Upgrade to tcpdump 4.9.0.
From CHANGES:
Wednesday January 18, 2017 devel.fx.lebail@orange.fr
Summary for 4.9.0 tcpdump release
General updates:
Improve separation frontend/backend (tcpdump/libnetdissect)
Don't require IPv6 library support in order to support IPv6 addresses
Introduce data types to use for integral values in packet structures
Fix display of timestamps with -tt, -ttt and -ttttt options
Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
(More information in the log with CVE-2016-* and CVE-2017-*)
Change the way protocols print link-layer addresses (Fix heap overflows
in CALM-FAST and GeoNetworking printers)
Pass correct caplen value to ether_print() and some other functions
Fix lookup_nsap() to match what isonsap_string() expects
Clean up relative time stamp printing (Fix an array overflow)
Fix some alignment issues with GCC on Solaris 10 SPARC
Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
Add a fn_printztn() which returns the number of bytes processed
Add nd_init() and nd_cleanup() functions. Improve libsmi support
Add CONTRIBUTING file
Add a summary comment in all printers
Compile with more warning options in devel mode if supported (-Wcast-qual, ...)
Fix some leaks found by Valgrind/Memcheck
Fix a bunch of de-constifications
Squelch some Coverity warnings and some compiler warnings
Update Coverity and Travis-CI setup
Update Visual Studio files
Frontend:
Fix capsicum support to work with zerocopy buffers in bpf
Try opening interfaces by name first, then by name-as-index
Work around pcap_create() failures fetching time stamp type lists
Fix a segmentation fault with 'tcpdump -J'
Improve addrtostr6() bounds checking
Add exit_tcpdump() function
Don't drop CAP_SYS_CHROOT before chrooting
Fixes issue where statistics not reported when -G and -W options used
New printers supporting:
Generic Protocol Extension for VXLAN (VXLAN-GPE)
Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
Marvell Extended Distributed Switch Architecture header (MEDSA)
Network Service Header (NSH)
REdis Serialization Protocol (RESP)
Updated printers:
802.11: Beginnings of 11ac radiotap support
802.11: Check the Protected bit for management frames
802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)
802.11: Fix the radiotap printer to handle the special bits correctly
802.11: If we have the MCS field, it's 11n
802.11: Only print unknown frame type or subtype messages once
802.11: Radiotap dBm values get printed as dB; Update a test output accordingly
802.11: Source and destination addresses were backwards
AH: Add a bounds check
AH: Report to our caller that dissection failed if a bounds check fails
AP1394: Print src > dst, not dst > src
ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)
ATALK: Add bounds and length checks (Fix heap overflows)
ATM: Add some bounds checks (Fix a heap overflow)
ATM: Fix an incorrect bounds check
BFD: Update specification from draft to RFC 5880
BFD: Update to print optional authentication field
BGP: Add decoding of ADD-PATH capability
BGP: Add support for the AIGP attribute (RFC7311)
BGP: Print LARGE_COMMUNITY Path Attribute
BGP: Update BGP numbers from IANA; Print minor values for FSM notification
BOOTP: Add a bounds check
Babel: Add decoder for source-specific extension
CDP: Filter out non-printable characters
CFM: Fixes to match the IEEE standard, additional bounds and length checks
CSLIP: Add more bounds checks (Fix a heap overflow)
ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
DHCP: Fix MUDURL and TZ options
DHCPv6: Process MUDURL and TZ options
DHCPv6: Update Status Codes with RFCs/IANA names
DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case
DTP: Improve packet integrity checks
EGP: Fix bounds checks
ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
ESP: Handle OpenSSL 1.1.x
Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
Ethernet: Print the Length/Type field as length when needed
FDDI: Fix -e output for FDDI
FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)
GRE: Add some bounds checks (Fix heap overflows)
Geneve: Fix error message with invalid option length; Update list option classes
HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
IGMP: Add a length check
IP: Add a bounds check (Fix a heap overflow)
IP: Check before fetching the protocol version (Fix a heap overflow)
IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
IPoFC: Fix -e output (IP-over-Fibre Channel)
IPv6: Don't overwrite the destination IPv6 address for routing headers
IPv6: Fix header printing
IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
ISAKMP: Clean up parsing of IKEv2 Security Associations
ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases
ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
ISOCLNS/IS-IS: Filter out non-printable characters
ISOCLNS/IS-IS: Fix segmentation faults
ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
ISOCLNS: Add some bounds checks
Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)
LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header
LLC: Add a bounds check (Fix a heap overflow)
LLC: Clean up printing of LLC packets
LLC: Fix the printing of RFC 948-style IP packets
LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
LLDP: Implement IANA OUI and LLDP MUD option
MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
MPLS: "length" is now the *remaining* packet length
MPLS: Add bounds and length checks (Fix a heap overflow)
NFS: Add a test that makes unaligned accesses
NFS: Don't assume the ONC RPC header is nicely aligned
NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
NFS: Don't run past the end of an NFSv3 file handle
OLSR: Add a test to cover a HNA sgw case
OLSR: Fix 'Advertised networks' count
OLSR: Fix printing of smart-gateway HNAs in IPv4
OSPF: Add a bounds check for the Hello packet options
OSPF: Do more bounds checking
OSPF: Fix a segmentation fault
OSPF: Fix printing 'ospf_topology_values' default
OTV: Add missing bounds checks
PGM: Print the formatted IP address, not the raw binary address, as a string
PIM: Add some bounds checking (Fix a heap overflow)
PIMv2: Fix checksumming of Register messages
PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
PPP: Add some bounds checks (Fix a heap overflow)
PPP: Report invalid PAP AACK/ANAK packets
Q.933: Add a missing bounds check
RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
RADIUS: Filter out non-printable characters
RADIUS: Translate UDP/1700 as RADIUS
RESP: Do better checking of RESP packets
RPKI-RTR: Add a return value check for "fn_printn" call
RPKI-RTR: Remove printing when truncated condition already detected
RPL: Fix 'Consistency Check' control code
RPL: Fix suboption print
RSVP: An INTEGRITY object in a submessage covers only the submessage
RSVP: Fix an infinite loop; Add bounds and length checks
RSVP: Fix some if statements missing brackets
RSVP: Have signature_verify() do the copying and clearing
RTCP: Add some bounds checks
RTP: Add some bounds checks, fix two segmentation faults
SCTP: Do more bounds checking
SFLOW: Fix bounds checking
SLOW: Fix bugs, add checks
SMB: Before fetching the flags2 field, make sure we have it
SMB: Do bounds checks on NBNS resource types and resource data lengths
SNMP: Clean up the "have libsmi but no modules loaded" case
SNMP: Clean up the object abbreviation list and fix the code to match them
SNMP: Do bounds checks when printing character and octet strings
SNMP: Improve ASN.1 bounds checks
SNMP: More bounds and length checks
STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
STP: Filter out non-printable characters
TCP: Add bounds and length checks for packets with TCP option 20
TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
TCP: Fix two bounds checks (Fix heap overflows)
TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)
TCP: Put TCP-AO option decoding right
TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
Telnet: Add some bounds checks
TokenRing: Fix -e output
UDLD: Fix an infinite loop
UDP: Add a bounds check (Fix a heap overflow)
UDP: Check against the packet length first
UDP: Don't do the DDP-over-UDP heuristic check up front
VAT: Add some bounds checks
VTP: Add a test on Mgmt Domain Name length
VTP: Add bounds checks and filter out non-printable characters
VXLAN: Add a bound check and a test case
ZeroMQ: Fix an infinite loop
Tuesday April 14, 2015 guy@alum.mit.edu
Summary for 4.8.0 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
Bug: N/A
Test: "adb shell tcpdump"
Change-Id: I81df72cf1ebdbe61c5b6069d8532ae817570f23f
diff --git a/netdissect-stdinc.h b/netdissect-stdinc.h
new file mode 100644
index 0000000..c7070f0
--- /dev/null
+++ b/netdissect-stdinc.h
@@ -0,0 +1,404 @@
+/*
+ * Copyright (c) 2002 - 2003
+ * NetGroup, Politecnico di Torino (Italy)
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the Politecnico di Torino nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Include the appropriate OS header files on Windows and various flavors
+ * of UNIX, include various non-OS header files on Windows, and define
+ * various items as needed, to isolate most of netdissect's platform
+ * differences to this one file.
+ */
+
+#ifndef netdissect_stdinc_h
+#define netdissect_stdinc_h
+
+#include <errno.h>
+
+#ifdef _WIN32
+
+/*
+ * Includes and definitions for Windows.
+ */
+
+#include <stdint.h>
+#include <stdio.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#include <ctype.h>
+#include <time.h>
+#include <io.h>
+#include <fcntl.h>
+#include <sys/types.h>
+
+#ifndef uint8_t
+#define uint8_t unsigned char
+#endif
+
+#ifndef int8_t
+#define int8_t signed char
+#endif
+
+#ifndef uint16_t
+#define uint16_t unsigned short
+#endif
+
+#ifndef int16_t
+#define int16_t signed short
+#endif
+
+#ifndef uint32_t
+#define uint32_t unsigned int
+#endif
+
+#ifndef int32_t
+#define int32_t signed int
+#endif
+
+#ifdef _MSC_EXTENSIONS
+
+#ifndef uint64_t
+#define uint64_t unsigned _int64
+#endif
+
+#ifndef int64_t
+#define int64_t _int64
+#endif
+
+#ifndef PRId64
+#define PRId64 "I64d"
+#endif
+
+#ifndef PRIo64
+#define PRIo64 "I64o"
+#endif
+
+#ifndef PRIu64
+#define PRIu64 "I64u"
+#endif
+
+#ifndef PRIx64
+#define PRIx64 "I64x"
+#endif
+
+#else /* _MSC_EXTENSIONS */
+
+#ifndef uint64_t
+#define uint64_t unsigned long long
+#endif
+
+#ifndef int64_t
+#define int64_t long long
+#endif
+
+#ifndef PRId64
+#define PRId64 "lld"
+#endif
+
+#ifndef PRIo64
+#define PRIo64 "llo"
+#endif
+
+#ifndef PRIu64
+#define PRIu64 "llu"
+#endif
+
+#ifndef PRIx64
+#define PRIx64 "llx"
+#endif
+
+#endif /* _MSC_EXTENSIONS */
+
+/*
+ * Suppress definition of intN_t in bittypes.h, as included by <pcap/pcap.h>
+ * on Windows.
+ * (Yes, HAVE_U_INTn_T, as the definition guards are UN*X-oriented, and
+ * we check for u_intN_t in the UN*X configure script.)
+ */
+#define HAVE_U_INT8_T
+#define HAVE_U_INT16_T
+#define HAVE_U_INT32_T
+#define HAVE_U_INT64_T
+
+#ifdef _MSC_VER
+#define stat _stat
+#define open _open
+#define fstat _fstat
+#define read _read
+#define close _close
+#define O_RDONLY _O_RDONLY
+#endif /* _MSC_VER */
+
+/*
+ * With MSVC, for C, __inline is used to make a function an inline.
+ */
+#ifdef _MSC_VER
+#define inline __inline
+#endif
+
+#ifdef AF_INET6
+#define HAVE_OS_IPV6_SUPPORT
+#endif
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
+
+/* It is in MSVC's <errno.h>, but not defined in MingW+Watcom.
+ */
+#ifndef EAFNOSUPPORT
+#define EAFNOSUPPORT WSAEAFNOSUPPORT
+#endif
+
+#ifndef caddr_t
+typedef char* caddr_t;
+#endif /* caddr_t */
+
+#define MAXHOSTNAMELEN 64
+#define snprintf _snprintf
+#define vsnprintf _vsnprintf
+#define RETSIGTYPE void
+
+#else /* _WIN32 */
+
+/*
+ * Includes and definitions for various flavors of UN*X.
+ */
+
+#include <ctype.h>
+#include <unistd.h>
+#include <netdb.h>
+#if HAVE_INTTYPES_H
+#include <inttypes.h>
+#elif HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <sys/param.h>
+#include <sys/types.h> /* concession to AIX */
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+
+#include <arpa/inet.h>
+
+#endif /* _WIN32 */
+
+#ifndef HAVE___ATTRIBUTE__
+#define __attribute__(x)
+#endif
+
+/*
+ * Used to declare a structure unaligned, so that the C compiler,
+ * if necessary, generates code that doesn't assume alignment.
+ * This is required because there is no guarantee that the packet
+ * data we get from libpcap/WinPcap is properly aligned.
+ *
+ * This assumes that, for all compilers that support __attribute__:
+ *
+ * 1) they support __attribute__((packed));
+ *
+ * 2) for all instruction set architectures requiring strict
+ * alignment, declaring a structure with that attribute
+ * causes the compiler to generate code that handles
+ * misaligned 2-byte, 4-byte, and 8-byte integral
+ * quantities.
+ *
+ * It does not (yet) handle compilers where you can get the compiler
+ * to generate code of that sort by some other means.
+ *
+ * This is required in order to, for example, keep the compiler from
+ * generating, for
+ *
+ * if (bp->bp_htype == 1 && bp->bp_hlen == 6 && bp->bp_op == BOOTPREQUEST) {
+ *
+ * in print-bootp.c, code that loads the first 4-byte word of a
+ * "struct bootp", masking out the bp_hops field, and comparing the result
+ * against 0x01010600.
+ *
+ * Note: this also requires that padding be put into the structure,
+ * at least for compilers where it's implemented as __attribute__((packed)).
+ */
+#if !(defined(_MSC_VER) && defined(UNALIGNED))
+/* MSVC may have its own macro defined with the same name and purpose. */
+#undef UNALIGNED
+#define UNALIGNED __attribute__((packed))
+#endif
+
+/*
+ * fopen() read and write modes for text files and binary files.
+ */
+#if defined(_WIN32) || defined(MSDOS)
+ #define FOPEN_READ_TXT "rt"
+ #define FOPEN_READ_BIN "rb"
+ #define FOPEN_WRITE_TXT "wt"
+ #define FOPEN_WRITE_BIN "wb"
+#else
+ #define FOPEN_READ_TXT "r"
+ #define FOPEN_READ_BIN FOPEN_READ_TXT
+ #define FOPEN_WRITE_TXT "w"
+ #define FOPEN_WRITE_BIN FOPEN_WRITE_TXT
+#endif
+
+/*
+ * Inline x86 assembler-language versions of ntoh[ls]() and hton[ls](),
+ * defined if the OS doesn't provide them. These assume no more than
+ * an 80386, so, for example, it avoids the bswap instruction added in
+ * the 80486.
+ *
+ * (We don't use them on OS X; Apple provides their own, which *doesn't*
+ * avoid the bswap instruction, as OS X only supports machines that
+ * have it.)
+ */
+#if defined(__GNUC__) && defined(__i386__) && !defined(__APPLE__) && !defined(__ntohl)
+ #undef ntohl
+ #undef ntohs
+ #undef htonl
+ #undef htons
+
+ static __inline__ unsigned long __ntohl (unsigned long x);
+ static __inline__ unsigned short __ntohs (unsigned short x);
+
+ #define ntohl(x) __ntohl(x)
+ #define ntohs(x) __ntohs(x)
+ #define htonl(x) __ntohl(x)
+ #define htons(x) __ntohs(x)
+
+ static __inline__ unsigned long __ntohl (unsigned long x)
+ {
+ __asm__ ("xchgb %b0, %h0\n\t" /* swap lower bytes */
+ "rorl $16, %0\n\t" /* swap words */
+ "xchgb %b0, %h0" /* swap higher bytes */
+ : "=q" (x) : "0" (x));
+ return (x);
+ }
+
+ static __inline__ unsigned short __ntohs (unsigned short x)
+ {
+ __asm__ ("xchgb %b0, %h0" /* swap bytes */
+ : "=q" (x) : "0" (x));
+ return (x);
+ }
+#endif
+
+/*
+ * If the OS doesn't define AF_INET6 and struct in6_addr:
+ *
+ * define AF_INET6, so we can use it internally as a "this is an
+ * IPv6 address" indication;
+ *
+ * define struct in6_addr so that we can use it for IPv6 addresses.
+ */
+#ifndef HAVE_OS_IPV6_SUPPORT
+#ifndef AF_INET6
+#define AF_INET6 24
+
+struct in6_addr {
+ union {
+ __uint8_t __u6_addr8[16];
+ __uint16_t __u6_addr16[8];
+ __uint32_t __u6_addr32[4];
+ } __u6_addr; /* 128-bit IP6 address */
+};
+#endif
+#endif
+
+#ifndef NI_MAXHOST
+#define NI_MAXHOST 1025
+#endif
+
+#ifndef INET_ADDRSTRLEN
+#define INET_ADDRSTRLEN 16
+#endif
+
+#ifndef TRUE
+#define TRUE 1
+#endif
+
+#ifndef FALSE
+#define FALSE 0
+#endif
+
+/*
+ * The Apple deprecation workaround macros below were adopted from the
+ * FreeRADIUS server code under permission of Alan DeKok and Arran Cudbard-Bell.
+ */
+
+#define XSTRINGIFY(x) #x
+
+/*
+ * Macros for controlling warnings in GCC >= 4.2 and clang >= 2.8
+ */
+#define DIAG_JOINSTR(x,y) XSTRINGIFY(x ## y)
+#define DIAG_DO_PRAGMA(x) _Pragma (#x)
+
+#if defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 402
+# define DIAG_PRAGMA(x) DIAG_DO_PRAGMA(GCC diagnostic x)
+# if ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406
+# define DIAG_OFF(x) DIAG_PRAGMA(push) DIAG_PRAGMA(ignored DIAG_JOINSTR(-W,x))
+# define DIAG_ON(x) DIAG_PRAGMA(pop)
+# else
+# define DIAG_OFF(x) DIAG_PRAGMA(ignored DIAG_JOINSTR(-W,x))
+# define DIAG_ON(x) DIAG_PRAGMA(warning DIAG_JOINSTR(-W,x))
+# endif
+#elif defined(__clang__) && ((__clang_major__ * 100) + __clang_minor__ >= 208)
+# define DIAG_PRAGMA(x) DIAG_DO_PRAGMA(clang diagnostic x)
+# define DIAG_OFF(x) DIAG_PRAGMA(push) DIAG_PRAGMA(ignored DIAG_JOINSTR(-W,x))
+# define DIAG_ON(x) DIAG_PRAGMA(pop)
+#else
+# define DIAG_OFF(x)
+# define DIAG_ON(x)
+#endif
+
+/*
+ * For dealing with APIs which are only deprecated in OSX (like the OpenSSL API)
+ */
+#ifdef __APPLE__
+# define USES_APPLE_DEPRECATED_API DIAG_OFF(deprecated-declarations)
+# define USES_APPLE_RST DIAG_ON(deprecated-declarations)
+#else
+# define USES_APPLE_DEPRECATED_API
+# define USES_APPLE_RST
+#endif
+
+/*
+ * end of Apple deprecation workaround macros
+ */
+
+#ifndef min
+#define min(a,b) ((a)>(b)?(b):(a))
+#endif
+#ifndef max
+#define max(a,b) ((b)>(a)?(b):(a))
+#endif
+
+#endif /* netdissect_stdinc_h */