Page MenuHomeFreeBSD

D12405.diff
No OneTemporary

D12405.diff

Index: contrib/tcpdump/addrtoname.c
===================================================================
--- contrib/tcpdump/addrtoname.c
+++ contrib/tcpdump/addrtoname.c
@@ -26,6 +26,11 @@
#include "config.h"
#endif
+#ifdef HAVE_CASPER
+#include <libcasper.h>
+#include <casper/cap_dns.h>
+#endif /* HAVE_CASPER */
+
#include <netdissect-stdinc.h>
#ifdef USE_ETHER_NTOHOST
@@ -207,6 +212,9 @@
static uint32_t f_netmask;
static uint32_t f_localnet;
+#ifdef HAVE_CASPER
+extern cap_channel_t *capdns;
+#endif
/*
* Return a name for the IP address pointed to by ap. This address
@@ -252,7 +260,13 @@
*/
if (!ndo->ndo_nflag &&
(addr & f_netmask) == f_localnet) {
- hp = gethostbyaddr((char *)&addr, 4, AF_INET);
+#ifdef HAVE_CASPER
+ if (capdns != NULL) {
+ hp = cap_gethostbyaddr(capdns, (char *)&addr, 4,
+ AF_INET);
+ } else
+#endif
+ hp = gethostbyaddr((char *)&addr, 4, AF_INET);
if (hp) {
char *dotp;
@@ -307,7 +321,14 @@
* Do not print names if -n was given.
*/
if (!ndo->ndo_nflag) {
- hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
+#ifdef HAVE_CASPER
+ if (capdns != NULL) {
+ hp = cap_gethostbyaddr(capdns, (char *)&addr,
+ sizeof(addr), AF_INET6);
+ } else
+#endif
+ hp = gethostbyaddr((char *)&addr, sizeof(addr),
+ AF_INET6);
if (hp) {
char *dotp;
Index: contrib/tcpdump/ipproto.c
===================================================================
--- contrib/tcpdump/ipproto.c
+++ contrib/tcpdump/ipproto.c
@@ -51,6 +51,7 @@
{ IPPROTO_SCTP, "SCTP" },
{ IPPROTO_MOBILITY, "Mobility" },
{ IPPROTO_CARP, "CARP" },
+ { IPPROTO_PFSYNC, "pfsync" },
{ 0, NULL }
};
Index: contrib/tcpdump/netdissect.h
===================================================================
--- contrib/tcpdump/netdissect.h
+++ contrib/tcpdump/netdissect.h
@@ -569,6 +569,7 @@
extern int ospf_print_grace_lsa(netdissect_options *, const uint8_t *, u_int);
extern int ospf_print_te_lsa(netdissect_options *, const uint8_t *, u_int);
extern void otv_print(netdissect_options *, const u_char *, u_int);
+extern void pfsync_ip_print(netdissect_options *, const u_char *, u_int);
extern void pgm_print(netdissect_options *, const u_char *, u_int, const u_char *);
extern void pim_print(netdissect_options *, const u_char *, u_int, const u_char *);
extern void pimv1_print(netdissect_options *, const u_char *, u_int);
Index: contrib/tcpdump/print-esp.c
===================================================================
--- contrib/tcpdump/print-esp.c
+++ contrib/tcpdump/print-esp.c
@@ -246,7 +246,7 @@
* XXX - of course this is wrong, because buf is a const buffer,
* but changing this would require a more complicated fix.
*/
- memcpy(buf, output_buffer, len);
+ memcpy(__DECONST(u_char *, buf), output_buffer, len);
free(output_buffer);
ndo->ndo_packetp = buf;
@@ -798,7 +798,7 @@
* const buffer, but changing this would require a
* more complicated fix.
*/
- memcpy(p + ivlen, output_buffer, len);
+ memcpy(__DECONST(u_char *, p + ivlen), output_buffer, len);
free(output_buffer);
advance = ivoff - (const u_char *)esp + ivlen;
} else
Index: contrib/tcpdump/print-ip.c
===================================================================
--- contrib/tcpdump/print-ip.c
+++ contrib/tcpdump/print-ip.c
@@ -498,6 +498,12 @@
pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
break;
+#if defined(HAVE_NET_PFVAR_H)
+ case IPPROTO_PFSYNC:
+ pfsync_ip_print(ndo, ipds->cp, ipds->len);
+ break;
+#endif
+
default:
if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
ND_PRINT((ndo, " %s", p_name));
Index: contrib/tcpdump/tcpdump.c
===================================================================
--- contrib/tcpdump/tcpdump.c
+++ contrib/tcpdump/tcpdump.c
@@ -76,10 +76,16 @@
* in the opposite order works fine.
*/
#ifdef HAVE_CAPSICUM
-#include <sys/capability.h>
+#include <sys/capsicum.h>
+#include <sys/sysctl.h>
+#include <sys/nv.h>
#include <sys/ioccom.h>
#include <net/bpf.h>
#include <libgen.h>
+#ifdef HAVE_CASPER
+#include <libcasper.h>
+#include <casper/cap_dns.h>
+#endif /* HAVE_CASPER */
#endif /* HAVE_CAPSICUM */
#include <pcap.h>
#include <signal.h>
@@ -170,6 +176,10 @@
char *program_name;
+#ifdef HAVE_CASPER
+cap_channel_t *capdns;
+#endif
+
/* Forwards */
static void error(FORMAT_STRING(const char *), ...) NORETURN PRINTFLIKE(1, 2);
static void warning(FORMAT_STRING(const char *), ...) PRINTFLIKE(1, 2);
@@ -711,6 +721,35 @@
return ret;
}
+#ifdef HAVE_CASPER
+static cap_channel_t *
+capdns_setup(void)
+{
+ cap_channel_t *capcas, *capdnsloc;
+ const char *types[1];
+ int families[2];
+
+ capcas = cap_init();
+ if (capcas == NULL)
+ error("unable to create casper process");
+ capdnsloc = cap_service_open(capcas, "system.dns");
+ /* Casper capability no longer needed. */
+ cap_close(capcas);
+ if (capdnsloc == NULL)
+ error("unable to open system.dns service");
+ /* Limit system.dns to reverse DNS lookups. */
+ types[0] = "ADDR";
+ if (cap_dns_type_limit(capdnsloc, types, 1) < 0)
+ error("unable to limit access to system.dns service");
+ families[0] = AF_INET;
+ families[1] = AF_INET6;
+ if (cap_dns_family_limit(capdnsloc, families, 2) < 0)
+ error("unable to limit access to system.dns service");
+
+ return (capdnsloc);
+}
+#endif /* HAVE_CASPER */
+
#ifdef HAVE_PCAP_SET_TSTAMP_PRECISION
static int
tstamp_precision_from_string(const char *precision)
@@ -1044,6 +1083,26 @@
} else if (status == PCAP_ERROR_PERM_DENIED && *cp != '\0')
error("%s: %s\n(%s)", device,
pcap_statustostr(status), cp);
+#ifdef __FreeBSD__
+ else if (status == PCAP_ERROR_RFMON_NOTSUP &&
+ strncmp(device, "wlan", 4) == 0) {
+ char parent[8], newdev[8];
+ char sysctl[32];
+ size_t s = sizeof(parent);
+
+ snprintf(sysctl, sizeof(sysctl),
+ "net.wlan.%d.%%parent", atoi(device + 4));
+ sysctlbyname(sysctl, parent, &s, NULL, 0);
+ strlcpy(newdev, device, sizeof(newdev));
+ /* Suggest a new wlan device. */
+ newdev[strlen(newdev)-1]++;
+ error("%s is not a monitor mode VAP\n"
+ "To create a new monitor mode VAP use:\n"
+ " ifconfig %s create wlandev %s wlanmode monitor\n"
+ "and use %s as the tcpdump interface",
+ device, newdev, parent, newdev);
+ }
+#endif
else
error("%s: %s", device,
pcap_statustostr(status));
@@ -1770,6 +1829,12 @@
pcap_freecode(&fcode);
exit_tcpdump(0);
}
+
+#ifdef HAVE_CASPER
+ if (!ndo->ndo_nflag)
+ capdns = capdns_setup();
+#endif /* HAVE_CASPER */
+
init_print(ndo, localnet, netmask, timezone_offset);
#ifndef _WIN32
@@ -1991,7 +2056,12 @@
}
#ifdef HAVE_CAPSICUM
- cansandbox = (ndo->ndo_nflag && VFileName == NULL && zflag == NULL);
+ cansandbox = (VFileName == NULL && zflag == NULL);
+#ifdef HAVE_CASPER
+ cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL));
+#else
+ cansandbox = (cansandbox && ndo->ndo_nflag);
+#endif /* HAVE_CASPER */
if (cansandbox && cap_enter() < 0 && errno != ENOSYS)
error("unable to enter the capability mode");
#endif /* HAVE_CAPSICUM */

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 21, 3:05 AM (8 h, 40 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31883384
Default Alt Text
D12405.diff (7 KB)

Event Timeline