D12405.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D12405.diff
View Options

	Index: contrib/tcpdump/addrtoname.c
	===================================================================
	--- contrib/tcpdump/addrtoname.c
	+++ contrib/tcpdump/addrtoname.c
	@@ -26,6 +26,11 @@
	#include "config.h"
	#endif

	+#ifdef HAVE_CASPER
	+#include <libcasper.h>
	+#include <casper/cap_dns.h>
	+#endif /* HAVE_CASPER */
	+
	#include <netdissect-stdinc.h>

	#ifdef USE_ETHER_NTOHOST
	@@ -207,6 +212,9 @@

	static uint32_t f_netmask;
	static uint32_t f_localnet;
	+#ifdef HAVE_CASPER
	+extern cap_channel_t *capdns;
	+#endif

	/*
	* Return a name for the IP address pointed to by ap. This address
	@@ -252,7 +260,13 @@
	*/
	if (!ndo->ndo_nflag &&
	(addr & f_netmask) == f_localnet) {
	- hp = gethostbyaddr((char *)&addr, 4, AF_INET);
	+#ifdef HAVE_CASPER
	+ if (capdns != NULL) {
	+ hp = cap_gethostbyaddr(capdns, (char *)&addr, 4,
	+ AF_INET);
	+ } else
	+#endif
	+ hp = gethostbyaddr((char *)&addr, 4, AF_INET);
	if (hp) {
	char *dotp;

	@@ -307,7 +321,14 @@
	* Do not print names if -n was given.
	*/
	if (!ndo->ndo_nflag) {
	- hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
	+#ifdef HAVE_CASPER
	+ if (capdns != NULL) {
	+ hp = cap_gethostbyaddr(capdns, (char *)&addr,
	+ sizeof(addr), AF_INET6);
	+ } else
	+#endif
	+ hp = gethostbyaddr((char *)&addr, sizeof(addr),
	+ AF_INET6);
	if (hp) {
	char *dotp;

	Index: contrib/tcpdump/ipproto.c
	===================================================================
	--- contrib/tcpdump/ipproto.c
	+++ contrib/tcpdump/ipproto.c
	@@ -51,6 +51,7 @@
	{ IPPROTO_SCTP, "SCTP" },
	{ IPPROTO_MOBILITY, "Mobility" },
	{ IPPROTO_CARP, "CARP" },
	+ { IPPROTO_PFSYNC, "pfsync" },
	{ 0, NULL }
	};

	Index: contrib/tcpdump/netdissect.h
	===================================================================
	--- contrib/tcpdump/netdissect.h
	+++ contrib/tcpdump/netdissect.h
	@@ -569,6 +569,7 @@
	extern int ospf_print_grace_lsa(netdissect_options , const uint8_t , u_int);
	extern int ospf_print_te_lsa(netdissect_options , const uint8_t , u_int);
	extern void otv_print(netdissect_options , const u_char , u_int);
	+extern void pfsync_ip_print(netdissect_options , const u_char , u_int);
	extern void pgm_print(netdissect_options , const u_char , u_int, const u_char *);
	extern void pim_print(netdissect_options , const u_char , u_int, const u_char *);
	extern void pimv1_print(netdissect_options , const u_char , u_int);
	Index: contrib/tcpdump/print-esp.c
	===================================================================
	--- contrib/tcpdump/print-esp.c
	+++ contrib/tcpdump/print-esp.c
	@@ -246,7 +246,7 @@
	* XXX - of course this is wrong, because buf is a const buffer,
	* but changing this would require a more complicated fix.
	*/
	- memcpy(buf, output_buffer, len);
	+ memcpy(__DECONST(u_char *, buf), output_buffer, len);
	free(output_buffer);

	ndo->ndo_packetp = buf;
	@@ -798,7 +798,7 @@
	* const buffer, but changing this would require a
	* more complicated fix.
	*/
	- memcpy(p + ivlen, output_buffer, len);
	+ memcpy(__DECONST(u_char *, p + ivlen), output_buffer, len);
	free(output_buffer);
	advance = ivoff - (const u_char *)esp + ivlen;
	} else
	Index: contrib/tcpdump/print-ip.c
	===================================================================
	--- contrib/tcpdump/print-ip.c
	+++ contrib/tcpdump/print-ip.c
	@@ -498,6 +498,12 @@
	pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
	break;

	+#if defined(HAVE_NET_PFVAR_H)
	+ case IPPROTO_PFSYNC:
	+ pfsync_ip_print(ndo, ipds->cp, ipds->len);
	+ break;
	+#endif
	+
	default:
	if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
	ND_PRINT((ndo, " %s", p_name));
	Index: contrib/tcpdump/tcpdump.c
	===================================================================
	--- contrib/tcpdump/tcpdump.c
	+++ contrib/tcpdump/tcpdump.c
	@@ -76,10 +76,16 @@
	* in the opposite order works fine.
	*/
	#ifdef HAVE_CAPSICUM
	-#include <sys/capability.h>
	+#include <sys/capsicum.h>
	+#include <sys/sysctl.h>
	+#include <sys/nv.h>
	#include <sys/ioccom.h>
	#include <net/bpf.h>
	#include <libgen.h>
	+#ifdef HAVE_CASPER
	+#include <libcasper.h>
	+#include <casper/cap_dns.h>
	+#endif /* HAVE_CASPER */
	#endif /* HAVE_CAPSICUM */
	#include <pcap.h>
	#include <signal.h>
	@@ -170,6 +176,10 @@

	char *program_name;

	+#ifdef HAVE_CASPER
	+cap_channel_t *capdns;
	+#endif
	+
	/* Forwards */
	static void error(FORMAT_STRING(const char *), ...) NORETURN PRINTFLIKE(1, 2);
	static void warning(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2);
	@@ -711,6 +721,35 @@
	return ret;
	}

	+#ifdef HAVE_CASPER
	+static cap_channel_t *
	+capdns_setup(void)
	+{
	+ cap_channel_t capcas, capdnsloc;
	+ const char *types[1];
	+ int families[2];
	+
	+ capcas = cap_init();
	+ if (capcas == NULL)
	+ error("unable to create casper process");
	+ capdnsloc = cap_service_open(capcas, "system.dns");
	+ /* Casper capability no longer needed. */
	+ cap_close(capcas);
	+ if (capdnsloc == NULL)
	+ error("unable to open system.dns service");
	+ /* Limit system.dns to reverse DNS lookups. */
	+ types[0] = "ADDR";
	+ if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
	+ error("unable to limit access to system.dns service");
	+ families[0] = AF_INET;
	+ families[1] = AF_INET6;
	+ if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
	+ error("unable to limit access to system.dns service");
	+
	+ return (capdnsloc);
	+}
	+#endif /* HAVE_CASPER */
	+
	#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
	static int
	tstamp_precision_from_string(const char *precision)
	@@ -1044,6 +1083,26 @@
	} else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0')
	error("%s: %s\n(%s)", device,
	pcap_statustostr(status), cp);
	+#ifdef __FreeBSD__
	+ else if (status == PCAP_ERROR_RFMON_NOTSUP &&
	+ strncmp(device, "wlan", 4) == 0) {
	+ char parent[8], newdev[8];
	+ char sysctl[32];
	+ size_t s = sizeof(parent);
	+
	+ snprintf(sysctl, sizeof(sysctl),
	+ "net.wlan.%d.%%parent", atoi(device + 4));
	+ sysctlbyname(sysctl, parent, &s, NULL, 0);
	+ strlcpy(newdev, device, sizeof(newdev));
	+ /* Suggest a new wlan device. */
	+ newdev[strlen(newdev)-1]++;
	+ error("%s is not a monitor mode VAP\n"
	+ "To create a new monitor mode VAP use:\n"
	+ " ifconfig %s create wlandev %s wlanmode monitor\n"
	+ "and use %s as the tcpdump interface",
	+ device, newdev, parent, newdev);
	+ }
	+#endif
	else
	error("%s: %s", device,
	pcap_statustostr(status));
	@@ -1770,6 +1829,12 @@
	pcap_freecode(&fcode);
	exit_tcpdump(0);
	}
	+
	+#ifdef HAVE_CASPER
	+ if (!ndo->ndo_nflag)
	+ capdns = capdns_setup();
	+#endif /* HAVE_CASPER */
	+
	init_print(ndo, localnet, netmask, timezone_offset);

	#ifndef _WIN32
	@@ -1991,7 +2056,12 @@
	}

	#ifdef HAVE_CAPSICUM
	- cansandbox = (ndo->ndo_nflag && VFileName == NULL && zflag == NULL);
	+ cansandbox = (VFileName == NULL && zflag == NULL);
	+#ifdef HAVE_CASPER
	+ cansandbox = (cansandbox && (ndo->ndo_nflag \|\| capdns != NULL));
	+#else
	+ cansandbox = (cansandbox && ndo->ndo_nflag);
	+#endif /* HAVE_CASPER */
	if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
	error("unable to enter the capability mode");
	#endif /* HAVE_CAPSICUM */

File Metadata

Mime Type: text/plain
Expires: Tue, Apr 21, 3:05 AM (8 h, 40 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31883384
Default Alt Text: D12405.diff (7 KB)

D12405.diffNo OneTemporaryActions

D12405.diffView Options

File Metadata

Event Timeline

D12405.diff
No OneTemporary
Actions

D12405.diff
View Options