commit 6e588eae42ba5eddaab06cbf4f0235a201524388 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:18:11 2019 -0400 Package init diff --git a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch new file mode 100644 index 0000000..c5e54ae --- /dev/null +++ b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch @@ -0,0 +1,26 @@ +From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:34:24 +0200 +Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from + ICMPv6 as milliseconds + +--- + print-icmp6.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/print-icmp6.c b/print-icmp6.c +index 7fe639d..cfaa2df 100644 +--- a/print-icmp6.c ++++ b/print-icmp6.c +@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo, + p = (const struct nd_router_advert *)dp; + ND_TCHECK(p->nd_ra_retransmit); + ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ +- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", ++ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", + (u_int)p->nd_ra_curhoplimit, + bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), + get_rtpref(p->nd_ra_flags_reserved), +-- +2.9.3 + diff --git a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch new file mode 100644 index 0000000..28bce58 --- /dev/null +++ b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -0,0 +1,106 @@ +From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:12:46 +0200 +Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr + +--- + addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 46 insertions(+), 2 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index 6975b71..949acb7 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -220,7 +220,6 @@ static uint32_t f_localnet; + const char * + getname(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + uint32_t addr; + struct hnamemem *p; + +@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap) + */ + if (!ndo->ndo_nflag && + (addr & f_netmask) == f_localnet) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin_family = AF_INET; ++ sa.sin_addr.s_addr = addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, 4, AF_INET); + if (hp) { + char *dotp; +@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + p->name = strdup(intoa(addr)); + if (p->name == NULL) +@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap) + const char * + getname6(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + union { + struct in6_addr addr; + struct for_hash_addr { +@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap) + * Do not print names if -n was given. + */ + if (!ndo->ndo_nflag) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in6 sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin6_family = AF_INET6; ++ sa.sin6_addr = addr.addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); + if (hp) { + char *dotp; +@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf)); + p->name = strdup(cp); +-- +2.9.3 + diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch new file mode 100644 index 0000000..c7ffc59 --- /dev/null +++ b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -0,0 +1,94 @@ +From 9bee0dffaebbc53b9762df7a6d84a553969e7b00 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 3 Feb 2017 09:36:26 +0100 +Subject: [PATCH 3/8] Drop root priviledges before opening first savefile if + running with -Z root + +--- + tcpdump.1.in | 7 ++++++- + tcpdump.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) + +diff --git a/tcpdump.1.in b/tcpdump.1.in +index f04a579..ca5cff2 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -249,6 +249,9 @@ have the name specified with the + flag, with a number after it, starting at 1 and continuing upward. + The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, + not 1,048,576 bytes). ++ ++Note that when used with \fB\-Z\fR option (enabled by default), privileges ++are dropped before opening first savefile. + .TP + .B \-d + Dump the compiled packet-matching code in a human readable form to +@@ -860,7 +863,9 @@ but before opening any savefiles for output, change the user ID to + and the group ID to the primary group of + .IR user . + .IP +-This behavior can also be enabled by default at compile time. ++This behavior is enabled by default (\fB\-Z tcpdump\fR), and can ++be disabled by \fB\-Z root\fR. ++ + .IP "\fI expression\fP" + .RS + selects which packets will be dumped. +diff --git a/tcpdump.c b/tcpdump.c +index 73bf138..29f7f87 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -1133,6 +1133,7 @@ main(int argc, char **argv) + cap_rights_t rights; + int cansandbox; + #endif /* HAVE_CAPSICUM */ ++ int chown_flag = 0; + int Oflag = 1; /* run filter code optimizer */ + int yflag_dlt = -1; + const char *yflag_dlt_name = NULL; +@@ -1843,6 +1844,19 @@ main(int argc, char **argv) + } + capng_apply(CAPNG_SELECT_BOTH); + #endif /* HAVE_LIBCAP_NG */ ++ /* If user is running tcpdump as root and wants to write to the savefile, ++ * we will check if -C is set and if it is, we will drop root ++ * privileges right away and consequent call to>pcap_dump_open() ++ * will most likely fail for the first file. If -C flag is not set we ++ * will create file as root then change ownership of file to proper ++ * user(default tcpdump) and drop root privileges. ++ */ ++ if (WFileName) ++ if (Cflag && (username || chroot_dir)) ++ droproot(username, chroot_dir); ++ else ++ chown_flag = 1; ++ else + if (username || chroot_dir) + droproot(username, chroot_dir); + +@@ -1881,6 +1895,22 @@ main(int argc, char **argv) + MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); + + p = pcap_dump_open(pd, dumpinfo.CurrentFileName); ++ ++ /* Change ownership of file and drop root privileges */ ++ if (chown_flag) { ++ struct passwd *pwd; ++ ++ pwd = getpwnam(username); ++ if (!pwd) ++ error("Couldn't find user '%s'", username); ++ ++ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) ++ error("Couldn't change ownership of savefile"); ++ ++ if (username || chroot_dir) ++ droproot(username, chroot_dir); ++ } ++ + #ifdef HAVE_LIBCAP_NG + /* Give up CAP_DAC_OVERRIDE capability. + * Only allow it to be restored if the -C or -G flag have been +-- +2.9.3 + diff --git a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch new file mode 100644 index 0000000..d6973ac --- /dev/null +++ b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch @@ -0,0 +1,88 @@ +From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:43:04 +0200 +Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3 + +--- + tcpslice-1.2a3/search.c | 22 +++++++++++++++------- + tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++ + 2 files changed, 35 insertions(+), 7 deletions(-) + +diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c +index 1e2d051..23aa105 100644 +--- a/tcpslice-1.2a3/search.c ++++ b/tcpslice-1.2a3/search.c +@@ -53,7 +53,7 @@ static const char rcsid[] = + /* Size of a packet header in bytes; easier than typing the sizeof() all + * the time ... + */ +-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) ++#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) + + extern int snaplen; + +@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time + static void + extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) + { +- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); ++ struct pcap_sf_pkthdr hdri; ++ ++ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); + + if ( pcap_is_swapped( p ) ) + { +- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); +- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); +- hdr->len = SWAPLONG(hdr->len); +- hdr->caplen = SWAPLONG(hdr->caplen); ++ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); ++ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); ++ hdr->len = SWAPLONG(hdri.len); ++ hdr->caplen = SWAPLONG(hdri.caplen); ++ } ++ else ++ { ++ hdr->ts.tv_sec = hdri.ts.tv_sec; ++ hdr->ts.tv_usec = hdri.ts.tv_usec; ++ hdr->len = hdri.len; ++ hdr->caplen = hdri.caplen; + } +- + /* + * From bpf/libpcap/savefile.c: + * +diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h +index de4a01c..9dcd1a1 100644 +--- a/tcpslice-1.2a3/tcpslice.h ++++ b/tcpslice-1.2a3/tcpslice.h +@@ -20,6 +20,26 @@ + */ + + ++#include ++/* #include */ ++ ++/* ++ * This is a timeval as stored in disk in a dumpfile. ++ * It has to use the same types everywhere, independent of the actual ++ * `struct timeval' ++ */ ++ ++struct pcap_timeval { ++ bpf_int32 tv_sec; /* seconds */ ++ bpf_int32 tv_usec; /* microseconds */ ++}; ++ ++struct pcap_sf_pkthdr { ++ struct pcap_timeval ts; /* time stamp */ ++ bpf_u_int32 caplen; /* length of portion present */ ++ bpf_u_int32 len; /* length this packet (off wire) */ ++}; ++ + time_t gwtm2secs( struct tm *tm ); + + int sf_find_end( struct pcap *p, struct timeval *first_timestamp, +-- +2.9.3 + diff --git a/0005-tcpslice-remove-unneeded-include.patch b/0005-tcpslice-remove-unneeded-include.patch new file mode 100644 index 0000000..2413575 --- /dev/null +++ b/0005-tcpslice-remove-unneeded-include.patch @@ -0,0 +1,26 @@ +From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:06:54 +0200 +Subject: [PATCH 5/8] tcpslice: remove unneeded include + +net/bpf.h doesn't exist on Linux. +--- + tcpslice-1.2a3/tcpslice.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index e73d76f..895e54f 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -35,8 +35,6 @@ static const char rcsid[] = + #include + #include + +-#include +- + #include + #ifdef HAVE_FCNTL_H + #include +-- +2.9.3 + diff --git a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch new file mode 100644 index 0000000..60efc1c --- /dev/null +++ b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch @@ -0,0 +1,27 @@ +From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:19:44 +0200 +Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL + +--- + tcpslice-1.2a3/tcpslice.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index 895e54f..a91439b 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr) + + while (isdigit(*t_stop)) + ++t_stop; +- if (! t_stop) ++ ++ if (!(*t_stop)) ++ /* we've reached end of string -> bad date format */ + error("bad date format %s, problem starting at %s", + time_string, t_start); + +-- +2.9.3 + diff --git a/0007-Introduce-nn-option.patch b/0007-Introduce-nn-option.patch new file mode 100644 index 0000000..1e64d8b --- /dev/null +++ b/0007-Introduce-nn-option.patch @@ -0,0 +1,55 @@ +From 9ea43c6c97d3653cb58c1934f8770b951917bf9a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:26:38 +0200 +Subject: [PATCH 7/8] Introduce -nn option + +This changes the semantics on -n option so only namelookups are skipped. Port +numbers *are* translated to their string representations. Option -nn then has +the same semantics as -n had originally. +--- + addrtoname.c | 4 ++-- + tcpdump.1.in | 6 +++++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index 949acb7..9dd78d8 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -810,7 +810,7 @@ init_servarray(netdissect_options *ndo) + + while (table->name) + table = table->nxt; +- if (ndo->ndo_nflag) { ++ if (ndo->ndo_nflag > 1) { + (void)snprintf(buf, sizeof(buf), "%d", port); + table->name = strdup(buf); + } else +@@ -1233,7 +1233,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) + f_localnet = localnet; + f_netmask = mask; + } +- if (ndo->ndo_nflag) ++ if (ndo->ndo_nflag > 1) + /* + * Simplest way to suppress names. + */ +diff --git a/tcpdump.1.in b/tcpdump.1.in +index ca5cff2..c711a24 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -547,7 +547,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in + TCP segments with the TCP-MD5 option (RFC 2385), if present. + .TP + .B \-n +-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. ++Don't convert host addresses to names. This can be used to avoid ++DNS lookups. ++.TP ++.B \-nn ++Don't convert protocol and port numbers etc. to names either. + .TP + .B \-N + Don't print domain name qualification of host names. +-- +2.9.3 + diff --git a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch new file mode 100644 index 0000000..2e4551c --- /dev/null +++ b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch @@ -0,0 +1,36 @@ +From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 3 Feb 2017 09:43:03 +0100 +Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping + it + +--- + tcpdump.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/tcpdump.c b/tcpdump.c +index 29f7f87..18c4a5c 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir) + int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); + if (ret < 0) { + fprintf(stderr, "error : ret %d\n", ret); +- } else { +- fprintf(stderr, "dropped privs to %s\n", username); + } + } + #else +@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir) + pcap_strerror(errno)); + exit_tcpdump(1); + } +- else { +- fprintf(stderr, "dropped privs to %s\n", username); +- } + #endif /* HAVE_LIBCAP_NG */ + } + else { +-- +2.9.3 + diff --git a/0009-Change-n-flag-to-nn-in-TESTonce.patch b/0009-Change-n-flag-to-nn-in-TESTonce.patch new file mode 100644 index 0000000..53a9556 --- /dev/null +++ b/0009-Change-n-flag-to-nn-in-TESTonce.patch @@ -0,0 +1,27 @@ +From 04e23aa3f91ff137237daf68f02e7b3c0c1a9168 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Apr 2017 09:19:48 +0200 +Subject: [PATCH 09/13] Change -n flag to -nn in TESTonce + +We need to change this because we have a different meaning of -n +flag than upstream does. We use -nn in those cases. +--- + tests/TESTonce | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/TESTonce b/tests/TESTonce +index 7026624..e348701 100755 +--- a/tests/TESTonce ++++ b/tests/TESTonce +@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') { + else { + # we used to do this as a nice pipeline, but the problem is that $r fails to + # to be set properly if the tcpdump core dumps. +- $r = system "../tcpdump 2>/dev/null -n -t -r $input $options >NEW/$output"; ++ $r = system "../tcpdump 2>/dev/null -nn -t -r $input $options >NEW/$output"; + if($r != 0) { + # this means tcpdump failed. + open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n"; +-- +2.13.5 + diff --git a/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch b/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch new file mode 100644 index 0000000..30502b8 --- /dev/null +++ b/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch @@ -0,0 +1,45 @@ +From 0ae4aa1881bbe40443bff802b5e4aa6ca0696dd9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 11 Apr 2017 09:37:53 +0200 +Subject: [PATCH 10/13] Expect miliseconds instead of seconds in icmp capture. + +Again this is caused by our patch, so we need to modify tests +accordingly. +--- + tests/icmpv6.out | 2 +- + tests/icmpv6_opt24-v.out | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/icmpv6.out b/tests/icmpv6.out +index bb7775e..8979540 100644 +--- a/tests/icmpv6.out ++++ b/tests/icmpv6.out +@@ -1,5 +1,5 @@ + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176 +- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s ++ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms + prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s + 0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222 + 0x0010: 3333 4444 5555 6600 0000 0000 0000 +diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out +index 2b7cf09..00512df 100644 +--- a/tests/icmpv6_opt24-v.out ++++ b/tests/icmpv6_opt24-v.out +@@ -1,5 +1,5 @@ + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 +- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s ++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms + source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 + mtu option (5), length 8 (1): 1500 + prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s +@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87 + rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1 + dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan. + IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 +- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s ++ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms + source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 + mtu option (5), length 8 (1): 1500 + prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s +-- +2.13.5 diff --git a/0011-Evp-cipher-buffers.patch b/0011-Evp-cipher-buffers.patch new file mode 100644 index 0000000..a271419 --- /dev/null +++ b/0011-Evp-cipher-buffers.patch @@ -0,0 +1,133 @@ +diff --git a/print-esp.c b/print-esp.c +index 511ee8a3..5b282526 100644 +--- a/print-esp.c ++++ b/print-esp.c +@@ -192,8 +192,8 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, + const u_char *iv; + unsigned int len; + EVP_CIPHER_CTX *ctx; +- unsigned int block_size, output_buffer_size; +- u_char *output_buffer; ++ unsigned int block_size, buffer_size; ++ u_char *input_buffer, *output_buffer; + + /* initiator arg is any non-zero value */ + if(initiator) initiator=1; +@@ -228,19 +228,41 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, + (*ndo->ndo_warning)(ndo, "espkey init failed"); + set_cipher_parameters(ctx, NULL, NULL, iv, 0); + /* +- * Allocate a buffer for the decrypted data. +- * The output buffer must be separate from the input buffer, and +- * its size must be a multiple of the cipher block size. ++ * Allocate buffers for the encrypted and decrypted data. ++ * Both buffers' sizes must be a multiple of the cipher block ++ * size, and the output buffer must be separate from the input ++ * buffer. + */ + block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); +- output_buffer_size = len + (block_size - len % block_size); +- output_buffer = (u_char *)malloc(output_buffer_size); ++ buffer_size = len + (block_size - len % block_size); ++ ++ /* ++ * Attempt to allocate the input buffer. ++ */ ++ input_buffer = (u_char *)malloc(buffer_size); ++ if (input_buffer == NULL) { ++ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); ++ EVP_CIPHER_CTX_free(ctx); ++ return 0; ++ } ++ /* ++ * Copy the input data to the encrypted data buffer, and pad it ++ * with zeroes. ++ */ ++ memcpy(input_buffer, buf, len); ++ memset(input_buffer + len, 0, buffer_size - len); ++ ++ /* ++ * Attempt to allocate the output buffer. ++ */ ++ output_buffer = (u_char *)malloc(buffer_size); + if (output_buffer == NULL) { + (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); ++ free(input_buffer); + EVP_CIPHER_CTX_free(ctx); + return 0; + } +- EVP_Cipher(ctx, output_buffer, buf, len); ++ EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size); + EVP_CIPHER_CTX_free(ctx); + + /* +@@ -249,6 +272,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, + * but changing this would require a more complicated fix. + */ + memcpy(buf, output_buffer, len); ++ free(input_buffer); + free(output_buffer); + + ndo->ndo_packetp = buf; +@@ -666,8 +690,8 @@ esp_print(netdissect_options *ndo, + const u_char *ivoff; + const u_char *p; + EVP_CIPHER_CTX *ctx; +- unsigned int block_size, output_buffer_size; +- u_char *output_buffer; ++ unsigned int block_size, buffer_size; ++ u_char *input_buffer, *output_buffer; + #endif + + esp = (const struct newesp *)bp; +@@ -784,21 +808,43 @@ esp_print(netdissect_options *ndo, + len = ep - (p + ivlen); + + /* +- * Allocate a buffer for the decrypted data. +- * The output buffer must be separate from the +- * input buffer, and its size must be a multiple +- * of the cipher block size. ++ * Allocate buffers for the encrypted and decrypted ++ * data. Both buffers' sizes must be a multiple of ++ * the cipher block size, and the output buffer must ++ * be separate from the input buffer. + */ + block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); +- output_buffer_size = len + (block_size - len % block_size); +- output_buffer = (u_char *)malloc(output_buffer_size); ++ buffer_size = len + (block_size - len % block_size); ++ ++ /* ++ * Attempt to allocate the input buffer. ++ */ ++ input_buffer = (u_char *)malloc(buffer_size); ++ if (input_buffer == NULL) { ++ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); ++ EVP_CIPHER_CTX_free(ctx); ++ return 0; ++ } ++ /* ++ * Copy the input data to the encrypted data buffer, ++ * and pad it with zeroes. ++ */ ++ memcpy(input_buffer, p + ivlen, len); ++ memset(input_buffer + len, 0, buffer_size - len); ++ ++ /* ++ * Attempt to allocate the output buffer. ++ */ ++ output_buffer = (u_char *)malloc(buffer_size); + if (output_buffer == NULL) { + (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); ++ free(input_buffer); + EVP_CIPHER_CTX_free(ctx); + return -1; + } + +- EVP_Cipher(ctx, output_buffer, p + ivlen, len); ++ EVP_Cipher(ctx, output_buffer, input_buffer, len); ++ free(input_buffer); + EVP_CIPHER_CTX_free(ctx); + /* + * XXX - of course this is wrong, because buf is a diff --git a/0012-Add-printing-support-for-vsockmon-devices.patch b/0012-Add-printing-support-for-vsockmon-devices.patch new file mode 100644 index 0000000..0808c3e --- /dev/null +++ b/0012-Add-printing-support-for-vsockmon-devices.patch @@ -0,0 +1,318 @@ +From 66a5b93dee386bc2f57033a150341752923b8b41 Mon Sep 17 00:00:00 2001 +From: Gerard Garcia +Date: Tue, 14 Jun 2016 16:45:44 +0200 +Subject: [PATCH 13/13] Add printing support for vsockmon devices. + +Print Linux 4.12 vsockmon captures: + + # modprobe vsockmon + # ip link add type vsockmon + # ip link set vsockmon0 up + # tcpdump -i vsockmon0 + 16:25:24.987917 VIRTIO 3.1025 > 2.1234 CONNECT, length 76 + 16:25:24.987963 VIRTIO 2.1234 > 3.1025 CONNECT, length 76 + 16:25:26.568271 VIRTIO 3.1025 > 2.1234 PAYLOAD, length 82 + 16:25:26.568512 VIRTIO 2.1234 > 3.1025 CONTROL, length 76 + 16:25:28.411335 VIRTIO 3.1025 > 2.1234 DISCONNECT, length 76 + 16:25:28.411628 VIRTIO 2.1234 > 3.1025 DISCONNECT, length 76 + +For more information about vsock see: +http://wiki.qemu.org/Features/VirtioVsock +--- + Makefile.in | 1 + + netdissect.h | 1 + + print-vsock.c | 243 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + print.c | 3 + + 4 files changed, 248 insertions(+) + create mode 100644 print-vsock.c + +diff --git a/Makefile.in b/Makefile.in +index 0941f0e..a301878 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -226,6 +226,7 @@ LIBNETDISSECT_SRC=\ + print-vjc.c \ + print-vqp.c \ + print-vrrp.c \ ++ print-vsock.c \ + print-vtp.c \ + print-vxlan.c \ + print-vxlan-gpe.c \ +diff --git a/netdissect.h b/netdissect.h +index 089b040..c89fcf1 100644 +--- a/netdissect.h ++++ b/netdissect.h +@@ -444,6 +444,7 @@ extern u_int symantec_if_print IF_PRINTER_ARGS; + extern u_int token_if_print IF_PRINTER_ARGS; + extern u_int usb_linux_48_byte_print IF_PRINTER_ARGS; + extern u_int usb_linux_64_byte_print IF_PRINTER_ARGS; ++extern u_int vsock_print IF_PRINTER_ARGS; + + /* + * Structure passed to some printers to allow them to print +diff --git a/print-vsock.c b/print-vsock.c +new file mode 100644 +index 0000000..fc5694d +--- /dev/null ++++ b/print-vsock.c +@@ -0,0 +1,243 @@ ++/* ++ * Copyright (c) 2016 Gerard Garcia ++ * Copyright (c) 2017 Red Hat, Inc. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * 3. The names of the authors may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ++ */ ++ ++/* \summary: Linux vsock printer */ ++ ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#endif ++ ++#include ++#include ++ ++#include "netdissect.h" ++#include "extract.h" ++ ++static const char tstr[] = " [|vsock]"; ++ ++enum af_vsockmon_transport { ++ AF_VSOCK_TRANSPORT_UNKNOWN = 0, ++ AF_VSOCK_TRANSPORT_NO_INFO = 1, /* No transport information */ ++ AF_VSOCK_TRANSPORT_VIRTIO = 2, /* Virtio transport header */ ++}; ++ ++static const struct tok vsock_transport[] = { ++ {AF_VSOCK_TRANSPORT_UNKNOWN, "UNKNOWN"}, ++ {AF_VSOCK_TRANSPORT_NO_INFO, "NO_INFO"}, ++ {AF_VSOCK_TRANSPORT_VIRTIO, "VIRTIO"}, ++ { 0, NULL } ++}; ++ ++enum af_vsockmon_op { ++ AF_VSOCK_OP_UNKNOWN = 0, ++ AF_VSOCK_OP_CONNECT = 1, ++ AF_VSOCK_OP_DISCONNECT = 2, ++ AF_VSOCK_OP_CONTROL = 3, ++ AF_VSOCK_OP_PAYLOAD = 4, ++}; ++ ++static const struct tok vsock_op[] = { ++ {AF_VSOCK_OP_UNKNOWN, "UNKNOWN"}, ++ {AF_VSOCK_OP_CONNECT, "CONNECT"}, ++ {AF_VSOCK_OP_DISCONNECT, "DISCONNECT"}, ++ {AF_VSOCK_OP_CONTROL, "CONTROL"}, ++ {AF_VSOCK_OP_PAYLOAD, "PAYLOAD"}, ++ { 0, NULL } ++}; ++ ++enum virtio_vsock_type { ++ VIRTIO_VSOCK_TYPE_STREAM = 1, ++}; ++ ++static const struct tok virtio_type[] = { ++ {VIRTIO_VSOCK_TYPE_STREAM, "STREAM"}, ++ { 0, NULL } ++}; ++ ++enum virtio_vsock_op { ++ VIRTIO_VSOCK_OP_INVALID = 0, ++ VIRTIO_VSOCK_OP_REQUEST = 1, ++ VIRTIO_VSOCK_OP_RESPONSE = 2, ++ VIRTIO_VSOCK_OP_RST = 3, ++ VIRTIO_VSOCK_OP_SHUTDOWN = 4, ++ VIRTIO_VSOCK_OP_RW = 5, ++ VIRTIO_VSOCK_OP_CREDIT_UPDATE = 6, ++ VIRTIO_VSOCK_OP_CREDIT_REQUEST = 7, ++}; ++ ++static const struct tok virtio_op[] = { ++ {VIRTIO_VSOCK_OP_INVALID, "INVALID"}, ++ {VIRTIO_VSOCK_OP_REQUEST, "REQUEST"}, ++ {VIRTIO_VSOCK_OP_RESPONSE, "RESPONSE"}, ++ {VIRTIO_VSOCK_OP_RST, "RST"}, ++ {VIRTIO_VSOCK_OP_SHUTDOWN, "SHUTDOWN"}, ++ {VIRTIO_VSOCK_OP_RW, "RW"}, ++ {VIRTIO_VSOCK_OP_CREDIT_UPDATE, "CREDIT UPDATE"}, ++ {VIRTIO_VSOCK_OP_CREDIT_REQUEST, "CREDIT REQUEST"}, ++ { 0, NULL } ++}; ++ ++/* All fields are little-endian */ ++ ++struct virtio_vsock_hdr { ++ uint64_t src_cid; ++ uint64_t dst_cid; ++ uint32_t src_port; ++ uint32_t dst_port; ++ uint32_t len; ++ uint16_t type; /* enum virtio_vsock_type */ ++ uint16_t op; /* enum virtio_vsock_op */ ++ uint32_t flags; ++ uint32_t buf_alloc; ++ uint32_t fwd_cnt; ++} UNALIGNED; ++ ++struct af_vsockmon_hdr { ++ uint64_t src_cid; ++ uint64_t dst_cid; ++ uint32_t src_port; ++ uint32_t dst_port; ++ uint16_t op; /* enum af_vsockmon_op */ ++ uint16_t transport; /* enum af_vosckmon_transport */ ++ uint16_t len; /* size of transport header */ ++ uint8_t reserved[2]; ++}; ++ ++static void ++vsock_virtio_hdr_print(netdissect_options *ndo, const struct virtio_vsock_hdr *hdr) ++{ ++ uint16_t u16_v; ++ uint32_t u32_v; ++ ++ u32_v = EXTRACT_LE_32BITS(&hdr->len); ++ ND_PRINT((ndo, "len %u", u32_v)); ++ ++ u16_v = EXTRACT_LE_16BITS(&hdr->type); ++ ND_PRINT((ndo, ", type %s", ++ tok2str(virtio_type, "Invalid type (%hu)", u16_v))); ++ ++ u16_v = EXTRACT_LE_16BITS(&hdr->op); ++ ND_PRINT((ndo, ", op %s", ++ tok2str(virtio_op, "Invalid op (%hu)", u16_v))); ++ ++ u32_v = EXTRACT_LE_32BITS(&hdr->flags); ++ ND_PRINT((ndo, ", flags %x", u32_v)); ++ ++ u32_v = EXTRACT_LE_32BITS(&hdr->buf_alloc); ++ ND_PRINT((ndo, ", buf_alloc %u", u32_v)); ++ ++ u32_v = EXTRACT_LE_32BITS(&hdr->fwd_cnt); ++ ND_PRINT((ndo, ", fwd_cnt %u", u32_v)); ++} ++ ++static size_t ++vsock_transport_hdr_size(uint16_t transport) ++{ ++ switch (transport) { ++ case AF_VSOCK_TRANSPORT_VIRTIO: ++ return sizeof(struct virtio_vsock_hdr); ++ default: ++ return 0; ++ } ++} ++ ++static void ++vsock_transport_hdr_print(netdissect_options *ndo, uint16_t transport, ++ const u_char *p, const u_int len) ++{ ++ size_t transport_size = vsock_transport_hdr_size(transport); ++ const void *hdr; ++ ++ if (len < sizeof(struct af_vsockmon_hdr) + transport_size) ++ return; ++ ++ hdr = p + sizeof(struct af_vsockmon_hdr); ++ switch (transport) { ++ case AF_VSOCK_TRANSPORT_VIRTIO: ++ ND_PRINT((ndo, " (")); ++ vsock_virtio_hdr_print(ndo, hdr); ++ ND_PRINT((ndo, ")")); ++ break; ++ default: ++ break; ++ } ++} ++ ++static void ++vsock_hdr_print(netdissect_options *ndo, const u_char *p, const u_int len) ++{ ++ uint16_t hdr_transport, hdr_op; ++ uint32_t hdr_src_port, hdr_dst_port; ++ uint64_t hdr_src_cid, hdr_dst_cid; ++ size_t total_hdr_size; ++ ++ const struct af_vsockmon_hdr *hdr = (struct af_vsockmon_hdr *)p; ++ ++ hdr_transport = EXTRACT_LE_16BITS(&hdr->transport); ++ ND_PRINT((ndo, "%s", ++ tok2str(vsock_transport, "Invalid transport (%u)", ++ hdr_transport))); ++ ++ /* If verbose level is more than 0 print transport details */ ++ if (ndo->ndo_vflag) { ++ vsock_transport_hdr_print(ndo, hdr_transport, p, len); ++ ND_PRINT((ndo, "\n\t")); ++ } else ++ ND_PRINT((ndo, " ")); ++ ++ hdr_src_cid = EXTRACT_LE_64BITS(&hdr->src_cid); ++ hdr_dst_cid = EXTRACT_LE_64BITS(&hdr->dst_cid); ++ hdr_src_port = EXTRACT_LE_32BITS(&hdr->src_port); ++ hdr_dst_port = EXTRACT_LE_32BITS(&hdr->dst_port); ++ hdr_op = EXTRACT_LE_16BITS(&hdr->op); ++ ND_PRINT((ndo, "%lu.%hu > %lu.%hu %s, length %u", ++ hdr_src_cid, hdr_src_port, ++ hdr_dst_cid, hdr_dst_port, ++ tok2str(vsock_op, " invalid op (%u)", hdr_op), ++ len)); ++ ++ /* If debug level is more than 1 print payload contents */ ++ total_hdr_size = sizeof(struct af_vsockmon_hdr) + ++ vsock_transport_hdr_size(hdr_transport); ++ if (ndo->ndo_vflag > 1 && ++ hdr_op == AF_VSOCK_OP_PAYLOAD && ++ len > total_hdr_size) { ++ const u_char *payload = p + total_hdr_size; ++ ++ ND_PRINT((ndo, "\n")); ++ print_unknown_data(ndo, payload, "\t", len - total_hdr_size); ++ } ++} ++ ++u_int ++vsock_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *cp) ++{ ++ u_int len = h->len; ++ ++ if (len < sizeof(struct af_vsockmon_hdr)) ++ ND_PRINT((ndo, "%s", tstr)); ++ else ++ vsock_hdr_print(ndo, cp, len); ++ ++ return len; ++} +diff --git a/print.c b/print.c +index c76f344..1945cfd 100644 +--- a/print.c ++++ b/print.c +@@ -220,6 +220,9 @@ static const struct printer printers[] = { + #ifdef DLT_PPP_SERIAL + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, + #endif ++#ifdef DLT_VSOCK ++ { vsock_print, DLT_VSOCK }, ++#endif + { NULL, 0 }, + }; + +-- +2.13.5 + diff --git a/tcpdump-4.9.2.tar.gz b/tcpdump-4.9.2.tar.gz new file mode 100644 index 0000000..86e02e9 Binary files /dev/null and b/tcpdump-4.9.2.tar.gz differ diff --git a/tcpdump-4.9.2.tar.gz.sig b/tcpdump-4.9.2.tar.gz.sig new file mode 100644 index 0000000..6456b34 Binary files /dev/null and b/tcpdump-4.9.2.tar.gz.sig differ diff --git a/tcpdump.spec b/tcpdump.spec new file mode 100644 index 0000000..4f2bd9c --- /dev/null +++ b/tcpdump.spec @@ -0,0 +1,83 @@ +Name: tcpdump +Epoch: 14 +Version: 4.9.2 +Release: 7 +Summary: A powerful command-line packet analyzer and library for network traffic capture. +License: BSD with advertising +URL: http://www.tcpdump.org +Source0: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz +Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz + +Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch +Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +Patch0005: 0005-tcpslice-remove-unneeded-include.patch +Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +Patch0007: 0007-Introduce-nn-option.patch +Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch +Patch0010: 0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch +Patch0011: 0011-Evp-cipher-buffers.patch +Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch + +BuildRequires: automake openssl-devel libpcap-devel git-core +Requires: shadow-utils + +%description +Tcpdump is a common packet analyzer that runs under the command line. +It allows the user to captureand display TCP/IP and other packets being +transmitted or received over a network to which the computer is attached. + +%package help +Summary: Help documents for tcpdump + +%description help +Man pages and other related help documents for tcpdump. + +%prep +%autosetup -n %{name}-%{version} -a 1 -S git + +%build +export CFLAGS="%{optflags} $(getconf LFS_CFLAGS) -fno-strict-aliasing" +pushd tcpslice-1.2a3 +automake -a -f 2> /dev/null || : +%configure +%make_build +popd + +%configure --with-crypto --with-user=tcpdump --without-smi +%make_build + +%install +install -d %{buildroot}%{_libdir} %{buildroot}%{_sbindir} %{buildroot}%{_mandir}/man8 + +pushd tcpslice-1.2a3 +install -m755 tcpslice %{buildroot}%{_sbindir} +install -m644 tcpslice.1 %{buildroot}%{_mandir}/man8/tcpslice.8 +popd + +install -m755 tcpdump %{buildroot}%{_sbindir} +install -m644 tcpdump.1 %{buildroot}%{_mandir}/man8/tcpdump.8 + +sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' %{buildroot}%{_mandir}/man8/* + +%check +make check + +%pre +/usr/sbin/groupadd -g 72 tcpdump 2> /dev/null +/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r -d / tcpdump 2> /dev/null +exit 0 + +%files +%license LICENSE +%{_sbindir}/tcp* + +%files help +%doc README.md CHANGES CREDITS +%{_mandir}/man8/tcp*.8* + +%changelog +* Fri Sep 20 2019 chenzhenyu - 14:4.9.2-7 +- Package init diff --git a/tcpslice-1.2a3.tar.gz b/tcpslice-1.2a3.tar.gz new file mode 100644 index 0000000..c36c8a5 Binary files /dev/null and b/tcpslice-1.2a3.tar.gz differ