Upgrade to tcpdump 4.9.0.
From CHANGES:
Wednesday January 18, 2017 devel.fx.lebail@orange.fr
Summary for 4.9.0 tcpdump release
General updates:
Improve separation frontend/backend (tcpdump/libnetdissect)
Don't require IPv6 library support in order to support IPv6 addresses
Introduce data types to use for integral values in packet structures
Fix display of timestamps with -tt, -ttt and -ttttt options
Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
(More information in the log with CVE-2016-* and CVE-2017-*)
Change the way protocols print link-layer addresses (Fix heap overflows
in CALM-FAST and GeoNetworking printers)
Pass correct caplen value to ether_print() and some other functions
Fix lookup_nsap() to match what isonsap_string() expects
Clean up relative time stamp printing (Fix an array overflow)
Fix some alignment issues with GCC on Solaris 10 SPARC
Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
Add a fn_printztn() which returns the number of bytes processed
Add nd_init() and nd_cleanup() functions. Improve libsmi support
Add CONTRIBUTING file
Add a summary comment in all printers
Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
Fix some leaks found by Valgrind/Memcheck
Fix a bunch of de-constifications
Squelch some Coverity warnings and some compiler warnings
Update Coverity and Travis-CI setup
Update Visual Studio files
Frontend:
Fix capsicum support to work with zerocopy buffers in bpf
Try opening interfaces by name first, then by name-as-index
Work around pcap_create() failures fetching time stamp type lists
Fix a segmentation fault with 'tcpdump -J'
Improve addrtostr6() bounds checking
Add exit_tcpdump() function
Don't drop CAP_SYS_CHROOT before chrooting
Fixes issue where statistics not reported when -G and -W options used
New printers supporting:
Generic Protocol Extension for VXLAN (VXLAN-GPE)
Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
Marvell Extended Distributed Switch Architecture header (MEDSA)
Network Service Header (NSH)
REdis Serialization Protocol (RESP)
Updated printers:
802.11: Beginnings of 11ac radiotap support
802.11: Check the Protected bit for management frames
802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
802.11: Fix the radiotap printer to handle the special bits correctly
802.11: If we have the MCS field, it's 11n
802.11: Only print unknown frame type or subtype messages once
802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
802.11: Source and destination addresses were backwards
AH: Add a bounds check
AH: Report to our caller that dissection failed if a bounds check fails
AP1394: Print src > dst, not dst > src
ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
ATALK: Add bounds and length checks (Fix heap overflows)
ATM: Add some bounds checks (Fix a heap overflow)
ATM: Fix an incorrect bounds check
BFD: Update specification from draft to RFC 5880
BFD: Update to print optional authentication field
BGP: Add decoding of ADD-PATH capability
BGP: Add support for the AIGP attribute (RFC7311)
BGP: Print LARGE_COMMUNITY Path Attribute
BGP: Update BGP numbers from IANA; Print minor values for FSM notification
BOOTP: Add a bounds check
Babel: Add decoder for source-specific extension
CDP: Filter out non-printable characters
CFM: Fixes to match the IEEE standard, additional bounds and length checks
CSLIP: Add more bounds checks (Fix a heap overflow)
ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
DHCP: Fix MUDURL and TZ options
DHCPv6: Process MUDURL and TZ options
DHCPv6: Update Status Codes with RFCs/IANA names
DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
DTP: Improve packet integrity checks
EGP: Fix bounds checks
ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
ESP: Handle OpenSSL 1.1.x
Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
Ethernet: Print the Length/Type field as length when needed
FDDI: Fix -e output for FDDI
FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
GRE: Add some bounds checks (Fix heap overflows)
Geneve: Fix error message with invalid option length; Update list option classes
HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
IGMP: Add a length check
IP: Add a bounds check (Fix a heap overflow)
IP: Check before fetching the protocol version (Fix a heap overflow)
IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
IPoFC: Fix -e output (IP-over-Fibre Channel)
IPv6: Don't overwrite the destination IPv6 address for routing headers
IPv6: Fix header printing
IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
ISAKMP: Clean up parsing of IKEv2 Security Associations
ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
ISOCLNS/IS-IS: Filter out non-printable characters
ISOCLNS/IS-IS: Fix segmentation faults
ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
ISOCLNS: Add some bounds checks
Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
LLC: Add a bounds check (Fix a heap overflow)
LLC: Clean up printing of LLC packets
LLC: Fix the printing of RFC 948-style IP packets
LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
LLDP: Implement IANA OUI and LLDP MUD option
MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
MPLS: "length" is now the *remaining* packet length
MPLS: Add bounds and length checks (Fix a heap overflow)
NFS: Add a test that makes unaligned accesses
NFS: Don't assume the ONC RPC header is nicely aligned
NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
NFS: Don't run past the end of an NFSv3 file handle
OLSR: Add a test to cover a HNA sgw case
OLSR: Fix 'Advertised networks' count
OLSR: Fix printing of smart-gateway HNAs in IPv4
OSPF: Add a bounds check for the Hello packet options
OSPF: Do more bounds checking
OSPF: Fix a segmentation fault
OSPF: Fix printing 'ospf_topology_values' default
OTV: Add missing bounds checks
PGM: Print the formatted IP address, not the raw binary address, as a string
PIM: Add some bounds checking (Fix a heap overflow)
PIMv2: Fix checksumming of Register messages
PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
PPP: Add some bounds checks (Fix a heap overflow)
PPP: Report invalid PAP AACK/ANAK packets
Q.933: Add a missing bounds check
RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
RADIUS: Filter out non-printable characters
RADIUS: Translate UDP/1700 as RADIUS
RESP: Do better checking of RESP packets
RPKI-RTR: Add a return value check for "fn_printn" call
RPKI-RTR: Remove printing when truncated condition already detected
RPL: Fix 'Consistency Check' control code
RPL: Fix suboption print
RSVP: An INTEGRITY object in a submessage covers only the submessage
RSVP: Fix an infinite loop; Add bounds and length checks
RSVP: Fix some if statements missing brackets
RSVP: Have signature_verify() do the copying and clearing
RTCP: Add some bounds checks
RTP: Add some bounds checks, fix two segmentation faults
SCTP: Do more bounds checking
SFLOW: Fix bounds checking
SLOW: Fix bugs, add checks
SMB: Before fetching the flags2 field, make sure we have it
SMB: Do bounds checks on NBNS resource types and resource data lengths
SNMP: Clean up the "have libsmi but no modules loaded" case
SNMP: Clean up the object abbreviation list and fix the code to match them
SNMP: Do bounds checks when printing character and octet strings
SNMP: Improve ASN.1 bounds checks
SNMP: More bounds and length checks
STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
STP: Filter out non-printable characters
TCP: Add bounds and length checks for packets with TCP option 20
TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
TCP: Fix two bounds checks (Fix heap overflows)
TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
TCP: Put TCP-AO option decoding right
TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
Telnet: Add some bounds checks
TokenRing: Fix -e output
UDLD: Fix an infinite loop
UDP: Add a bounds check (Fix a heap overflow)
UDP: Check against the packet length first
UDP: Don't do the DDP-over-UDP heuristic check up front
VAT: Add some bounds checks
VTP: Add a test on Mgmt Domain Name length
VTP: Add bounds checks and filter out non-printable characters
VXLAN: Add a bound check and a test case
ZeroMQ: Fix an infinite loop
Tuesday April 14, 2015 guy@alum.mit.edu
Summary for 4.8.0 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
Bug: N/A
Test: "adb shell tcpdump"
Change-Id: I81df72cf1ebdbe61c5b6069d8532ae817570f23f
diff --git a/configure.in b/configure.in
index a629559..a78a126 100644
--- a/configure.in
+++ b/configure.in
@@ -37,7 +37,13 @@
#include <sys/socket.h>
#include <net/if.h>])
if test "$ac_cv_header_net_pfvar_h" = yes; then
- LOCALSRC="print-pflog.c $LOCALSRC"
+ AC_CHECK_HEADERS(net/if_pflog.h, , , [#include <sys/types.h>
+ #include <sys/socket.h>
+ #include <net/if.h>
+ #include <net/pfvar.h>])
+ if test "$ac_cv_header_net_if_pflog_h" = yes; then
+ LOCALSRC="print-pflog.c $LOCALSRC"
+ fi
fi
AC_CHECK_HEADERS(netinet/if_ether.h, , , [#include <sys/types.h>
#include <sys/socket.h>])
@@ -169,7 +175,7 @@
case "$enableval" in
yes) AC_MSG_RESULT(yes)
AC_WARN([The SMB printer may have exploitable buffer overflows!!!])
- AC_DEFINE(TCPDUMP_DO_SMB, 1,
+ AC_DEFINE(ENABLE_SMB, 1,
[define if you want to build the possibly-buggy SMB printer])
LOCALSRC="print-smb.c smbutil.c $LOCALSRC"
;;
@@ -229,32 +235,24 @@
fi
#
-# We must check this before checking whether to enable IPv6, because,
-# on some platforms (such as SunOS 5.x), the test program requires
-# the extra networking libraries.
+# We must check this before checking whether to check the OS's IPv6,
+# support because, on some platforms (such as SunOS 5.x), the test
+# program requires the extra networking libraries.
#
AC_LBL_LIBRARY_NET
-AC_MSG_CHECKING([whether to enable ipv6])
-AC_ARG_ENABLE(ipv6,
-[ --enable-ipv6 enable ipv6 (with ipv4) support
- --disable-ipv6 disable ipv6 support],
-[ case "$enableval" in
-yes) AC_MSG_RESULT(yes)
- LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC"
- AC_DEFINE(INET6, 1, [Define if you enable IPv6 support])
- ipv6=yes
- ;;
-*)
- AC_MSG_RESULT(no)
- ipv6=no
- ;;
- esac ],
-
- AC_COMPILE_IFELSE(
+#
+# Check whether AF_INET6 and struct in6_addr are defined.
+# If they aren't both defined, we don't have sufficient OS
+# support for IPv6, so we don't look for IPv6 support libraries,
+# and we define AF_INET6 and struct in6_addr ourselves.
+#
+AC_MSG_CHECKING([whether the operating system supports IPv6])
+AC_COMPILE_IFELSE(
[
AC_LANG_SOURCE(
- [[/* AF_INET6 available check */
+ [[
+/* AF_INET6 available check */
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -267,17 +265,19 @@
#else
#error "AF_INET6 not defined"
#endif
- ]])
+ ]])
],
-[ AC_MSG_RESULT(yes)
- LOCALSRC="print-ip6opts.c print-mobility.c print-ripng.c print-icmp6.c print-frag6.c print-rt6.c print-ospf6.c print-dhcp6.c print-babel.c $LOCALSRC"
- AC_DEFINE(INET6, 1, [Define if you enable IPv6 support])
- ipv6=yes],
-[ AC_MSG_RESULT(no)
- ipv6=no],
-[ AC_MSG_RESULT(no)
- ipv6=no]
-))
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_OS_IPV6_SUPPORT, 1,
+ [define if the OS provides AF_INET6 and struct in6_addr])
+ ipv6=yes
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ipv6=no
+ ]
+)
ipv6type=unknown
ipv6lib=none
@@ -294,8 +294,7 @@
#ifdef IPV6_INRIA_VERSION
yes
#endif],
- [ipv6type=$i;
- CFLAGS="-DINET6 $CFLAGS"])
+ [ipv6type=$i])
;;
kame)
dnl http://www.kame.net/
@@ -307,8 +306,7 @@
[ipv6type=$i;
ipv6lib=inet6;
ipv6libdir=/usr/local/v6/lib;
- ipv6trylibc=yes;
- CFLAGS="-DINET6 $CFLAGS"])
+ ipv6trylibc=yes])
;;
linux-glibc)
dnl http://www.v6.linux.or.jp/
@@ -317,8 +315,7 @@
#if defined(__GLIBC__) && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 1
yes
#endif],
- [ipv6type=$i;
- CFLAGS="-DINET6 $CFLAGS"])
+ [ipv6type=$i])
;;
linux-libinet6)
dnl http://www.v6.linux.or.jp/
@@ -331,7 +328,7 @@
ipv6lib=inet6
ipv6libdir=/usr/inet6/lib
ipv6trylibc=yes;
- CFLAGS="-DINET6 -I/usr/inet6/include $CFLAGS"
+ CFLAGS="-I/usr/inet6/include $CFLAGS"
fi
;;
toshiba)
@@ -342,8 +339,7 @@
#endif],
[ipv6type=$i;
ipv6lib=inet6;
- ipv6libdir=/usr/local/v6/lib;
- CFLAGS="-DINET6 $CFLAGS"])
+ ipv6libdir=/usr/local/v6/lib])
;;
v6d)
AC_EGREP_CPP(yes,
@@ -364,8 +360,7 @@
#endif],
[ipv6type=$i;
ipv6lib=inet6;
- ipv6libdir=/usr/local/v6/lib;
- CFLAGS="-DINET6 $CFLAGS"])
+ ipv6libdir=/usr/local/v6/lib])
;;
esac
if test "$ipv6type" != "unknown"; then
@@ -391,151 +386,6 @@
fi
fi
-
-if test "$ipv6" = "yes"; then
- #
- # XXX - on Tru64 UNIX 5.1, there is no "getaddrinfo()"
- # function in libc; there are "ngetaddrinfo()" and
- # "ogetaddrinfo()" functions, and <netdb.h> #defines
- # "getaddrinfo" to be either "ngetaddrinfo" or
- # "ogetaddrinfo", depending on whether _SOCKADDR_LEN
- # or _XOPEN_SOURCE_EXTENDED are defined or not.
- #
- # So this test doesn't work on Tru64 5.1, and possibly
- # on other 5.x releases. This causes the configure
- # script to become confused, and results in libpcap
- # being unbuildable.
- #
- AC_SEARCH_LIBS(getaddrinfo, socket, [dnl
- AC_MSG_CHECKING(getaddrinfo bug)
- AC_CACHE_VAL(td_cv_buggygetaddrinfo, [AC_TRY_RUN([
-#include <sys/types.h>
-#include <netdb.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-main()
-{
- int passive, gaierr, inet4 = 0, inet6 = 0;
- struct addrinfo hints, *ai, *aitop;
- char straddr[INET6_ADDRSTRLEN], strport[16];
-
- for (passive = 0; passive <= 1; passive++) {
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = AF_UNSPEC;
- hints.ai_flags = passive ? AI_PASSIVE : 0;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_protocol = IPPROTO_TCP;
- if ((gaierr = getaddrinfo(NULL, "54321", &hints, &aitop)) != 0) {
- (void)gai_strerror(gaierr);
- goto bad;
- }
- for (ai = aitop; ai; ai = ai->ai_next) {
- if (ai->ai_addr == NULL ||
- ai->ai_addrlen == 0 ||
- getnameinfo(ai->ai_addr, ai->ai_addrlen,
- straddr, sizeof(straddr), strport, sizeof(strport),
- NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
- goto bad;
- }
- switch (ai->ai_family) {
- case AF_INET:
- if (strcmp(strport, "54321") != 0) {
- goto bad;
- }
- if (passive) {
- if (strcmp(straddr, "0.0.0.0") != 0) {
- goto bad;
- }
- } else {
- if (strcmp(straddr, "127.0.0.1") != 0) {
- goto bad;
- }
- }
- inet4++;
- break;
- case AF_INET6:
- if (strcmp(strport, "54321") != 0) {
- goto bad;
- }
- if (passive) {
- if (strcmp(straddr, "::") != 0) {
- goto bad;
- }
- } else {
- if (strcmp(straddr, "::1") != 0) {
- goto bad;
- }
- }
- inet6++;
- break;
- case AF_UNSPEC:
- goto bad;
- break;
-#ifdef AF_UNIX
- case AF_UNIX:
-#else
-#ifdef AF_LOCAL
- case AF_LOCAL:
-#endif
-#endif
- default:
- /* another family support? */
- break;
- }
- }
- }
-
- /* supported family should be 2, unsupported family should be 0 */
- if (!(inet4 == 0 || inet4 == 2))
- goto bad;
- if (!(inet6 == 0 || inet6 == 2))
- goto bad;
-
- if (aitop)
- freeaddrinfo(aitop);
- exit(0);
-
- bad:
- if (aitop)
- freeaddrinfo(aitop);
- exit(1);
-}
-],
- td_cv_buggygetaddrinfo=no,
- td_cv_buggygetaddrinfo=yes,
- td_cv_buggygetaddrinfo=unknown)])
- if test "$td_cv_buggygetaddrinfo" = no; then
- AC_MSG_RESULT(good)
- elif test "$td_cv_buggygetaddrinfo" = unknown; then
- AC_MSG_RESULT([unknown (cross-compiling)])
- else
- AC_MSG_RESULT(buggy)
- fi
-
- if test "$td_cv_buggygetaddrinfo" = "yes"; then
- #
- # XXX - it doesn't appear that "ipv6type" can ever be
- # set to "linux". Should this be testing for
- # "linux-glibc", or for that *or* "linux-libinet6"?
- # If the latter, note that "linux-libinet6" is also
- # the type given to some non-Linux OSes.
- #
- if test "$ipv6type" != "linux"; then
- echo 'Fatal: You must get working getaddrinfo() function.'
- echo ' or you can specify "--disable-ipv6"'.
- exit 1
- else
- echo 'Warning: getaddrinfo() implementation on your system seems be buggy.'
- echo ' Better upgrade your system library to newest version'
- echo ' of GNU C library (aka glibc).'
- fi
- fi
- ])
- AC_REPLACE_FUNCS(getnameinfo)
-fi
-
AC_CACHE_CHECK([for dnet_htoa declaration in netdnet/dnetdb.h],
[td_cv_decl_netdnet_dnetdb_h_dnet_htoa],
[AC_EGREP_HEADER(dnet_htoa, netdnet/dnetdb.h,
@@ -546,28 +396,7 @@
[define if you have a dnet_htoa declaration in <netdnet/dnetdb.h>])
fi
-dnl
-dnl Checks for addrinfo structure
-AC_STRUCT_ADDRINFO(ac_cv_addrinfo)
-if test "$ac_cv_addrinfo" = no; then
- missing_includes=yes
-fi
-
-dnl
-dnl Checks for NI_MAXSERV
-AC_NI_MAXSERV(ac_cv_maxserv)
-if test "$ac_cv_maxserv" = no; then
- missing_includes=yes
-fi
-
-dnl
-dnl Checks for NI_NAMEREQD
-AC_NI_NAMEREQD(ac_cv_namereqd)
-if test "$ac_cv_namereqd" = no; then
- missing_includes=yes
-fi
-
-AC_REPLACE_FUNCS(vfprintf strcasecmp strlcat strlcpy strdup strsep getopt_long)
+AC_REPLACE_FUNCS(vfprintf strlcat strlcpy strdup strsep getopt_long)
AC_CHECK_FUNCS(fork vfork strftime)
AC_CHECK_FUNCS(setlinebuf alarm)
@@ -589,52 +418,12 @@
AC_SEARCH_LIBS(getrpcbynumber, nsl,
AC_DEFINE(HAVE_GETRPCBYNUMBER, 1, [define if you have getrpcbynumber()]))
-dnl AC_CHECK_LIB(z, uncompress)
-dnl AC_CHECK_HEADERS(zlib.h)
-
AC_LBL_LIBPCAP(V_PCAPDEP, V_INCLS)
#
# Check for these after AC_LBL_LIBPCAP, so we link with the appropriate
# libraries (e.g., "-lsocket -lnsl" on Solaris).
#
-# We don't use AC_REPLACE_FUNCS because that uses AC_CHECK_FUNCS which
-# use AC_CHECK_FUNC which doesn't let us specify the right #includes
-# to make this work on BSD/OS 4.x. BSD/OS 4.x ships with the BIND8
-# resolver, and the way it defines inet_{ntop,pton} is rather strange;
-# it does not ship with a libc symbol "inet_ntop()", it ships with
-# "_inet_ntop()", and has a #define macro in one of the system headers
-# to rename it.
-#
-dnl AC_TRY_COMPILE(inet_ntop inet_pton inet_aton)
-AC_MSG_CHECKING(for inet_ntop)
-AC_TRY_LINK([#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>], [char src[4], dst[128];
-inet_ntop(AF_INET, src, dst, sizeof(dst));],
- [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)
- AC_LIBOBJ(inet_ntop)])
-AC_MSG_CHECKING(for inet_pton)
-AC_TRY_LINK([#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>], [char src[128], dst[4];
-inet_pton(AF_INET, src, dst);],
- [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)
- AC_LIBOBJ(inet_pton)])
-AC_MSG_CHECKING(for inet_aton)
-AC_TRY_LINK([#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>], [char src[128];
-struct in_addr dst;
-inet_aton(src, &dst);],
- [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no)
- AC_LIBOBJ(inet_aton)])
-
-#
-# Check for these after AC_LBL_LIBPCAP, for the same reason.
-#
# You are in a twisty little maze of UN*Xes, all different.
# Some might not have ether_ntohost().
# Some might have it, but not declare it in any header file.
@@ -753,14 +542,6 @@
# libdlpi is needed for Solaris 11 and later.
AC_CHECK_LIB(dlpi, dlpi_walk, LIBS="$LIBS -ldlpi" LDFLAGS="-L/lib $LDFLAGS", ,-L/lib)
-dnl portability macros for getaddrinfo/getnameinfo
-dnl
-dnl Check for sa_len
-AC_CHECK_SA_LEN(ac_cv_sockaddr_has_sa_len)
-if test "$ac_cv_sockaddr_has_sa_len" = no; then
- missing_includes=yes
-fi
-
dnl
dnl Check for "pcap_list_datalinks()", "pcap_set_datalink()",
dnl and "pcap_datalink_name_to_val()", and use substitute versions
@@ -860,39 +641,51 @@
AC_MSG_RESULT(no)
fi
fi
-AC_MSG_CHECKING(whether pcap_debug is defined by libpcap)
-AC_TRY_LINK([],
- [
- extern int pcap_debug;
- return pcap_debug;
- ],
- ac_lbl_cv_pcap_debug_defined=yes,
- ac_lbl_cv_pcap_debug_defined=no)
-if test "$ac_lbl_cv_pcap_debug_defined" = yes ; then
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_PCAP_DEBUG, 1, [define if libpcap has pcap_debug])
-else
- AC_MSG_RESULT(no)
+#
+# Check for special debugging functions
+#
+AC_CHECK_FUNCS(pcap_set_parser_debug)
+if test "$ac_cv_func_pcap_set_parser_debug" = "no" ; then
#
- # OK, what about "yydebug"?
- #
- AC_MSG_CHECKING(whether yydebug is defined by libpcap)
+ # OK, we don't have pcap_set_parser_debug() to set the libpcap
+ # filter expression parser debug flag; can we directly set the
+ # flag?
+ AC_MSG_CHECKING(whether pcap_debug is defined by libpcap)
AC_TRY_LINK([],
[
- extern int yydebug;
+ extern int pcap_debug;
- return yydebug;
+ return pcap_debug;
],
- ac_lbl_cv_yydebug_defined=yes,
- ac_lbl_cv_yydebug_defined=no)
- if test "$ac_lbl_cv_yydebug_defined" = yes ; then
+ ac_lbl_cv_pcap_debug_defined=yes,
+ ac_lbl_cv_pcap_debug_defined=no)
+ if test "$ac_lbl_cv_pcap_debug_defined" = yes ; then
AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_YYDEBUG, 1, [define if libpcap has yydebug])
+ AC_DEFINE(HAVE_PCAP_DEBUG, 1, [define if libpcap has pcap_debug])
else
AC_MSG_RESULT(no)
+ #
+ # OK, what about "yydebug"?
+ #
+ AC_MSG_CHECKING(whether yydebug is defined by libpcap)
+ AC_TRY_LINK([],
+ [
+ extern int yydebug;
+
+ return yydebug;
+ ],
+ ac_lbl_cv_yydebug_defined=yes,
+ ac_lbl_cv_yydebug_defined=no)
+ if test "$ac_lbl_cv_yydebug_defined" = yes ; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_YYDEBUG, 1, [define if libpcap has yydebug])
+ else
+ AC_MSG_RESULT(no)
+ fi
fi
fi
+AC_CHECK_FUNCS(pcap_set_optimizer_debug)
AC_REPLACE_FUNCS(bpf_dump) dnl moved to libpcap in 0.6
V_GROUP=0
@@ -1071,9 +864,9 @@
#
savedcppflags="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS $V_INCLS"
-AC_CHECK_HEADERS(pcap/bluetooth.h,,,[#include "tcpdump-stdinc.h"])
-AC_CHECK_HEADERS(pcap/nflog.h,,,[#include "tcpdump-stdinc.h"])
-AC_CHECK_HEADERS(pcap/usb.h,,,[#include "tcpdump-stdinc.h"])
+AC_CHECK_HEADERS(pcap/bluetooth.h,,,[#include "netdissect-stdinc.h"])
+AC_CHECK_HEADERS(pcap/nflog.h,,,[#include "netdissect-stdinc.h"])
+AC_CHECK_HEADERS(pcap/usb.h,,,[#include "netdissect-stdinc.h"])
CPPFLAGS="$savedcppflags"
AC_PROG_RANLIB
@@ -1085,35 +878,71 @@
AC_LBL_UNALIGNED_ACCESS
-AC_VAR_H_ERRNO
-
-# Check for OpenSSL libcrypto
-AC_MSG_CHECKING(whether to use OpenSSL libcrypto)
+# Check for OpenSSL/libressl libcrypto
+AC_MSG_CHECKING(whether to use OpenSSL/libressl libcrypto)
# Specify location for both includes and libraries.
want_libcrypto=ifavailable
AC_ARG_WITH(crypto,
- AS_HELP_STRING([--with-crypto],
- [use OpenSSL libcrypto @<:@default=yes, if available@:>@]),
+ AS_HELP_STRING([--with-crypto]@<:@=DIR@:>@,
+ [use OpenSSL/libressl libcrypto (located in directory DIR, if specified) @<:@default=yes, if available@:>@]),
[
if test $withval = no
then
+ # User doesn't want to link with libcrypto.
want_libcrypto=no
AC_MSG_RESULT(no)
elif test $withval = yes
then
+ # User wants to link with libcrypto but hasn't specified
+ # a directory.
want_libcrypto=yes
AC_MSG_RESULT(yes)
+ else
+ # User wants to link with libcrypto and has specified
+ # a directory, so use the provided value.
+ want_libcrypto=yes
+ libcrypto_root=$withval
+ AC_MSG_RESULT([yes, using the version installed in $withval])
+
+ #
+ # Put the subdirectories of the libcrypto root directory
+ # at the front of the header and library search path.
+ #
+ CFLAGS="-I$withval/include $CFLAGS"
+ LIBS="-L$withval/lib $LIBS"
fi
],[
#
- # Use libcrypto if it's present, otherwise don't.
+ # Use libcrypto if it's present, otherwise don't; no directory
+ # was specified.
#
want_libcrypto=ifavailable
AC_MSG_RESULT([yes, if available])
])
if test "$want_libcrypto" != "no"; then
- AC_CHECK_LIB(crypto, DES_cbc_encrypt)
- AC_CHECK_HEADERS(openssl/evp.h)
+ #
+ # Don't check for libcrypto unless we have its headers;
+ # Apple, bless their pointy little heads, apparently ship
+ # libcrypto as a library, but not the header files, in
+ # El Capitan, probably because they don't want you writing
+ # nasty portable code that could run on other UN*Xes, they
+ # want you writing code that uses their Shiny New Crypto
+ # Library and that only runs on OS X.
+ #
+ AC_CHECK_HEADER(openssl/crypto.h,
+ [
+ AC_CHECK_LIB(crypto, DES_cbc_encrypt)
+ if test "$ac_cv_lib_crypto_DES_cbc_encrypt" = "yes"; then
+ AC_CHECK_HEADERS(openssl/evp.h)
+ #
+ # OK, do we have EVP_CIPHER_CTX_new?
+ # If so, we use it to allocate an
+ # EVP_CIPHER_CTX, as EVP_CIPHER_CTX may be
+ # opaque; otherwise, we allocate it ourselves.
+ #
+ AC_CHECK_FUNCS(EVP_CIPHER_CTX_new)
+ fi
+ ])
fi
# Check for libcap-ng