4 years agoDon't check for libcrypto if we don't have openssl/crypto.h. tcpdump-4.7
Guy Harris [Sun, 14 May 2017 10:02:29 +0000 (03:02 -0700)] 
Don't check for libcrypto if we don't have openssl/crypto.h.

Thanks, Apple, for making us do this (and for making tcpdump unable to
do some decryption without either installing OpenSSL or working on
trying to do the decryption with Apple's frameworks).

6 years agoFix the pcap version in tests/cve2015-0261-crash.pcap
Francois-Xavier Le Bail [Sat, 10 Oct 2015 12:24:41 +0000 (14:24 +0200)] 
Fix the pcap version in tests/cve2015-0261-crash.pcap

It will be always usable with the upcoming libpcap versions sanity checks.
(old version: 12336.12336, new version: 2.4)

6 years agoRSVP: Add some bounds checks
Francois-Xavier Le Bail [Fri, 6 Nov 2015 17:55:56 +0000 (18:55 +0100)] 
RSVP: Add some bounds checks

Add and use tstr[] string.

6 years agoISOCLNS: Fix a segmentation fault
Francois-Xavier Le Bail [Wed, 4 Nov 2015 21:51:24 +0000 (22:51 +0100)] 
ISOCLNS: Fix a segmentation fault

Avoid two consecutive truncation messages.

6 years agoISOCLNS: Fix two segmentation faults
Francois-Xavier Le Bail [Sat, 17 Oct 2015 20:25:23 +0000 (22:25 +0200)] 
ISOCLNS: Fix two segmentation faults

Add/fix a lot of bounds and length checks.
Add and use tstr[] string.
Fix some typos.
Update the output of a test according to these changes.

6 years agoISOCLNS: Fix some warnings
Francois-Xavier Le Bail [Mon, 13 Jul 2015 09:46:27 +0000 (11:46 +0200)] 
ISOCLNS: Fix some warnings

The warnings were:
./print-isoclns.c: In function 'osi_print_cksum':
./print-isoclns.c:3107:23: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
             || length > ndo->ndo_snaplen
./print-isoclns.c:3108:32: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
             || checksum_offset > ndo->ndo_snaplen

6 years agoRSVP: Fix an infinite loop
Francois-Xavier Le Bail [Tue, 6 Oct 2015 14:21:19 +0000 (16:21 +0200)] 
RSVP: Fix an infinite loop

6 years agoDTP: improve packet integrity checks
Denis Ovsienko [Sat, 5 Sep 2015 20:17:30 +0000 (21:17 +0100)] 
DTP: improve packet integrity checks

Adjust the TLV infinite loop check to require the right amount of bytes
for T and L; do it after printing the TLV header so it is easier to
understand what was wrong. Check if the TLV V is within the capture. Use
the new "invalid" exit label to indicate a packet anomaly and add more
checks for the length value into the type-specific case blocks. Print
the domain string with fn_printzp().

6 years agonetdissect.h: Update ND_TTEST2 to fix issue 443
Francois-Xavier Le Bail [Mon, 27 Apr 2015 16:20:59 +0000 (18:20 +0200)] 
netdissect.h: Update ND_TTEST2 to fix issue 443

Avoid these warnings:
- comparison of unsigned expression >= 0 is always true [-Wtype-limits],
- comparison is always true due to limited range of data type [-Wtype-limits].

6 years agoThe official #define for 32-bit and 64-bit Windows is _WIN32.
Guy Harris [Mon, 31 Aug 2015 21:43:15 +0000 (14:43 -0700)] 
The official #define for 32-bit and 64-bit Windows is _WIN32.

It's _WIN32, with a leading underscore, not WIN32.  See, for example:


*Some* environments may also define WIN32, but we shouldn't depend on

6 years agoFor -L, print the DLTs in order, not reverse order.
Guy Harris [Fri, 27 Mar 2015 20:02:36 +0000 (13:02 -0700)] 
For -L, print the DLTs in order, not reverse order.

Reverse order puts the default DLT last, which is a bit weird.

6 years agoReflect the addition of a space before "(unverified)".
Guy Harris [Wed, 11 Mar 2015 21:00:56 +0000 (14:00 -0700)] 
Reflect the addition of a space before "(unverified)".

6 years agoAdd a missing space to a printout.
Guy Harris [Wed, 11 Mar 2015 19:51:32 +0000 (12:51 -0700)] 
Add a missing space to a printout.

6 years agoGive more details about packet time stamps.
Guy Harris [Wed, 29 Jul 2015 16:17:30 +0000 (09:17 -0700)] 
Give more details about packet time stamps.

Don't speak of "Ethernet" and "wire", as you might not be sniffing an
Ethernet or, indeed, any form of wired network.

Note that not only could there be a delay between the point at which the
interface is finished receiving the packet and when an interrupt is
delivered (whether due to bus delays, polling rather than immediate
interrupts being used, or delays in the CPU responding to the interrupt,
or more than one of those) but also a delay between the point at which
the kernel responds to the interrupt and the point at which it actually
applies a time stamp to the packet.

6 years agoDon't assume the ONC RPC header is nicely aligned.
Guy Harris [Tue, 25 Aug 2015 01:14:55 +0000 (18:14 -0700)] 
Don't assume the ONC RPC header is nicely aligned.

Use UNALIGNED_MEMCPY() to extract the XID from it; otherwise, this might
crash on machines that require strict alignment (e.g., SPARC machines).

Fixes GitHub issue #478.

6 years agoFix display of timestamps with -ttt and -ttttt options
Francois-Xavier Le Bail [Thu, 2 Jul 2015 18:21:00 +0000 (20:21 +0200)] 
Fix display of timestamps with -ttt and -ttttt options

- Fix display of some nanoseconds timestamps
For example, bad print 00:-16:-2.000851566 is now 00:00:00.037851566

- Fix display of timestamp of a packet when it is lower than previous one
For example, bad print 00:00:-1.000999790 is now -00:00:00.000000210

6 years agoFix display of nanoseconds timestamps with -tt option (GH issue 466)
Francois-Xavier Le Bail [Tue, 30 Jun 2015 18:53:27 +0000 (20:53 +0200)] 
Fix display of nanoseconds timestamps with -tt option (GH issue 466)

Add 'ts_unix_format' function.

6 years agoFix a non-reentrant code in a function
Francois-Xavier Le Bail [Tue, 30 Jun 2015 18:44:14 +0000 (20:44 +0200)] 
Fix a non-reentrant code in a function

Delete the 'static char buf' array in ts_format().
buf is now a parameter of ts_format().
Decrease a too long string.
Fix a space in a comment.

6 years agoSFLOW: Fix bounds checking
Francois-Xavier Le Bail [Thu, 7 May 2015 15:54:32 +0000 (17:54 +0200)] 
SFLOW: Fix bounds checking

6 years agoRPL: Fix suboption print
Francois-Xavier Le Bail [Mon, 4 May 2015 21:05:23 +0000 (23:05 +0200)] 
RPL: Fix suboption print

6 years agoFix heuristic not to be byte-order-dependent.
Guy Harris [Mon, 27 Apr 2015 00:09:16 +0000 (17:09 -0700)] 
Fix heuristic not to be byte-order-dependent.

I'm *guessing* that the item being fetched is big-endian; the "vt"
protocol might be old enough that they developed it on (non-Sun386i) Sun
workstations, assuming they didn't just say "this is an Internet
protocol, hence fields are big-endian").

That also prevents problems on platforms that don't support unaligned

6 years agoFetch a 32-bit big-endian quantity with EXTRACT_32BITS().
Guy Harris [Mon, 27 Apr 2015 00:03:32 +0000 (17:03 -0700)] 
Fetch a 32-bit big-endian quantity with EXTRACT_32BITS().

*Don't* fetch it with a pointer cast and dereference!  That will fail on
little-endian machines and may fail on machines that don't handle
unaligned references.

6 years agoPrint the formatted IP address, not the raw binary address, as a string.
Guy Harris [Sun, 26 Apr 2015 22:34:13 +0000 (15:34 -0700)] 
Print the formatted IP address, not the raw binary address, as a string.

6 years agoSource and destination addresses were backwards.
Guy Harris [Sun, 3 May 2015 00:19:33 +0000 (17:19 -0700)] 
Source and destination addresses were backwards.

6 years agoDon't do IPv6 stuff if INET6 isn't defined.
Guy Harris [Sat, 2 May 2015 20:07:05 +0000 (13:07 -0700)] 
Don't do IPv6 stuff if INET6 isn't defined.

6 years agoFix checksumming of PIMv2 Register messages.
Guy Harris [Sat, 2 May 2015 17:15:42 +0000 (10:15 -0700)] 
Fix checksumming of PIMv2 Register messages.

The checksum only covers the header, not the encapsulated packet, so
only checksum that.  However, if that checksum fails, try checksumming
the entire packet, as, according to RFC 4601, packets with the entire
packet checksummed should also be accepted, for interoperability.

6 years agoUse unsigned values in tok2str and bittok2str routines.
Guy Harris [Sun, 19 Apr 2015 02:58:16 +0000 (19:58 -0700)] 
Use unsigned values in tok2str and bittok2str routines.

This prevents the compiler issue mentioned in GitHub issue #451, and
also cleans up some other signed vs. unsigned stuff.

While we're at it, clean up bittok2str_internal() (just pass it the
separator string, not a Boolean value that's tested to choose the
separator string), and print unknown arguments to the bittok2str
routines in hex, not decimal.

6 years agoNot all C compilers accept C++/C99 comments by default.
Guy Harris [Tue, 14 Apr 2015 01:32:17 +0000 (18:32 -0700)] 
Not all C compilers accept C++/C99 comments by default.

Use "#if 0" instead to comment out code.

6 years agoUpdate version.
Guy Harris [Fri, 10 Apr 2015 08:41:38 +0000 (01:41 -0700)] 
Update version.

6 years agoFix dates.
Guy Harris [Fri, 10 Apr 2015 08:20:38 +0000 (01:20 -0700)] 
Fix dates.

6 years agoAdd information for 4.7.4 release.
Guy Harris [Fri, 10 Apr 2015 08:19:08 +0000 (01:19 -0700)] 
Add information for 4.7.4 release.

6 years agoClean up CREDITS file.
Guy Harris [Fri, 10 Apr 2015 08:18:36 +0000 (01:18 -0700)] 
Clean up CREDITS file.

6 years agoWe're not copying the string to buf, so print the string, not buf.
Guy Harris [Wed, 8 Apr 2015 18:37:08 +0000 (11:37 -0700)] 
We're not copying the string to buf, so print the string, not buf.

Get rid of the now-unused buf array while we're at it.

6 years agoPrint strings with fn_printn().
Guy Harris [Wed, 8 Apr 2015 18:06:50 +0000 (11:06 -0700)] 
Print strings with fn_printn().

That filters out non-printable characters.

6 years agoRPKI to Router Protocol: Fix Segmentation Faults and other problems
Francois-Xavier Le Bail [Fri, 13 Mar 2015 13:27:39 +0000 (14:27 +0100)] 
RPKI to Router Protocol: Fix Segmentation Faults and other problems

-Fix/add ND_TCHECK2 tests,
-Fix a buffer overflow,
-Remove a debug printf

6 years agowhiteboard: fixup a few reversed tests (GH #446)
Denis Ovsienko [Wed, 25 Mar 2015 22:35:12 +0000 (22:35 +0000)] 
whiteboard: fixup a few reversed tests (GH #446)

This is a follow-up to commit 3a3ec26.

6 years agoClean up Capsicum rights setting a bit.
Guy Harris [Mon, 9 Mar 2015 22:34:03 +0000 (15:34 -0700)] 
Clean up Capsicum rights setting a bit.

Rename set_dump_fd_capsicum_rights() to set_dumper_capsicum_rights() and
have it take a pcap_dumper_t * as an argument and extract the file
descriptor itself, rather than having the caller do so.

This fixes a syntax error in one of the calls.

6 years agoGet rid of unused variable.
Guy Harris [Wed, 11 Mar 2015 00:58:09 +0000 (17:58 -0700)] 
Get rid of unused variable.

6 years agoMerge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7 tcpdump-4.7.2
Michael Richardson [Mon, 9 Mar 2015 19:16:11 +0000 (15:16 -0400)] 
Merge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7

6 years agoprotected osi_print_cksum is more general fashion
Michael Richardson [Mon, 9 Mar 2015 19:15:52 +0000 (15:15 -0400)] 
protected osi_print_cksum is more general fashion

6 years agoannotate kday packets with CVE numbers
Michael Richardson [Mon, 9 Mar 2015 19:15:31 +0000 (15:15 -0400)] 
annotate kday packets with CVE numbers

6 years agoMerge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7
Michael Richardson [Mon, 9 Mar 2015 19:07:32 +0000 (15:07 -0400)] 
Merge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7

6 years agoupdate cve-2015-0261 test packets with expected output
Michael Richardson [Mon, 9 Mar 2015 18:35:53 +0000 (14:35 -0400)] 
update cve-2015-0261 test packets with expected output

6 years agoupdate kday test packets with expected output
Michael Richardson [Mon, 9 Mar 2015 18:35:12 +0000 (14:35 -0400)] 
update kday test packets with expected output

6 years agomake sure that EXIT code is appended to results file
Michael Richardson [Mon, 9 Mar 2015 18:35:02 +0000 (14:35 -0400)] 
make sure that EXIT code is appended to results file

6 years agoND_TEST2 should validate that l is non-negative
Michael Richardson [Mon, 9 Mar 2015 18:23:25 +0000 (14:23 -0400)] 
ND_TEST2 should validate that l is non-negative

6 years agoadded notes about CVEs that were fixed
Michael Richardson [Wed, 18 Feb 2015 01:15:22 +0000 (20:15 -0500)] 
added notes about CVEs that were fixed

6 years agosome patches to deal with kday pcap files
Michael Richardson [Mon, 16 Feb 2015 19:49:11 +0000 (14:49 -0500)] 
some patches to deal with kday pcap files

6 years agoenumerate F_OP values explicitely, provide reference to where they are defined.
Michael Richardson [Mon, 16 Feb 2015 18:25:25 +0000 (13:25 -0500)] 
enumerate F_OP values explicitely, provide reference to where they are defined.
guard against case where ops->print is nil

6 years agotest case for cve2015-0261 -- corrupted IPv6 mobility header
Michael Richardson [Mon, 16 Feb 2015 02:22:11 +0000 (21:22 -0500)] 
test case for cve2015-0261 -- corrupted IPv6 mobility header

6 years agoin some cases we expect tcpdump to fail with an error code
Michael Richardson [Mon, 16 Feb 2015 02:21:29 +0000 (21:21 -0500)] 
in some cases we expect tcpdump to fail with an error code

6 years agobroken packets from Kevin Day
Michael Richardson [Sun, 15 Feb 2015 20:29:52 +0000 (15:29 -0500)] 
broken packets from Kevin Day

6 years agoAdd a #define for the short options and put it above the long options.
Guy Harris [Sun, 8 Mar 2015 22:55:47 +0000 (15:55 -0700)] 
Add a #define for the short options and put it above the long options.

That puts all the option lists together; hopefully this encourages
developers who want to add a new flag to read the big "don't use these
options, other tcpdumps use them for their own purposes" command and
thus *dis*courages them from using one of those options.

6 years agoDo the dump file Capsicum stuff in a common routine. 440/head
Guy Harris [Thu, 5 Mar 2015 23:32:01 +0000 (15:32 -0800)] 
Do the dump file Capsicum stuff in a common routine.

We were doing the same stuff in two places and *almost* the same stuff
in a third place, which should have been doing the same stuff.  Put that
stuff into a common routine and just use that.

(What a mess.  If you pour a bottle of Capsicum on your OS, it seeps all
throughout the system; might as well admit it and, at least, extend the
standard I/O library to handle it a bit better.)

6 years agoMerge pull request #433 from wxsBSD/cap_fix
Guy Harris [Thu, 5 Mar 2015 22:51:51 +0000 (14:51 -0800)] 
Merge pull request #433 from wxsBSD/cap_fix

Add CAP_FCNTL and use cap_fcntls_limit().

6 years agoadd/update some references in comments
Denis Ovsienko [Thu, 5 Mar 2015 12:50:39 +0000 (12:50 +0000)] 
add/update some references in comments

6 years agoclean K&R style up in function declarations a bit
Denis Ovsienko [Thu, 5 Mar 2015 10:33:43 +0000 (10:33 +0000)] 
clean K&R style up in function declarations a bit

The function body should have its opening brace on the next line.

6 years agoFix the pointer tests in the non-ndoified TTEST2() macro as well. 349/head
Guy Harris [Mon, 2 Mar 2015 21:46:29 +0000 (13:46 -0800)] 
Fix the pointer tests in the non-ndoified TTEST2() macro as well.

6 years agoC compilers can, and some do, optimize away pointer underflow checks.
Guy Harris [Mon, 2 Mar 2015 21:25:12 +0000 (13:25 -0800)] 
C compilers can, and some do, optimize away pointer underflow checks.

Cast the pointers to uintptr_t; use AC_TYPE_UINTPTR_T to get uintptr_t
defined on older platforms that don't define it themselves.

6 years agoDon't run past the snaplength when printing a packet with a too-short LI.
Guy Harris [Sun, 1 Mar 2015 19:00:21 +0000 (11:00 -0800)] 
Don't run past the snaplength when printing a packet with a too-short LI.

Fixes GitHub issue #437.

6 years agoUpdate config.{sub,guess}, timestamp='2015-02-2[23]'
Francois-Xavier Le Bail [Sun, 1 Mar 2015 11:37:06 +0000 (12:37 +0100)] 
Update config.{sub,guess}, timestamp='2015-02-2[23]'

6 years agoUpdate config.{sub,guess}, timestamp='2015-01-01'
Francois-Xavier Le Bail [Fri, 20 Feb 2015 14:11:29 +0000 (15:11 +0100)] 
Update config.{sub,guess}, timestamp='2015-01-01'

6 years agoMerge pull request #435 from wolfgangkarall/sigusr1-man
Michael Richardson [Tue, 24 Feb 2015 14:03:33 +0000 (09:03 -0500)] 
Merge pull request #435 from wolfgangkarall/sigusr1-man

document SIGUSR1 in manual page

6 years agodocument SIGUSR1 in manual page 435/head
Wolfgang Karall [Tue, 24 Feb 2015 11:36:51 +0000 (12:36 +0100)] 
document SIGUSR1 in manual page

6 years agoOpenFlow 1.0: address a Coverity warning
Denis Ovsienko [Sat, 21 Feb 2015 22:12:52 +0000 (22:12 +0000)] 
OpenFlow 1.0: address a Coverity warning

6 years agogitattributes: Update the attributes for tests/*.out
Francois-Xavier Le Bail [Sat, 21 Feb 2015 13:25:35 +0000 (14:25 +0100)] 
gitattributes: Update the attributes for tests/*.out

The actual status for good conditions of tests in Windows are:

Sources from    autocrlf    *.out ending    sed stuff
git             true        CRLF            no
git             input       LF              yes
git             false       LF              yes
archive         N/A         LF              yes

We need to have the sed stuff for sources archives.
Thus we need that the endings of tests/*.out files be always LF only.
We don't want to depend on user config.
Thus this changes.
Advantage: This config is under version control, it applies to all users.

Get rid of legacy config 'core.autocrlf=true'

6 years agogitattributes: cleanup unused patterns
Francois-Xavier Le Bail [Wed, 18 Feb 2015 13:37:53 +0000 (14:37 +0100)] 
gitattributes: cleanup unused patterns

6 years agoAdd CAP_FCNTL and use cap_fcntls_limit(). 433/head
Wesley Shields [Wed, 18 Feb 2015 22:07:18 +0000 (17:07 -0500)] 
Add CAP_FCNTL and use cap_fcntls_limit().

Without these changes pcap_dump_ftell() will return -1 and set errno to

This allows you to do:

tcpdump -C 1 -W 5 -w foo.pcap

Without these changes it will never rotate to foo.pcap1 and continue writing
to foo.pcap0 forever.

Discussed at:

6 years agoCheck for pcap_dump_ftell() failing.
Guy Harris [Wed, 18 Feb 2015 21:18:21 +0000 (13:18 -0800)] 
Check for pcap_dump_ftell() failing.

That way, we don't just keep writing if it fails (which it can when
using Capsicum, for example).

6 years agoOpenFlow 1.0: improve BSN extensions support
Denis Ovsienko [Sun, 1 Feb 2015 21:34:38 +0000 (21:34 +0000)] 
OpenFlow 1.0: improve BSN extensions support

Improve decoding of BSN vendor commands: update printing of commands
that set/get mirror port reporting flag, add decoding of shell exec
commands. Introduce decoding of vendor-specific actions with BSN as the
first such vendor and "mirror" as the first such BSN action.

Add a new test case based on a packet capture produced using Trema
controller and an Arista 7050SX-64 switch in Arista Networks' test lab.
Besides the structures above the capture contains the following items:

* OFPT_QUEUE_GET_CONFIG_REPLY with 0 queues (a valid edge case)
* OFPT_FEATURES_REPLY with ports 21 and 23 having bogus "config" field
  (a violation of the protocol, which required temporary patching of the
  controller to avoid the session shutdown)
* a set of IP mask manipulation BSN-specific commands

6 years agoFix issues with the setting of libcap-ng capabilities. 431/head
Tommy Beadle [Wed, 18 Feb 2015 16:38:56 +0000 (11:38 -0500)] 
Fix issues with the setting of libcap-ng capabilities.

- Only set the SETUID/SETGID capabilities if required (i.e. we'll be changing
  the effective UID).
- Only set the CAP_DAC_OVERRIDE capability if writing out to a file (i.e. the -w
  flag was provided).
- Fix the calls to capng_clear to pass CAPNG_SELECT_BOTH so that the traditional
  and bounding capabilities are set.
- Only remove CAP_DAC_OVERRIDE from the permitted set after opening the write
  file if neither -G nor -C flag was provided.  We always drop it from the
  effective set immediately after opening the write file.  During file rotation,
  we reacquire it immediately before and drop it immediately after opening the

6 years agominor changes to detect core dumps better
Michael Richardson [Sun, 15 Feb 2015 20:20:08 +0000 (15:20 -0500)] 
minor changes to detect core dumps better

6 years agoAdd additional test cases for Geneve.
Jesse Gross [Wed, 4 Feb 2015 00:00:32 +0000 (16:00 -0800)] 
Add additional test cases for Geneve.

The test cases exercise both more varied traffic and new libpcap

6 years agoDECNET: Fix segmentation fault
Francois-Xavier Le Bail [Mon, 16 Feb 2015 19:41:55 +0000 (20:41 +0100)] 
DECNET: Fix segmentation fault

If the 'dnet_htoa' function return NULL, '(strdup(dnet_htoa(&dna)))'
gives a segmentation fault.

- libdnet-dev installed (Thus HAVE_DNET_HTOA defined)
- Missing /etc/decnet.conf

6 years agoTravis: add 'make install' in the build script
Francois-Xavier Le Bail [Mon, 16 Feb 2015 14:57:13 +0000 (15:57 +0100)] 
Travis: add 'make install' in the build script

6 years agoTravis: install libcap-ng-dev lib
Francois-Xavier Le Bail [Sun, 15 Feb 2015 14:42:35 +0000 (15:42 +0100)] 
Travis: install libcap-ng-dev lib

6 years agoconfigure: add support for cap-ng package
Francois-Xavier Le Bail [Sun, 15 Feb 2015 14:32:23 +0000 (15:32 +0100)] 
configure: add support for cap-ng package

It uses '--with-cap-ng', for using libcap-ng [default=yes, if available]

6 years agoMerge pull request #429 from mkirkhart/inverse-arp-print-fix
Guy Harris [Thu, 12 Feb 2015 20:07:34 +0000 (12:07 -0800)] 
Merge pull request #429 from mkirkhart/inverse-arp-print-fix

Fixed bug in arp_print() in handling of inverse arp responses

6 years agoUse immediate mode if available.
Guy Harris [Tue, 10 Feb 2015 22:55:43 +0000 (14:55 -0800)] 
Use immediate mode if available.

If libpcap has pcap_set_immediate_mode(), then default to immediate mode
if we're printing packets to a terminal, and use immediate mode if
--immediate-mode is specified.

6 years agoMove pcap function checks to
Guy Harris [Tue, 10 Feb 2015 21:52:51 +0000 (13:52 -0800)] 
Move pcap function checks to

It was doing some of the function checks; move the remaining ones out of
AC_LBL_LIBPCAP(), which is now solely responsible for finding libpcap,
making sure it'll work, and setting compiler and linker flags
appropriately.  Checks for functions that were introduced in later
versions of libpcap, which we use if available, are all done in

6 years agoThis is the trunk, and there's a 4.7.x branch, so call it 4.8.0-PRE-GIT.
Guy Harris [Tue, 10 Feb 2015 21:38:31 +0000 (13:38 -0800)] 
This is the trunk, and there's a 4.7.x branch, so call it 4.8.0-PRE-GIT.

6 years agodroproot(): always print to stderr (GH #425)
Denis Ovsienko [Mon, 9 Feb 2015 01:21:51 +0000 (01:21 +0000)] 
droproot(): always print to stderr (GH #425)

Otherwise it interferes with the output of "tcpdump -w -".

6 years agoSquelch a Coverity warning.
Guy Harris [Fri, 6 Feb 2015 19:42:00 +0000 (11:42 -0800)] 
Squelch a Coverity warning.

For unknown PDU types, we return 0 whether print_unknown_data() succeeds
or fails; don't bother checking whether it succeeds, Just Do It.

6 years agoFixed bug in arp_print() in handling of inverse arp responses - the target's hardware... 429/head
mkirkhart [Wed, 4 Feb 2015 23:55:58 +0000 (18:55 -0500)] 
Fixed bug in arp_print() in handling of inverse arp responses - the target's hardware and protocol address were being printed instead of the sender's hardware and protocol address

6 years agoOpenFlow 1.0: add missing items to bsn_subtype_str
Denis Ovsienko [Fri, 30 Jan 2015 14:31:14 +0000 (14:31 +0000)] 
OpenFlow 1.0: add missing items to bsn_subtype_str

6 years agorefine 802.1Q VLAN TCI decoding
Denis Ovsienko [Thu, 29 Jan 2015 19:48:25 +0000 (19:48 +0000)] 
refine 802.1Q VLAN TCI decoding

Factor the common code out to a new function and rename the CFI bit to
DEI to match the terminology in Clause 9.6 of IEEE 802.1Q-2011.

6 years agoMerge pull request #422 from tbeadle/capng_changes
Guy Harris [Tue, 27 Jan 2015 19:38:31 +0000 (11:38 -0800)] 
Merge pull request #422 from tbeadle/capng_changes

Make sure to init capng before dropping root.

capng_clear needs to be called before capng_change_id can be called within
droproot. Otherwise, an (unusable) error message is output: "error : ret -1" and it fails to drop root privileges.

This also fixes the dropping of the CAP_SETGID capability. Previously,
CAP_SETUID was being dropped twice.

6 years agoMake sure to init capng before dropping root. 422/head
Tommy Beadle [Tue, 27 Jan 2015 18:32:14 +0000 (13:32 -0500)] 
Make sure to init capng before dropping root.

capng_clear needs to be called before capng_change_id can be called within
droproot.  Otherwise, an (unusable) error message is output: "error : ret -1".

This also fixes the dropping of the CAP_SETGID capability.  Previously,
CAP_SETUID was being dropped twice.

6 years agoFix a warning for 'strsep' function on Solaris
Francois-Xavier Le Bail [Mon, 26 Jan 2015 09:58:04 +0000 (10:58 +0100)] 
Fix a warning for 'strsep' function on Solaris

The warning was:
./missing/strsep.c:54:1: warning: no previous prototype for 'strsep' [-Wmissing-prototypes]

7 years agomkdep: It uses now the build environment PATH
Francois-Xavier Le Bail [Sun, 18 Jan 2015 11:22:47 +0000 (12:22 +0100)] 
mkdep: It uses now the build environment PATH

7 years agoTravis: avoid useless lines from 'brew' command in the logs
Francois-Xavier Le Bail [Fri, 9 Jan 2015 17:08:44 +0000 (18:08 +0100)] 
Travis: avoid useless lines from 'brew' command in the logs

7 years agocondition DOS/UNIX newline styles for Windows test
Gisle Vanem [Fri, 9 Jan 2015 13:39:39 +0000 (13:39 +0000)] 
condition DOS/UNIX newline styles for Windows test

7 years agoMerge remote-tracking branch 'bpf/master'
Denis Ovsienko [Thu, 8 Jan 2015 21:59:34 +0000 (21:59 +0000)] 
Merge remote-tracking branch 'bpf/master'

7 years agoNo OPER-TLV are "empty TLVs".
Guy Harris [Thu, 8 Jan 2015 21:22:13 +0000 (13:22 -0800)] 
No OPER-TLV are "empty TLVs".

As section 7 of RFC 5810 says, an OPER-TLV is 1*PATH-DATA-TLV, so it
always has at least one PATH-DATA-TLV.  Remove the ZERO_TTLV check - the
old one was bogus ((!ops->flags & ZERO_TTLV) means ((!ops->flags) &
ZERO_TTLV), and if ops->flags is non-zero, !ops->flags is zero, and the
test fails), and the new one causes tests to fail, revealing that the
whole "empty TLVs like COMMIT and TRCOMMIT are empty, we stop here"
think is wrong, so we remove it.

7 years agoProperly test ZERO_TTLV flag in otlv_print().
Guy Harris [Thu, 8 Jan 2015 01:11:55 +0000 (17:11 -0800)] 
Properly test ZERO_TTLV flag in otlv_print().

If that flag is set, the TLV in question is empty, so don't process
anything further - and if it's *not* empty, report an error.

Thanks to Maks Naumov for finding this.

7 years agoTravis: set git clone for libpcap to be faster and quieter
Francois-Xavier Le Bail [Thu, 8 Jan 2015 14:20:46 +0000 (15:20 +0100)] 
Travis: set git clone for libpcap to be faster and quieter

7 years agoTravis: use the new 'quiet' option for git
Francois-Xavier Le Bail [Thu, 8 Jan 2015 14:18:10 +0000 (15:18 +0100)] 
Travis: use the new 'quiet' option for git

This change allows to avoid many useless lines in the logs:
Receiving objects:...
Resolving deltas:...

7 years agoupdate an e-mail address in CREDITS
Denis Ovsienko [Thu, 8 Jan 2015 11:55:43 +0000 (11:55 +0000)] 
update an e-mail address in CREDITS

7 years agoamend recent changes to fix tests on Solaris
Denis Ovsienko [Thu, 8 Jan 2015 11:02:30 +0000 (11:02 +0000)] 
amend recent changes to fix tests on Solaris

Solaris /bin/sh does not support the "!" operator, I forgot about it
again (see commits 9ac4b76 and f4252a1). Now should be OK.

7 years agoCheck not just the capture length but the on-the-network length.
Guy Harris [Tue, 6 Jan 2015 08:44:11 +0000 (00:44 -0800)] 
Check not just the capture length but the on-the-network length.