msg_type; const char *msg_type_str; - if (length <= 2) { - return; - } - /* Assuming ItsDpuHeader */ version = bp[0]; msg_type = bp[1]; @@ -83,7 +79,7 @@ ND_PRINT((ndo, "; BTP Dst:%u Src:%u", dest, src)); } -static void +static int print_long_pos_vector(netdissect_options *ndo, const u_char *bp) { @@ -91,10 +87,13 @@ ND_PRINT((ndo, "GN_ADDR:%s ", linkaddr_string (ndo, bp, 0, GEONET_ADDR_LEN))); + if (!ND_TTEST2(*(bp+12), 8)) + return (-1); lat = EXTRACT_32BITS(bp+12); ND_PRINT((ndo, "lat:%d ", lat)); lon = EXTRACT_32BITS(bp+16); ND_PRINT((ndo, "lon:%d", lon)); + return (0); } @@ -105,137 +104,170 @@ void geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int length) { - ND_PRINT((ndo, "GeoNet src:%s; ", etheraddr_string(ndo, eth+6))); + int version; + int next_hdr; + int hdr_type; + int hdr_subtype; + uint16_t payload_length; + int hop_limit; + const char *next_hdr_txt = "Unknown"; + const char *hdr_type_txt = "Unknown"; + int hdr_size = -1; - if (length >= 36) { - /* Process Common Header */ - int version = bp[0] >> 4; - int next_hdr = bp[0] & 0x0f; - int hdr_type = bp[1] >> 4; - int hdr_subtype = bp[1] & 0x0f; - uint16_t payload_length = EXTRACT_16BITS(bp+4); - int hop_limit = bp[7]; - const char *next_hdr_txt = "Unknown"; - const char *hdr_type_txt = "Unknown"; - int hdr_size = -1; + ND_PRINT((ndo, "GeoNet src:%s; ", etheraddr_string(ndo, eth+6))); - switch (next_hdr) { - case 0: next_hdr_txt = "Any"; break; - case 1: next_hdr_txt = "BTP-A"; break; - case 2: next_hdr_txt = "BTP-B"; break; - case 3: next_hdr_txt = "IPv6"; break; - } + /* Process Common Header */ + if (length < 36) + goto malformed; + + ND_TCHECK2(*bp, 7); + version = bp[0] >> 4; + next_hdr = bp[0] & 0x0f; + hdr_type = bp[1] >> 4; + hdr_subtype = bp[1] & 0x0f; + payload_length = EXTRACT_16BITS(bp+4); + hop_limit = bp[7]; + + switch (next_hdr) { + case 0: next_hdr_txt = "Any"; break; + case 1: next_hdr_txt = "BTP-A"; break; + case 2: next_hdr_txt = "BTP-B"; break; + case 3: next_hdr_txt = "IPv6"; break; + } - switch (hdr_type) { - case 0: hdr_type_txt = "Any"; break; - case 1: hdr_type_txt = "Beacon"; break; - case 2: hdr_type_txt = "GeoUnicast"; break; - case 3: switch (hdr_subtype) { - case 0: hdr_type_txt = "GeoAnycastCircle"; break; - case 1: hdr_type_txt = "GeoAnycastRect"; break; - case 2: hdr_type_txt = "GeoAnycastElipse"; break; - } - break; - case 4: switch (hdr_subtype) { - case 0: hdr_type_txt = "GeoBroadcastCircle"; break; - case 1: hdr_type_txt = "GeoBroadcastRect"; break; - case 2: hdr_type_txt = "GeoBroadcastElipse"; break; - } - break; - case 5: switch (hdr_subtype) { - case 0: hdr_type_txt = "TopoScopeBcast-SH"; break; - case 1: hdr_type_txt = "TopoScopeBcast-MH"; break; - } - break; - case 6: switch (hdr_subtype) { - case 0: hdr_type_txt = "LocService-Request"; break; - case 1: hdr_type_txt = "LocService-Reply"; break; - } - break; - } + switch (hdr_type) { + case 0: hdr_type_txt = "Any"; break; + case 1: hdr_type_txt = "Beacon"; break; + case 2: hdr_type_txt = "GeoUnicast"; break; + case 3: switch (hdr_subtype) { + case 0: hdr_type_txt = "GeoAnycastCircle"; break; + case 1: hdr_type_txt = "GeoAnycastRect"; break; + case 2: hdr_type_txt = "GeoAnycastElipse"; break; + } + break; + case 4: switch (hdr_subtype) { + case 0: hdr_type_txt = "GeoBroadcastCircle"; break; + case 1: hdr_type_txt = "GeoBroadcastRect"; break; + case 2: hdr_type_txt = "GeoBroadcastElipse"; break; + } + break; + case 5: switch (hdr_subtype) { + case 0: hdr_type_txt = "TopoScopeBcast-SH"; break; + case 1: hdr_type_txt = "TopoScopeBcast-MH"; break; + } + break; + case 6: switch (hdr_subtype) { + case 0: hdr_type_txt = "LocService-Request"; break; + case 1: hdr_type_txt = "LocService-Reply"; break; + } + break; + } - ND_PRINT((ndo, "v:%d ", version)); - ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt)); - ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype, hdr_type_txt)); - ND_PRINT((ndo, "HopLim:%d ", hop_limit)); - ND_PRINT((ndo, "Payload:%d ", payload_length)); - print_long_pos_vector(ndo, bp + 8); - - /* Skip Common Header */ - length -= 36; - bp += 36; + ND_PRINT((ndo, "v:%d ", version)); + ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt)); + ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype, hdr_type_txt)); + ND_PRINT((ndo, "HopLim:%d ", hop_limit)); + ND_PRINT((ndo, "Payload:%d ", payload_length)); + if (print_long_pos_vector(ndo, bp + 8) == -1) + goto trunc; + + /* Skip Common Header */ + length -= 36; + bp += 36; + + /* Process Extended Headers */ + switch (hdr_type) { + case 0: /* Any */ + hdr_size = 0; + break; + case 1: /* Beacon */ + hdr_size = 0; + break; + case 2: /* GeoUnicast */ + break; + case 3: switch (hdr_subtype) { + case 0: /* GeoAnycastCircle */ + break; + case 1: /* GeoAnycastRect */ + break; + case 2: /* GeoAnycastElipse */ + break; + } + break; + case 4: switch (hdr_subtype) { + case 0: /* GeoBroadcastCircle */ + break; + case 1: /* GeoBroadcastRect */ + break; + case 2: /* GeoBroadcastElipse */ + break; + } + break; + case 5: switch (hdr_subtype) { + case 0: /* TopoScopeBcast-SH */ + hdr_size = 0; + break; + case 1: /* TopoScopeBcast-MH */ + hdr_size = 68 - 36; + break; + } + break; + case 6: switch (hdr_subtype) { + case 0: /* LocService-Request */ + break; + case 1: /* LocService-Reply */ + break; + } + break; + } - /* Process Extended Headers */ - switch (hdr_type) { + /* Skip Extended headers */ + if (hdr_size >= 0) { + if (length < (u_int)hdr_size) + goto malformed; + ND_TCHECK2(*bp, hdr_size); + length -= hdr_size; + bp += hdr_size; + switch (next_hdr) { case 0: /* Any */ - hdr_size = 0; - break; - case 1: /* Beacon */ - hdr_size = 0; break; - case 2: /* GeoUnicast */ - break; - case 3: switch (hdr_subtype) { - case 0: /* GeoAnycastCircle */ - break; - case 1: /* GeoAnycastRect */ - break; - case 2: /* GeoAnycastElipse */ - break; - } - break; - case 4: switch (hdr_subtype) { - case 0: /* GeoBroadcastCircle */ - break; - case 1: /* GeoBroadcastRect */ - break; - case 2: /* GeoBroadcastElipse */ - break; + case 1: + case 2: /* BTP A/B */ + if (length < 4) + goto malformed; + ND_TCHECK2(*bp, 4); + print_btp(ndo, bp); + length -= 4; + bp += 4; + if (length >= 2) { + /* + * XXX - did print_btp_body() + * return if length < 2 + * because this is optional, + * or was that just not + * reporting genuine errors? + */ + ND_TCHECK2(*bp, 2); + print_btp_body(ndo, bp); } break; - case 5: switch (hdr_subtype) { - case 0: /* TopoScopeBcast-SH */ - hdr_size = 0; - break; - case 1: /* TopoScopeBcast-MH */ - hdr_size = 68 - 36; - break; - } - break; - case 6: switch (hdr_subtype) { - case 0: /* LocService-Request */ - break; - case 1: /* LocService-Reply */ - break; - } + case 3: /* IPv6 */ break; } - - /* Skip Extended headers */ - if (hdr_size >= 0) { - length -= hdr_size; - bp += hdr_size; - switch (next_hdr) { - case 0: /* Any */ - break; - case 1: - case 2: /* BTP A/B */ - print_btp(ndo, bp); - length -= 4; - bp += 4; - print_btp_body(ndo, bp, length); - break; - case 3: /* IPv6 */ - break; - } - } - } else { - ND_PRINT((ndo, "Malformed (small) ")); } /* Print user data part */ if (ndo->ndo_vflag) ND_DEFAULTPRINT(bp, length); + return; + +malformed: + ND_PRINT((ndo, " Malformed (small) ")); + /* XXX - print the remaining data as hex? */ + return; + +trunc: + ND_PRINT((ndo, "[|geonet]")); } Index: head/contrib/tcpdump/print-gre.c =================================================================== --- head/contrib/tcpdump/print-gre.c +++ head/contrib/tcpdump/print-gre.c @@ -200,11 +200,9 @@ case ETHERTYPE_IP: ip_print(ndo, bp, len); break; -#ifdef INET6 case ETHERTYPE_IPV6: ip6_print(ndo, bp, len); break; -#endif case ETHERTYPE_MPLS: mpls_print(ndo, bp, len); break; Index: head/contrib/tcpdump/print-http.c =================================================================== --- head/contrib/tcpdump/print-http.c +++ head/contrib/tcpdump/print-http.c @@ -0,0 +1,80 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +#ifndef lint +static const char rcsid[] _U_ = + "@(#) $Header$"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include + +#include "interface.h" +#include "extract.h" + +/* + * Includes WebDAV requests. + */ +static const char *httpcmds[] = { + "GET", + "PUT", + "COPY", + "HEAD", + "LOCK", + "MOVE", + "POLL", + "POST", + "BCOPY", + "BMOVE", + "MKCOL", + "TRACE", + "LABEL", + "MERGE", + "DELETE", + "SEARCH", + "UNLOCK", + "REPORT", + "UPDATE", + "NOTIFY", + "BDELETE", + "CONNECT", + "OPTIONS", + "CHECKIN", + "PROPFIND", + "CHECKOUT", + "CCM_POST", + "SUBSCRIBE", + "PROPPATCH", + "BPROPFIND", + "BPROPPATCH", + "UNCHECKOUT", + "MKACTIVITY", + "MKWORKSPACE", + "UNSUBSCRIBE", + "RPC_CONNECT", + "VERSION-CONTROL", + "BASELINE-CONTROL", + NULL +}; + +void +http_print(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + txtproto_print(ndo, pptr, len, "http", httpcmds, RESP_CODE_SECOND_TOKEN); +} Index: head/contrib/tcpdump/print-icmp.c =================================================================== --- head/contrib/tcpdump/print-icmp.c +++ head/contrib/tcpdump/print-icmp.c @@ -147,12 +147,10 @@ #define ICMP_MAXTYPE 18 -#define ICMP_INFOTYPE(type) \ - ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \ - (type) == ICMP_ROUTERADVERT || (type) == ICMP_ROUTERSOLICIT || \ - (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \ - (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \ - (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY) +#define ICMP_ERRTYPE(type) \ + ((type) == ICMP_UNREACH || (type) == ICMP_SOURCEQUENCH || \ + (type) == ICMP_REDIRECT || (type) == ICMP_TIMXCEED || \ + (type) == ICMP_PARAMPROB) #define ICMP_MPLS_EXT_TYPE(type) \ ((type) == ICMP_UNREACH || \ (type) == ICMP_TIMXCEED || \ @@ -315,7 +313,8 @@ /* print the milliseconds since midnight UTC */ const char * -icmp_tstamp_print(u_int tstamp) { +icmp_tstamp_print(u_int tstamp) +{ u_int msec,sec,min,hrs; static char buf[64]; @@ -578,7 +577,7 @@ * print the remnants of the IP packet. * save the snaplength as this may get overidden in the IP printer. */ - if (ndo->ndo_vflag >= 1 && !ICMP_INFOTYPE(dp->icmp_type)) { + if (ndo->ndo_vflag >= 1 && ICMP_ERRTYPE(dp->icmp_type)) { bp += 8; ND_PRINT((ndo, "\n\t")); ip = (struct ip *)bp; Index: head/contrib/tcpdump/print-icmp6.c =================================================================== --- head/contrib/tcpdump/print-icmp6.c +++ head/contrib/tcpdump/print-icmp6.c @@ -660,7 +660,7 @@ if(isprint(dagid[i])) { *d++ = dagid[i]; } else { - snprintf(d,4,"0x%02x", dagid[i]); + snprintf(d,5,"0x%02x", dagid[i]); /* 4 + null char */ d += 4; } } Index: head/contrib/tcpdump/print-ip.c =================================================================== --- head/contrib/tcpdump/print-ip.c +++ head/contrib/tcpdump/print-ip.c @@ -438,12 +438,10 @@ } break; -#ifdef INET6 case IPPROTO_IPV6: /* ip6-in-ip encapsulation */ ip6_print(ndo, ipds->cp, ipds->len); break; -#endif /*INET6*/ case IPPROTO_RSVP: rsvp_print(ndo, ipds->cp, ipds->len); @@ -539,9 +537,10 @@ ipds->ip = (const struct ip *)bp; ND_TCHECK(ipds->ip->ip_vhl); if (IP_V(ipds->ip) != 4) { /* print version if != 4 */ - ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip))); if (IP_V(ipds->ip) == 6) - ND_PRINT((ndo, ", wrong link-layer encapsulation")); + ND_PRINT((ndo, "IP6, wrong link-layer encapsulation ")); + else + ND_PRINT((ndo, "IP%u ", IP_V(ipds->ip))); } else if (!ndo->ndo_eflag) ND_PRINT((ndo, "IP ")); @@ -696,11 +695,9 @@ case 4: ip_print (ndo, bp, length); return; -#ifdef INET6 case 6: ip6_print (ndo, bp, length); return; -#endif default: ND_PRINT((ndo, "unknown ip %d", IP_V(&hdr))); return; Index: head/contrib/tcpdump/print-ip6.c =================================================================== --- head/contrib/tcpdump/print-ip6.c +++ head/contrib/tcpdump/print-ip6.c @@ -26,8 +26,6 @@ #include "config.h" #endif -#ifdef INET6 - #include #include @@ -36,6 +34,8 @@ #include "addrtoname.h" #include "extract.h" +#ifdef INET6 + #include "ip6.h" #include "ipproto.h" @@ -268,4 +268,12 @@ ND_PRINT((ndo, "[|ip6]")); } +#else /* INET6 */ + +void +ip6_print(netdissect_options *ndo, const u_char *bp _U_, u_int length) +{ + ND_PRINT((ndo, "IP6, length: %u (printing not supported)", length)); +} + #endif /* INET6 */ Index: head/contrib/tcpdump/print-ipnet.c =================================================================== --- head/contrib/tcpdump/print-ipnet.c +++ head/contrib/tcpdump/print-ipnet.c @@ -76,11 +76,9 @@ ip_print(ndo, p, length); break; -#ifdef INET6 case IPH_AF_INET6: ip6_print(ndo, p, length); break; -#endif /*INET6*/ default: if (!ndo->ndo_eflag) Index: head/contrib/tcpdump/print-isoclns.c =================================================================== --- head/contrib/tcpdump/print-isoclns.c +++ head/contrib/tcpdump/print-isoclns.c @@ -705,11 +705,9 @@ ip_print(ndo, p + 1, length - 1); break; -#ifdef INET6 case NLPID_IP6: ip6_print(ndo, p + 1, length - 1); break; -#endif case NLPID_PPP: ppp_print(ndo, p + 1, length - 1); @@ -1059,7 +1057,7 @@ if (li < sizeof(struct esis_header_t) + 2) { ND_PRINT((ndo, " length indicator < min PDU size %d:", li)); - while (--length != 0) + while (pptr < ndo->ndo_snapend) ND_PRINT((ndo, "%02X", *pptr++)); return; } @@ -1662,8 +1660,8 @@ static int isis_print_ip_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, int subt, int subl, - const char *ident) { - + const char *ident) +{ /* first lets see if we know the subTLVs name*/ ND_PRINT((ndo, "%s%s subTLV #%u, length: %u", ident, tok2str(isis_ext_ip_reach_subtlv_values, "unknown", subt), @@ -1712,8 +1710,8 @@ static int isis_print_is_reach_subtlv(netdissect_options *ndo, const uint8_t *tptr, u_int subt, u_int subl, - const char *ident) { - + const char *ident) +{ u_int te_class,priority_level,gmpls_switch_cap; union { /* int to float conversion buffer for several subTLVs */ float f; @@ -1872,8 +1870,8 @@ static int isis_print_ext_is_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, int tlv_type) { - + const uint8_t *tptr, const char *ident, int tlv_type) +{ char ident_buffer[20]; int subtlv_type,subtlv_len,subtlv_sum_len; int proc_bytes = 0; /* how many bytes did we process ? */ @@ -1922,8 +1920,8 @@ static int isis_print_mtid(netdissect_options *ndo, - const uint8_t *tptr, const char *ident) { - + const uint8_t *tptr, const char *ident) +{ if (!ND_TTEST2(*tptr, 2)) return(0); @@ -1949,8 +1947,8 @@ static int isis_print_extd_ip_reach(netdissect_options *ndo, - const uint8_t *tptr, const char *ident, uint16_t afi) { - + const uint8_t *tptr, const char *ident, uint16_t afi) +{ char ident_buffer[20]; #ifdef INET6 uint8_t prefix[sizeof(struct in6_addr)]; /* shared copy buffer for IPv4 and IPv6 prefixes */ @@ -2418,8 +2416,7 @@ break; default: - if (!print_unknown_data(ndo, pptr, "\n\t ", length)) - return(0); + (void)print_unknown_data(ndo, pptr, "\n\t ", length); return (0); } @@ -3086,15 +3083,31 @@ { uint16_t calculated_checksum; - /* do not attempt to verify the checksum if it is zero */ - if (!checksum) { + /* do not attempt to verify the checksum if it is zero, + * if the total length is nonsense, + * if the offset is nonsense, + * or the base pointer is not sane + */ + if (!checksum + || length > (u_int)ndo->ndo_snaplen + || checksum_offset > (uint)ndo->ndo_snaplen + || checksum_offset > length) { ND_PRINT((ndo, "(unverified)")); } else { + unsigned char *truncated = "trunc"; +#if 0 + printf("\nosi_print_cksum: %p %u %u %u\n", pptr, checksum_offset, length, ndo->ndo_snaplen); + ND_TCHECK2(pptr, checksum_offset+length); +#endif calculated_checksum = create_osi_cksum(pptr, checksum_offset, length); if (checksum == calculated_checksum) { ND_PRINT((ndo, " (correct)")); } else { - ND_PRINT((ndo, " (incorrect should be 0x%04x)", calculated_checksum)); + truncated = "incorrect"; +#if 0 + trunc: +#endif + ND_PRINT((ndo, " (%s should be 0x%04x)", truncated, calculated_checksum)); } } } Index: head/contrib/tcpdump/print-juniper.c =================================================================== --- head/contrib/tcpdump/print-juniper.c +++ head/contrib/tcpdump/print-juniper.c @@ -480,11 +480,9 @@ case JUNIPER_PROTO_IPV4: ip_print(ndo, p, l2info.length); break; -#ifdef INET6 case JUNIPER_PROTO_IPV6: ip6_print(ndo, p, l2info.length); break; -#endif /* INET6 */ default: if (!ndo->ndo_eflag) ND_PRINT((ndo, "unknown GGSN proto (%u)", gh->proto)); @@ -784,11 +782,9 @@ else ip_print(ndo, p, l2info.length); return l2info.header_len; -#ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; -#endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; @@ -840,11 +836,9 @@ case JUNIPER_LSQ_L3_PROTO_IPV4: ip_print(ndo, p, l2info.length); return l2info.header_len; -#ifdef INET6 case JUNIPER_LSQ_L3_PROTO_IPV6: ip6_print(ndo, p,l2info.length); return l2info.header_len; -#endif case JUNIPER_LSQ_L3_PROTO_MPLS: mpls_print(ndo, p, l2info.length); return l2info.header_len; @@ -1025,8 +1019,8 @@ * a juniper router if the payload data is encapsulated using PPP */ static int juniper_ppp_heuristic_guess(netdissect_options *ndo, - register const u_char *p, u_int length) { - + register const u_char *p, u_int length) +{ switch(EXTRACT_16BITS(p)) { case PPP_IP : case PPP_OSI : @@ -1055,8 +1049,8 @@ static int ip_heuristic_guess(netdissect_options *ndo, - register const u_char *p, u_int length) { - + register const u_char *p, u_int length) +{ switch(p[0]) { case 0x45: case 0x46: @@ -1071,7 +1065,6 @@ case 0x4f: ip_print(ndo, p, length); break; -#ifdef INET6 case 0x60: case 0x61: case 0x62: @@ -1090,7 +1083,6 @@ case 0x6f: ip6_print(ndo, p, length); break; -#endif default: return 0; /* did not find a ip header */ break; @@ -1099,8 +1091,8 @@ } static int -juniper_read_tlv_value(const u_char *p, u_int tlv_type, u_int tlv_len) { - +juniper_read_tlv_value(const u_char *p, u_int tlv_type, u_int tlv_len) +{ int tlv_value; /* TLVs < 128 are little endian encoded */ @@ -1147,8 +1139,8 @@ static int juniper_parse_header(netdissect_options *ndo, - const u_char *p, const struct pcap_pkthdr *h, struct juniper_l2info_t *l2info) { - + const u_char *p, const struct pcap_pkthdr *h, struct juniper_l2info_t *l2info) +{ const struct juniper_cookie_table_t *lp = juniper_cookie_table; u_int idx, jnx_ext_len, jnx_header_len = 0; uint8_t tlv_type,tlv_len; Index: head/contrib/tcpdump/print-ldp.c =================================================================== --- head/contrib/tcpdump/print-ldp.c +++ head/contrib/tcpdump/print-ldp.c @@ -209,7 +209,7 @@ { 0, NULL} }; -static int ldp_msg_print(netdissect_options *, register const u_char *); +static int ldp_pdu_print(netdissect_options *, register const u_char *); /* * ldp tlv header @@ -233,8 +233,9 @@ static int ldp_tlv_print(netdissect_options *ndo, - register const u_char *tptr) { - + register const u_char *tptr, + u_short msg_tlen) +{ struct ldp_tlv_header { uint8_t type[2]; uint8_t length[2]; @@ -248,7 +249,12 @@ int i; ldp_tlv_header = (const struct ldp_tlv_header *)tptr; + ND_TCHECK(*ldp_tlv_header); tlv_len=EXTRACT_16BITS(ldp_tlv_header->length); + if (tlv_len + 4 > msg_tlen) { + ND_PRINT((ndo, "\n\t\t TLV contents go past end of message")); + return 0; + } tlv_tlen=tlv_len; tlv_type=LDP_MASK_TLV_TYPE(EXTRACT_16BITS(ldp_tlv_header->type)); @@ -403,8 +409,11 @@ EXTRACT_32BITS(tptr+3), EXTRACT_32BITS(tptr+7), vc_info_len)); - if (vc_info_len < 4) - goto trunc; /* minimum 4, for the VC ID */ + if (vc_info_len < 4) { + /* minimum 4, for the VC ID */ + ND_PRINT((ndo, " (invalid, < 4")); + return(tlv_len+4); /* Type & Length fields not included */ + } vc_info_len -= 4; /* subtract out the VC ID, giving the length of the interface parameters */ /* Skip past the fixed information and the VC ID */ @@ -536,11 +545,11 @@ void ldp_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ int processed; while (len > (sizeof(struct ldp_common_header) + sizeof(struct ldp_msg_header))) { - processed = ldp_msg_print(ndo, pptr); + processed = ldp_pdu_print(ndo, pptr); if (processed == 0) return; len -= processed; @@ -549,9 +558,9 @@ } static int -ldp_msg_print(netdissect_options *ndo, - register const u_char *pptr) { - +ldp_pdu_print(netdissect_options *ndo, + register const u_char *pptr) +{ const struct ldp_common_header *ldp_com_header; const struct ldp_msg_header *ldp_msg_header; const u_char *tptr,*msg_tptr; @@ -559,7 +568,6 @@ u_short pdu_len,msg_len,msg_type,msg_tlen; int hexdump,processed; - tptr=pptr; ldp_com_header = (const struct ldp_common_header *)pptr; ND_TCHECK(*ldp_com_header); @@ -573,8 +581,17 @@ return 0; } - /* print the LSR-ID, label-space & length */ pdu_len = EXTRACT_16BITS(&ldp_com_header->pdu_length); + if (pdu_len < sizeof(const struct ldp_common_header)-4) { + /* length too short */ + ND_PRINT((ndo, "%sLDP, pdu-length: %u (too short, < %u)", + (ndo->ndo_vflag < 1) ? "" : "\n\t", + pdu_len, + (u_int)(sizeof(const struct ldp_common_header)-4))); + return 0; + } + + /* print the LSR-ID, label-space & length */ ND_PRINT((ndo, "%sLDP, Label-Space-ID: %s:%u, pdu-length: %u", (ndo->ndo_vflag < 1) ? "" : "\n\t", ipaddr_string(ndo, &ldp_com_header->lsr_id), @@ -586,10 +603,8 @@ return 0; /* ok they seem to want to know everything - lets fully decode it */ - tlen=pdu_len; - - tptr += sizeof(const struct ldp_common_header); - tlen -= sizeof(const struct ldp_common_header)-4; /* Type & Length fields not included */ + tptr = pptr + sizeof(const struct ldp_common_header); + tlen = pdu_len - (sizeof(const struct ldp_common_header)-4); /* Type & Length fields not included */ while(tlen>0) { /* did we capture enough for fully decoding the msg header ? */ @@ -599,6 +614,19 @@ msg_len=EXTRACT_16BITS(ldp_msg_header->length); msg_type=LDP_MASK_MSG_TYPE(EXTRACT_16BITS(ldp_msg_header->type)); + if (msg_len < sizeof(struct ldp_msg_header)-4) { + /* length too short */ + /* FIXME vendor private / experimental check */ + ND_PRINT((ndo, "\n\t %s Message (0x%04x), length: %u (too short, < %u)", + tok2str(ldp_msg_values, + "Unknown", + msg_type), + msg_type, + msg_len, + (u_int)(sizeof(struct ldp_msg_header)-4))); + return 0; + } + /* FIXME vendor private / experimental check */ ND_PRINT((ndo, "\n\t %s Message (0x%04x), length: %u, Message ID: 0x%08x, Flags: [%s if unknown]", tok2str(ldp_msg_values, @@ -609,11 +637,8 @@ EXTRACT_32BITS(&ldp_msg_header->id), LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore")); - if (msg_len == 0) /* infinite loop protection */ - return 0; - msg_tptr=tptr+sizeof(struct ldp_msg_header); - msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */ + msg_tlen=msg_len-(sizeof(struct ldp_msg_header)-4); /* Type & Length fields not included */ /* did we capture enough for fully decoding the message ? */ ND_TCHECK2(*tptr, msg_len); @@ -630,7 +655,7 @@ case LDP_MSG_ADDRESS_WITHDRAW: case LDP_MSG_LABEL_WITHDRAW: while(msg_tlen >= 4) { - processed = ldp_tlv_print(ndo, msg_tptr); + processed = ldp_tlv_print(ndo, msg_tptr, msg_tlen); if (processed == 0) break; msg_tlen-=processed; Index: head/contrib/tcpdump/print-lldp.c =================================================================== --- head/contrib/tcpdump/print-lldp.c +++ head/contrib/tcpdump/print-lldp.c @@ -1265,8 +1265,8 @@ } static char * -lldp_network_addr_print(netdissect_options *ndo, const u_char *tptr, u_int len) { - +lldp_network_addr_print(netdissect_options *ndo, const u_char *tptr, u_int len) +{ uint8_t af; static char buf[BUFSIZE]; const char * (*pfunc)(netdissect_options *, const u_char *); @@ -1311,8 +1311,8 @@ static int lldp_mgmt_addr_tlv_print(netdissect_options *ndo, - const u_char *pptr, u_int len) { - + const u_char *pptr, u_int len) +{ uint8_t mgmt_addr_len, intf_num_subtype, oid_len; const u_char *tptr; u_int tlen; @@ -1373,8 +1373,8 @@ void lldp_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ uint8_t subtype; uint16_t tlv, cap, ena_cap; u_int oui, tlen, hexdump, tlv_type, tlv_len; Index: head/contrib/tcpdump/print-lmp.c =================================================================== --- head/contrib/tcpdump/print-lmp.c +++ head/contrib/tcpdump/print-lmp.c @@ -354,8 +354,8 @@ void lmp_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ const struct lmp_common_header *lmp_com_header; const struct lmp_object_header *lmp_obj_header; const u_char *tptr,*obj_tptr; Index: head/contrib/tcpdump/print-lspping.c =================================================================== --- head/contrib/tcpdump/print-lspping.c +++ head/contrib/tcpdump/print-lspping.c @@ -458,8 +458,8 @@ void lspping_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ const struct lspping_common_header *lspping_com_header; const struct lspping_tlv_header *lspping_tlv_header; const struct lspping_tlv_header *lspping_subtlv_header; @@ -768,7 +768,7 @@ case LSPPING_TLV_DOWNSTREAM_MAPPING: /* that strange thing with the downstream map TLV is that until now - * we do not know if its IPv4 or IPv6 , after we found the adress-type + * we do not know if its IPv4 or IPv6 , after we found the address-type * lets recast the tlv_tptr and move on */ tlv_ptr.lspping_tlv_downstream_map_ipv4= \ Index: head/contrib/tcpdump/print-lwapp.c =================================================================== --- head/contrib/tcpdump/print-lwapp.c +++ head/contrib/tcpdump/print-lwapp.c @@ -12,7 +12,7 @@ * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS * FOR A PARTICULAR PURPOSE. * - * Support for the Light Weight Access Point Protocol as per draft-ohara-capwap-lwapp-04 + * Support for the Light Weight Access Point Protocol as per RFC 5412 * * Original code by Carles Kishimoto */ @@ -162,8 +162,8 @@ void lwapp_control_print(netdissect_options *ndo, - const u_char *pptr, u_int len, int has_ap_ident) { - + const u_char *pptr, u_int len, int has_ap_ident) +{ const struct lwapp_transport_header *lwapp_trans_header; const struct lwapp_control_header *lwapp_control_header; const u_char *tptr; @@ -285,8 +285,8 @@ void lwapp_data_print(netdissect_options *ndo, - const u_char *pptr, u_int len) { - + const u_char *pptr, u_int len) +{ const struct lwapp_transport_header *lwapp_trans_header; const u_char *tptr; int tlen; Index: head/contrib/tcpdump/print-mobility.c =================================================================== --- head/contrib/tcpdump/print-mobility.c +++ head/contrib/tcpdump/print-mobility.c @@ -69,6 +69,18 @@ #define IP6M_BINDING_UPDATE 5 /* Binding Update */ #define IP6M_BINDING_ACK 6 /* Binding Acknowledgement */ #define IP6M_BINDING_ERROR 7 /* Binding Error */ +#define IP6M_MAX 7 + +static const unsigned ip6m_hdrlen[IP6M_MAX + 1] = { + IP6M_MINLEN, /* IP6M_BINDING_REQUEST */ + IP6M_MINLEN + 8, /* IP6M_HOME_TEST_INIT */ + IP6M_MINLEN + 8, /* IP6M_CAREOF_TEST_INIT */ + IP6M_MINLEN + 16, /* IP6M_HOME_TEST */ + IP6M_MINLEN + 16, /* IP6M_CAREOF_TEST */ + IP6M_MINLEN + 4, /* IP6M_BINDING_UPDATE */ + IP6M_MINLEN + 4, /* IP6M_BINDING_ACK */ + IP6M_MINLEN + 16, /* IP6M_BINDING_ERROR */ +}; /* XXX: unused */ #define IP6MOPT_BU_MINLEN 10 @@ -95,16 +107,20 @@ unsigned i, optlen; for (i = 0; i < len; i += optlen) { + ND_TCHECK(bp[i]); if (bp[i] == IP6MOPT_PAD1) optlen = 1; else { - if (i + 1 < len) + if (i + 1 < len) { + ND_TCHECK(bp[i + 1]); optlen = bp[i + 1] + 2; + } else goto trunc; } if (i + optlen > len) goto trunc; + ND_TCHECK(bp[i + optlen]); switch (bp[i]) { case IP6MOPT_PAD1: @@ -203,6 +219,10 @@ ND_TCHECK(mh->ip6m_type); type = mh->ip6m_type; + if (type <= IP6M_MAX && mhlen < ip6m_hdrlen[type]) { + ND_PRINT((ndo, "(header length %u is too small for type %u)", mhlen, type)); + goto trunc; + } switch (type) { case IP6M_BINDING_REQUEST: ND_PRINT((ndo, "mobility: BRR")); Index: head/contrib/tcpdump/print-mpcp.c =================================================================== --- head/contrib/tcpdump/print-mpcp.c +++ head/contrib/tcpdump/print-mpcp.c @@ -122,8 +122,8 @@ }; void -mpcp_print(netdissect_options *ndo, register const u_char *pptr, register u_int length) { - +mpcp_print(netdissect_options *ndo, register const u_char *pptr, register u_int length) +{ union { const struct mpcp_common_header_t *common_header; const struct mpcp_grant_t *grant; Index: head/contrib/tcpdump/print-mpls.c =================================================================== --- head/contrib/tcpdump/print-mpls.c +++ head/contrib/tcpdump/print-mpls.c @@ -186,11 +186,7 @@ break; case PT_IPV6: -#ifdef INET6 ip6_print(ndo, p, length - (p - bp)); -#else - ND_PRINT((ndo, "IPv6, length: %u", length)); -#endif break; case PT_OSI: Index: head/contrib/tcpdump/print-nflog.c =================================================================== --- head/contrib/tcpdump/print-nflog.c +++ head/contrib/tcpdump/print-nflog.c @@ -145,11 +145,11 @@ ip_print(ndo, p, length); break; -#ifdef INET6 +#ifdef AF_INET6 case AF_INET6: ip6_print(ndo, p, length); break; -#endif /*INET6*/ +#endif /* AF_INET6 */ default: if (!ndo->ndo_eflag) Index: head/contrib/tcpdump/print-null.c =================================================================== --- head/contrib/tcpdump/print-null.c +++ head/contrib/tcpdump/print-null.c @@ -111,13 +111,11 @@ ip_print(ndo, p, length); break; -#ifdef INET6 case BSD_AFNUM_INET6_BSD: case BSD_AFNUM_INET6_FREEBSD: case BSD_AFNUM_INET6_DARWIN: ip6_print(ndo, p, length); break; -#endif case BSD_AFNUM_ISO: isoclns_print(ndo, p, length, caplen); Index: head/contrib/tcpdump/print-olsr.c =================================================================== --- head/contrib/tcpdump/print-olsr.c +++ head/contrib/tcpdump/print-olsr.c @@ -178,7 +178,7 @@ /* * print a neighbor list with LQ extensions. */ -static void +static int olsr_print_lq_neighbor4(netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { @@ -187,6 +187,8 @@ while (hello_len >= sizeof(struct olsr_lq_neighbor4)) { lq_neighbor = (struct olsr_lq_neighbor4 *)msg_data; + if (!ND_TTEST(*lq_neighbor)) + return (-1); ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%" ", neighbor-link-quality %.2lf%%", @@ -197,10 +199,11 @@ msg_data += sizeof(struct olsr_lq_neighbor4); hello_len -= sizeof(struct olsr_lq_neighbor4); } + return (0); } #if INET6 -static void +static int olsr_print_lq_neighbor6(netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { @@ -209,6 +212,8 @@ while (hello_len >= sizeof(struct olsr_lq_neighbor6)) { lq_neighbor = (struct olsr_lq_neighbor6 *)msg_data; + if (!ND_TTEST(*lq_neighbor)) + return (-1); ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%" ", neighbor-link-quality %.2lf%%", @@ -219,13 +224,14 @@ msg_data += sizeof(struct olsr_lq_neighbor6); hello_len -= sizeof(struct olsr_lq_neighbor6); } + return (0); } #endif /* INET6 */ /* * print a neighbor list. */ -static void +static int olsr_print_neighbor(netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { @@ -236,6 +242,8 @@ while (hello_len >= sizeof(struct in_addr)) { + if (!ND_TTEST2(*msg_data, sizeof(struct in_addr))) + return (-1); /* print 4 neighbors per line */ ND_PRINT((ndo, "%s%s", ipaddr_string(ndo, msg_data), @@ -244,6 +252,7 @@ msg_data += sizeof(struct in_addr); hello_len -= sizeof(struct in_addr); } + return (0); } @@ -326,6 +335,9 @@ ME_TO_DOUBLE(msgptr.v6->vtime), EXTRACT_16BITS(msgptr.v6->msg_seq), msg_len, (msg_len_valid == 0) ? " (invalid)" : "")); + if (!msg_len_valid) { + return; + } msg_tlen = msg_len - sizeof(struct olsr_msg6); msg_data = tptr + sizeof(struct olsr_msg6); @@ -354,6 +366,9 @@ ME_TO_DOUBLE(msgptr.v4->vtime), EXTRACT_16BITS(msgptr.v4->msg_seq), msg_len, (msg_len_valid == 0) ? " (invalid)" : "")); + if (!msg_len_valid) { + return; + } msg_tlen = msg_len - sizeof(struct olsr_msg4); msg_data = tptr + sizeof(struct olsr_msg4); @@ -362,6 +377,8 @@ switch (msg_type) { case OLSR_HELLO_MSG: case OLSR_HELLO_LQ_MSG: + if (msg_tlen < sizeof(struct olsr_hello)) + goto trunc; ND_TCHECK2(*msg_data, sizeof(struct olsr_hello)); ptr.hello = (struct olsr_hello *)msg_data; @@ -401,15 +418,21 @@ msg_tlen -= sizeof(struct olsr_hello_link); hello_len -= sizeof(struct olsr_hello_link); + ND_TCHECK2(*msg_data, hello_len); if (msg_type == OLSR_HELLO_MSG) { - olsr_print_neighbor(ndo, msg_data, hello_len); + if (olsr_print_neighbor(ndo, msg_data, hello_len) == -1) + goto trunc; } else { #if INET6 - if (is_ipv6) - olsr_print_lq_neighbor6(ndo, msg_data, hello_len); - else + if (is_ipv6) { + if (olsr_print_lq_neighbor6(ndo, msg_data, hello_len) == -1) + goto trunc; + } else #endif - olsr_print_lq_neighbor4(ndo, msg_data, hello_len); + { + if (olsr_print_lq_neighbor4(ndo, msg_data, hello_len) == -1) + goto trunc; + } } msg_data += hello_len; @@ -419,6 +442,8 @@ case OLSR_TC_MSG: case OLSR_TC_LQ_MSG: + if (msg_tlen < sizeof(struct olsr_tc)) + goto trunc; ND_TCHECK2(*msg_data, sizeof(struct olsr_tc)); ptr.tc = (struct olsr_tc *)msg_data; @@ -428,14 +453,19 @@ msg_tlen -= sizeof(struct olsr_tc); if (msg_type == OLSR_TC_MSG) { - olsr_print_neighbor(ndo, msg_data, msg_tlen); + if (olsr_print_neighbor(ndo, msg_data, msg_tlen) == -1) + goto trunc; } else { #if INET6 - if (is_ipv6) - olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen); - else + if (is_ipv6) { + if (olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen) == -1) + goto trunc; + } else #endif - olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen); + { + if (olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen) == -1) + goto trunc; + } } break; @@ -579,7 +609,7 @@ #endif ND_PRINT((ndo, ", address %s, name \"", ipaddr_string(ndo, msg_data))); - fn_printn(ndo, msg_data + addr_size, name_entry_len, NULL); + (void)fn_printn(ndo, msg_data + addr_size, name_entry_len, NULL); ND_PRINT((ndo, "\"")); msg_data += addr_size + name_entry_len + name_entry_padding; Index: head/contrib/tcpdump/print-openflow-1.0.c =================================================================== --- head/contrib/tcpdump/print-openflow-1.0.c +++ head/contrib/tcpdump/print-openflow-1.0.c @@ -8,6 +8,16 @@ * * [OF10] http://www.openflow.org/documents/openflow-spec-v1.0.0.pdf * + * Most functions in this file take 3 arguments into account: + * * cp -- the pointer to the first octet to decode + * * len -- the length of the current structure as declared on the wire + * * ep -- the pointer to the end of the captured frame + * They return either the pointer to the next not-yet-decoded part of the frame + * or the value of ep, which means the current frame processing is over as it + * has been fully decoded or is malformed or truncated. This way it is possible + * to chain and nest such functions uniformly to decode an OF1.0 message, which + * consists of several layers of nested structures. + * * Decoding of Ethernet frames nested in OFPT_PACKET_IN and OFPT_PACKET_OUT * messages is done only when the verbosity level set by command-line argument * is "-vvv" or higher. In that case the verbosity level is temporarily @@ -15,6 +25,10 @@ * tcpdump with "-vvvv" will do full decoding of OpenFlow and "-v" decoding of * the nested frames. * + * Partial decoding of Big Switch Networks vendor extensions is done after the + * oftest (OpenFlow Testing Framework) and Loxigen (library generator) source + * code. + * * * Copyright (c) 2013 The TCPDUMP project * All rights reserved. @@ -55,6 +69,7 @@ #include "ether.h" #include "ethertype.h" #include "ipproto.h" +#include "oui.h" #include "openflow.h" static const char tstr[] = " [|openflow]"; @@ -580,8 +595,109 @@ #define SERIAL_NUM_LEN 32 #define OFP_VLAN_NONE 0xffff +/* vendor extensions */ +#define BSN_SET_IP_MASK 0 +#define BSN_GET_IP_MASK_REQUEST 1 +#define BSN_GET_IP_MASK_REPLY 2 +#define BSN_SET_MIRRORING 3 +#define BSN_GET_MIRRORING_REQUEST 4 +#define BSN_GET_MIRRORING_REPLY 5 +#define BSN_SHELL_COMMAND 6 +#define BSN_SHELL_OUTPUT 7 +#define BSN_SHELL_STATUS 8 +#define BSN_GET_INTERFACES_REQUEST 9 +#define BSN_GET_INTERFACES_REPLY 10 +#define BSN_SET_PKTIN_SUPPRESSION_REQUEST 11 +#define BSN_SET_L2_TABLE_REQUEST 12 +#define BSN_GET_L2_TABLE_REQUEST 13 +#define BSN_GET_L2_TABLE_REPLY 14 +#define BSN_VIRTUAL_PORT_CREATE_REQUEST 15 +#define BSN_VIRTUAL_PORT_CREATE_REPLY 16 +#define BSN_VIRTUAL_PORT_REMOVE_REQUEST 17 +#define BSN_BW_ENABLE_SET_REQUEST 18 +#define BSN_BW_ENABLE_GET_REQUEST 19 +#define BSN_BW_ENABLE_GET_REPLY 20 +#define BSN_BW_CLEAR_DATA_REQUEST 21 +#define BSN_BW_CLEAR_DATA_REPLY 22 +#define BSN_BW_ENABLE_SET_REPLY 23 +#define BSN_SET_L2_TABLE_REPLY 24 +#define BSN_SET_PKTIN_SUPPRESSION_REPLY 25 +#define BSN_VIRTUAL_PORT_REMOVE_REPLY 26 +#define BSN_HYBRID_GET_REQUEST 27 +#define BSN_HYBRID_GET_REPLY 28 + /* 29 */ + /* 30 */ +#define BSN_PDU_TX_REQUEST 31 +#define BSN_PDU_TX_REPLY 32 +#define BSN_PDU_RX_REQUEST 33 +#define BSN_PDU_RX_REPLY 34 +#define BSN_PDU_RX_TIMEOUT 35 + +static const struct tok bsn_subtype_str[] = { + { BSN_SET_IP_MASK, "SET_IP_MASK" }, + { BSN_GET_IP_MASK_REQUEST, "GET_IP_MASK_REQUEST" }, + { BSN_GET_IP_MASK_REPLY, "GET_IP_MASK_REPLY" }, + { BSN_SET_MIRRORING, "SET_MIRRORING" }, + { BSN_GET_MIRRORING_REQUEST, "GET_MIRRORING_REQUEST" }, + { BSN_GET_MIRRORING_REPLY, "GET_MIRRORING_REPLY" }, + { BSN_SHELL_COMMAND, "SHELL_COMMAND" }, + { BSN_SHELL_OUTPUT, "SHELL_OUTPUT" }, + { BSN_SHELL_STATUS, "SHELL_STATUS" }, + { BSN_GET_INTERFACES_REQUEST, "GET_INTERFACES_REQUEST" }, + { BSN_GET_INTERFACES_REPLY, "GET_INTERFACES_REPLY" }, + { BSN_SET_PKTIN_SUPPRESSION_REQUEST, "SET_PKTIN_SUPPRESSION_REQUEST" }, + { BSN_SET_L2_TABLE_REQUEST, "SET_L2_TABLE_REQUEST" }, + { BSN_GET_L2_TABLE_REQUEST, "GET_L2_TABLE_REQUEST" }, + { BSN_GET_L2_TABLE_REPLY, "GET_L2_TABLE_REPLY" }, + { BSN_VIRTUAL_PORT_CREATE_REQUEST, "VIRTUAL_PORT_CREATE_REQUEST" }, + { BSN_VIRTUAL_PORT_CREATE_REPLY, "VIRTUAL_PORT_CREATE_REPLY" }, + { BSN_VIRTUAL_PORT_REMOVE_REQUEST, "VIRTUAL_PORT_REMOVE_REQUEST" }, + { BSN_BW_ENABLE_SET_REQUEST, "BW_ENABLE_SET_REQUEST" }, + { BSN_BW_ENABLE_GET_REQUEST, "BW_ENABLE_GET_REQUEST" }, + { BSN_BW_ENABLE_GET_REPLY, "BW_ENABLE_GET_REPLY" }, + { BSN_BW_CLEAR_DATA_REQUEST, "BW_CLEAR_DATA_REQUEST" }, + { BSN_BW_CLEAR_DATA_REPLY, "BW_CLEAR_DATA_REPLY" }, + { BSN_BW_ENABLE_SET_REPLY, "BW_ENABLE_SET_REPLY" }, + { BSN_SET_L2_TABLE_REPLY, "SET_L2_TABLE_REPLY" }, + { BSN_SET_PKTIN_SUPPRESSION_REPLY, "SET_PKTIN_SUPPRESSION_REPLY" }, + { BSN_VIRTUAL_PORT_REMOVE_REPLY, "VIRTUAL_PORT_REMOVE_REPLY" }, + { BSN_HYBRID_GET_REQUEST, "HYBRID_GET_REQUEST" }, + { BSN_HYBRID_GET_REPLY, "HYBRID_GET_REPLY" }, + { BSN_PDU_TX_REQUEST, "PDU_TX_REQUEST" }, + { BSN_PDU_TX_REPLY, "PDU_TX_REPLY" }, + { BSN_PDU_RX_REQUEST, "PDU_RX_REQUEST" }, + { BSN_PDU_RX_REPLY, "PDU_RX_REPLY" }, + { BSN_PDU_RX_TIMEOUT, "PDU_RX_TIMEOUT" }, + { 0, NULL } +}; + +#define BSN_ACTION_MIRROR 1 +#define BSN_ACTION_SET_TUNNEL_DST 2 + /* 3 */ +#define BSN_ACTION_CHECKSUM 4 + +static const struct tok bsn_action_subtype_str[] = { + { BSN_ACTION_MIRROR, "MIRROR" }, + { BSN_ACTION_SET_TUNNEL_DST, "SET_TUNNEL_DST" }, + { BSN_ACTION_CHECKSUM, "CHECKSUM" }, + { 0, NULL } +}; + +static const struct tok bsn_mirror_copy_stage_str[] = { + { 0, "INGRESS" }, + { 1, "EGRESS" }, + { 0, NULL }, +}; + +static const struct tok bsn_onoff_str[] = { + { 0, "OFF" }, + { 1, "ON" }, + { 0, NULL }, +}; + static const char * -vlan_str(const uint16_t vid) { +vlan_str(const uint16_t vid) +{ static char buf[sizeof("65535 (bogus)")]; const char *fmt; @@ -593,7 +709,8 @@ } static const char * -pcp_str(const uint8_t pcp) { +pcp_str(const uint8_t pcp) +{ static char buf[sizeof("255 (bogus)")]; snprintf(buf, sizeof(buf), pcp <= 7 ? "%u" : "%u (bogus)", pcp); return buf; @@ -601,7 +718,8 @@ static void of10_bitmap_print(netdissect_options *ndo, - const struct tok *t, const uint32_t v, const uint32_t u) { + const struct tok *t, const uint32_t v, const uint32_t u) +{ const char *sep = " ("; if (v == 0) @@ -618,7 +736,8 @@ static const u_char * of10_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ if (len == 0) return cp; /* data */ @@ -633,16 +752,357 @@ return ep; } +static const u_char * +of10_bsn_message_print(netdissect_options *ndo, + const u_char *cp, const u_char *ep, const u_int len) +{ + const u_char *cp0 = cp; + uint32_t subtype; + + if (len < 4) + goto corrupt; + /* subtype */ + ND_TCHECK2(*cp, 4); + subtype = EXTRACT_32BITS(cp); + cp += 4; + ND_PRINT((ndo, "\n\t subtype %s", tok2str(bsn_subtype_str, "unknown (0x%08x)", subtype))); + switch (subtype) { + case BSN_GET_IP_MASK_REQUEST: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | index | pad | + * +---------------+---------------+---------------+---------------+ + * | pad | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 12) + goto corrupt; + /* index */ + ND_TCHECK2(*cp, 1); + ND_PRINT((ndo, ", index %u", *cp)); + cp += 1; + /* pad */ + ND_TCHECK2(*cp, 7); + cp += 7; + break; + case BSN_SET_IP_MASK: + case BSN_GET_IP_MASK_REPLY: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | index | pad | + * +---------------+---------------+---------------+---------------+ + * | mask | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 12) + goto corrupt; + /* index */ + ND_TCHECK2(*cp, 1); + ND_PRINT((ndo, ", index %u", *cp)); + cp += 1; + /* pad */ + ND_TCHECK2(*cp, 3); + cp += 3; + /* mask */ + ND_TCHECK2(*cp, 4); + ND_PRINT((ndo, ", mask %s", ipaddr_string(ndo, cp))); + cp += 4; + break; + case BSN_SET_MIRRORING: + case BSN_GET_MIRRORING_REQUEST: + case BSN_GET_MIRRORING_REPLY: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | report m. p. | pad | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 8) + goto corrupt; + /* report_mirror_ports */ + ND_TCHECK2(*cp, 1); + ND_PRINT((ndo, ", report_mirror_ports %s", tok2str(bsn_onoff_str, "bogus (%u)", *cp))); + cp += 1; + /* pad */ + ND_TCHECK2(*cp, 3); + cp += 3; + break; + case BSN_GET_INTERFACES_REQUEST: + case BSN_GET_L2_TABLE_REQUEST: + case BSN_BW_ENABLE_GET_REQUEST: + case BSN_BW_CLEAR_DATA_REQUEST: + case BSN_HYBRID_GET_REQUEST: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 4) + goto corrupt; + break; + case BSN_VIRTUAL_PORT_REMOVE_REQUEST: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | vport_no | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 8) + goto corrupt; + /* vport_no */ + ND_TCHECK2(*cp, 4); + ND_PRINT((ndo, ", vport_no %u", EXTRACT_32BITS(cp))); + cp += 4; + break; + case BSN_SHELL_COMMAND: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | service | + * +---------------+---------------+---------------+---------------+ + * | data ... + * +---------------+---------------+-------- + * + */ + if (len < 8) + goto corrupt; + /* service */ + ND_TCHECK2(*cp, 4); + ND_PRINT((ndo, ", service %u", EXTRACT_32BITS(cp))); + cp += 4; + /* data */ + ND_PRINT((ndo, ", data '")); + if (fn_printn(ndo, cp, len - 8, ep)) { + ND_PRINT((ndo, "'")); + goto trunc; + } + ND_PRINT((ndo, "'")); + cp += len - 8; + break; + case BSN_SHELL_OUTPUT: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | data ... + * +---------------+---------------+-------- + * + */ + /* already checked that len >= 4 */ + /* data */ + ND_PRINT((ndo, ", data '")); + if (fn_printn(ndo, cp, len - 4, ep)) { + ND_PRINT((ndo, "'")); + goto trunc; + } + ND_PRINT((ndo, "'")); + cp += len - 4; + break; + case BSN_SHELL_STATUS: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | status | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 8) + goto corrupt; + /* status */ + ND_TCHECK2(*cp, 4); + ND_PRINT((ndo, ", status 0x%08x", EXTRACT_32BITS(cp))); + cp += 4; + break; + default: + ND_TCHECK2(*cp, len - 4); + cp += len - 4; + } + return cp; + +corrupt: /* skip the undersized data */ + ND_PRINT((ndo, "%s", cstr)); + ND_TCHECK2(*cp0, len); + return cp0 + len; +trunc: + ND_PRINT((ndo, "%s", tstr)); + return ep; +} + +static const u_char * +of10_bsn_actions_print(netdissect_options *ndo, + const u_char *cp, const u_char *ep, const u_int len) +{ + const u_char *cp0 = cp; + uint32_t subtype, vlan_tag; + + if (len < 4) + goto corrupt; + /* subtype */ + ND_TCHECK2(*cp, 4); + subtype = EXTRACT_32BITS(cp); + cp += 4; + ND_PRINT((ndo, "\n\t subtype %s", tok2str(bsn_action_subtype_str, "unknown (0x%08x)", subtype))); + switch (subtype) { + case BSN_ACTION_MIRROR: + /* + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +---------------+---------------+---------------+---------------+ + * | subtype | + * +---------------+---------------+---------------+---------------+ + * | dest_port | + * +---------------+---------------+---------------+---------------+ + * | vlan_tag | + * +---------------+---------------+---------------+---------------+ + * | copy_stage | pad | + * +---------------+---------------+---------------+---------------+ + * + */ + if (len != 16) + goto corrupt; + /* dest_port */ + ND_TCHECK2(*cp, 4); + ND_PRINT((ndo, ", dest_port %u", EXTRACT_32BITS(cp))); + cp += 4; + /* vlan_tag */ + ND_TCHECK2(*cp, 4); + vlan_tag = EXTRACT_32BITS(cp); + cp += 4; + switch (vlan_tag >> 16) { + case 0: + ND_PRINT((ndo, ", vlan_tag none")); + break; + case ETHERTYPE_8021Q: + ND_PRINT((ndo, ", vlan_tag 802.1Q (%s)", ieee8021q_tci_string(vlan_tag & 0xffff))); + break; + default: + ND_PRINT((ndo, ", vlan_tag unknown (0x%04x)", vlan_tag >> 16)); + } + /* copy_stage */ + ND_TCHECK2(*cp, 1); + ND_PRINT((ndo, ", copy_stage %s", tok2str(bsn_mirror_copy_stage_str, "unknown (%u)", *cp))); + cp += 1; + /* pad */ + ND_TCHECK2(*cp, 3); + cp += 3; + break; + default: + ND_TCHECK2(*cp, len - 4); + cp += len - 4; + } + + return cp; + +corrupt: + ND_PRINT((ndo, "%s", cstr)); + ND_TCHECK2(*cp0, len); + return cp0 + len; +trunc: + ND_PRINT((ndo, "%s", tstr)); + return ep; +} + +static const u_char * +of10_vendor_action_print(netdissect_options *ndo, + const u_char *cp, const u_char *ep, const u_int len) +{ + uint32_t vendor; + const u_char *(*decoder)(netdissect_options *, const u_char *, const u_char *, const u_int); + + if (len < 4) + goto corrupt; + /* vendor */ + ND_TCHECK2(*cp, 4); + vendor = EXTRACT_32BITS(cp); + cp += 4; + ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); + /* data */ + decoder = + vendor == OUI_BSN ? of10_bsn_actions_print : + of10_data_print; + return decoder(ndo, cp, ep, len - 4); + +corrupt: /* skip the undersized data */ + ND_PRINT((ndo, "%s", cstr)); + ND_TCHECK2(*cp, len); + return cp + len; +trunc: + ND_PRINT((ndo, "%s", tstr)); + return ep; +} + +static const u_char * +of10_vendor_message_print(netdissect_options *ndo, + const u_char *cp, const u_char *ep, const u_int len) +{ + uint32_t vendor; + const u_char *(*decoder)(netdissect_options *, const u_char *, const u_char *, u_int); + + if (len < 4) + goto corrupt; + /* vendor */ + ND_TCHECK2(*cp, 4); + vendor = EXTRACT_32BITS(cp); + cp += 4; + ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); + /* data */ + decoder = + vendor == OUI_BSN ? of10_bsn_message_print : + of10_data_print; + return decoder(ndo, cp, ep, len - 4); + +corrupt: /* skip the undersized data */ + ND_PRINT((ndo, "%s", cstr)); + ND_TCHECK2(*cp, len); + return cp + len; +trunc: + ND_PRINT((ndo, "%s", tstr)); + return ep; +} + /* Vendor ID is mandatory, data is optional. */ static const u_char * of10_vendor_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ + uint32_t vendor; + if (len < 4) goto corrupt; /* vendor */ ND_TCHECK2(*cp, 4); - ND_PRINT((ndo, ", vendor 0x%08x", EXTRACT_32BITS(cp))); + vendor = EXTRACT_32BITS(cp); cp += 4; + ND_PRINT((ndo, ", vendor 0x%08x (%s)", vendor, of_vendor_name(vendor))); /* data */ return of10_data_print(ndo, cp, ep, len - 4); @@ -657,7 +1117,8 @@ static const u_char * of10_packet_data_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ if (len == 0) return cp; /* data */ @@ -679,7 +1140,8 @@ /* [OF10] Section 5.2.1 */ static const u_char * of10_phy_ports_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; @@ -753,7 +1215,8 @@ /* [OF10] Section 5.2.2 */ static const u_char * of10_queue_props_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t property, plen, rate; @@ -828,7 +1291,8 @@ /* ibid */ static const u_char * of10_queues_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t desclen; @@ -875,7 +1339,8 @@ /* [OF10] Section 5.2.3 */ static const u_char * of10_match_print(netdissect_options *ndo, - const char *pfx, const u_char *cp, const u_char *ep) { + const char *pfx, const u_char *cp, const u_char *ep) +{ uint32_t wildcards; uint16_t dl_type; uint8_t nw_proto; @@ -979,7 +1444,8 @@ static const u_char * of10_actions_print(netdissect_options *ndo, const char *pfx, const u_char *cp, const u_char *ep, - u_int len) { + u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t type, alen, output_port; @@ -1118,7 +1584,7 @@ cp += 4; break; case OFPAT_VENDOR: - if (ep == (cp = of10_vendor_data_print(ndo, cp, ep, alen - 4))) + if (ep == (cp = of10_vendor_action_print(ndo, cp, ep, alen - 4))) return ep; /* end of snapshot */ break; case OFPAT_STRIP_VLAN: @@ -1144,7 +1610,8 @@ /* [OF10] Section 5.3.1 */ static const u_char * of10_features_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ /* datapath_id */ ND_TCHECK2(*cp, 8); ND_PRINT((ndo, "\n\t dpid 0x%016" PRIx64, EXTRACT_64BITS(cp))); @@ -1181,7 +1648,8 @@ /* [OF10] Section 5.3.3 */ static const u_char * of10_flow_mod_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ uint16_t command; /* match */ @@ -1238,7 +1706,8 @@ /* ibid */ static const u_char * of10_port_mod_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep) { + const u_char *cp, const u_char *ep) +{ /* port_no */ ND_TCHECK2(*cp, 2); ND_PRINT((ndo, "\n\t port_no %s", tok2str(ofpp_str, "%u", EXTRACT_16BITS(cp)))); @@ -1274,7 +1743,8 @@ /* [OF10] Section 5.3.5 */ static const u_char * of10_stats_request_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t type; @@ -1357,7 +1827,8 @@ /* ibid */ static const u_char * of10_desc_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ if (len != OF_DESC_STATS_LEN) goto corrupt; /* mfr_desc */ @@ -1403,7 +1874,8 @@ /* ibid */ static const u_char * of10_flow_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t entry_len; @@ -1484,7 +1956,8 @@ static const u_char * of10_aggregate_stats_reply_print(netdissect_options *ndo, const u_char *cp, const u_char *ep, - const u_int len) { + const u_int len) +{ if (len != OF_AGGREGATE_STATS_REPLY_LEN) goto corrupt; /* packet_count */ @@ -1515,7 +1988,8 @@ /* ibid */ static const u_char * of10_table_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; @@ -1573,7 +2047,8 @@ /* ibid */ static const u_char * of10_port_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; @@ -1657,7 +2132,8 @@ /* ibid */ static const u_char * of10_queue_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, u_int len) { + const u_char *cp, const u_char *ep, u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; @@ -1704,7 +2180,8 @@ /* ibid */ static const u_char * of10_stats_reply_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ const u_char *cp0 = cp; uint16_t type; @@ -1743,7 +2220,8 @@ /* [OF10] Section 5.3.6 */ static const u_char * of10_packet_out_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ const u_char *cp0 = cp; const u_int len0 = len; uint16_t actions_len; @@ -1780,7 +2258,8 @@ /* [OF10] Section 5.4.1 */ static const u_char * of10_packet_in_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ /* buffer_id */ ND_TCHECK2(*cp, 4); ND_PRINT((ndo, "\n\t buffer_id %s", tok2str(bufferid_str, "0x%08x", EXTRACT_32BITS(cp)))); @@ -1812,7 +2291,8 @@ /* [OF10] Section 5.4.2 */ static const u_char * of10_flow_removed_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep) { + const u_char *cp, const u_char *ep) +{ /* match */ if (ep == (cp = of10_match_print(ndo, "\n\t ", cp, ep))) return ep; /* end of snapshot */ @@ -1865,7 +2345,8 @@ /* [OF10] Section 5.4.4 */ static const u_char * of10_error_print(netdissect_options *ndo, - const u_char *cp, const u_char *ep, const u_int len) { + const u_char *cp, const u_char *ep, const u_int len) +{ uint16_t type; const struct tok *code_str; @@ -1897,7 +2378,8 @@ const u_char * of10_header_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep, const uint8_t type, - const uint16_t len, const uint32_t xid) { + const uint16_t len, const uint32_t xid) +{ const u_char *cp0 = cp; const u_int len0 = len; /* Thus far message length is not less than the basic header size, but most @@ -2003,7 +2485,7 @@ goto corrupt; if (ndo->ndo_vflag < 1) goto next_message; - return of10_vendor_data_print(ndo, cp, ep, len - OF_HEADER_LEN); + return of10_vendor_message_print(ndo, cp, ep, len - OF_HEADER_LEN); case OFPT_PACKET_IN: /* 2 mock octets count in OF_PACKET_IN_LEN but not in len */ if (len < OF_PACKET_IN_LEN - 2) Index: head/contrib/tcpdump/print-openflow.c =================================================================== --- head/contrib/tcpdump/print-openflow.c +++ head/contrib/tcpdump/print-openflow.c @@ -40,22 +40,44 @@ #include "interface.h" #include "extract.h" #include "openflow.h" +#include "oui.h" static const char tstr[] = " [|openflow]"; static const char cstr[] = " (corrupt)"; #define OF_VER_1_0 0x01 +const struct tok onf_exp_str[] = { + { ONF_EXP_ONF, "ONF Extensions" }, + { ONF_EXP_BUTE, "Budapest University of Technology and Economics" }, + { ONF_EXP_NOVIFLOW, "NoviFlow" }, + { ONF_EXP_L3, "L3+ Extensions, Vendor Neutral" }, + { ONF_EXP_L4L7, "L4-L7 Extensions" }, + { ONF_EXP_WMOB, "Wireless and Mobility Extensions" }, + { ONF_EXP_FABS, "Forwarding Abstractions Extensions" }, + { ONF_EXP_OTRANS, "Optical Transport Extensions" }, + { 0, NULL } +}; + +const char * +of_vendor_name(const uint32_t vendor) +{ + const struct tok *table = (vendor & 0xff000000) == 0 ? oui_values : onf_exp_str; + return tok2str(table, "unknown", vendor); +} + static void of_header_print(netdissect_options *ndo, const uint8_t version, const uint8_t type, - const uint16_t length, const uint32_t xid) { + const uint16_t length, const uint32_t xid) +{ ND_PRINT((ndo, "\n\tversion unknown (0x%02x), type 0x%02x, length %u, xid 0x%08x", version, type, length, xid)); } /* Print a single OpenFlow message. */ static const u_char * -of_header_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +of_header_body_print(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ uint8_t version, type; uint16_t length; uint32_t xid; @@ -110,7 +132,8 @@ /* Print a TCP segment worth of OpenFlow messages presuming the segment begins * on a message boundary. */ void -openflow_print(netdissect_options *ndo, const u_char *cp, const u_int len) { +openflow_print(netdissect_options *ndo, const u_char *cp, const u_int len) +{ const u_char *ep = cp + len; ND_PRINT((ndo, ": OpenFlow")); Index: head/contrib/tcpdump/print-ospf.c =================================================================== --- head/contrib/tcpdump/print-ospf.c +++ head/contrib/tcpdump/print-ospf.c @@ -181,8 +181,8 @@ int ospf_print_grace_lsa(netdissect_options *ndo, - const uint8_t *tptr, u_int ls_length) { - + const uint8_t *tptr, u_int ls_length) +{ u_int tlv_type, tlv_length; @@ -264,8 +264,8 @@ int ospf_print_te_lsa(netdissect_options *ndo, - const uint8_t *tptr, u_int ls_length) { - + const uint8_t *tptr, u_int ls_length) +{ u_int tlv_type, tlv_length, subtlv_type, subtlv_length; u_int priority_level, te_class, count_srlg; union { /* int to float conversion buffer for several subTLVs */ Index: head/contrib/tcpdump/print-pflog.c =================================================================== --- head/contrib/tcpdump/print-pflog.c +++ head/contrib/tcpdump/print-pflog.c @@ -152,14 +152,16 @@ ip_print(ndo, p, length); break; -#ifdef INET6 +#if defined(AF_INET6) || defined(OPENBSD_AF_INET6) +#ifdef AF_INET6 case AF_INET6: -#if OPENBSD_AF_INET6 != AF_INET6 +#endif /* AF_INET6 */ +#if !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 case OPENBSD_AF_INET6: /* XXX: read pcap files */ -#endif +#endif /* !defined(AF_INET6) || OPENBSD_AF_INET6 != AF_INET6 */ ip6_print(ndo, p, length); break; -#endif +#endif /* defined(AF_INET6) || defined(OPENBSD_AF_INET6) */ default: /* address family not handled, print raw packet */ Index: head/contrib/tcpdump/print-pim.c =================================================================== --- head/contrib/tcpdump/print-pim.c +++ head/contrib/tcpdump/print-pim.c @@ -770,11 +770,11 @@ case 4: /* IPv4 */ ip_print(ndo, bp, len); break; -#ifdef INET6 + case 6: /* IPv6 */ ip6_print(ndo, bp, len); break; -#endif + default: ND_PRINT((ndo, "IP ver %d", IP_V(ip))); break; Index: head/contrib/tcpdump/print-ppi.c =================================================================== --- head/contrib/tcpdump/print-ppi.c +++ head/contrib/tcpdump/print-ppi.c @@ -26,8 +26,8 @@ ppi_header_print(netdissect_options *ndo, const u_char *bp, u_int length) { const ppi_header_t *hdr; - uint32_t dlt; uint16_t len; + uint32_t dlt; hdr = (const ppi_header_t *)bp; @@ -35,11 +35,11 @@ dlt = EXTRACT_LE_32BITS(&hdr->ppi_dlt); if (!ndo->ndo_qflag) { - ND_PRINT((ndo,", V.%d DLT %s (%d) len %d", hdr->ppi_ver, + ND_PRINT((ndo, "V.%d DLT %s (%d) len %d", hdr->ppi_ver, pcap_datalink_val_to_name(dlt), dlt, len)); } else { - ND_PRINT((ndo,", %s", pcap_datalink_val_to_name(dlt))); + ND_PRINT((ndo, "%s", pcap_datalink_val_to_name(dlt))); } ND_PRINT((ndo, ", length %u: ", length)); @@ -54,21 +54,32 @@ ppi_header_t *hdr; u_int caplen = h->caplen; u_int length = h->len; + uint16_t len; uint32_t dlt; if (caplen < sizeof(ppi_header_t)) { ND_PRINT((ndo, "[|ppi]")); return; } + hdr = (ppi_header_t *)p; + len = EXTRACT_LE_16BITS(&hdr->ppi_len); + if (len < sizeof(ppi_header_t)) { + ND_PRINT((ndo, "[|ppi]")); + return; + } + if (caplen < len) { + ND_PRINT((ndo, "[|ppi]")); + return; + } dlt = EXTRACT_LE_32BITS(&hdr->ppi_dlt); if (ndo->ndo_eflag) ppi_header_print(ndo, p, length); - length -= sizeof(ppi_header_t); - caplen -= sizeof(ppi_header_t); - p += sizeof(ppi_header_t); + length -= len; + caplen -= len; + p += len; if ((printer = lookup_printer(dlt)) != NULL) { printer(h, p); @@ -76,8 +87,7 @@ ndo_printer(ndo, h, p); } else { if (!ndo->ndo_eflag) - ppi_header_print(ndo, (u_char *)hdr, - length + sizeof(ppi_header_t)); + ppi_header_print(ndo, (u_char *)hdr, length + len); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); Index: head/contrib/tcpdump/print-ppp.c =================================================================== --- head/contrib/tcpdump/print-ppp.c +++ head/contrib/tcpdump/print-ppp.c @@ -807,8 +807,8 @@ static void handle_mlppp(netdissect_options *ndo, - const u_char *p, int length) { - + const u_char *p, int length) +{ if (!ndo->ndo_eflag) ND_PRINT((ndo, "MLPPP, ")); @@ -1353,14 +1353,15 @@ ppp_hdlc(netdissect_options *ndo, const u_char *p, int length) { - u_char *b, *s, *t, c; + u_char *b, *t, c; + const u_char *s; int i, proto; const void *se; if (length <= 0) return; - b = (uint8_t *)malloc(length); + b = (u_char *)malloc(length); if (b == NULL) return; @@ -1369,14 +1370,13 @@ * Do this so that we dont overwrite the original packet * contents. */ - for (s = (u_char *)p, t = b, i = length; i > 0; i--) { + for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { c = *s++; if (c == 0x7d) { - if (i > 1) { - i--; - c = *s++ ^ 0x20; - } else - continue; + if (i <= 1 || !ND_TTEST(*s)) + break; + i--; + c = *s++ ^ 0x20; } *t++ = c; } @@ -1394,11 +1394,9 @@ case PPP_IP: ip_print(ndo, b + 1, length - 1); goto cleanup; -#ifdef INET6 case PPP_IPV6: ip6_print(ndo, b + 1, length - 1); goto cleanup; -#endif default: /* no luck - try next guess */ break; } @@ -1468,12 +1466,10 @@ case PPP_IP: ip_print(ndo, p, length); break; -#ifdef INET6 case ETHERTYPE_IPV6: /*XXX*/ case PPP_IPV6: ip6_print(ndo, p, length); break; -#endif case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: ipx_print(ndo, p, length); @@ -1783,11 +1779,9 @@ case PPP_IP: ip_print(ndo, p, length); break; -#ifdef INET6 case PPP_IPV6: ip6_print(ndo, p, length); break; -#endif case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); @@ -1802,11 +1796,9 @@ case PPP_IP: ip_print(ndo, p, length); break; -#ifdef INET6 case PPP_IPV6: ip6_print(ndo, p, length); break; -#endif case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); @@ -1834,11 +1826,9 @@ case PPP_IP: ip_print(p, length); break; -#ifdef INET6 case PPP_IPV6: ip6_print(ndo, p, length); break; -#endif case PPP_MPLS_UCAST: case PPP_MPLS_MCAST: mpls_print(ndo, p, length); Index: head/contrib/tcpdump/print-radius.c =================================================================== --- head/contrib/tcpdump/print-radius.c +++ head/contrib/tcpdump/print-radius.c @@ -37,6 +37,12 @@ * RFC 2869: * "RADIUS Extensions" * + * RFC 4675: + * "RADIUS Attributes for Virtual LAN and Priority Support" + * + * RFC 5176: + * "Dynamic Authorization Extensions to RADIUS" + * * Alfredo Andres Omella (aandres@s21sec.com) v0.1 2000/09/15 * * TODO: Among other things to print ok MacIntosh and Vendor values @@ -78,17 +84,29 @@ #define RADCMD_ACCESS_CHA 11 /* Access-Challenge */ #define RADCMD_STATUS_SER 12 /* Status-Server */ #define RADCMD_STATUS_CLI 13 /* Status-Client */ +#define RADCMD_DISCON_REQ 40 /* Disconnect-Request */ +#define RADCMD_DISCON_ACK 41 /* Disconnect-ACK */ +#define RADCMD_DISCON_NAK 42 /* Disconnect-NAK */ +#define RADCMD_COA_REQ 43 /* CoA-Request */ +#define RADCMD_COA_ACK 44 /* CoA-ACK */ +#define RADCMD_COA_NAK 45 /* CoA-NAK */ #define RADCMD_RESERVED 255 /* Reserved */ static const struct tok radius_command_values[] = { - { RADCMD_ACCESS_REQ, "Access Request" }, - { RADCMD_ACCESS_ACC, "Access Accept" }, - { RADCMD_ACCESS_REJ, "Access Reject" }, - { RADCMD_ACCOUN_REQ, "Accounting Request" }, - { RADCMD_ACCOUN_RES, "Accounting Response" }, - { RADCMD_ACCESS_CHA, "Access Challenge" }, - { RADCMD_STATUS_SER, "Status Server" }, - { RADCMD_STATUS_CLI, "Status Client" }, + { RADCMD_ACCESS_REQ, "Access-Request" }, + { RADCMD_ACCESS_ACC, "Access-Accept" }, + { RADCMD_ACCESS_REJ, "Access-Reject" }, + { RADCMD_ACCOUN_REQ, "Accounting-Request" }, + { RADCMD_ACCOUN_RES, "Accounting-Response" }, + { RADCMD_ACCESS_CHA, "Access-Challenge" }, + { RADCMD_STATUS_SER, "Status-Server" }, + { RADCMD_STATUS_CLI, "Status-Client" }, + { RADCMD_DISCON_REQ, "Disconnect-Request" }, + { RADCMD_DISCON_ACK, "Disconnect-ACK" }, + { RADCMD_DISCON_NAK, "Disconnect-NAK" }, + { RADCMD_COA_REQ, "CoA-Request" }, + { RADCMD_COA_ACK, "CoA-ACK" }, + { RADCMD_COA_NAK, "CoA-NAK" }, { RADCMD_RESERVED, "Reserved" }, { 0, NULL} }; @@ -109,6 +127,9 @@ #define ACCT_DELAY 41 #define ACCT_SESSION_TIME 46 +#define EGRESS_VLAN_ID 56 +#define EGRESS_VLAN_NAME 58 + #define TUNNEL_TYPE 64 #define TUNNEL_MEDIUM 65 #define TUNNEL_CLIENT_END 66 @@ -131,6 +152,15 @@ /* End Radius Attribute types */ /********************************/ +#define RFC4675_TAGGED 0x31 +#define RFC4675_UNTAGGED 0x32 + +static const struct tok rfc4675_tagged[] = { + { RFC4675_TAGGED, "Tagged" }, + { RFC4675_UNTAGGED, "Untagged" }, + { 0, NULL} +}; + static void print_attr_string(netdissect_options *, register u_char *, u_int, u_short ); static void print_attr_num(netdissect_options *, register u_char *, u_int, u_short ); @@ -210,6 +240,12 @@ "RADIUS-Request", }; +/* Ingress-Filters Attribute standard values */ +static const char *ingress_filters[]={ NULL, + "Enabled", + "Disabled", + }; + /* NAS-Port-Type Attribute standard values */ static const char *nas_port_type[]={ "Async", "Sync", @@ -337,97 +373,97 @@ } attr_type[]= { { NULL, NULL, 0, 0, NULL }, - { "Username", NULL, 0, 0, print_attr_string }, - { "Password", NULL, 0, 0, NULL }, - { "CHAP Password", NULL, 0, 0, NULL }, - { "NAS IP Address", NULL, 0, 0, print_attr_address }, - { "NAS Port", NULL, 0, 0, print_attr_num }, - { "Service Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num }, - { "Framed Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num }, - { "Framed IP Address", NULL, 0, 0, print_attr_address }, - { "Framed IP Network", NULL, 0, 0, print_attr_address }, - { "Framed Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num }, - { "Filter ID", NULL, 0, 0, print_attr_string }, - { "Framed MTU", NULL, 0, 0, print_attr_num }, - { "Framed Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num }, - { "Login IP Host", NULL, 0, 0, print_attr_address }, - { "Login Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num }, - { "Login TCP Port", NULL, 0, 0, print_attr_num }, + { "User-Name", NULL, 0, 0, print_attr_string }, + { "User-Password", NULL, 0, 0, NULL }, + { "CHAP-Password", NULL, 0, 0, NULL }, + { "NAS-IP-Address", NULL, 0, 0, print_attr_address }, + { "NAS-Port", NULL, 0, 0, print_attr_num }, + { "Service-Type", serv_type, TAM_SIZE(serv_type)-1, 1, print_attr_num }, + { "Framed-Protocol", frm_proto, TAM_SIZE(frm_proto)-1, 1, print_attr_num }, + { "Framed-IP-Address", NULL, 0, 0, print_attr_address }, + { "Framed-IP-Netmask", NULL, 0, 0, print_attr_address }, + { "Framed-Routing", frm_routing, TAM_SIZE(frm_routing), 0, print_attr_num }, + { "Filter-Id", NULL, 0, 0, print_attr_string }, + { "Framed-MTU", NULL, 0, 0, print_attr_num }, + { "Framed-Compression", frm_comp, TAM_SIZE(frm_comp), 0, print_attr_num }, + { "Login-IP-Host", NULL, 0, 0, print_attr_address }, + { "Login-Service", login_serv, TAM_SIZE(login_serv), 0, print_attr_num }, + { "Login-TCP-Port", NULL, 0, 0, print_attr_num }, { "Unassigned", NULL, 0, 0, NULL }, /*17*/ - { "Reply", NULL, 0, 0, print_attr_string }, - { "Callback-number", NULL, 0, 0, print_attr_string }, - { "Callback-ID", NULL, 0, 0, print_attr_string }, + { "Reply-Message", NULL, 0, 0, print_attr_string }, + { "Callback-Number", NULL, 0, 0, print_attr_string }, + { "Callback-Id", NULL, 0, 0, print_attr_string }, { "Unassigned", NULL, 0, 0, NULL }, /*21*/ - { "Framed Route", NULL, 0, 0, print_attr_string }, - { "Framed IPX Network", NULL, 0, 0, print_attr_num }, + { "Framed-Route", NULL, 0, 0, print_attr_string }, + { "Framed-IPX-Network", NULL, 0, 0, print_attr_num }, { "State", NULL, 0, 0, print_attr_string }, { "Class", NULL, 0, 0, print_attr_string }, - { "Vendor Specific", NULL, 0, 0, print_vendor_attr }, - { "Session Timeout", NULL, 0, 0, print_attr_num }, - { "Idle Timeout", NULL, 0, 0, print_attr_num }, - { "Termination Action", term_action, TAM_SIZE(term_action), 0, print_attr_num }, - { "Called Station", NULL, 0, 0, print_attr_string }, - { "Calling Station", NULL, 0, 0, print_attr_string }, - { "NAS ID", NULL, 0, 0, print_attr_string }, - { "Proxy State", NULL, 0, 0, print_attr_string }, - { "Login LAT Service", NULL, 0, 0, print_attr_string }, - { "Login LAT Node", NULL, 0, 0, print_attr_string }, - { "Login LAT Group", NULL, 0, 0, print_attr_string }, - { "Framed Appletalk Link", NULL, 0, 0, print_attr_num }, - { "Framed Appltalk Net", NULL, 0, 0, print_attr_num }, - { "Framed Appletalk Zone", NULL, 0, 0, print_attr_string }, - { "Accounting Status", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num }, - { "Accounting Delay", NULL, 0, 0, print_attr_num }, - { "Accounting Input Octets", NULL, 0, 0, print_attr_num }, - { "Accounting Output Octets", NULL, 0, 0, print_attr_num }, - { "Accounting Session ID", NULL, 0, 0, print_attr_string }, - { "Accounting Authentication", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num }, - { "Accounting Session Time", NULL, 0, 0, print_attr_num }, - { "Accounting Input Packets", NULL, 0, 0, print_attr_num }, - { "Accounting Output Packets", NULL, 0, 0, print_attr_num }, - { "Accounting Termination Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num }, - { "Accounting Multilink Session ID", NULL, 0, 0, print_attr_string }, - { "Accounting Link Count", NULL, 0, 0, print_attr_num }, - { "Accounting Input Giga", NULL, 0, 0, print_attr_num }, - { "Accounting Output Giga", NULL, 0, 0, print_attr_num }, + { "Vendor-Specific", NULL, 0, 0, print_vendor_attr }, + { "Session-Timeout", NULL, 0, 0, print_attr_num }, + { "Idle-Timeout", NULL, 0, 0, print_attr_num }, + { "Termination-Action", term_action, TAM_SIZE(term_action), 0, print_attr_num }, + { "Called-Station-Id", NULL, 0, 0, print_attr_string }, + { "Calling-Station-Id", NULL, 0, 0, print_attr_string }, + { "NAS-Identifier", NULL, 0, 0, print_attr_string }, + { "Proxy-State", NULL, 0, 0, print_attr_string }, + { "Login-LAT-Service", NULL, 0, 0, print_attr_string }, + { "Login-LAT-Node", NULL, 0, 0, print_attr_string }, + { "Login-LAT-Group", NULL, 0, 0, print_attr_string }, + { "Framed-AppleTalk-Link", NULL, 0, 0, print_attr_num }, + { "Framed-AppleTalk-Network", NULL, 0, 0, print_attr_num }, + { "Framed-AppleTalk-Zone", NULL, 0, 0, print_attr_string }, + { "Acct-Status-Type", acct_status, TAM_SIZE(acct_status)-1, 1, print_attr_num }, + { "Acct-Delay-Time", NULL, 0, 0, print_attr_num }, + { "Acct-Input-Octets", NULL, 0, 0, print_attr_num }, + { "Acct-Output-Octets", NULL, 0, 0, print_attr_num }, + { "Acct-Session-Id", NULL, 0, 0, print_attr_string }, + { "Acct-Authentic", acct_auth, TAM_SIZE(acct_auth)-1, 1, print_attr_num }, + { "Acct-Session-Time", NULL, 0, 0, print_attr_num }, + { "Acct-Input-Packets", NULL, 0, 0, print_attr_num }, + { "Acct-Output-Packets", NULL, 0, 0, print_attr_num }, + { "Acct-Terminate-Cause", acct_term, TAM_SIZE(acct_term)-1, 1, print_attr_num }, + { "Acct-Multi-Session-Id", NULL, 0, 0, print_attr_string }, + { "Acct-Link-Count", NULL, 0, 0, print_attr_num }, + { "Acct-Input-Gigawords", NULL, 0, 0, print_attr_num }, + { "Acct-Output-Gigawords", NULL, 0, 0, print_attr_num }, { "Unassigned", NULL, 0, 0, NULL }, /*54*/ - { "Event Timestamp", NULL, 0, 0, print_attr_time }, - { "Unassigned", NULL, 0, 0, NULL }, /*56*/ - { "Unassigned", NULL, 0, 0, NULL }, /*57*/ - { "Unassigned", NULL, 0, 0, NULL }, /*58*/ - { "Unassigned", NULL, 0, 0, NULL }, /*59*/ - { "CHAP challenge", NULL, 0, 0, print_attr_string }, - { "NAS Port Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num }, - { "Port Limit", NULL, 0, 0, print_attr_num }, - { "Login LAT Port", NULL, 0, 0, print_attr_string }, /*63*/ - { "Tunnel Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num }, - { "Tunnel Medium", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num }, - { "Tunnel Client End", NULL, 0, 0, print_attr_string }, - { "Tunnel Server End", NULL, 0, 0, print_attr_string }, - { "Accounting Tunnel connect", NULL, 0, 0, print_attr_string }, - { "Tunnel Password", NULL, 0, 0, print_attr_string }, - { "ARAP Password", NULL, 0, 0, print_attr_strange }, - { "ARAP Feature", NULL, 0, 0, print_attr_strange }, - { "ARAP Zone Acces", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/ - { "ARAP Security", NULL, 0, 0, print_attr_string }, - { "ARAP Security Data", NULL, 0, 0, print_attr_string }, - { "Password Retry", NULL, 0, 0, print_attr_num }, + { "Event-Timestamp", NULL, 0, 0, print_attr_time }, + { "Egress-VLANID", NULL, 0, 0, print_attr_num }, + { "Ingress-Filters", ingress_filters, TAM_SIZE(ingress_filters)-1, 1, print_attr_num }, + { "Egress-VLAN-Name", NULL, 0, 0, print_attr_string }, + { "User-Priority-Table", NULL, 0, 0, NULL }, + { "CHAP-Challenge", NULL, 0, 0, print_attr_string }, + { "NAS-Port-Type", nas_port_type, TAM_SIZE(nas_port_type), 0, print_attr_num }, + { "Port-Limit", NULL, 0, 0, print_attr_num }, + { "Login-LAT-Port", NULL, 0, 0, print_attr_string }, /*63*/ + { "Tunnel-Type", tunnel_type, TAM_SIZE(tunnel_type)-1, 1, print_attr_num }, + { "Tunnel-Medium-Type", tunnel_medium, TAM_SIZE(tunnel_medium)-1, 1, print_attr_num }, + { "Tunnel-Client-Endpoint", NULL, 0, 0, print_attr_string }, + { "Tunnel-Server-Endpoint", NULL, 0, 0, print_attr_string }, + { "Acct-Tunnel-Connection", NULL, 0, 0, print_attr_string }, + { "Tunnel-Password", NULL, 0, 0, print_attr_string }, + { "ARAP-Password", NULL, 0, 0, print_attr_strange }, + { "ARAP-Features", NULL, 0, 0, print_attr_strange }, + { "ARAP-Zone-Access", arap_zone, TAM_SIZE(arap_zone)-1, 1, print_attr_num }, /*72*/ + { "ARAP-Security", NULL, 0, 0, print_attr_string }, + { "ARAP-Security-Data", NULL, 0, 0, print_attr_string }, + { "Password-Retry", NULL, 0, 0, print_attr_num }, { "Prompt", prompt, TAM_SIZE(prompt), 0, print_attr_num }, - { "Connect Info", NULL, 0, 0, print_attr_string }, - { "Config Token", NULL, 0, 0, print_attr_string }, - { "EAP Message", NULL, 0, 0, print_attr_string }, - { "Message Authentication", NULL, 0, 0, print_attr_string }, /*80*/ - { "Tunnel Private Group", NULL, 0, 0, print_attr_string }, - { "Tunnel Assigned ID", NULL, 0, 0, print_attr_string }, - { "Tunnel Preference", NULL, 0, 0, print_attr_num }, - { "ARAP Challenge Response", NULL, 0, 0, print_attr_strange }, - { "Accounting Interim Interval", NULL, 0, 0, print_attr_num }, - { "Accounting Tunnel packets lost", NULL, 0, 0, print_attr_num }, /*86*/ - { "NAS Port ID", NULL, 0, 0, print_attr_string }, - { "Framed Pool", NULL, 0, 0, print_attr_string }, - { "Chargeable User Identity", NULL, 0, 0, print_attr_string }, - { "Tunnel Client Authentication ID", NULL, 0, 0, print_attr_string }, - { "Tunnel Server Authentication ID", NULL, 0, 0, print_attr_string }, + { "Connect-Info", NULL, 0, 0, print_attr_string }, + { "Configuration-Token", NULL, 0, 0, print_attr_string }, + { "EAP-Message", NULL, 0, 0, print_attr_string }, + { "Message-Authenticator", NULL, 0, 0, print_attr_string }, /*80*/ + { "Tunnel-Private-Group-ID", NULL, 0, 0, print_attr_string }, + { "Tunnel-Assignment-ID", NULL, 0, 0, print_attr_string }, + { "Tunnel-Preference", NULL, 0, 0, print_attr_num }, + { "ARAP-Challenge-Response", NULL, 0, 0, print_attr_strange }, + { "Acct-Interim-Interval", NULL, 0, 0, print_attr_num }, + { "Acct-Tunnel-Packets-Lost", NULL, 0, 0, print_attr_num }, /*86*/ + { "NAS-Port-Id", NULL, 0, 0, print_attr_string }, + { "Framed-Pool", NULL, 0, 0, print_attr_string }, + { "CUI", NULL, 0, 0, print_attr_string }, + { "Tunnel-Client-Auth-ID", NULL, 0, 0, print_attr_string }, + { "Tunnel-Server-Auth-ID", NULL, 0, 0, print_attr_string }, { "Unassigned", NULL, 0, 0, NULL }, /*92*/ { "Unassigned", NULL, 0, 0, NULL } /*93*/ }; @@ -457,7 +493,9 @@ return; } if (*data && (*data <=0x1F) ) - ND_PRINT((ndo, "Tag %u, ",*data)); + ND_PRINT((ndo, "Tag[%u] ", *data)); + else + ND_PRINT((ndo, "Tag[Unused] ")); data++; length--; ND_PRINT((ndo, "Salt %u ", EXTRACT_16BITS(data))); @@ -477,11 +515,21 @@ ND_PRINT((ndo, "%s", tstr)); return; } - ND_PRINT((ndo, "Tag %u", *data)); + if (*data) + ND_PRINT((ndo, "Tag[%u] ", *data)); + else + ND_PRINT((ndo, "Tag[Unused] ")); data++; length--; } break; + case EGRESS_VLAN_NAME: + ND_PRINT((ndo, "%s (0x%02x) ", + tok2str(rfc4675_tagged,"Unknown tag",*data), + *data)); + data++; + length--; + break; } for (i=0; *data && i < length ; i++, data++) @@ -565,7 +613,6 @@ print_attr_num(netdissect_options *ndo, register u_char *data, u_int length, u_short attr_code) { - uint8_t tag; uint32_t timeout; if (length != 4) @@ -585,9 +632,9 @@ if ( (attr_code == TUNNEL_TYPE) || (attr_code == TUNNEL_MEDIUM) ) { if (!*data) - ND_PRINT((ndo, "Tag[Unused]")); + ND_PRINT((ndo, "Tag[Unused] ")); else - ND_PRINT((ndo, "Tag[%d]", *data)); + ND_PRINT((ndo, "Tag[%d] ", *data)); data++; data_value = EXTRACT_24BITS(data); } @@ -648,12 +695,20 @@ break; case TUNNEL_PREFERENCE: - tag = *data; - data++; - if (tag == 0) - ND_PRINT((ndo, "Tag (Unused) %d", EXTRACT_24BITS(data))); + if (*data) + ND_PRINT((ndo, "Tag[%d] ", *data)); else - ND_PRINT((ndo, "Tag (%d) %d", tag, EXTRACT_24BITS(data))); + ND_PRINT((ndo, "Tag[Unused] ")); + data++; + ND_PRINT((ndo, "%d", EXTRACT_24BITS(data))); + break; + + case EGRESS_VLAN_ID: + ND_PRINT((ndo, "%s (0x%02x) ", + tok2str(rfc4675_tagged,"Unknown tag",*data), + *data)); + data++; + ND_PRINT((ndo, "%d", EXTRACT_24BITS(data))); break; default: Index: head/contrib/tcpdump/print-rpki-rtr.c =================================================================== --- head/contrib/tcpdump/print-rpki-rtr.c +++ head/contrib/tcpdump/print-rpki-rtr.c @@ -120,7 +120,7 @@ }; /* - * Build a identation string for a given identation level. + * Build a indentation string for a given indentation level. * XXX this should be really in util.c */ static char * @@ -178,6 +178,7 @@ pdu_header = (rpki_rtr_pdu *)tptr; pdu_type = pdu_header->pdu_type; pdu_len = EXTRACT_32BITS(pdu_header->length); + ND_TCHECK2(*tptr, pdu_len); hexdump = FALSE; ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u", @@ -250,10 +251,10 @@ { rpki_rtr_pdu_error_report *pdu; u_int encapsulated_pdu_length, text_length, tlen, error_code; - u_char buf[80]; pdu = (rpki_rtr_pdu_error_report *)tptr; encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length); + ND_TCHECK2(*tptr, encapsulated_pdu_length); tlen = pdu_len; error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code); @@ -286,10 +287,10 @@ tptr += 4; tlen -= 4; } + ND_TCHECK2(*tptr, text_length); if (text_length && (text_length <= tlen )) { - memcpy(buf, tptr, min(sizeof(buf)-1, text_length)); - buf[text_length] = '\0'; - ND_PRINT((ndo, "%sError text: %s", indent_string(indent+2), buf)); + ND_PRINT((ndo, "%sError text: ", indent_string(indent+2))); + fn_printn(ndo, tptr, text_length, ndo->ndo_snapend); } } break; @@ -306,11 +307,16 @@ if (ndo->ndo_vflag > 1 || (ndo->ndo_vflag && hexdump)) { print_unknown_data(ndo,tptr,"\n\t ", pdu_len); } + return; + + trunc: + ND_PRINT((ndo, "|trunc")); + return; } void -rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) { - +rpki_rtr_print(netdissect_options *ndo, register const u_char *pptr, register u_int len) +{ u_int tlen, pdu_type, pdu_len; const u_char *tptr; const rpki_rtr_pdu *pdu_header; @@ -330,13 +336,13 @@ pdu_header = (rpki_rtr_pdu *)tptr; pdu_type = pdu_header->pdu_type; pdu_len = EXTRACT_32BITS(pdu_header->length); + ND_TCHECK2(*tptr, pdu_len); /* infinite loop check */ if (!pdu_type || !pdu_len) { break; } - ND_TCHECK2(*tptr, pdu_len); if (tlen < pdu_len) { goto trunc; } Index: head/contrib/tcpdump/print-rsvp.c =================================================================== --- head/contrib/tcpdump/print-rsvp.c +++ head/contrib/tcpdump/print-rsvp.c @@ -486,8 +486,8 @@ */ static int rsvp_intserv_print(netdissect_options *ndo, - const u_char *tptr, u_short obj_tlen) { - + const u_char *tptr, u_short obj_tlen) +{ int parameter_id,parameter_length; union { float f; @@ -637,8 +637,8 @@ _U_ #endif , const u_char *tptr, - const char *ident, u_int tlen) { - + const char *ident, u_int tlen) +{ const struct rsvp_object_header *rsvp_obj_header; const u_char *obj_tptr; union { @@ -1795,8 +1795,8 @@ void rsvp_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ struct rsvp_common_header *rsvp_com_header; const u_char *tptr,*subtptr; u_short plen, tlen, subtlen; Index: head/contrib/tcpdump/print-rtsp.c =================================================================== --- head/contrib/tcpdump/print-rtsp.c +++ head/contrib/tcpdump/print-rtsp.c @@ -0,0 +1,50 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +#ifndef lint +static const char rcsid[] _U_ = + "@(#) $Header$"; +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include + +#include "interface.h" +#include "extract.h" + +static const char *rtspcmds[] = { + "DESCRIBE", + "ANNOUNCE", + "GET_PARAMETER", + "OPTIONS", + "PAUSE", + "PLAY", + "RECORD", + "REDIRECT", + "SETUP", + "SET_PARAMETER", + "TEARDOWN", + NULL +}; + +void +rtsp_print(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + txtproto_print(ndo, pptr, len, "rtsp", rtspcmds, RESP_CODE_SECOND_TOKEN); +} Index: head/contrib/tcpdump/print-sflow.c =================================================================== --- head/contrib/tcpdump/print-sflow.c +++ head/contrib/tcpdump/print-sflow.c @@ -297,8 +297,8 @@ static int print_sflow_counter_generic(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_generic_counter_t *sflow_gen_counter; if (len < sizeof(struct sflow_generic_counter_t)) @@ -343,8 +343,8 @@ static int print_sflow_counter_ethernet(netdissect_options *ndo, - const u_char *pointer, u_int len){ - + const u_char *pointer, u_int len) +{ const struct sflow_ethernet_counter_t *sflow_eth_counter; if (len < sizeof(struct sflow_ethernet_counter_t)) @@ -373,15 +373,15 @@ static int print_sflow_counter_token_ring(netdissect_options *ndo _U_, - const u_char *pointer _U_, u_int len _U_) { - + const u_char *pointer _U_, u_int len _U_) +{ return 0; } static int print_sflow_counter_basevg(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_100basevg_counter_t *sflow_100basevg_counter; if (len < sizeof(struct sflow_100basevg_counter_t)) @@ -416,8 +416,8 @@ static int print_sflow_counter_vlan(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_vlan_counter_t *sflow_vlan_counter; if (len < sizeof(struct sflow_vlan_counter_t)) @@ -446,8 +446,8 @@ static int print_sflow_counter_processor(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_processor_counter_t *sflow_processor_counter; if (len < sizeof(struct sflow_processor_counter_t)) @@ -467,8 +467,8 @@ static int sflow_print_counter_records(netdissect_options *ndo, - const u_char *pointer, u_int len, u_int records) { - + const u_char *pointer, u_int len, u_int records) +{ u_int nrecords; const u_char *tptr; u_int tlen; @@ -543,11 +543,10 @@ return 0; } - static int sflow_print_counter_sample(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_counter_sample_t *sflow_counter_sample; u_int nrecords; u_int typesource; @@ -579,8 +578,8 @@ static int sflow_print_expanded_counter_sample(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_expanded_counter_sample_t *sflow_expanded_counter_sample; u_int nrecords; @@ -606,8 +605,8 @@ static int print_sflow_raw_packet(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_expanded_flow_raw_t *sflow_flow_raw; if (len < sizeof(struct sflow_expanded_flow_raw_t)) @@ -629,8 +628,8 @@ static int print_sflow_ethernet_frame(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_ethernet_frame_t *sflow_ethernet_frame; if (len < sizeof(struct sflow_ethernet_frame_t)) @@ -647,8 +646,8 @@ static int print_sflow_extended_switch_data(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_extended_switch_data_t *sflow_extended_sw_data; if (len < sizeof(struct sflow_extended_switch_data_t)) @@ -666,8 +665,8 @@ static int sflow_print_flow_records(netdissect_options *ndo, - const u_char *pointer, u_int len, u_int records) { - + const u_char *pointer, u_int len, u_int records) +{ u_int nrecords; const u_char *tptr; u_int tlen; @@ -752,8 +751,8 @@ static int sflow_print_flow_sample(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_flow_sample_t *sflow_flow_sample; u_int nrecords; u_int typesource; @@ -789,8 +788,8 @@ static int sflow_print_expanded_flow_sample(netdissect_options *ndo, - const u_char *pointer, u_int len) { - + const u_char *pointer, u_int len) +{ const struct sflow_expanded_flow_sample_t *sflow_expanded_flow_sample; u_int nrecords; @@ -818,8 +817,8 @@ void sflow_print(netdissect_options *ndo, - const u_char *pptr, u_int len) { - + const u_char *pptr, u_int len) +{ const struct sflow_datagram_t *sflow_datagram; const struct sflow_sample_header *sflow_sample; Index: head/contrib/tcpdump/print-sip.c =================================================================== --- head/contrib/tcpdump/print-sip.c +++ head/contrib/tcpdump/print-sip.c @@ -11,6 +11,8 @@ * FOR A PARTICULAR PURPOSE. * * Original code by Hannes Gredler (hannes@juniper.net) + * Turned into common "text protocol" code, which this uses, by + * Guy Harris. */ #define NETDISSECT_REWORKED @@ -23,34 +25,29 @@ #include "interface.h" #include "extract.h" +static const char *sipcmds[] = { + "ACK", + "BYE", + "CANCEL", + "DO", + "INFO", + "INVITE", + "MESSAGE", + "NOTIFY", + "OPTIONS", + "PRACK", + "QAUTH", + "REFER", + "REGISTER", + "SPRACK", + "SUBSCRIBE", + "UPDATE", + "PUBLISH", + NULL +}; + void -sip_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) +sip_print(netdissect_options *ndo, const u_char *pptr, u_int len) { - u_int idx; - - ND_PRINT((ndo, "SIP, length: %u%s", len, ndo->ndo_vflag ? "\n\t" : "")); - - /* in non-verbose mode just lets print the protocol and length */ - if (ndo->ndo_vflag < 1) - return; - - for (idx = 0; idx < len; idx++) { - ND_TCHECK2(*(pptr+idx), 2); - if (EXTRACT_16BITS(pptr+idx) != 0x0d0a) { /* linefeed ? */ - safeputchar(ndo, *(pptr + idx)); - } else { - ND_PRINT((ndo, "\n\t")); - idx+=1; - } - } - - /* do we want to see an additionally hexdump ? */ - if (ndo->ndo_vflag > 1) - print_unknown_data(ndo, pptr, "\n\t", len); - - return; - -trunc: - ND_PRINT((ndo, "[|sip]")); + txtproto_print(ndo, pptr, len, "sip", sipcmds, RESP_CODE_SECOND_TOKEN); } Index: head/contrib/tcpdump/print-sl.c =================================================================== --- head/contrib/tcpdump/print-sl.c +++ head/contrib/tcpdump/print-sl.c @@ -80,11 +80,9 @@ case 4: ip_print(ndo, (u_char *)ip, length); break; -#ifdef INET6 case 6: ip6_print(ndo, (u_char *)ip, length); break; -#endif default: ND_PRINT((ndo, "ip v%d", IP_V(ip))); } Index: head/contrib/tcpdump/print-sll.c =================================================================== --- head/contrib/tcpdump/print-sll.c +++ head/contrib/tcpdump/print-sll.c @@ -280,10 +280,7 @@ if (ndo->ndo_eflag) { uint16_t tag = EXTRACT_16BITS(p); - ND_PRINT((ndo, "vlan %u, p %u%s, ", - tag & 0xfff, - tag >> 13, - (tag & 0x1000) ? ", CFI" : "")); + ND_PRINT((ndo, "%s, ", ieee8021q_tci_string(tag))); } ether_type = EXTRACT_16BITS(p + 2); Index: head/contrib/tcpdump/print-slow.c =================================================================== --- head/contrib/tcpdump/print-slow.c +++ head/contrib/tcpdump/print-slow.c @@ -249,8 +249,8 @@ void slow_print(netdissect_options *ndo, - register const u_char *pptr, register u_int len) { - + register const u_char *pptr, register u_int len) +{ int print_version; slow_com_header = (const struct slow_common_header_t *)pptr; @@ -332,8 +332,8 @@ static void slow_marker_lacp_print(netdissect_options *ndo, - register const u_char *tptr, register u_int tlen) { - + register const u_char *tptr, register u_int tlen) +{ const struct tlv_header_t *tlv_header; const u_char *tlv_tptr; u_int tlv_len, tlv_tlen; @@ -450,8 +450,8 @@ static void slow_oam_print(netdissect_options *ndo, - register const u_char *tptr, register u_int tlen) { - + register const u_char *tptr, register u_int tlen) +{ u_int hexdump; struct slow_oam_common_header_t { Index: head/contrib/tcpdump/print-smb.c =================================================================== --- head/contrib/tcpdump/print-smb.c +++ head/contrib/tcpdump/print-smb.c @@ -1255,14 +1255,15 @@ if (smb_len >= 4 && caplen >= 4 && memcmp(data,"\377SMB",4) == 0) { if ((int)smb_len > caplen) { if ((int)smb_len > length) - ND_PRINT((ndo, "WARNING: Packet is continued in later TCP segments\n")); + ND_PRINT((ndo, " WARNING: Packet is continued in later TCP segments\n")); else - ND_PRINT((ndo, "WARNING: Short packet. Try increasing the snap length by %d\n", + ND_PRINT((ndo, " WARNING: Short packet. Try increasing the snap length by %d\n", smb_len - caplen)); - } + } else + ND_PRINT((ndo, " ")); print_smb(ndo, data, maxbuf > data + smb_len ? data + smb_len : maxbuf); } else - ND_PRINT((ndo, "SMB-over-TCP packet:(raw data or continuation?)\n")); + ND_PRINT((ndo, " SMB-over-TCP packet:(raw data or continuation?)\n")); return; trunc: ND_PRINT((ndo, "%s", tstr)); Index: head/contrib/tcpdump/print-smtp.c =================================================================== --- head/contrib/tcpdump/print-smtp.c +++ head/contrib/tcpdump/print-smtp.c @@ -0,0 +1,30 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include +#include + +#include "netdissect.h" +#include "extract.h" + +void +smtp_print(netdissect_options *ndo, const u_char *pptr, u_int len) +{ + txtproto_print(ndo, pptr, len, "smtp", NULL, 0); +} Index: head/contrib/tcpdump/print-tcp.c =================================================================== --- head/contrib/tcpdump/print-tcp.c +++ head/contrib/tcpdump/print-tcp.c @@ -596,7 +596,7 @@ switch(magic) { case 0xf989: - /* TCP Fast Open: draft-ietf-tcpm-fastopen-04 */ + /* TCP Fast Open: RFC 7413 */ if (datalen == 2) { /* Fast Open Cookie Request */ ND_PRINT((ndo, "tfo cookiereq")); @@ -674,8 +674,10 @@ } if (sport == TELNET_PORT || dport == TELNET_PORT) { - if (!ndo->ndo_qflag && ndo->ndo_vflag) - telnet_print(ndo, bp, length); + telnet_print(ndo, bp, length); + } else if (sport == SMTP_PORT || dport == SMTP_PORT) { + ND_PRINT((ndo, ": ")); + smtp_print(ndo, bp, length); } else if (sport == BGP_PORT || dport == BGP_PORT) bgp_print(ndo, bp, length); else if (sport == PPTP_PORT || dport == PPTP_PORT) @@ -691,7 +693,18 @@ else if (sport == OPENFLOW_PORT_OLD || dport == OPENFLOW_PORT_OLD || sport == OPENFLOW_PORT_IANA || dport == OPENFLOW_PORT_IANA) openflow_print(ndo, bp, length); - else if (length > 2 && + else if (sport == FTP_PORT || dport == FTP_PORT) { + ND_PRINT((ndo, ": ")); + ftp_print(ndo, bp, length); + } else if (sport == HTTP_PORT || dport == HTTP_PORT || + sport == HTTP_PORT_ALT || dport == HTTP_PORT_ALT) { + ND_PRINT((ndo, ": ")); + http_print(ndo, bp, length); + } else if (sport == RTSP_PORT || dport == RTSP_PORT || + sport == RTSP_PORT_ALT || dport == RTSP_PORT_ALT) { + ND_PRINT((ndo, ": ")); + rtsp_print(ndo, bp, length); + } else if (length > 2 && (sport == NAMESERVER_PORT || dport == NAMESERVER_PORT || sport == MULTICASTDNS_PORT || dport == MULTICASTDNS_PORT)) { /* Index: head/contrib/tcpdump/print-telnet.c =================================================================== --- head/contrib/tcpdump/print-telnet.c +++ head/contrib/tcpdump/print-telnet.c @@ -510,6 +510,10 @@ osp = sp; while (length > 0 && *sp == IAC) { + /* + * Parse the Telnet command without printing it, + * to determine its length. + */ l = telnet_parse(ndo, sp, length, 0); if (l < 0) break; Index: head/contrib/tcpdump/print-udp.c =================================================================== --- head/contrib/tcpdump/print-udp.c +++ head/contrib/tcpdump/print-udp.c @@ -45,7 +45,6 @@ #include "nameser.h" #include "nfs.h" -#include "bootp.h" struct rtcphdr { uint16_t rh_flags; /* T:2 P:1 CNT:5 PT:8 */ @@ -370,7 +369,6 @@ else ip6 = NULL; #endif /*INET6*/ - cp = (u_char *)(up + 1); if (!ND_TTEST(up->uh_dport)) { udpipaddr_print(ndo, ip, -1, -1); ND_PRINT((ndo, "[|udp]")); @@ -385,20 +383,24 @@ ND_PRINT((ndo, "truncated-udp %d", length)); return; } + ulen = EXTRACT_16BITS(&up->uh_ulen); + if (ulen < sizeof(struct udphdr)) { + udpipaddr_print(ndo, ip, sport, dport); + ND_PRINT((ndo, "truncated-udplength %d", ulen)); + return; + } + ulen -= sizeof(struct udphdr); length -= sizeof(struct udphdr); + if (ulen < length) + length = ulen; + cp = (u_char *)(up + 1); if (cp > ndo->ndo_snapend) { udpipaddr_print(ndo, ip, sport, dport); ND_PRINT((ndo, "[|udp]")); return; } - ulen = EXTRACT_16BITS(&up->uh_ulen); - if (ulen < 8) { - udpipaddr_print(ndo, ip, sport, dport); - ND_PRINT((ndo, "truncated-udplength %d", ulen)); - return; - } if (ndo->ndo_packettype) { register struct sunrpc_msg *rp; enum sunrpc_msg_type direction; @@ -444,7 +446,7 @@ case PT_CNFP: udpipaddr_print(ndo, ip, sport, dport); - cnfp_print(ndo, cp, (const u_char *)ip); + cnfp_print(ndo, cp); break; case PT_TFTP: @@ -573,7 +575,7 @@ timed_print(ndo, (const u_char *)(up + 1)); else if (ISPORT(TFTP_PORT)) tftp_print(ndo, (const u_char *)(up + 1), length); - else if (ISPORT(IPPORT_BOOTPC) || ISPORT(IPPORT_BOOTPS)) + else if (ISPORT(BOOTPC_PORT) || ISPORT(BOOTPS_PORT)) bootp_print(ndo, (const u_char *)(up + 1), length); else if (ISPORT(RIP_PORT)) rip_print(ndo, (const u_char *)(up + 1), length); @@ -638,7 +640,8 @@ else if (ISPORT(RADIUS_PORT) || ISPORT(RADIUS_NEW_PORT) || ISPORT(RADIUS_ACCOUNTING_PORT) || - ISPORT(RADIUS_NEW_ACCOUNTING_PORT) ) + ISPORT(RADIUS_NEW_ACCOUNTING_PORT) || + ISPORT(RADIUS_COA_PORT) ) radius_print(ndo, (const u_char *)(up+1), length); else if (dport == HSRP_PORT) hsrp_print(ndo, (const u_char *)(up + 1), length); @@ -678,12 +681,23 @@ otv_print(ndo, (const u_char *)(up + 1), length); else if (ISPORT(VXLAN_PORT)) vxlan_print(ndo, (const u_char *)(up + 1), length); - else - ND_PRINT((ndo, "UDP, length %u", - (uint32_t)(ulen - sizeof(*up)))); + else if (ISPORT(GENEVE_PORT)) + geneve_print(ndo, (const u_char *)(up + 1), length); + else { + if (ulen > length) + ND_PRINT((ndo, "UDP, bad length %u > %u", + ulen, length)); + else + ND_PRINT((ndo, "UDP, length %u", ulen)); + } #undef ISPORT - } else - ND_PRINT((ndo, "UDP, length %u", (uint32_t)(ulen - sizeof(*up)))); + } else { + if (ulen > length) + ND_PRINT((ndo, "UDP, bad length %u > %u", + ulen, length)); + else + ND_PRINT((ndo, "UDP, length %u", ulen)); + } } Index: head/contrib/tcpdump/print-vxlan.c =================================================================== --- head/contrib/tcpdump/print-vxlan.c +++ head/contrib/tcpdump/print-vxlan.c @@ -24,7 +24,9 @@ #include "extract.h" /* - * VXLAN header, draft-mahalingam-dutt-dcops-vxlan-03 + * VXLAN header, RFC7348 + * Virtual eXtensible Local Area Network (VXLAN): A Framework + * for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks * * 0 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Index: head/contrib/tcpdump/print-wb.c =================================================================== --- head/contrib/tcpdump/print-wb.c +++ head/contrib/tcpdump/print-wb.c @@ -186,7 +186,7 @@ int nid; ND_PRINT((ndo, " wb-id:")); - if (len < sizeof(*id) || (u_char *)(id + 1) > ndo->ndo_snapend) + if (len < sizeof(*id) || !ND_TTEST(*id)) return (-1); len -= sizeof(*id); @@ -202,14 +202,14 @@ len -= sizeof(*io) * nid; io = (struct id_off *)(id + 1); cp = (char *)(io + nid); - if ((u_char *)cp + len <= ndo->ndo_snapend) { + if (ND_TTEST2(cp, len)) { ND_PRINT((ndo, "\"")); fn_print(ndo, (u_char *)cp, (u_char *)cp + len); ND_PRINT((ndo, "\"")); } c = '<'; - for (i = 0; i < nid && (u_char *)(io + 1) <= ndo->ndo_snapend; ++io, ++i) { + for (i = 0; i < nid && ND_TTEST(*io); ++io, ++i) { ND_PRINT((ndo, "%c%s:%u", c, ipaddr_string(ndo, &io->id), EXTRACT_32BITS(&io->off))); c = ','; @@ -226,7 +226,7 @@ const struct pkt_rreq *rreq, u_int len) { ND_PRINT((ndo, " wb-rreq:")); - if (len < sizeof(*rreq) || (u_char *)(rreq + 1) > ndo->ndo_snapend) + if (len < sizeof(*rreq) || !ND_TTEST(*rreq)) return (-1); ND_PRINT((ndo, " please repair %s %s:%u<%u:%u>", @@ -243,7 +243,7 @@ const struct pkt_preq *preq, u_int len) { ND_PRINT((ndo, " wb-preq:")); - if (len < sizeof(*preq) || (u_char *)(preq + 1) > ndo->ndo_snapend) + if (len < sizeof(*preq) || !ND_TTEST(*preq)) return (-1); ND_PRINT((ndo, " need %u/%s:%u", @@ -267,7 +267,7 @@ } n = EXTRACT_32BITS(&prep->pp_n); ps = (const struct pgstate *)(prep + 1); - while (--n >= 0 && (u_char *)(ps + 1) <= ep) { + while (--n >= 0 && ND_TTEST(*ps)) { const struct id_off *io, *ie; char c = '<'; @@ -276,7 +276,7 @@ ipaddr_string(ndo, &ps->page.p_sid), EXTRACT_32BITS(&ps->page.p_uid))); io = (struct id_off *)(ps + 1); - for (ie = io + ps->nid; io < ie && (u_char *)(io + 1) <= ep; ++io) { + for (ie = io + ps->nid; io < ie && ND_TTEST(*io); ++io) { ND_PRINT((ndo, "%c%s:%u", c, ipaddr_string(ndo, &io->id), EXTRACT_32BITS(&io->off))); c = ','; @@ -308,12 +308,20 @@ }; static int -wb_dops(netdissect_options *ndo, - const struct dophdr *dh, uint32_t ss, uint32_t es) +wb_dops(netdissect_options *ndo, const struct pkt_dop *dop, + uint32_t ss, uint32_t es) { + const struct dophdr *dh = (const struct dophdr *)((const u_char *)dop + sizeof(*dop)); + ND_PRINT((ndo, " <")); for ( ; ss <= es; ++ss) { - register int t = dh->dh_type; + int t; + + if (!ND_TTEST(*dh)) { + ND_PRINT((ndo, "%s", tstr)); + break; + } + t = dh->dh_type; if (t > DT_MAXTYPE) ND_PRINT((ndo, " dop-%d!", t)); @@ -331,10 +339,6 @@ } } dh = DOP_NEXT(dh); - if ((u_char *)dh > ndo->ndo_snapend) { - ND_PRINT((ndo, "%s", tstr)); - break; - } } ND_PRINT((ndo, " >")); return (0); @@ -347,7 +351,7 @@ const struct pkt_dop *dop = &rrep->pr_dop; ND_PRINT((ndo, " wb-rrep:")); - if (len < sizeof(*rrep) || (u_char *)(rrep + 1) > ndo->ndo_snapend) + if (len < sizeof(*rrep) || !ND_TTEST(*rrep)) return (-1); len -= sizeof(*rrep); @@ -359,7 +363,7 @@ EXTRACT_32BITS(&dop->pd_eseq))); if (ndo->ndo_vflag) - return (wb_dops(ndo, (const struct dophdr *)(dop + 1), + return (wb_dops(ndo, dop, EXTRACT_32BITS(&dop->pd_sseq), EXTRACT_32BITS(&dop->pd_eseq))); return (0); @@ -370,7 +374,7 @@ const struct pkt_dop *dop, u_int len) { ND_PRINT((ndo, " wb-dop:")); - if (len < sizeof(*dop) || (u_char *)(dop + 1) > ndo->ndo_snapend) + if (len < sizeof(*dop) || !ND_TTEST(*dop)) return (-1); len -= sizeof(*dop); @@ -381,7 +385,7 @@ EXTRACT_32BITS(&dop->pd_eseq))); if (ndo->ndo_vflag) - return (wb_dops(ndo, (const struct dophdr *)(dop + 1), + return (wb_dops(ndo, dop, EXTRACT_32BITS(&dop->pd_sseq), EXTRACT_32BITS(&dop->pd_eseq))); return (0); @@ -397,7 +401,7 @@ register const struct pkt_hdr *ph; ph = (const struct pkt_hdr *)hdr; - if (len < sizeof(*ph) || (u_char *)(ph + 1) > ndo->ndo_snapend) { + if (len < sizeof(*ph) || !ND_TTEST(*ph)) { ND_PRINT((ndo, "%s", tstr)); return; } Index: head/contrib/tcpdump/print-zeromq.c =================================================================== --- head/contrib/tcpdump/print-zeromq.c +++ head/contrib/tcpdump/print-zeromq.c @@ -76,7 +76,8 @@ */ static const u_char * -zmtp1_print_frame(netdissect_options *ndo, const u_char *cp, const u_char *ep) { +zmtp1_print_frame(netdissect_options *ndo, const u_char *cp, const u_char *ep) +{ uint64_t body_len_declared, body_len_captured, header_len; uint8_t flags; @@ -139,7 +140,8 @@ } void -zmtp1_print(netdissect_options *ndo, const u_char *cp, u_int len) { +zmtp1_print(netdissect_options *ndo, const u_char *cp, u_int len) +{ const u_char *ep = min(ndo->ndo_snapend, cp + len); ND_PRINT((ndo, ": ZMTP/1.0")); @@ -164,7 +166,8 @@ */ static const u_char * -zmtp1_print_intermediate_part(netdissect_options *ndo, const u_char *cp, const u_int len) { +zmtp1_print_intermediate_part(netdissect_options *ndo, const u_char *cp, const u_int len) +{ u_int frame_offset; uint64_t remaining_len; @@ -206,7 +209,8 @@ } void -zmtp1_print_datagram(netdissect_options *ndo, const u_char *cp, const u_int len) { +zmtp1_print_datagram(netdissect_options *ndo, const u_char *cp, const u_int len) +{ const u_char *ep = min(ndo->ndo_snapend, cp + len); cp = zmtp1_print_intermediate_part(ndo, cp, len); Index: head/contrib/tcpdump/tcp.h =================================================================== --- head/contrib/tcpdump/tcp.h +++ head/contrib/tcpdump/tcp.h @@ -93,6 +93,9 @@ #ifndef TELNET_PORT #define TELNET_PORT 23 #endif +#ifndef SMTP_PORT +#define SMTP_PORT 25 +#endif #ifndef BGP_PORT #define BGP_PORT 179 #endif @@ -116,3 +119,18 @@ #ifndef SMB_PORT #define SMB_PORT 445 #endif +#ifndef HTTP_PORT +#define HTTP_PORT 80 +#endif +#ifndef HTTP_PORT_ALT +#define HTTP_PORT_ALT 8080 +#endif +#ifndef RTSP_PORT +#define RTSP_PORT 554 +#endif +#ifndef RTSP_PORT_ALT +#define RTSP_PORT_ALT 8554 +#endif +#ifndef FTP_PORT +#define FTP_PORT 21 +#endif Index: head/contrib/tcpdump/tcpdump.1.in =================================================================== --- head/contrib/tcpdump/tcpdump.1.in +++ head/contrib/tcpdump/tcpdump.1.in @@ -128,6 +128,10 @@ [ .BI \-\-time\-stamp\-precision= tstamp_precision ] +.ti +8 +[ +.B \-\-immediate\-mode +] [ .B \-\-version ] @@ -140,7 +144,9 @@ .SH DESCRIPTION .LP \fITcpdump\fP prints out a description of the contents of packets on a -network interface that match the boolean \fIexpression\fP. It can also +network interface that match the boolean \fIexpression\fP; the +description is preceded by a time stamp, printed, by default, as hours, +minutes, seconds, and fractions of a second since midnight. It can also be run with the .B \-w flag, which causes it to save the packet data to a file for later @@ -204,7 +210,9 @@ platforms, such as Mac OS X, the ``status'' character is not set by default, so you must set it with .BR stty (1) -in order to use it) and will continue capturing packets. +in order to use it) and will continue capturing packets. On platforms that +do not support the SIGINFO signal, the same can be achieved by using the +SIGUSR1 signal. .LP Reading packets from a network interface may require that you have special privileges; see the @@ -419,6 +427,13 @@ is specified, only those link-layer types available when in monitor mode will be shown. .TP +.BI \-\-immediate\-mode +Capture in "immediate mode". In this mode, packets are delivered to +tcpdump as soon as they arrive, rather than being buffered for +efficiency. This is the default when printing packets rather than +saving packets to a ``savefile'' if the packets are being printed to a +terminal rather than to a file or pipe. +.TP .BI \-j " tstamp_type" .PD 0 .TP @@ -655,14 +670,16 @@ \fIDon't\fP print a timestamp on each dump line. .TP .B \-tt -Print an unformatted timestamp on each dump line. +Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and +fractions of a second since that time, on each dump line. .TP .B \-ttt Print a delta (micro-second resolution) between current and previous line on each dump line. .TP .B \-tttt -Print a timestamp in default format proceeded by date on each dump line. +Print a timestamp, as hours, minutes, seconds, and fractions of a second +since midnight, preceded by the date, on each dump line. .TP .B \-ttttt Print a delta (micro-second resolution) between current and first line Index: head/contrib/tcpdump/tcpdump.c =================================================================== --- head/contrib/tcpdump/tcpdump.c +++ head/contrib/tcpdump/tcpdump.c @@ -45,6 +45,17 @@ #include "config.h" #endif +/* + * Mac OS X may ship pcap.h from libpcap 0.6 with a libpcap based on + * 0.8. That means it has pcap_findalldevs() but the header doesn't + * define pcap_if_t, meaning that we can't actually *use* pcap_findalldevs(). + */ +#ifdef HAVE_PCAP_FINDALLDEVS +#ifndef HAVE_PCAP_IF_T +#undef HAVE_PCAP_FINDALLDEVS +#endif +#endif + #include #ifdef WIN32 @@ -68,12 +79,10 @@ #else #include "getopt_long.h" #endif -#include -#include -#include -#include -#include -#include +/* Capsicum-specific code requires macros from , which will fail + * to compile if has already been included; including the headers + * in the opposite order works fine. + */ #ifdef __FreeBSD__ #include #include @@ -89,6 +98,12 @@ #include #include #endif /* HAVE_CAPSICUM */ +#include +#include +#include +#include +#include +#include #ifndef WIN32 #include #include @@ -96,10 +111,18 @@ #include #endif /* WIN32 */ -/* capabilities convinience library */ +/* capabilities convenience library */ +/* If a code depends on HAVE_LIBCAP_NG, it depends also on HAVE_CAP_NG_H. + * If HAVE_CAP_NG_H is not defined, undefine HAVE_LIBCAP_NG. + * Thus, the later tests are done only on HAVE_LIBCAP_NG. + */ +#ifdef HAVE_LIBCAP_NG #ifdef HAVE_CAP_NG_H #include +#else +#undef HAVE_LIBCAP_NG #endif /* HAVE_CAP_NG_H */ +#endif /* HAVE_LIBCAP_NG */ #include "netdissect.h" #include "interface.h" @@ -598,6 +621,15 @@ * * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather * than pcap files. + * + * OS X tcpdump also uses -Q to specify expressions that match packet + * metadata, including but not limited to the packet direction. + * The expression syntax is different from a simple "in|out|inout", + * and those expressions aren't accepted by OS X tcpdump, but the + * equivalents would be "in" = "dir=in", "out" = "dir=out", and + * "inout" = "dir=in or dir=out", and the parser could conceivably + * special-case "in", "out", and "inout" as expressions for backwards + * compatibility, so all is not (yet) lost. */ /* @@ -629,12 +661,6 @@ #endif /* PCAP_ERROR_TSTAMP_TYPE_NOTSUP */ #ifdef HAVE_PCAP_FINDALLDEVS -#ifndef HAVE_PCAP_IF_T -#undef HAVE_PCAP_FINDALLDEVS -#endif -#endif - -#ifdef HAVE_PCAP_FINDALLDEVS #define D_FLAG "D" #else #define D_FLAG @@ -652,6 +678,8 @@ #define Q_FLAG #endif +#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#" + /* * Long options. * @@ -674,6 +702,7 @@ */ #define OPTION_VERSION 128 #define OPTION_TSTAMP_PRECISION 129 +#define OPTION_IMMEDIATE_MODE 130 static const struct option longopts[] = { #if defined(HAVE_PCAP_CREATE) || defined(WIN32) @@ -705,6 +734,9 @@ { "packet-buffered", no_argument, NULL, 'U' }, #endif { "linktype", required_argument, NULL, 'y' }, +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + { "immediate-mode", no_argument, NULL, OPTION_IMMEDIATE_MODE }, +#endif #if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG) { "debug-filter-parser", no_argument, NULL, 'Y' }, #endif @@ -735,21 +767,14 @@ exit(1); } } -#ifdef HAVE_CAP_NG_H +#ifdef HAVE_LIBCAP_NG int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); if (ret < 0) { fprintf(stderr, "error : ret %d\n", ret); } else { - printf("dropped privs to %s\n", username); + fprintf(stderr, "dropped privs to %s\n", username); } - /* We don't need CAP_SETUID and CAP_SETGID */ - capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); - capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); - capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); - capng_update(CAPNG_DROP, CAPNG_PERMITTED, CAP_SETUID); - capng_apply(CAPNG_SELECT_BOTH); - #else if (initgroups(pw->pw_name, pw->pw_gid) != 0 || setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { @@ -761,15 +786,26 @@ exit(1); } else { - printf("dropped privs to %s\n", username); + fprintf(stderr, "dropped privs to %s\n", username); } -#endif /* HAVE_CAP_NG_H */ +#endif /* HAVE_LIBCAP_NG */ } else { fprintf(stderr, "tcpdump: Couldn't find user '%.32s'\n", username); exit(1); } +#ifdef HAVE_LIBCAP_NG + /* We don't need CAP_SETUID and CAP_SETGID any more. */ + capng_updatev( + CAPNG_DROP, + CAPNG_EFFECTIVE | CAPNG_PERMITTED, + CAP_SETUID, + CAP_SETGID, + -1); + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ + } #endif /* WIN32 */ @@ -934,6 +970,76 @@ } #endif +#ifdef HAVE_CAPSICUM +/* + * Ensure that, on a dump file's descriptor, we have all the rights + * necessary to make the standard I/O library work with an fdopen()ed + * FILE * from that descriptor. + * + * A long time ago, in a galaxy far far away, AT&T decided that, instead + * of providing separate APIs for getting and setting the FD_ flags on a + * descriptor, getting and setting the O_ flags on a descriptor, and + * locking files, they'd throw them all into a kitchen-sink fcntl() call + * along the lines of ioctl(), the fact that ioctl() operations are + * largely specific to particular character devices but fcntl() operations + * are either generic to all descriptors or generic to all descriptors for + * regular files nonwithstanding. + * + * The Capsicum people decided that fine-grained control of descriptor + * operations was required, so that you need to grant permission for + * reading, writing, seeking, and fcntl-ing. The latter, courtesy of + * AT&T's decision, means that "fcntl-ing" isn't a thing, but a motley + * collection of things, so there are *individual* fcntls for which + * permission needs to be granted. + * + * The FreeBSD standard I/O people implemented some optimizations that + * requires that the standard I/O routines be able to determine whether + * the descriptor for the FILE * is open append-only or not; as that + * descriptor could have come from an open() rather than an fopen(), + * that requires that it be able to do an F_GETFL fcntl() to read + * the O_ flags. + * + * Tcpdump uses ftell() to determine how much data has been written + * to a file in order to, when used with -C, determine when it's time + * to rotate capture files. ftell() therefore needs to do an lseek() + * to find out the file offset and must, thanks to the aforementioned + * optimization, also know whether the descriptor is open append-only + * or not. + * + * The net result of all the above is that we need to grant CAP_SEEK, + * CAP_WRITE, and CAP_FCNTL with the CAP_FCNTL_GETFL subcapability. + * + * Perhaps this is the universe's way of saying that either + * + * 1) there needs to be an fopenat() call and a pcap_dump_openat() call + * using it, so that Capsicum-capable tcpdump wouldn't need to do + * an fdopen() + * + * or + * + * 2) there needs to be a cap_fdopen() call in the FreeBSD standard + * I/O library that knows what rights are needed by the standard + * I/O library, based on the open mode, and assigns them, perhaps + * with an additional argument indicating, for example, whether + * seeking should be allowed, so that tcpdump doesn't need to know + * what the standard I/O library happens to require this week. + */ +static void +set_dumper_capsicum_rights(pcap_dumper_t *p) +{ + int fd = fileno(pcap_dump_file(p)); + cap_rights_t rights; + + cap_rights_init(&rights, CAP_SEEK, CAP_WRITE, CAP_FCNTL); + if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { + error("unable to limit dump descriptor"); + } + if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0 && errno != ENOSYS) { + error("unable to limit dump descriptor fcntls"); + } +} +#endif + int main(int argc, char **argv) { @@ -982,6 +1088,7 @@ gndo->ndo_error=ndo_error; gndo->ndo_warning=ndo_warning; gndo->ndo_snaplen = DEFAULT_SNAPLEN; + gndo->ndo_immediate = 0; cnt = -1; device = NULL; @@ -996,6 +1103,13 @@ else program_name = argv[0]; + /* + * On platforms where the CPU doesn't support unaligned loads, + * force unaligned accesses to abort with SIGBUS, rather than + * being fixed up (slowly) by the OS kernel; on those platforms, + * misaligned accesses are bugs, and we want tcpdump to crash so + * that the bugs are reported. + */ if (abort_on_misalignment(ebuf, sizeof(ebuf)) < 0) error("%s", ebuf); @@ -1004,7 +1118,7 @@ #endif while ( - (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#", longopts, NULL)) != -1) + (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1) switch (op) { case 'a': @@ -1382,6 +1496,12 @@ break; #endif +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + case OPTION_IMMEDIATE_MODE: + gndo->ndo_immediate = 1; + break; +#endif + default: print_usage(); exit(1); @@ -1417,6 +1537,17 @@ if (VFileName != NULL && RFileName != NULL) error("-V and -r are mutually exclusive."); +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + /* + * If we're printing dissected packets to the standard output + * rather than saving raw packets to a file, and the standard + * output is a terminal, use immediate mode, as the user's + * probably expecting to see packets pop up immediately. + */ + if (WFileName == NULL && isatty(1)) + gndo->ndo_immediate = 1; +#endif + #ifdef WITH_CHROOT /* if run as root, prepare for chrooting */ if (getuid() == 0 || geteuid() == 0) { @@ -1542,6 +1673,15 @@ pcap_statustostr(status)); #endif +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + if (gndo->ndo_immediate) { + status = pcap_set_immediate_mode(pd, 1); + if (status != 0) + error("%s: Can't set immediate mode: %s", + device, + pcap_statustostr(status)); + } +#endif /* * Is this an interface that supports monitor mode? */ @@ -1578,7 +1718,7 @@ status = pcap_set_tstamp_type(pd, jflag); if (status < 0) error("%s: Can't set time stamp type: %s", - device, pcap_statustostr(status)); + device, pcap_statustostr(status)); } #endif status = pcap_activate(pd); @@ -1751,27 +1891,28 @@ * savefile doesn't handle the general case. */ -#ifdef HAVE_CAP_NG_H - /* We are running as root and we will be writing to savefile */ - if ((getuid() == 0 || geteuid() == 0) && WFileName) { + if (getuid() == 0 || geteuid() == 0) { +#ifdef HAVE_LIBCAP_NG + /* Initialize capng */ + capng_clear(CAPNG_SELECT_BOTH); if (username) { - /* Drop all capabilities from effective set */ - capng_clear(CAPNG_EFFECTIVE); - /* Add capabilities we will need*/ - capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETUID); - capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_SETGID); - capng_update(CAPNG_ADD, CAPNG_PERMITTED, CAP_DAC_OVERRIDE); - - capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETUID); - capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_SETGID); - capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); - - capng_apply(CAPNG_SELECT_BOTH); + capng_updatev( + CAPNG_ADD, + CAPNG_PERMITTED | CAPNG_EFFECTIVE, + CAP_SETUID, + CAP_SETGID, + -1); } - } -#endif /* HAVE_CAP_NG_H */ - if (getuid() == 0 || geteuid() == 0) { + if (WFileName) { + capng_update( + CAPNG_ADD, + CAPNG_PERMITTED | CAPNG_EFFECTIVE, + CAP_DAC_OVERRIDE + ); + } + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ if (username || chroot_dir) droproot(username, chroot_dir); @@ -1784,7 +1925,12 @@ if (RFileName == NULL && VFileName == NULL) { static const unsigned long cmds[] = { BIOCGSTATS }; - cap_rights_init(&rights, CAP_IOCTL, CAP_READ); + /* + * The various libpcap devices use a combination of + * read (bpf), ioctl (bpf, netmap), poll (netmap). + * Grant the relevant access rights, sorted by name. + */ + cap_rights_init(&rights, CAP_EVENT, CAP_IOCTL, CAP_READ); if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && errno != ENOSYS) { error("unable to limit pcap descriptor"); @@ -1810,18 +1956,23 @@ MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); p = pcap_dump_open(pd, dumpinfo.CurrentFileName); -#ifdef HAVE_CAP_NG_H - /* Give up capabilities, clear Effective set */ - capng_clear(CAPNG_EFFECTIVE); -#endif +#ifdef HAVE_LIBCAP_NG + /* Give up CAP_DAC_OVERRIDE capability. + * Only allow it to be restored if the -C or -G flag have been + * set since we may need to create more files later on. + */ + capng_update( + CAPNG_DROP, + (Cflag || Gflag ? 0 : CAPNG_PERMITTED) + | CAPNG_EFFECTIVE, + CAP_DAC_OVERRIDE + ); + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ if (p == NULL) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM - cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(pcap_dump_file(p)), &rights) < 0 && - errno != ENOSYS) { - error("unable to limit dump descriptor"); - } + set_dumper_capsicum_rights(p); #endif if (Cflag != 0 || Gflag != 0) { #ifdef HAVE_CAPSICUM @@ -1838,6 +1989,10 @@ errno != ENOSYS) { error("unable to limit directory rights"); } + if (cap_fcntls_limit(dumpinfo.dirfd, CAP_FCNTL_GETFL) < 0 && + errno != ENOSYS) { + error("unable to limit dump descriptor fcntls"); + } #else /* !HAVE_CAPSICUM */ dumpinfo.WFileName = WFileName; #endif @@ -2145,9 +2300,6 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { struct dump_info *dump_info; -#ifdef HAVE_CAPSICUM - cap_rights_t rights; -#endif ++packets_captured; @@ -2230,10 +2382,10 @@ else MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, 0, 0); -#ifdef HAVE_CAP_NG_H +#ifdef HAVE_LIBCAP_NG capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); - capng_apply(CAPNG_EFFECTIVE); -#endif /* HAVE_CAP_NG_H */ + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ #ifdef HAVE_CAPSICUM fd = openat(dump_info->dirfd, dump_info->CurrentFileName, @@ -2251,18 +2403,14 @@ #else /* !HAVE_CAPSICUM */ dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif -#ifdef HAVE_CAP_NG_H +#ifdef HAVE_LIBCAP_NG capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); - capng_apply(CAPNG_EFFECTIVE); -#endif /* HAVE_CAP_NG_H */ + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ if (dump_info->p == NULL) error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM - cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), - &rights) < 0 && errno != ENOSYS) { - error("unable to limit dump descriptor"); - } + set_dumper_capsicum_rights(dump_info->p); #endif } } @@ -2272,59 +2420,70 @@ * larger than Cflag - the last packet written to the * file could put it over Cflag. */ - if (Cflag != 0 && pcap_dump_ftell(dump_info->p) > Cflag) { + if (Cflag != 0) { + long size = pcap_dump_ftell(dump_info->p); + + if (size == -1) + error("ftell fails on output file"); + if (size > Cflag) { #ifdef HAVE_CAPSICUM - FILE *fp; - int fd; + FILE *fp; + int fd; #endif - /* - * Close the current file and open a new one. - */ - pcap_dump_close(dump_info->p); + /* + * Close the current file and open a new one. + */ + pcap_dump_close(dump_info->p); - /* - * Compress the file we just closed, if the user asked for it - */ - if (zflag != NULL) - compress_savefile(dump_info->CurrentFileName); + /* + * Compress the file we just closed, if the user + * asked for it. + */ + if (zflag != NULL) + compress_savefile(dump_info->CurrentFileName); - Cflag_count++; - if (Wflag > 0) { - if (Cflag_count >= Wflag) - Cflag_count = 0; - } - if (dump_info->CurrentFileName != NULL) - free(dump_info->CurrentFileName); - dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); - if (dump_info->CurrentFileName == NULL) - error("dump_packet_and_trunc: malloc"); - MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); + Cflag_count++; + if (Wflag > 0) { + if (Cflag_count >= Wflag) + Cflag_count = 0; + } + if (dump_info->CurrentFileName != NULL) + free(dump_info->CurrentFileName); + dump_info->CurrentFileName = (char *)malloc(PATH_MAX + 1); + if (dump_info->CurrentFileName == NULL) + error("dump_packet_and_trunc: malloc"); + MakeFilename(dump_info->CurrentFileName, dump_info->WFileName, Cflag_count, WflagChars); +#ifdef HAVE_LIBCAP_NG + capng_update(CAPNG_ADD, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ #ifdef HAVE_CAPSICUM - fd = openat(dump_info->dirfd, dump_info->CurrentFileName, - O_CREAT | O_WRONLY | O_TRUNC, 0644); - if (fd < 0) { - error("unable to open file %s", - dump_info->CurrentFileName); - } - fp = fdopen(fd, "w"); - if (fp == NULL) { - error("unable to fdopen file %s", - dump_info->CurrentFileName); - } - dump_info->p = pcap_dump_fopen(dump_info->pd, fp); + fd = openat(dump_info->dirfd, dump_info->CurrentFileName, + O_CREAT | O_WRONLY | O_TRUNC, 0644); + if (fd < 0) { + error("unable to open file %s", + dump_info->CurrentFileName); + } + fp = fdopen(fd, "w"); + if (fp == NULL) { + error("unable to fdopen file %s", + dump_info->CurrentFileName); + } + dump_info->p = pcap_dump_fopen(dump_info->pd, fp); #else /* !HAVE_CAPSICUM */ - dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); + dump_info->p = pcap_dump_open(dump_info->pd, dump_info->CurrentFileName); #endif - if (dump_info->p == NULL) - error("%s", pcap_geterr(pd)); +#ifdef HAVE_LIBCAP_NG + capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_DAC_OVERRIDE); + capng_apply(CAPNG_SELECT_BOTH); +#endif /* HAVE_LIBCAP_NG */ + if (dump_info->p == NULL) + error("%s", pcap_geterr(pd)); #ifdef HAVE_CAPSICUM - cap_rights_init(&rights, CAP_SEEK, CAP_WRITE); - if (cap_rights_limit(fileno(pcap_dump_file(dump_info->p)), - &rights) < 0 && errno != ENOSYS) { - error("unable to limit dump descriptor"); - } + set_dumper_capsicum_rights(dump_info->p); #endif + } } pcap_dump((u_char *)dump_info->p, h, sp); @@ -2378,7 +2537,8 @@ /* * Some printers want to check that they're not walking off the * end of the packet. - * Rather than pass it all the way down, we set this global. + * Rather than pass it all the way down, we set this member + * of the netdissect_options structure. */ ndo->ndo_snapend = sp + h->caplen; @@ -2388,6 +2548,11 @@ hdrlen = (*print_info->p.printer)(h, sp); } + /* + * Restore the original snapend, as a printer might have + * changed it. + */ + ndo->ndo_snapend = sp + h->caplen; if (ndo->ndo_Xflag) { /* * Print the raw packet data in hex and ASCII. @@ -2486,7 +2651,7 @@ static void ndo_default_print(netdissect_options *ndo, const u_char *bp, u_int length) { - hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and identation string */ + hex_and_ascii_print(ndo, "\n\t", bp, length); /* pass on lf and indentation string */ } void @@ -2589,6 +2754,9 @@ (void)fprintf(stderr, "\t\t"); #endif +#ifdef HAVE_PCAP_SET_IMMEDIATE_MODE + (void)fprintf(stderr, "[ --immediate-mode ] "); +#endif (void)fprintf(stderr, "[ -T type ] [ --version ] [ -V file ]\n"); (void)fprintf(stderr, "\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ]\n"); Index: head/contrib/tcpdump/udp.h =================================================================== --- head/contrib/tcpdump/udp.h +++ head/contrib/tcpdump/udp.h @@ -44,6 +44,8 @@ uint16_t uh_sum; /* udp checksum */ }; +#define BOOTPS_PORT 67 /* RFC951 */ +#define BOOTPC_PORT 68 /* RFC951 */ #define TFTP_PORT 69 /*XXX*/ #define KERBEROS_PORT 88 /*XXX*/ #define SUNRPC_PORT 111 /*XXX*/ @@ -72,6 +74,7 @@ #define RADIUS_NEW_PORT 1812 #define RADIUS_ACCOUNTING_PORT 1646 #define RADIUS_NEW_ACCOUNTING_PORT 1813 +#define RADIUS_COA_PORT 3799 #define HSRP_PORT 1985 /*XXX*/ #define LMP_PORT 701 /* rfc4204 */ #define LWRES_PORT 921 @@ -84,16 +87,17 @@ #define BFD_ECHO_PORT 3785 /* draft-katz-ward-bfd-v4v6-1hop-00.txt */ #define WB_PORT 4567 #define SFLOW_PORT 6343 /* http://www.sflow.org/developers/specifications.php */ -#define LWAPP_DATA_PORT 12222 /* draft-ohara-capwap-lwapp-04.txt */ -#define LWAPP_CONTROL_PORT 12223 /* draft-ohara-capwap-lwapp-04.txt */ +#define LWAPP_DATA_PORT 12222 /* RFC 5412 */ +#define LWAPP_CONTROL_PORT 12223 /* RFC 5412 */ #define OTV_PORT 8472 /* draft-hasmit-otv-04 */ -#define VXLAN_PORT 4789 /* draft-mahalingam-dutt-dcops-vxlan-04 */ +#define VXLAN_PORT 4789 /* RFC 7348 */ +#define GENEVE_PORT 6081 /* draft-gross-geneve-02 */ #ifdef INET6 -#define RIPNG_PORT 521 /*XXX*/ +#define RIPNG_PORT 521 /* RFC 2080 */ #define DHCP6_SERV_PORT 546 /*XXX*/ #define DHCP6_CLI_PORT 547 /*XXX*/ #define AHCP_PORT 5359 /* draft-chroboczek-ahcp-00 */ -#define BABEL_PORT 6696 -#define BABEL_PORT_OLD 6697 +#define BABEL_PORT 6696 /* RFC 6126 errata */ +#define BABEL_PORT_OLD 6697 /* RFC 6126 */ #endif Index: head/contrib/tcpdump/util.c =================================================================== --- head/contrib/tcpdump/util.c +++ head/contrib/tcpdump/util.c @@ -19,6 +19,22 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ +/* + * txtproto_print() derived from original code by Hannes Gredler + * (hannes@juniper.net): + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code + * distributions retain the above copyright notice and this paragraph + * in its entirety, and (2) distributions including binary code include + * the above copyright notice and this paragraph in its entirety in + * the documentation or other materials provided with the distribution. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND + * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT + * LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE. + */ + #define NETDISSECT_REWORKED #ifdef HAVE_CONFIG_H #include "config.h" @@ -135,7 +151,11 @@ * Format the timestamp */ static char * -ts_format(netdissect_options *ndo, int sec, int usec) +ts_format(netdissect_options *ndo +#ifndef HAVE_PCAP_SET_TSTAMP_PRECISION +_U_ +#endif +, int sec, int usec) { static char buf[sizeof("00:00:00.000000000")]; const char *format; @@ -317,7 +337,7 @@ */ const char * tok2str(register const struct tok *lp, register const char *fmt, - register int v) + register u_int v) { static char buf[4][128]; static int idx = 0; @@ -335,12 +355,12 @@ */ static char * bittok2str_internal(register const struct tok *lp, register const char *fmt, - register int v, register int sep) + register u_int v, const char *sep) { static char buf[256]; /* our stringbuffer */ int buflen=0; - register int rotbit; /* this is the bit we rotate through all bitpositions */ - register int tokval; + register u_int rotbit; /* this is the bit we rotate through all bitpositions */ + register u_int tokval; const char * sepstr = ""; while (lp != NULL && lp->s != NULL) { @@ -355,7 +375,7 @@ /* ok we have found something */ buflen+=snprintf(buf+buflen, sizeof(buf)-buflen, "%s%s", sepstr, lp->s); - sepstr = sep ? ", " : ""; + sepstr = sep; break; } rotbit=rotbit<<1; /* no match - lets shift and try again */ @@ -365,7 +385,7 @@ if (buflen == 0) /* bummer - lets print the "unknown" message as advised in the fmt string if we got one */ - (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%d" : fmt, v); + (void)snprintf(buf, sizeof(buf), fmt == NULL ? "#%08x" : fmt, v); return (buf); } @@ -375,9 +395,9 @@ */ char * bittok2str_nosep(register const struct tok *lp, register const char *fmt, - register int v) + register u_int v) { - return (bittok2str_internal(lp, fmt, v, 0)); + return (bittok2str_internal(lp, fmt, v, "")); } /* @@ -386,9 +406,9 @@ */ char * bittok2str(register const struct tok *lp, register const char *fmt, - register int v) + register u_int v) { - return (bittok2str_internal(lp, fmt, v, 1)); + return (bittok2str_internal(lp, fmt, v, ", ")); } /* @@ -471,6 +491,249 @@ } #endif /* INET6 */ +/* + * Routine to print out information for text-based protocols such as FTP, + * HTTP, SMTP, RTSP, SIP, .... + */ +#define MAX_TOKEN 128 + +/* + * Fetch a token from a packet, starting at the specified index, + * and return the length of the token. + * + * Returns 0 on error; yes, this is indistinguishable from an empty + * token, but an "empty token" isn't a valid token - it just means + * either a space character at the beginning of the line (this + * includes a blank line) or no more tokens remaining on the line. + */ +static int +fetch_token(netdissect_options *ndo, const u_char *pptr, u_int idx, u_int len, + u_char *tbuf, size_t tbuflen) +{ + size_t toklen = 0; + + for (; idx < len; idx++) { + if (!ND_TTEST(*(pptr + idx))) { + /* ran past end of captured data */ + return (0); + } + if (!isascii(*(pptr + idx))) { + /* not an ASCII character */ + return (0); + } + if (isspace(*(pptr + idx))) { + /* end of token */ + break; + } + if (!isprint(*(pptr + idx))) { + /* not part of a command token or response code */ + return (0); + } + if (toklen + 2 > tbuflen) { + /* no room for this character and terminating '\0' */ + return (0); + } + tbuf[toklen] = *(pptr + idx); + toklen++; + } + if (toklen == 0) { + /* no token */ + return (0); + } + tbuf[toklen] = '\0'; + + /* + * Skip past any white space after the token, until we see + * an end-of-line (CR or LF). + */ + for (; idx < len; idx++) { + if (!ND_TTEST(*(pptr + idx))) { + /* ran past end of captured data */ + break; + } + if (*(pptr + idx) == '\r' || *(pptr + idx) == '\n') { + /* end of line */ + break; + } + if (!isascii(*(pptr + idx)) || !isprint(*(pptr + idx))) { + /* not a printable ASCII character */ + break; + } + if (!isspace(*(pptr + idx))) { + /* beginning of next token */ + break; + } + } + return (idx); +} + +/* + * Scan a buffer looking for a line ending - LF or CR-LF. + * Return the index of the character after the line ending or 0 if + * we encounter a non-ASCII or non-printable character or don't find + * the line ending. + */ +static u_int +print_txt_line(netdissect_options *ndo, const char *protoname, + const char *prefix, const u_char *pptr, u_int idx, u_int len) +{ + u_int startidx; + u_int linelen; + + startidx = idx; + while (idx < len) { + ND_TCHECK(*(pptr+idx)); + if (*(pptr+idx) == '\n') { + /* + * LF without CR; end of line. + * Skip the LF and print the line, with the + * exception of the LF. + */ + linelen = idx - startidx; + idx++; + goto print; + } else if (*(pptr+idx) == '\r') { + /* CR - any LF? */ + if ((idx+1) >= len) { + /* not in this packet */ + return (0); + } + ND_TCHECK(*(pptr+idx+1)); + if (*(pptr+idx+1) == '\n') { + /* + * CR-LF; end of line. + * Skip the CR-LF and print the line, with + * the exception of the CR-LF. + */ + linelen = idx - startidx; + idx += 2; + goto print; + } + + /* + * CR followed by something else; treat this + * as if it were binary data, and don't print + * it. + */ + return (0); + } else if (!isascii(*(pptr+idx)) || + (!isprint(*(pptr+idx)) && *(pptr+idx) != '\t')) { + /* + * Not a printable ASCII character and not a tab; + * treat this as if it were binary data, and + * don't print it. + */ + return (0); + } + idx++; + } + + /* + * All printable ASCII, but no line ending after that point + * in the buffer; treat this as if it were truncated. + */ +trunc: + linelen = idx - startidx; + ND_PRINT((ndo, "%s%.*s[!%s]", prefix, (int)linelen, pptr + startidx, + protoname)); + return (0); + +print: + ND_PRINT((ndo, "%s%.*s", prefix, (int)linelen, pptr + startidx)); + return (idx); +} + +void +txtproto_print(netdissect_options *ndo, const u_char *pptr, u_int len, + const char *protoname, const char **cmds, u_int flags) +{ + u_int idx, eol; + u_char token[MAX_TOKEN+1]; + const char *cmd; + int is_reqresp = 0; + const char *pnp; + + if (cmds != NULL) { + /* + * This protocol has more than just request and + * response lines; see whether this looks like a + * request or response. + */ + idx = fetch_token(ndo, pptr, 0, len, token, sizeof(token)); + if (idx != 0) { + /* Is this a valid request name? */ + while ((cmd = *cmds++) != NULL) { + if (strcasecmp((const char *)token, cmd) == 0) { + /* Yes. */ + is_reqresp = 1; + break; + } + } + + /* + * No - is this a valid response code (3 digits)? + * + * Is this token the response code, or is the next + * token the response code? + */ + if (flags & RESP_CODE_SECOND_TOKEN) { + /* + * Next token - get it. + */ + idx = fetch_token(ndo, pptr, idx, len, token, + sizeof(token)); + } + if (idx != 0) { + if (isdigit(token[0]) && isdigit(token[1]) && + isdigit(token[2]) && token[3] == '\0') { + /* Yes. */ + is_reqresp = 1; + } + } + } + } else { + /* + * This protocol has only request and response lines + * (e.g., FTP, where all the data goes over a + * different connection); assume the payload is + * a request or response. + */ + is_reqresp = 1; + } + + /* Capitalize the protocol name */ + for (pnp = protoname; *pnp != '\0'; pnp++) + ND_PRINT((ndo, "%c", toupper(*pnp))); + + if (is_reqresp) { + /* + * In non-verbose mode, just print the protocol, followed + * by the first line as the request or response info. + * + * In verbose mode, print lines as text until we run out + * of characters or see something that's not a + * printable-ASCII line. + */ + if (ndo->ndo_vflag) { + /* + * We're going to print all the text lines in the + * request or response; just print the length + * on the first line of the output. + */ + ND_PRINT((ndo, ", length: %u", len)); + for (idx = 0; + idx < len && (eol = print_txt_line(ndo, protoname, "\n\t", pptr, idx, len)) != 0; + idx = eol) + ; + } else { + /* + * Just print the first text line. + */ + print_txt_line(ndo, protoname, ": ", pptr, 0, len); + } + } +} + /* VARARGS */ void error(const char *fmt, ...) Index: head/usr.sbin/tcpdump/tcpdump/Makefile =================================================================== --- head/usr.sbin/tcpdump/tcpdump/Makefile +++ head/usr.sbin/tcpdump/tcpdump/Makefile @@ -58,13 +58,17 @@ print-fddi.c \ print-forces.c \ print-fr.c \ + print-ftp.c \ + print-geneve.c \ print-geonet.c \ print-gre.c \ print-hsrp.c \ + print-http.c \ print-icmp.c \ print-igmp.c \ print-igrp.c \ print-ip.c \ + print-ip6.c \ print-ipcomp.c \ print-ipfc.c \ print-ipnet.c \ @@ -111,6 +115,7 @@ print-rpki-rtr.c \ print-rrcp.c \ print-rsvp.c \ + print-rtsp.c \ print-rx.c \ print-sctp.c \ print-sflow.c \ @@ -119,6 +124,7 @@ print-sll.c \ print-slow.c \ print-smb.c \ + print-smtp.c \ print-snmp.c \ print-stp.c \ print-sunatm.c \ @@ -158,7 +164,6 @@ print-dhcp6.c \ print-frag6.c \ print-icmp6.c \ - print-ip6.c \ print-ip6opts.c \ print-mobility.c \ print-ospf6.c \ Index: head/usr.sbin/tcpdump/tcpdump/config.h =================================================================== --- head/usr.sbin/tcpdump/tcpdump/config.h +++ head/usr.sbin/tcpdump/tcpdump/config.h @@ -23,8 +23,8 @@ /* Define to 1 if you have the `cap_ioctls_limit' function. */ #define HAVE_CAP_IOCTLS_LIMIT 1 -/* Define to 1 if you have the `cap_rights_init' function. */ -/* #undef HAVE_CAP_RIGHTS_INIT */ +/* Define to 1 if you have the header file. */ +/* #undef HAVE_CAP_NG_H */ /* Define to 1 if you have the `cap_rights_limit' function. */ #define HAVE_CAP_RIGHTS_LIMIT 1 @@ -60,6 +60,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_INTTYPES_H 1 +/* Define to 1 if you have the `cap-ng' library (-lcap-ng). */ +/* #undef HAVE_LIBCAP_NG */ + /* Define to 1 if you have the `crypto' library (-lcrypto). */ /* See Makefile */ /* #undef HAVE_LIBCRYPTO */ @@ -144,6 +147,9 @@ /* Define to 1 if you have the `pcap_set_datalink' function. */ #define HAVE_PCAP_SET_DATALINK 1 +/* Define to 1 if you have the `pcap_set_immediate_mode' function. */ +#define HAVE_PCAP_SET_IMMEDIATE_MODE 1 + /* Define to 1 if you have the `pcap_set_tstamp_precision' function. */ #define HAVE_PCAP_SET_TSTAMP_PRECISION 1 @@ -219,6 +225,9 @@ /* Define to 1 if you have the header file. */ #define HAVE_SYS_TYPES_H 1 +/* Define to 1 if the system has the type `uintptr_t'. */ +#define HAVE_UINTPTR_T 1 + /* Define to 1 if you have the header file. */ #define HAVE_UNISTD_H 1 @@ -391,3 +400,7 @@ /* Define to the type of an unsigned integer type of width exactly 8 bits if such a type exists and the standard includes do not define it. */ /* #undef uint8_t */ + +/* Define to the type of an unsigned integer type wide enough to hold a + pointer, if such a type exists, and if the system does not define it. */ +/* #undef uintptr_t */ Index: head/usr.sbin/tcpdump/tcpdump/tcpdump.1 =================================================================== --- head/usr.sbin/tcpdump/tcpdump/tcpdump.1 +++ head/usr.sbin/tcpdump/tcpdump/tcpdump.1 @@ -129,6 +129,10 @@ [ .BI \-\-time\-stamp\-precision= tstamp_precision ] +.ti +8 +[ +.B \-\-immediate\-mode +] [ .B \-\-version ] @@ -141,7 +145,9 @@ .SH DESCRIPTION .LP \fITcpdump\fP prints out a description of the contents of packets on a -network interface that match the boolean \fIexpression\fP. It can also +network interface that match the boolean \fIexpression\fP; the +description is preceded by a time stamp, printed, by default, as hours, +minutes, seconds, and fractions of a second since midnight. It can also be run with the .B \-w flag, which causes it to save the packet data to a file for later @@ -205,7 +211,9 @@ platforms, such as Mac OS X, the ``status'' character is not set by default, so you must set it with .BR stty (1) -in order to use it) and will continue capturing packets. +in order to use it) and will continue capturing packets. On platforms that +do not support the SIGINFO signal, the same can be achieved by using the +SIGUSR1 signal. .LP Reading packets from a network interface may require that you have special privileges; see the @@ -420,6 +428,13 @@ is specified, only those link-layer types available when in monitor mode will be shown. .TP +.BI \-\-immediate\-mode +Capture in "immediate mode". In this mode, packets are delivered to +tcpdump as soon as they arrive, rather than being buffered for +efficiency. This is the default when printing packets rather than +saving packets to a ``savefile'' if the packets are being printed to a +terminal rather than to a file or pipe. +.TP .BI \-j " tstamp_type" .PD 0 .TP @@ -656,14 +671,16 @@ \fIDon't\fP print a timestamp on each dump line. .TP .B \-tt -Print an unformatted timestamp on each dump line. +Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and +fractions of a second since that time, on each dump line. .TP .B \-ttt Print a delta (micro-second resolution) between current and previous line on each dump line. .TP .B \-tttt -Print a timestamp in default format proceeded by date on each dump line. +Print a timestamp, as hours, minutes, seconds, and fractions of a second +since midnight, preceded by the date, on each dump line. .TP .B \-ttttt Print a delta (micro-second resolution) between current and first line