Package init

0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch

@@ -0,0 +1,26 @@
+From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 13:34:24 +0200
+Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from
+ ICMPv6 as milliseconds
+
+---
+ print-icmp6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/print-icmp6.c b/print-icmp6.c
+index 7fe639d..cfaa2df 100644
+--- a/print-icmp6.c
++++ b/print-icmp6.c
+@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo,
+ 			p = (const struct nd_router_advert *)dp;
+ 			ND_TCHECK(p->nd_ra_retransmit);
+ 			ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \
+-                                  ", pref %s, router lifetime %us, reachable time %us, retrans time %us",
++                                  ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums",
+                                   (u_int)p->nd_ra_curhoplimit,
+                                   bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)),
+                                   get_rtpref(p->nd_ra_flags_reserved),
+-- 
+2.9.3
+

0002-Use-getnameinfo-instead-of-gethostbyaddr.patch

@@ -0,0 +1,106 @@
+From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 14:12:46 +0200
+Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr
+
+---
+ addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 46 insertions(+), 2 deletions(-)
+
+diff --git a/addrtoname.c b/addrtoname.c
+index 6975b71..949acb7 100644
+--- a/addrtoname.c
++++ b/addrtoname.c
+@@ -220,7 +220,6 @@ static uint32_t f_localnet;
+ const char *
+ getname(netdissect_options *ndo, const u_char *ap)
+ {
+-	register struct hostent *hp;
+ 	uint32_t addr;
+ 	struct hnamemem *p;
+ 
+@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap)
+ 	 */
+ 	if (!ndo->ndo_nflag &&
+ 	    (addr & f_netmask) == f_localnet) {
++#ifdef HAVE_GETNAMEINFO
++		struct sockaddr_in sa;
++		char hbuf[NI_MAXHOST];
++
++		memset(&sa, 0, sizeof (sa));
++		sa.sin_family = AF_INET;
++		sa.sin_addr.s_addr = addr;
++		if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
++					hbuf, sizeof (hbuf), NULL, 0, 0)) {
++			if (ndo->ndo_Nflag) {
++				char *dotp;
++
++				/* Remove domain qualifications */
++				dotp = strchr(hbuf, '.');
++				if (dotp)
++					*dotp = '\0';
++			}
++			p->name = strdup(hbuf);
++			return p->name;
++		}
++#else
++		register struct hostent *hp;
+ 		hp = gethostbyaddr((char *)&addr, 4, AF_INET);
+ 		if (hp) {
+ 			char *dotp;
+@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap)
+ 			}
+ 			return (p->name);
+ 		}
++#endif
+ 	}
+ 	p->name = strdup(intoa(addr));
+ 	if (p->name == NULL)
+@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap)
+ const char *
+ getname6(netdissect_options *ndo, const u_char *ap)
+ {
+-	register struct hostent *hp;
+ 	union {
+ 		struct in6_addr addr;
+ 		struct for_hash_addr {
+@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap)
+ 	 * Do not print names if -n was given.
+ 	 */
+ 	if (!ndo->ndo_nflag) {
++#ifdef HAVE_GETNAMEINFO
++		struct sockaddr_in6 sa;
++		char hbuf[NI_MAXHOST];
++
++		memset(&sa, 0, sizeof (sa));
++		sa.sin6_family = AF_INET6;
++		sa.sin6_addr = addr.addr;
++		if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa),
++					hbuf, sizeof (hbuf), NULL, 0, 0)) {
++			if (ndo->ndo_Nflag) {
++				char *dotp;
++
++				/* Remove domain qualifications */
++				dotp = strchr(hbuf, '.');
++				if (dotp)
++					*dotp = '\0';
++			}
++			p->name = strdup(hbuf);
++			return p->name;
++		}
++#else
++                register struct hostent *hp;
+ 		hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
+ 		if (hp) {
+ 			char *dotp;
+@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap)
+ 			}
+ 			return (p->name);
+ 		}
++#endif
+ 	}
+ 	cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf));
+ 	p->name = strdup(cp);
+-- 
+2.9.3
+

0003-Drop-root-priviledges-before-opening-first-savefile-.patch

@@ -0,0 +1,94 @@
+From 9bee0dffaebbc53b9762df7a6d84a553969e7b00 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 3 Feb 2017 09:36:26 +0100
+Subject: [PATCH 3/8] Drop root priviledges before opening first savefile if
+ running with -Z root
+
+---
+ tcpdump.1.in |  7 ++++++-
+ tcpdump.c    | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/tcpdump.1.in b/tcpdump.1.in
+index f04a579..ca5cff2 100644
+--- a/tcpdump.1.in
++++ b/tcpdump.1.in
+@@ -249,6 +249,9 @@ have the name specified with the
+ flag, with a number after it, starting at 1 and continuing upward.
+ The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
+ not 1,048,576 bytes).
++
++Note that when used with \fB\-Z\fR option (enabled by default), privileges
++are dropped before opening first savefile.
+ .TP
+ .B \-d
+ Dump the compiled packet-matching code in a human readable form to
+@@ -860,7 +863,9 @@ but before opening any savefiles for output, change the user ID to
+ and the group ID to the primary group of
+ .IR user .
+ .IP
+-This behavior can also be enabled by default at compile time.
++This behavior is enabled by default (\fB\-Z tcpdump\fR), and can
++be disabled by \fB\-Z root\fR.
++
+ .IP "\fI expression\fP"
+ .RS
+ selects which packets will be dumped.
+diff --git a/tcpdump.c b/tcpdump.c
+index 73bf138..29f7f87 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -1133,6 +1133,7 @@ main(int argc, char **argv)
+ 	cap_rights_t rights;
+ 	int cansandbox;
+ #endif	/* HAVE_CAPSICUM */
++	int chown_flag = 0;
+ 	int Oflag = 1;			/* run filter code optimizer */
+ 	int yflag_dlt = -1;
+ 	const char *yflag_dlt_name = NULL;
+@@ -1843,6 +1844,19 @@ main(int argc, char **argv)
+ 		}
+ 		capng_apply(CAPNG_SELECT_BOTH);
+ #endif /* HAVE_LIBCAP_NG */
++	/* If user is running tcpdump as root and wants to write to the savefile,
++	 * we will check if -C is set and if it is, we will drop root
++	 * privileges right away and consequent call to>pcap_dump_open()
++	 * will most likely fail for the first file. If -C flag is not set we
++	 * will create file as root then change ownership of file to proper
++	 * user(default tcpdump) and drop root privileges.
++	 */
++	if (WFileName)
++		if (Cflag && (username || chroot_dir))
++			droproot(username, chroot_dir);
++		else
++			chown_flag = 1;
++	else
+ 		if (username || chroot_dir)
+ 			droproot(username, chroot_dir);
+ 
+@@ -1881,6 +1895,22 @@ main(int argc, char **argv)
+ 		  MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
+ 
+ 		p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
++
++	/* Change ownership of file and drop root privileges */
++	if (chown_flag) {
++		struct passwd *pwd;
++
++		pwd = getpwnam(username);
++		if (!pwd)
++			error("Couldn't find user '%s'", username);
++
++		if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0)
++			error("Couldn't change ownership of savefile");
++
++		if (username || chroot_dir)
++			droproot(username, chroot_dir);
++    }
++
+ #ifdef HAVE_LIBCAP_NG
+ 		/* Give up CAP_DAC_OVERRIDE capability.
+ 		 * Only allow it to be restored if the -C or -G flag have been
+-- 
+2.9.3
+

0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch

@@ -0,0 +1,88 @@
+From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 14:43:04 +0200
+Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3
+
+---
+ tcpslice-1.2a3/search.c   | 22 +++++++++++++++-------
+ tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++
+ 2 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c
+index 1e2d051..23aa105 100644
+--- a/tcpslice-1.2a3/search.c
++++ b/tcpslice-1.2a3/search.c
+@@ -53,7 +53,7 @@ static const char rcsid[] =
+ /* Size of a packet header in bytes; easier than typing the sizeof() all
+  * the time ...
+  */
+-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr ))
++#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr ))
+ 
+ extern int snaplen;
+ 
+@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time
+ static void
+ extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr )
+ 	{
+-	memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr));
++	struct pcap_sf_pkthdr hdri;
++
++	memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr));
+ 
+ 	if ( pcap_is_swapped( p ) )
+ 		{
+-		hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
+-		hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
+-		hdr->len = SWAPLONG(hdr->len);
+-		hdr->caplen = SWAPLONG(hdr->caplen);
++		hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec);
++		hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec);
++		hdr->len = SWAPLONG(hdri.len);
++		hdr->caplen = SWAPLONG(hdri.caplen);
++		}
++	else
++		{
++		hdr->ts.tv_sec = hdri.ts.tv_sec;
++		hdr->ts.tv_usec = hdri.ts.tv_usec;
++		hdr->len = hdri.len;
++		hdr->caplen = hdri.caplen;
+ 		}
+-
+ 	/*
+ 	 * From bpf/libpcap/savefile.c:
+ 	 *
+diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h
+index de4a01c..9dcd1a1 100644
+--- a/tcpslice-1.2a3/tcpslice.h
++++ b/tcpslice-1.2a3/tcpslice.h
+@@ -20,6 +20,26 @@
+  */
+ 
+ 
++#include <time.h>
++/* #include <net/bpf.h> */
++
++/*
++ * This is a timeval as stored in disk in a dumpfile.
++ * It has to use the same types everywhere, independent of the actual
++ * `struct timeval'
++ */
++
++struct pcap_timeval {
++    bpf_int32 tv_sec;           /* seconds */
++    bpf_int32 tv_usec;          /* microseconds */
++};
++
++struct pcap_sf_pkthdr {
++    struct pcap_timeval ts;     /* time stamp */
++    bpf_u_int32 caplen;         /* length of portion present */
++    bpf_u_int32 len;            /* length this packet (off wire) */
++};
++
+ time_t	gwtm2secs( struct tm *tm );
+ 
+ int	sf_find_end( struct pcap *p, struct timeval *first_timestamp,
+-- 
+2.9.3
+

0005-tcpslice-remove-unneeded-include.patch

@@ -0,0 +1,26 @@
+From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 15:06:54 +0200
+Subject: [PATCH 5/8] tcpslice: remove unneeded include
+
+net/bpf.h doesn't exist on Linux.
+---
+ tcpslice-1.2a3/tcpslice.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c
+index e73d76f..895e54f 100644
+--- a/tcpslice-1.2a3/tcpslice.c
++++ b/tcpslice-1.2a3/tcpslice.c
+@@ -35,8 +35,6 @@ static const char rcsid[] =
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ 
+-#include <net/bpf.h>
+-
+ #include <ctype.h>
+ #ifdef HAVE_FCNTL_H
+ #include <fcntl.h>
+-- 
+2.9.3
+

0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch

@@ -0,0 +1,27 @@
+From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 15:19:44 +0200
+Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL
+
+---
+ tcpslice-1.2a3/tcpslice.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c
+index 895e54f..a91439b 100644
+--- a/tcpslice-1.2a3/tcpslice.c
++++ b/tcpslice-1.2a3/tcpslice.c
+@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr)
+ 
+ 		while (isdigit(*t_stop))
+ 			++t_stop;
+-		if (! t_stop)
++
++                if (!(*t_stop))
++                        /* we've reached end of string -> bad date format */
+ 			error("bad date format %s, problem starting at %s",
+ 			      time_string, t_start);
+ 
+-- 
+2.9.3
+

0007-Introduce-nn-option.patch

@@ -0,0 +1,55 @@
+From 9ea43c6c97d3653cb58c1934f8770b951917bf9a Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 20 Oct 2014 13:26:38 +0200
+Subject: [PATCH 7/8] Introduce -nn option
+
+This changes the semantics on -n option so only namelookups are skipped. Port
+numbers *are* translated to their string representations. Option -nn then has
+the same semantics as -n had originally.
+---
+ addrtoname.c | 4 ++--
+ tcpdump.1.in | 6 +++++-
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/addrtoname.c b/addrtoname.c
+index 949acb7..9dd78d8 100644
+--- a/addrtoname.c
++++ b/addrtoname.c
+@@ -810,7 +810,7 @@ init_servarray(netdissect_options *ndo)
+ 
+ 		while (table->name)
+ 			table = table->nxt;
+-		if (ndo->ndo_nflag) {
++		if (ndo->ndo_nflag > 1) {
+ 			(void)snprintf(buf, sizeof(buf), "%d", port);
+ 			table->name = strdup(buf);
+ 		} else
+@@ -1233,7 +1233,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask)
+ 		f_localnet = localnet;
+ 		f_netmask = mask;
+ 	}
+-	if (ndo->ndo_nflag)
++	if (ndo->ndo_nflag > 1)
+ 		/*
+ 		 * Simplest way to suppress names.
+ 		 */
+diff --git a/tcpdump.1.in b/tcpdump.1.in
+index ca5cff2..c711a24 100644
+--- a/tcpdump.1.in
++++ b/tcpdump.1.in
+@@ -547,7 +547,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in
+ TCP segments with the TCP-MD5 option (RFC 2385), if present.
+ .TP
+ .B \-n
+-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
++Don't convert host addresses to names.  This can be used to avoid
++DNS lookups.
++.TP
++.B \-nn
++Don't convert protocol and port numbers etc. to names either.
+ .TP
+ .B \-N
+ Don't print domain name qualification of host names.
+-- 
+2.9.3
+

0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch

@@ -0,0 +1,36 @@
+From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Fri, 3 Feb 2017 09:43:03 +0100
+Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping
+ it
+
+---
+ tcpdump.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/tcpdump.c b/tcpdump.c
+index 29f7f87..18c4a5c 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir)
+ 			int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
+ 			if (ret < 0) {
+ 				fprintf(stderr, "error : ret %d\n", ret);
+-			} else {
+-				fprintf(stderr, "dropped privs to %s\n", username);
+ 			}
+ 		}
+ #else
+@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir)
+ 				pcap_strerror(errno));
+ 			exit_tcpdump(1);
+ 		}
+-		else {
+-			fprintf(stderr, "dropped privs to %s\n", username);
+-		}
+ #endif /* HAVE_LIBCAP_NG */
+ 	}
+ 	else {
+-- 
+2.9.3
+

0009-Change-n-flag-to-nn-in-TESTonce.patch

@@ -0,0 +1,27 @@
+From 04e23aa3f91ff137237daf68f02e7b3c0c1a9168 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Apr 2017 09:19:48 +0200
+Subject: [PATCH 09/13] Change -n flag to -nn in TESTonce
+
+We need to change this because we have a different meaning of -n
+flag than upstream does. We use -nn in those cases.
+---
+ tests/TESTonce | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/TESTonce b/tests/TESTonce
+index 7026624..e348701 100755
+--- a/tests/TESTonce
++++ b/tests/TESTonce
+@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') {
+ else {
+     # we used to do this as a nice pipeline, but the problem is that $r fails to
+     # to be set properly if the tcpdump core dumps.
+-    $r = system "../tcpdump 2>/dev/null -n -t -r $input $options >NEW/$output";
++    $r = system "../tcpdump 2>/dev/null -nn -t -r $input $options >NEW/$output";
+     if($r != 0) {
+         # this means tcpdump failed.
+         open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n";
+-- 
+2.13.5
+

0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch

@@ -0,0 +1,45 @@
+From 0ae4aa1881bbe40443bff802b5e4aa6ca0696dd9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 11 Apr 2017 09:37:53 +0200
+Subject: [PATCH 10/13] Expect miliseconds instead of seconds in icmp capture.
+
+Again this is caused by our patch, so we need to modify tests
+accordingly.
+---
+ tests/icmpv6.out         | 2 +-
+ tests/icmpv6_opt24-v.out | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tests/icmpv6.out b/tests/icmpv6.out
+index bb7775e..8979540 100644
+--- a/tests/icmpv6.out
++++ b/tests/icmpv6.out
+@@ -1,5 +1,5 @@
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176
+-	hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s
++	hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms
+ 	  prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s
+ 	    0x0000:  48c0 0027 8d00 0009 3a80 0000 0000 2222
+ 	    0x0010:  3333 4444 5555 6600 0000 0000 0000
+diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out
+index 2b7cf09..00512df 100644
+--- a/tests/icmpv6_opt24-v.out
++++ b/tests/icmpv6_opt24-v.out
+@@ -1,5 +1,5 @@
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
+-	hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
++	hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
+ 	  source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
+ 	  mtu option (5), length 8 (1):  1500
+ 	  prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
+@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87
+ 	  rdnss option (25), length 24 (3):  lifetime 1800s, addr: fd8d:4fb3:5b2e::1
+ 	  dnssl option (31), length 16 (2):  lifetime 1800s, domain(s): lan.
+ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
+-	hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
++	hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
+ 	  source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
+ 	  mtu option (5), length 8 (1):  1500
+ 	  prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
+-- 
+2.13.5

0011-Evp-cipher-buffers.patch

@@ -0,0 +1,133 @@
+diff --git a/print-esp.c b/print-esp.c
+index 511ee8a3..5b282526 100644
+--- a/print-esp.c
++++ b/print-esp.c
+@@ -192,8 +192,8 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
+ 	const u_char *iv;
+ 	unsigned int len;
+ 	EVP_CIPHER_CTX *ctx;
+-	unsigned int block_size, output_buffer_size;
+-	u_char *output_buffer;
++	unsigned int block_size, buffer_size;
++	u_char *input_buffer, *output_buffer;
+ 
+ 	/* initiator arg is any non-zero value */
+ 	if(initiator) initiator=1;
+@@ -228,19 +228,41 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
+ 		(*ndo->ndo_warning)(ndo, "espkey init failed");
+ 	set_cipher_parameters(ctx, NULL, NULL, iv, 0);
+ 	/*
+-	 * Allocate a buffer for the decrypted data.
+-	 * The output buffer must be separate from the input buffer, and
+-	 * its size must be a multiple of the cipher block size.
++	 * Allocate buffers for the encrypted and decrypted data.
++	 * Both buffers' sizes must be a multiple of the cipher block
++	 * size, and the output buffer must be separate from the input
++	 * buffer.
+ 	 */
+ 	block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx);
+-	output_buffer_size = len + (block_size - len % block_size);
+-	output_buffer = (u_char *)malloc(output_buffer_size);
++	buffer_size = len + (block_size - len % block_size);
++
++	/*
++	 * Attempt to allocate the input buffer.
++	 */
++	input_buffer = (u_char *)malloc(buffer_size);
++	if (input_buffer == NULL) {
++		(*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer");
++		EVP_CIPHER_CTX_free(ctx);
++		return 0;
++	}
++	/*
++	 * Copy the input data to the encrypted data buffer, and pad it
++	 * with zeroes.
++	 */
++	memcpy(input_buffer, buf, len);
++	memset(input_buffer + len, 0, buffer_size - len);
++
++	/*
++	 * Attempt to allocate the output buffer.
++	 */
++	output_buffer = (u_char *)malloc(buffer_size);
+ 	if (output_buffer == NULL) {
+ 		(*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer");
++		free(input_buffer);
+ 		EVP_CIPHER_CTX_free(ctx);
+ 		return 0;
+ 	}
+-	EVP_Cipher(ctx, output_buffer, buf, len);
++	EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size);
+ 	EVP_CIPHER_CTX_free(ctx);
+ 
+ 	/*
+@@ -249,6 +272,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
+ 	 * but changing this would require a more complicated fix.
+ 	 */
+ 	memcpy(buf, output_buffer, len);
++	free(input_buffer);
+ 	free(output_buffer);
+ 
+ 	ndo->ndo_packetp = buf;
+@@ -666,8 +690,8 @@ esp_print(netdissect_options *ndo,
+ 	const u_char *ivoff;
+ 	const u_char *p;
+ 	EVP_CIPHER_CTX *ctx;
+-	unsigned int block_size, output_buffer_size;
+-	u_char *output_buffer;
++	unsigned int block_size, buffer_size;
++	u_char *input_buffer, *output_buffer;
+ #endif
+ 
+ 	esp = (const struct newesp *)bp;
+@@ -784,21 +808,43 @@ esp_print(netdissect_options *ndo,
+ 			len = ep - (p + ivlen);
+ 
+ 			/*
+-			 * Allocate a buffer for the decrypted data.
+-			 * The output buffer must be separate from the
+-			 * input buffer, and its size must be a multiple
+-			 * of the cipher block size.
++			 * Allocate buffers for the encrypted and decrypted
++			 * data.  Both buffers' sizes must be a multiple of
++			 * the cipher block size, and the output buffer must
++			 * be separate from the input buffer.
+ 			 */
+ 			block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx);
+-			output_buffer_size = len + (block_size - len % block_size);
+-			output_buffer = (u_char *)malloc(output_buffer_size);
++			buffer_size = len + (block_size - len % block_size);
++
++			/*
++			 * Attempt to allocate the input buffer.
++			 */
++			input_buffer = (u_char *)malloc(buffer_size);
++			if (input_buffer == NULL) {
++				(*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer");
++				EVP_CIPHER_CTX_free(ctx);
++				return 0;
++			}
++			/*
++			 * Copy the input data to the encrypted data buffer,
++			 * and pad it with zeroes.
++			 */
++			memcpy(input_buffer, p + ivlen, len);
++			memset(input_buffer + len, 0, buffer_size - len);
++
++			/*
++			 * Attempt to allocate the output buffer.
++			 */
++			output_buffer = (u_char *)malloc(buffer_size);
+ 			if (output_buffer == NULL) {
+ 				(*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer");
++				free(input_buffer);
+ 				EVP_CIPHER_CTX_free(ctx);
+ 				return -1;
+ 			}
+ 
+-			EVP_Cipher(ctx, output_buffer, p + ivlen, len);
++			EVP_Cipher(ctx, output_buffer, input_buffer, len);
++			free(input_buffer);
+ 			EVP_CIPHER_CTX_free(ctx);
+ 			/*
+ 			 * XXX - of course this is wrong, because buf is a

0012-Add-printing-support-for-vsockmon-devices.patch

@@ -0,0 +1,318 @@
+From 66a5b93dee386bc2f57033a150341752923b8b41 Mon Sep 17 00:00:00 2001
+From: Gerard Garcia <ggarcia@deic.uab.cat>
+Date: Tue, 14 Jun 2016 16:45:44 +0200
+Subject: [PATCH 13/13] Add printing support for vsockmon devices.
+
+Print Linux 4.12 vsockmon captures:
+
+  # modprobe vsockmon
+  # ip link add type vsockmon
+  # ip link set vsockmon0 up
+  # tcpdump -i vsockmon0
+  16:25:24.987917 VIRTIO 3.1025 > 2.1234 CONNECT, length 76
+  16:25:24.987963 VIRTIO 2.1234 > 3.1025 CONNECT, length 76
+  16:25:26.568271 VIRTIO 3.1025 > 2.1234 PAYLOAD, length 82
+  16:25:26.568512 VIRTIO 2.1234 > 3.1025 CONTROL, length 76
+  16:25:28.411335 VIRTIO 3.1025 > 2.1234 DISCONNECT, length 76
+  16:25:28.411628 VIRTIO 2.1234 > 3.1025 DISCONNECT, length 76
+
+For more information about vsock see:
+http://wiki.qemu.org/Features/VirtioVsock
+---
+ Makefile.in   |   1 +
+ netdissect.h  |   1 +
+ print-vsock.c | 243 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ print.c       |   3 +
+ 4 files changed, 248 insertions(+)
+ create mode 100644 print-vsock.c
+
+diff --git a/Makefile.in b/Makefile.in
+index 0941f0e..a301878 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -226,6 +226,7 @@ LIBNETDISSECT_SRC=\
+ 	print-vjc.c \
+ 	print-vqp.c \
+ 	print-vrrp.c \
++	print-vsock.c \
+ 	print-vtp.c \
+ 	print-vxlan.c \
+ 	print-vxlan-gpe.c \
+diff --git a/netdissect.h b/netdissect.h
+index 089b040..c89fcf1 100644
+--- a/netdissect.h
++++ b/netdissect.h
+@@ -444,6 +444,7 @@ extern u_int symantec_if_print IF_PRINTER_ARGS;
+ extern u_int token_if_print IF_PRINTER_ARGS;
+ extern u_int usb_linux_48_byte_print IF_PRINTER_ARGS;
+ extern u_int usb_linux_64_byte_print IF_PRINTER_ARGS;
++extern u_int vsock_print IF_PRINTER_ARGS;
+ 
+ /*
+  * Structure passed to some printers to allow them to print
+diff --git a/print-vsock.c b/print-vsock.c
+new file mode 100644
+index 0000000..fc5694d
+--- /dev/null
++++ b/print-vsock.c
+@@ -0,0 +1,243 @@
++/*
++ * Copyright (c) 2016 Gerard Garcia <nouboh@gmail.com>
++ * Copyright (c) 2017 Red Hat, Inc.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ *   1. Redistributions of source code must retain the above copyright
++ *      notice, this list of conditions and the following disclaimer.
++ *   2. Redistributions in binary form must reproduce the above copyright
++ *      notice, this list of conditions and the following disclaimer in
++ *      the documentation and/or other materials provided with the
++ *      distribution.
++ *   3. The names of the authors may not be used to endorse or promote
++ *      products derived from this software without specific prior
++ *      written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
++ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
++ */
++
++/* \summary: Linux vsock printer */
++
++#ifdef HAVE_CONFIG_H
++#include "config.h"
++#endif
++
++#include <netdissect-stdinc.h>
++#include <stddef.h>
++
++#include "netdissect.h"
++#include "extract.h"
++
++static const char tstr[] = " [|vsock]";
++
++enum af_vsockmon_transport {
++	AF_VSOCK_TRANSPORT_UNKNOWN = 0,
++	AF_VSOCK_TRANSPORT_NO_INFO = 1,		/* No transport information */
++	AF_VSOCK_TRANSPORT_VIRTIO = 2,		/* Virtio transport header */
++};
++
++static const struct tok vsock_transport[] = {
++	{AF_VSOCK_TRANSPORT_UNKNOWN, "UNKNOWN"},
++	{AF_VSOCK_TRANSPORT_NO_INFO, "NO_INFO"},
++	{AF_VSOCK_TRANSPORT_VIRTIO, "VIRTIO"},
++	{ 0, NULL }
++};
++
++enum af_vsockmon_op {
++	AF_VSOCK_OP_UNKNOWN = 0,
++	AF_VSOCK_OP_CONNECT = 1,
++	AF_VSOCK_OP_DISCONNECT = 2,
++	AF_VSOCK_OP_CONTROL = 3,
++	AF_VSOCK_OP_PAYLOAD = 4,
++};
++
++static const struct tok vsock_op[] = {
++	{AF_VSOCK_OP_UNKNOWN, "UNKNOWN"},
++	{AF_VSOCK_OP_CONNECT, "CONNECT"},
++	{AF_VSOCK_OP_DISCONNECT, "DISCONNECT"},
++	{AF_VSOCK_OP_CONTROL, "CONTROL"},
++	{AF_VSOCK_OP_PAYLOAD, "PAYLOAD"},
++	{ 0, NULL }
++};
++
++enum virtio_vsock_type {
++	VIRTIO_VSOCK_TYPE_STREAM = 1,
++};
++
++static const struct tok virtio_type[] = {
++	{VIRTIO_VSOCK_TYPE_STREAM, "STREAM"},
++	{ 0, NULL }
++};
++
++enum virtio_vsock_op {
++	VIRTIO_VSOCK_OP_INVALID = 0,
++	VIRTIO_VSOCK_OP_REQUEST = 1,
++	VIRTIO_VSOCK_OP_RESPONSE = 2,
++	VIRTIO_VSOCK_OP_RST = 3,
++	VIRTIO_VSOCK_OP_SHUTDOWN = 4,
++	VIRTIO_VSOCK_OP_RW = 5,
++	VIRTIO_VSOCK_OP_CREDIT_UPDATE = 6,
++	VIRTIO_VSOCK_OP_CREDIT_REQUEST = 7,
++};
++
++static const struct tok virtio_op[] = {
++	{VIRTIO_VSOCK_OP_INVALID, "INVALID"},
++	{VIRTIO_VSOCK_OP_REQUEST, "REQUEST"},
++	{VIRTIO_VSOCK_OP_RESPONSE, "RESPONSE"},
++	{VIRTIO_VSOCK_OP_RST, "RST"},
++	{VIRTIO_VSOCK_OP_SHUTDOWN, "SHUTDOWN"},
++	{VIRTIO_VSOCK_OP_RW, "RW"},
++	{VIRTIO_VSOCK_OP_CREDIT_UPDATE, "CREDIT UPDATE"},
++	{VIRTIO_VSOCK_OP_CREDIT_REQUEST, "CREDIT REQUEST"},
++	{ 0, NULL }
++};
++
++/* All fields are little-endian */
++
++struct virtio_vsock_hdr {
++	uint64_t	src_cid;
++	uint64_t	dst_cid;
++	uint32_t	src_port;
++	uint32_t	dst_port;
++	uint32_t	len;
++	uint16_t	type;		/* enum virtio_vsock_type */
++	uint16_t	op;		/* enum virtio_vsock_op */
++	uint32_t	flags;
++	uint32_t	buf_alloc;
++	uint32_t	fwd_cnt;
++} UNALIGNED;
++
++struct af_vsockmon_hdr {
++	uint64_t src_cid;
++	uint64_t dst_cid;
++	uint32_t src_port;
++	uint32_t dst_port;
++	uint16_t op;		/* enum af_vsockmon_op */
++	uint16_t transport;	/* enum af_vosckmon_transport */
++	uint16_t len;		/* size of transport header */
++	uint8_t reserved[2];
++};
++
++static void
++vsock_virtio_hdr_print(netdissect_options *ndo, const struct virtio_vsock_hdr *hdr)
++{
++	uint16_t u16_v;
++	uint32_t u32_v;
++
++	u32_v = EXTRACT_LE_32BITS(&hdr->len);
++	ND_PRINT((ndo, "len %u", u32_v));
++
++	u16_v = EXTRACT_LE_16BITS(&hdr->type);
++	ND_PRINT((ndo, ", type %s",
++		  tok2str(virtio_type, "Invalid type (%hu)", u16_v)));
++
++	u16_v = EXTRACT_LE_16BITS(&hdr->op);
++	ND_PRINT((ndo, ", op %s",
++		  tok2str(virtio_op, "Invalid op (%hu)", u16_v)));
++
++	u32_v = EXTRACT_LE_32BITS(&hdr->flags);
++	ND_PRINT((ndo, ", flags %x", u32_v));
++
++	u32_v = EXTRACT_LE_32BITS(&hdr->buf_alloc);
++	ND_PRINT((ndo, ", buf_alloc %u", u32_v));
++
++	u32_v = EXTRACT_LE_32BITS(&hdr->fwd_cnt);
++	ND_PRINT((ndo, ", fwd_cnt %u", u32_v));
++}
++
++static size_t
++vsock_transport_hdr_size(uint16_t transport)
++{
++	switch (transport) {
++		case AF_VSOCK_TRANSPORT_VIRTIO:
++			return sizeof(struct virtio_vsock_hdr);
++		default:
++			return 0;
++	}
++}
++
++static void
++vsock_transport_hdr_print(netdissect_options *ndo, uint16_t transport,
++                          const u_char *p, const u_int len)
++{
++	size_t transport_size = vsock_transport_hdr_size(transport);
++	const void *hdr;
++
++	if (len < sizeof(struct af_vsockmon_hdr) + transport_size)
++		return;
++
++	hdr = p + sizeof(struct af_vsockmon_hdr);
++	switch (transport) {
++		case AF_VSOCK_TRANSPORT_VIRTIO:
++			ND_PRINT((ndo, " ("));
++			vsock_virtio_hdr_print(ndo, hdr);
++			ND_PRINT((ndo, ")"));
++			break;
++		default:
++			break;
++	}
++}
++
++static void
++vsock_hdr_print(netdissect_options *ndo, const u_char *p, const u_int len)
++{
++	uint16_t hdr_transport, hdr_op;
++	uint32_t hdr_src_port, hdr_dst_port;
++	uint64_t hdr_src_cid, hdr_dst_cid;
++	size_t total_hdr_size;
++
++	const struct af_vsockmon_hdr *hdr = (struct af_vsockmon_hdr *)p;
++
++	hdr_transport = EXTRACT_LE_16BITS(&hdr->transport);
++	ND_PRINT((ndo, "%s",
++		  tok2str(vsock_transport, "Invalid transport (%u)",
++			  hdr_transport)));
++
++	/* If verbose level is more than 0 print transport details */
++	if (ndo->ndo_vflag) {
++		vsock_transport_hdr_print(ndo, hdr_transport, p, len);
++		ND_PRINT((ndo, "\n\t"));
++	} else
++		ND_PRINT((ndo, " "));
++
++	hdr_src_cid = EXTRACT_LE_64BITS(&hdr->src_cid);
++	hdr_dst_cid = EXTRACT_LE_64BITS(&hdr->dst_cid);
++	hdr_src_port = EXTRACT_LE_32BITS(&hdr->src_port);
++	hdr_dst_port = EXTRACT_LE_32BITS(&hdr->dst_port);
++	hdr_op = EXTRACT_LE_16BITS(&hdr->op);
++	ND_PRINT((ndo, "%lu.%hu > %lu.%hu %s, length %u",
++		  hdr_src_cid, hdr_src_port,
++		  hdr_dst_cid, hdr_dst_port,
++		  tok2str(vsock_op, " invalid op (%u)", hdr_op),
++		  len));
++
++	/* If debug level is more than 1 print payload contents */
++	total_hdr_size = sizeof(struct af_vsockmon_hdr) +
++			 vsock_transport_hdr_size(hdr_transport);
++	if (ndo->ndo_vflag > 1 &&
++	    hdr_op == AF_VSOCK_OP_PAYLOAD &&
++	    len > total_hdr_size) {
++		const u_char *payload = p + total_hdr_size;
++
++		ND_PRINT((ndo, "\n"));
++		print_unknown_data(ndo, payload, "\t", len - total_hdr_size);
++	}
++}
++
++u_int
++vsock_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *cp)
++{
++	u_int len = h->len;
++
++	if (len < sizeof(struct af_vsockmon_hdr))
++		ND_PRINT((ndo, "%s", tstr));
++	else
++		vsock_hdr_print(ndo, cp, len);
++
++	return len;
++}
+diff --git a/print.c b/print.c
+index c76f344..1945cfd 100644
+--- a/print.c
++++ b/print.c
+@@ -220,6 +220,9 @@ static const struct printer printers[] = {
+ #ifdef DLT_PPP_SERIAL
+ 	{ ppp_hdlc_if_print,	DLT_PPP_SERIAL },
+ #endif
++#ifdef DLT_VSOCK
++	{ vsock_print,		DLT_VSOCK },
++#endif
+ 	{ NULL,			0 },
+ };
+ 
+-- 
+2.13.5
+

tcpdump.spec

@@ -0,0 +1,83 @@
+Name:             tcpdump
+Epoch:            14
+Version:          4.9.2
+Release:          7
+Summary:          A powerful command-line packet analyzer and library for network traffic capture.
+License:          BSD with advertising
+URL:              http://www.tcpdump.org
+Source0:          http://www.tcpdump.org/release/%{name}-%{version}.tar.gz
+Source1:          ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
+
+Patch0001:       0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
+Patch0002:       0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
+Patch0003:       0003-Drop-root-priviledges-before-opening-first-savefile-.patch
+Patch0004:       0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
+Patch0005:       0005-tcpslice-remove-unneeded-include.patch
+Patch0006:       0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
+Patch0007:       0007-Introduce-nn-option.patch
+Patch0008:       0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
+Patch0009:       0009-Change-n-flag-to-nn-in-TESTonce.patch
+Patch0010:       0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
+Patch0011:       0011-Evp-cipher-buffers.patch
+Patch0012:       0012-Add-printing-support-for-vsockmon-devices.patch
+
+BuildRequires:   automake openssl-devel libpcap-devel git-core
+Requires:        shadow-utils
+
+%description
+Tcpdump is a common packet analyzer that runs under the command line.
+It allows the user to captureand display TCP/IP and other packets being
+transmitted or received over a network to which the computer is attached.
+
+%package         help
+Summary:         Help documents for tcpdump
+
+%description     help
+Man pages and other related help documents for tcpdump.
+
+%prep
+%autosetup -n %{name}-%{version} -a 1 -S git
+
+%build
+export CFLAGS="%{optflags} $(getconf LFS_CFLAGS) -fno-strict-aliasing"
+pushd tcpslice-1.2a3
+automake -a -f 2> /dev/null || :
+%configure
+%make_build
+popd
+
+%configure --with-crypto --with-user=tcpdump --without-smi
+%make_build
+
+%install
+install -d %{buildroot}%{_libdir} %{buildroot}%{_sbindir} %{buildroot}%{_mandir}/man8
+
+pushd tcpslice-1.2a3
+install -m755 tcpslice %{buildroot}%{_sbindir}
+install -m644 tcpslice.1 %{buildroot}%{_mandir}/man8/tcpslice.8
+popd
+
+install -m755 tcpdump %{buildroot}%{_sbindir}
+install -m644 tcpdump.1 %{buildroot}%{_mandir}/man8/tcpdump.8
+
+sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' %{buildroot}%{_mandir}/man8/*
+
+%check
+make check
+
+%pre
+/usr/sbin/groupadd -g 72 tcpdump 2> /dev/null
+/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r -d / tcpdump 2> /dev/null
+exit 0
+
+%files
+%license LICENSE
+%{_sbindir}/tcp*
+
+%files help
+%doc README.md CHANGES CREDITS
+%{_mandir}/man8/tcp*.8*
+
+%changelog
+* Fri Sep 20 2019 chenzhenyu <chenzhenyu13@huawei.com> - 14:4.9.2-7
+- Package init