Re: [tcpdump-workers] WinDump fails to compile on latest libpcap
Yang Luo wrote: > Given that WinDump is kind of "official" example to use libpcap/Npcap API, > it's not good that they can't compile. Why do you say that? IMHO, tcpdump/WinDump at: https://github.com/the-tcpdump-group/tcpdump.git is the "official". Works fine for me on Windows. Have you tried it? It's good we've got rid of the mess with "bittypes.h" etc. -- --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] parse_elements() in print-802_11.c
The use of function parse_elements() in print-802_11.c looks a bit fishy. E.g. in handle_beacon(): ret = parse_elements(ndo, pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); Here parse_elements() has set 'pbody.ssid' to a local (on stack) SSID in it's 'struct ssid_t ssid': if (!pbody-ssid_present) { pbody-ssid = ssid; pbody-ssid_present++; } Then PRINT_SSID() prints something that could possible contain garbage. So should those local variables in parse_elements() be made static? Or use a memcpy()? Besides, isn't it better to print hex-codes in the SSID as-is (if any)? Like so: @@ -697,7 +697,7 @@ #define PRINT_SSID(p) \ if (p.ssid_present) { \ ND_PRINT((ndo, ()); \ - fn_print(ndo, p.ssid.ssid, NULL); \ + safeputs(ndo, p.ssid.ssid, sizeof(p.ssid.ssid)); \ ND_PRINT((ndo, ))); \ } --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] errno.h in the Win32 version
I note that a local Win32/include/errno.h is shadowing for the real errno.h which is not nice. And shouldn't sys-headers come first in missing/inet_pton.c? #include tcpdump-stdinc.h #include errno.h Since MSVC's errno.h has a 'EAFNOSUPPORT', but MingW+Watcom does not, I think it's cleaner to remove the local Win32/include/errno.h and do some checks in tcpdump-stdinc.h instead: -#include Ws2tcpip.h +#include ws2tcpip.h!! use the real name incase someone cross-compiles #include bittypes.h #include ctype.h #include time.h #include io.h +#include errno.h ... +/* It is in MSVC's errno.h, but not defined in MingW+Watcom. + */ +#ifndef EAFNOSUPPORT +#define EAFNOSUPPORT WSAEAFNOSUPPORT +#endif + Other targets using missing/inet_pton.c should thus work as before. BTW. there is a similar issue with EAFNOSUPPORT (and _errno()) in libpcap that I can come back to. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] print-ahcp.c on MSVC
Gisle Vanem gva...@yahoo.no wrote: I'm sure my old MSVC v16 has a bit stupid C-preprocessor. At least when expanding this (line 153): Now this C-preprocessor bug got me into problems with print-olsr.c too. A patch: --- Git-Latest/print-olsr.c 2014-04-02 17:02:01 + +++ print-olsr.c2014-04-02 19:07:49 + @@ -457,12 +457,15 @@ while (msg_tlen = addr_size) { if (!ND_TTEST2(*msg_data, addr_size)) goto trunc; - -ND_PRINT((ndo, \n\t interface address %s, #if INET6 +ND_PRINT((ndo, \n\t interface address %s, is_ipv6 ? ip6addr_string(msg_data) : -#endif ipaddr_string(msg_data))); +#else +ND_PRINT((ndo, \n\t interface address %s, +ipaddr_string(msg_data))); +#endif + msg_data += addr_size; msg_tlen -= addr_size; } BTW. It seems it's impossible to build with w/o #define INET6. How is e.g. print-dhcp6.c supposed to be compiled on Windows w/o it? A '#ifdef INET6' surrounding the whole file? I assume with autotools it's not compiled w/o INET6. Or? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] print-ahcp.c on MSVC
I'm sure my old MSVC v16 has a bit stupid C-preprocessor. At least when expanding this (line 153): ND_PRINT((ndo, %s%s, sep, #ifdef INET6 ip6addr_string(cp) #else (compiled w/o IPv6) #endif /* INET6 */ into this (all on one line): (*ndo-ndo_printf)(ndo, %s%s, sep, #ifdef 1 getname6((const u_char *) (cp)) #else (compiled w/o IPv6) #endif ); (verified by cl -E). Applying this patch fixes it though: --- Git-Latest/print-ahcp.c 2014-03-11 18:33:14 + +++ print-ahcp.c2014-03-11 19:29:41 + @@ -150,13 +150,12 @@ if (cp + 16 ep) goto corrupt; ND_TCHECK2(*cp, 16); - ND_PRINT((ndo, %s%s, sep, #ifdef INET6 - ip6addr_string(cp) + ND_PRINT((ndo, %s%s, sep, ip6addr_string(cp))); #else - (compiled w/o IPv6) + ND_PRINT((ndo, %s%s, sep, (compiled w/o IPv6))); #endif /* INET6 */ - )); + cp += 16; sep = , ; } @@ -202,13 +201,12 @@ if (cp + 17 ep) goto corrupt; ND_TCHECK2(*cp, 17); - ND_PRINT((ndo, %s%s/%u, sep, #ifdef INET6 - ip6addr_string(cp), + ND_PRINT((ndo, %s%s/%u, sep, ip6addr_string(cp), *(cp + 16))); #else - (compiled w/o IPv6), + ND_PRINT((ndo, %s%s/%u, sep, (compiled w/o IPv6), *(cp + 16))); #endif /* INET6 */ - *(cp + 16))); + cp += 17; sep = , ; } -- Time for an INET6 aware util.c print-function for these cases? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-zeromq.c
The prototype and implementation of 'zmtp1_print_datagram()' is slightly different; the prototype has a 'const u_int len' as the last parameter. Whereas the implementation has no 'const'. Hence I get a warning from MSVC. Hence: diff -u3 Git-Latest/print-zeromq.c ./print-zeromq.c --- Git-Latest/print-zeromq.c 2014-01-14 17:51:07 + +++ ./print-zeromq.c2014-03-01 14:41:53 + @@ -207,7 +207,7 @@ } void -zmtp1_print_datagram(const u_char *cp, const u_int len) { +zmtp1_print_datagram(const u_char *cp, u_int len) { const u_char *ep = MIN(snapend, cp + len); cp = zmtp1_print_intermediate_part(cp, len); --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] print-zeromq.c
François-Xavier Le Bail fx.leb...@yahoo.com wrote: Is it not better to add const in the propotype ? Comparing to other print-function with a 'len' as last parameter, I think not. Looking through interface.h for *_print() functions, only these have a 'const u_int' as last arg: openflow_print, ahcp_print. IMHO, we should be consistent; a 'const u_int len' or simply a 'u_int len'. Some even have a 'register' modifier which seems odd. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] print-rx.c time format
Building windump using MingW + gcc 4.7.2, I get: print-rx.c: In function 'fs_print': print-rx.c:929:4: warning: unknown conversion type character 'T' in format [-Wformat] print-rx.c:933:4: warning: unknown conversion type character 'T' in format [-Wformat] This comes from the macro DATEOUT(): strftime(str, 256, %Y/%m/%d %T, tm); \ If I should trust what my 'man strftime' says: %T or %X is equivalent to %H:%M:%S. we could show the time using this format instead (as print-ntp.c does). IMHO. there should be an easy-access function in util.c for this. Something like: const char *get_tm_str (time_t t); But for now this patch makes gcc/MingW shutup: --- Git-Latest/print-rx.c2014-01-14 17:51:07 + +++ print-rx.c 2014-02-13 13:08:40 + @@ -788,7 +788,7 @@ t = (time_t) EXTRACT_32BITS(bp); \ bp += sizeof(int32_t); \ tm = localtime(t); \ - strftime(str, 256, %Y/%m/%d %T, tm); \ + strftime(str, 256, %Y/%m/%d %H:%M:%S, tm); \ printf( %s, str); \ } - --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] RCS/CVS keywords ($Id$, $Header$, $OpenBSD$ etc)
Guy Harris guy at alum.mit.edu writes: The tcpdump/libpcap RCS/CVS IDs serve no purpose now that libpcap and tcpdump are kept in Git, as far as I can see. Then you (or someone else) can change the WIN32 version stuff: char WDversion[]=current-cvs.tcpdump.org; #if !defined(HAVE_GENERATED_VERSION) char version[]=current-cvs.tcpdump.org; #endif into something related to Git. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] capturing packets with identical MAC for source and destination
Lentes, Bernd bernd.len...@helmholtz-muenchen.de wrote: I'd like to capture all packets which have the same MAC-address for sender and destination. But i don't know the MAC which is causing these messages. So i have to use an universal filter. I tried to use tcpdump 'ether[8:6] = ether[14:6]'. Beginning with byte 8 is the destination MAC and beginning with byte 14 is the source MAC. And each MAC has the size of 6 bytes. But i got this message: tcpdump: data size must be 1, 2, or 4. Is there a way to capture the desired 6 bytes ? I think you'll have to split up in 2 checks. 1 for 4 bytes and 1 for 2 bytes. Something like: tcpdump -d (ether[8:4]=ether[14:4]) (ether[12:2]=ether[18:2]) (000) ld [8] (001) st M[1] (002) ld [14] (003) tax (004) ld M[1] (005) jeq xjt 6jf 13 (006) ldh [12] (007) st M[4] (008) ldh [18] (009) tax (010) ld M[4] (011) jeq xjt 12 jf 13 (012) ret #65535 (013) ret #0 Looks like the pseudo-asm code is correct w/o knowing what 'tax' is. (Note; I had to use '' in my shell to escape the ''). --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] 'private' in pcap-int.h
'struct pcap' has a member: void *private; /* private data for methods */ Which doesn't work so well when including pcap-int.h from a C++ program. The file looks to be meant for C++ because of: #ifdef __cplusplus extern C { #endif Can this be renamed to 'priv' or '_private' ? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] print-nfs.c
Denis Ovsienko infrastat...@yandex.ru wrote: 10.07.2013, 15:18, Gisle Vanem gva...@broadpark.no: 'int32_t' isn't 'int' for all targets. Some Windows targets have it defined as 'signed int' in win32/Include/bittypes.h. So print-nfs.c does not compile cleanly; conflicting definition of xid_map_find(). Should both declarations be just int then? That could be simpler, yes. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-nfs.c
'int32_t' isn't 'int' for all targets. Some Windows targets have it defined as 'signed int' in win32/Include/bittypes.h. So print-nfs.c does not compile cleanly; conflicting definition of xid_map_find(). A fix: --- Git-Latest/print-nfs.c 2013-07-03 09:24:42 + +++ print-nfs.c 2013-07-04 07:39:33 + @@ -981,7 +981,7 @@ * Returns 0 and puts NFSPROC_xxx in proc return and * version in vers return, or returns -1 on failure */ -static int +static int32_t xid_map_find(const struct sunrpc_msg *rp, const u_char *bp, u_int32_t *proc, u_int32_t *vers) { --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Use of critical section on Win32
I really don't understand the motivation behind the Win32-code for pcap_compile(). In gencode.c: int pcap_compile(pcap_t *p, struct bpf_program *program, const char *buf, int optimize, bpf_u_int32 mask) { int result; EnterCriticalSection(g_PcapCompileCriticalSection); result = pcap_compile_unsafe(p, program, buf, optimize, mask); LeaveCriticalSection(g_PcapCompileCriticalSection); return result; } -- Why doesn't other libpcap functions needs this critical-section protection too? And how about the case when DllMain() hasn't been called (because libpcap is used as a static lib) and someone calls e.g. pcap_compile(). Then this 'g_PcapCompileCriticalSection' struct is left un-initialised and the program will crash. Can we maybe sprinkle calls to 'wsockinit()' where needed and let 'wsockinit()' do it's task only once? I could make the needed patches if we agree on this. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] fad-win32.c
This is a similar patch to the change of pcap-dos.c: https://github.com/mcr/libpcap/commit/73b5f0387199fbaa75130837b931faf770471640 I.e. the '_interfaces' suffix got lost in some other change to the puplic API. (I don't know when). Since 'pcap_findalldevs()' is now a more generic version in pcap.c, the platform-specific function is called 'pcap_findalldevs_interfaces()' in fad-win32.c: --- Git-Latest\fad-win32.c Wed Nov 28 23:41:44 2012 +++ fad-win32.c Wed Mar 27 16:14:02 2013 @@ -216,13 +216,13 @@ * Win32 implementation, based on WinPcap */ int -pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf) +pcap_findalldevs_interfaces(pcap_if_t **alldevsp, char *errbuf) { pcap_if_t *devlist = NULL; int ret = 0; const char *desc; char *AdaptersName; - ULONG NameLength; + ULONG NameLength = 0; char *name; if (!PacketGetAdapterNames(NULL, NameLength)) - 'NameLength = 0' is just in case 'PacketGetAdapterNames()' fails w/o setting '*NameLength == 0'. It really could do that; ref. Packet32.c in WinPcap. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] fad-win32.c
Guy Harris g...@alum.mit.edu wrote: 'NameLength = 0' is just in case 'PacketGetAdapterNames()' fails w/o setting '*NameLength == 0'. It really could do that; ref. Packet32.c in WinPcap. Really? I don't see that. (The first call should *always* fail, in the sense of returning FALSE; if the cause of the failure is that the buffer pointer argument is NULL, not that it couldn't get the interface list, it should set NameLength to the size of the buffer it needs.) What is the oldest version of WinPcap we should support in libpcap? Here are the lines in question from an old version of winpcap-SDK\Packet9x\DLL\Packet32.c: BOOLEAN PacketGetAdapterNames (PTSTR pStr, PULONG BufferSize) { ULONG Result,i; LONG Status; ... PPACKET_OID_DATA OidData; ... OidData=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT,256); if (OidData == NULL) { return FALSE; } (dated 8 July 2006 here). Clearly it could return FALSE w/o touching '*BufferSize'. The GlobalAllocPtr() is the 1st code in this function. Hence the precaution in fad-win32.c. Allthough no sane person should be using Win9x anymore, there could be an old version of PacketNtx\Dll\Packet32.c with the same lines. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] pcap-dos.c
This file has fallen behind since pcap_create() was put in pcap.c long time ago (a more generic create-function). Hence: --- Git-Latest\pcap-dos.c Wed Nov 28 23:41:44 2012 +++ pcap-dos.c Thu Nov 29 00:00:12 2012 @@ -143,7 +143,7 @@ return handle_to_device [fd-1]; } -pcap_t *pcap_create (const char *device, char *ebuf) +pcap_t *pcap_create_interface (const char *device, char *ebuf) { pcap_t *p; @@ -211,7 +211,7 @@ pcap_read_one (pcap_t *p, pcap_handler callback, u_char *data) { struct pcap_pkthdr pcap; - struct timeval now, expiry; + struct timeval now, expiry = { 0,0 }; BYTE *rx_buf; intrx_len = 0; @@ -287,7 +287,7 @@ return (1); } -/* If not to wait for a packet or pcap_close() called from +/* If not to wait for a packet or pcap_cleanup_dos() called from * e.g. SIGINT handler, exit loop now. */ if (p-md.timeout = 0 || (volatile int)p-fd = 0) -- The change in the comment is just to make it clear it's not pcap_close() that's called directly. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] -W options to gcc
Michael Richardson m...@sandelman.ca wrote: If one wants to add -W options to the standard build, I'm wondering what the right autoconf magic is to enable such a thing. fxlb suggested: -Wunused -Wunused-parameter I compile using MingW (gcc 4.7.2) and normally I use -Wall -W. But this gives tons of warnings. Hence I use these to supress most of them: -Wno-unused-but-set-variable -Wno-unused-function -Wno-strict-aliasing This results in only these warnings: missing/inet_ntop.c: In function 'inet_ntop': missing/inet_ntop.c:146:44: warning: 'best.len' may be used uninitialized in this function [-Wmaybe-uninitialized] missing/inet_ntop.c:117:5: note: 'best.len' was declared here Must be one of the oldest file in tcpdump. From 2005. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-dhcp6.c
This file doesn't compile using MSVC v16 (from VC-Express 2010) because it has variable definitions after statements (' problem X' below). tcpdump should be in pure C, not C++ or gcc features. Right? Patch: --- Git-Latest\print-dhcp6.cThu Feb 28 16:10:44 2013 +++ print-dhcp6.c Mon Mar 04 13:25:40 2013 @@ -335,6 +335,8 @@ size_t optlen; u_int8_t auth_proto; u_int authinfolen, authrealmlen; + int remain_len; /* Length of remaining options */ + int label_len; /* Label length */ if (cp == ep) return; @@ -723,10 +725,9 @@ break; } tp = (u_char *)(dh6o + 1); - int remain_len = optlen; !! problem 1 + remain_len = optlen; printf( ); /* Encoding is described in section 3.1 of RFC 1035 */ - int label_len; /* Label length */ !! problem 2 while (remain_len *tp) { label_len = *tp++; if (label_len remain_len - 1) { --- --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Duplicated dirs on Git-hub
It doesn't matter much for folks with case-insensitive file-systems, but the Git-repo contains these two directories: https://github.com/mcr/tcpdump/tree/master/win32 https://github.com/mcr/tcpdump/tree/master/Win32 Maybe the files under 'Win32' should be moved into 'win32'? PS. I'm trying to send this message again. My 1st attempt got trapped by tcpdump-workers-boun...@lists.tcpdump.org alltought I'm subscribed. Seems everybody here are put on moderation. Michael what's up? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Fwd: New datasource implementation
Guy Harris g...@alum.mit.edu wrote: Send us a patch, submit it on SourceForge, or do whatever the shiny new Git magic is for that (Michael, how do people do that?). This is what I do (and what the sourceforge page [1] states). 1st time checkout: git clone git://bpf.tcpdump.org/libpcap Then git fetch to update. But using Sourceforge to commit patches and feature requests is not ideal IMHO (besides SF is so slow). Why not send patches to this list so reach a larger audience of critical readers? [1] http://www.tcpdump.org/#source --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] findalldevtest.c
A small patch to make this file compile on Windows: --- Git-latest/findalldevstest.c Tue Feb 17 16:55:35 2009 +++ findalldevstest.c Wed Feb 18 12:45:00 2009 @@ -4,10 +4,13 @@ #include stdlib.h #include sys/types.h + +#ifndef WIN32 #include sys/socket.h #include netinet/in.h #include arpa/inet.h #include netdb.h +#endif #include pcap.h -- --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] libpcap, pcap-stdinc.h
* Added header-guard. * Include IP6_misc.h unconditionally (why treat MingW specially?) --gv --- CVS-Latest/pcap-stdinc.h Mon Oct 06 14:27:32 2008 +++ pcap-stdinc.hThu Feb 12 21:25:34 2009 @@ -30,6 +30,8 @@ * * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.11 2008-10-06 15:27:32 gianluca Exp $ (LBL) */ +#ifndef pcap_stdinc_h +#define pcap_stdinc_h #define SIZEOF_CHAR 1 #define SIZEOF_SHORT 2 @@ -54,9 +56,7 @@ #include time.h #include io.h -#ifndef __MINGW32__ #include IP6_misc.h -#endif #define caddr_t char* @@ -88,3 +88,4 @@ #endif #endif /*__MINGW32__*/ +#endif /* pcap_stdinc_h */ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] libpcap, nametoaddr.c
* nametoaddr.c with DECNETLIB defined needs netdnet/dnetdb.h included. And which again needs sys/types.h. * Remove IP6_misc.h since it's already included in pcap-stdinc.h (ref. my patch to this file). --gv --- CVS-Latest/nametoaddr.cWed Feb 06 09:21:30 2008 +++ nametoaddr.c Mon Sep 22 16:04:13 2008 @@ -31,6 +31,11 @@ #include config.h #endif +#ifdef DECNETLIB +#include sys/types.h +#include netdnet/dnetdb.h +#endif + #ifdef WIN32 #include pcap-stdinc.h @@ -43,13 +48,6 @@ #include netinet/in.h #endif /* WIN32 */ - -/* - * XXX - why was this included even on UNIX? - */ -#ifdef __MINGW32__ -#include IP6_misc.h -#endif #ifndef WIN32 #ifdef HAVE_ETHER_HOSTTON - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] signature.c
bzero() and bcopy() are not universally available. But memset() and memcpy() are AFAICS. Attached diffs-5.txt. --gv --- CVS-Latest/signature.c Sat Aug 16 10:36:20 2008 +++ signature.c Mon Sep 22 16:58:20 2008 @@ -83,10 +83,10 @@ */ /* start out by storing key in pads */ -bzero(k_ipad, sizeof k_ipad); -bzero(k_opad, sizeof k_opad); -bcopy(key, k_ipad, key_len); -bcopy(key, k_opad, key_len); +memset(k_ipad, 0, sizeof k_ipad); +memset(k_opad, 0, sizeof k_opad); +memcpy(k_ipad, key, key_len); +memcpy(k_opad, key, key_len); /* XOR key with ipad and opad values */ for (i=0; i64; i++) { @@ -127,8 +127,8 @@ /* * Save the signature before clearing it. */ -bcopy(sig_ptr, rcvsig, sizeof(rcvsig)); -bzero(sig_ptr, sizeof(rcvsig)); +memcpy(rcvsig, sig_ptr, sizeof(rcvsig)); +memset(sig_ptr, 0, sizeof(rcvsig)); if (!sigsecret) { return (CANT_CHECK_SIGNATURE); - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] CVS access
What's up with the cvs access? I'm getting this error now: no such user tcpdump in CVSROOT/passwd when logging in with the command cvs -d :pserver:[EMAIL PROTECTED]:/tcpdump/master login --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
Guy Harris [EMAIL PROTECTED] wrote: So what *is* this case? The error message is Cannot use different devices simultaneously; does that mean that you can have multiple instances of the same device open at the same time, but you can't have instances of more than one device open at the same time? At least with a packet-driver (not tested other types) one can have 1 instances open at the same time. But I'm not sure it's important to be able to open 2 pcap-handles on DOS (since we have no threads etc). We could probably leave the error-code as-is. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
Two more details: --- pcap-dos.c.orig Sat Apr 19 16:49:21 2008 +++ pcap-dos.cTue Apr 22 17:50:52 2008 @@ -1,6 +1,6 @@ /* * This file is part of DOS-libpcap - * Ported to DOS/DOSX by G. Vanem [EMAIL PROTECTED] + * Ported to DOS/DOSX by G. Vanem [EMAIL PROTECTED] * * pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode * network drivers. @@ -996,7 +996,7 @@ * Application config hooks to set various driver parameters. */ -static struct config_table debug_tab[] = { +static const struct config_table debug_tab[] = { { PKT.DEBUG, ARG_ATOI, pcap_pkt_debug}, { PKT.VECTOR, ARG_ATOX_W, NULL }, { NDIS.DEBUG, ARG_ATOI, NULL }, --- CREDITS.orig Fri Feb 08 00:34:49 2008 +++ CREDITS Tue Apr 22 18:06:13 2008 @@ -38,7 +38,7 @@ Fulko Hew fulko dot hew at gmail dot com Gianluca Varennivarenni at netgroup-serv dot polito dot it Gilbert Hoyek gil_hoyek at hotmail dot com - Gisle Vanem giva at bgnett dot no + Gisle Vanem gvanem at broadpark dot no Graeme Hewson ghewson at cix dot compulink dot co dot uk Greg Stark gsstark at mit dot edu Greg Troxel gdt at ir dot bbn dot com --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] msdos/pktdrvr.c
* gnuc.c not needed. * sys/pack*.h was renamed in a recent Watt-32 distro. --- msdos/pktdrvr.c.orig Sat Dec 18 07:52:14 2004 +++ msdos/pktdrvr.c Wed Dec 13 15:55:00 2006 @@ -21,7 +21,6 @@ #include string.h #include dos.h -#include gnuc.h #include pcap-dos.h #include pcap-int.h #include msdos/pktdrvr.h @@ -61,7 +60,7 @@ #if (DOSX (DJGPP|DOS4GW)) - #include sys/packon.h + #include sys/pack_on.h struct DPMI_regs { DWORD r_di; @@ -91,7 +90,7 @@ WORD _fanIndex; BYTE _PktReceiver[15]; /* starts on a paragraph (16byte) */ } PktRealStub; - #include sys/packoff.h + #include sys/pack_off.h static BYTE real_stub_array [] = { #include pkt_stub.inc /* generated opcode array */ --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] pcap-dos.c
The recent change for pcap_activate() broke the DOS-port. Here's a small fix: --- pcap-dos.c.orig Mon Apr 14 19:40:58 2008 +++ pcap-doc.cThu Apr 17 15:33:00 2008 @@ -97,10 +97,10 @@ static struct device *handle_to_device [20]; -static void pcap_activate_dos (pcap_t *p); +static int pcap_activate_dos (pcap_t *p); static int pcap_read_dos (pcap_t *p, int cnt, pcap_handler callback, u_char *data); -static void pcap_close_dos (pcap_t *p); +static void pcap_cleanup_dos (pcap_t *p); static int pcap_stats_dos (pcap_t *p, struct pcap_stat *ps); static int pcap_sendpacket_dos (pcap_t *p, const void *buf, size_t len); static int pcap_setfilter_dos (pcap_t *p, struct bpf_program *fp); @@ -152,6 +152,7 @@ return (NULL); p-activate_op = pcap_activate_dos; + p-md.device = device; return (p); } @@ -163,7 +164,7 @@ { int err = 0; - if (p-opt.rfmon) { + if (pcap-opt.rfmon) { /* * No monitor mode on DOS. */ @@ -201,7 +202,7 @@ Cannot use different devices simultaneously (`%s' vs. `%s'), active_dev-name, pcap-md.device); free (pcap); -err = PCAP_ERROR; +err = PCAP_ERROR_ACTIVATED; } handle_to_device [pcap-fd-1] = active_dev; return (err); @@ -743,7 +744,7 @@ fprintf (stderr, Catching signal %d.\n, sig); } exc_occured = 1; - pcap_close_dos (NULL); + pcap_cleanup_dos (NULL); } #endif /* __DJGPP__ */ --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
Guy Harris [EMAIL PROTECTED] wrote: @@ -201,7 +202,7 @@ Cannot use different devices simultaneously (`%s' vs. `%s'), active_dev-name, pcap-md.device); free (pcap); -err = PCAP_ERROR; +err = PCAP_ERROR_ACTIVATED; PCAP_ERROR_ACTIVATED means you've called pcap_activate() on a pcap_t that's already had pcap_activate() called on it; this is a different case. Ok, but I reckoned PCAP_ERROR was too vague. I'm not sure what errorcode would cover this case. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] typo in pcap.c
--- CVS-Latest/pcap.c Wed Oct 17 17:52:41 2007 +++ pcap.c Tue Nov 06 15:04:27 2007 @@ -789,7 +789,7 @@ int pcap_setmintocopy(pcap_t *p, int size) { - return p-setintocopy_op(p, size); + return p-setmintocopy_op(p, size); } static int --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Unknown Ntddndis.h values
The recent pcap-win32.c adds these link types: NdisMediumBare80211 NdisMediumRadio80211 Searching MS and Google came up blank on these. What values should these have? IMHO, something like this should be added to the top of pcap-win32.c: #ifndef NdisMediumBare80211 #define NdisMediumBare80211 10 #endif #ifndef NdisMediumRadio80211 #define NdisMediumRadio80211 11 #endif --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Missing af.h
Guy Harris [EMAIL PROTECTED] wrote: No - it, and af.c, should probably be generated from the stuff removed from print-bgp.c. I've checked in versions of af.c and af.h generated that way. netdissect.h isn't atomic; it needs stdint.h ahead of it (from tcpdump-stdinc.h). Hence: --- tcpdump-2006.02.26\af.c Sat Feb 25 19:42:32 2006 +++ af.cSun Feb 26 16:18:00 2006 @@ -32,6 +32,8 @@ @(#) $Header: /tcpdump/master/tcpdump/af.c,v 1.1 2006/02/25 20:42:32 guy Exp $ (LBL); #endif +#include tcpdump-stdinc.h + #include netdissect.h #include af.h --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Missing af.h
This file is needed by print-bgp.c, print-ldp.c and print-rip.c, but missing from the tar-ball. Should it be generated by configure? And the FILES list af.c as well. That's missing too. BTW. addrtoname.c on Win32 is missing ETHER_ADDR_LEN. A fix: --- tcpdump-2006.02.25\addrtoname.c Sat Feb 11 21:11:40 2006 +++ addrtoname.cSat Feb 25 17:26:17 2006 @@ -68,6 +68,10 @@ #include extract.h #include oui.h +#ifndef ETHER_ADDR_LEN +#include ether.h +#endif + /* * hash tables for whatever-to-name translations * --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] gettimeofday() on Win32
The recent (?) -G option requires gettimeofday() which isn't available on Win32. Attached is a patch to util.c which adds this function. --gv --- tcpdump-2005.12.03/util.c Thu Jun 16 00:19:38 2005 +++ util.c Sat Dec 03 17:01:05 2005 @@ -526,3 +526,44 @@ else printf(\\%03o, ch); } + +#ifdef WIN32 +/* + * Number of micro-seconds between the beginning of the Windows epoch + * (Jan. 1, 1601) and the Unix epoch (Jan. 1, 1970). + * + * This assumes all Win32 compilers have 64-bit support. + */ +#if defined(_MSC_VER) || defined(_MSC_EXTENSIONS) || defined(__WATCOMC__) + #define DELTA_EPOCH_IN_USEC 116444736Ui64 +#else + #define DELTA_EPOCH_IN_USEC 116444736ULL +#endif + +static u_int64_t filetime_to_unix_epoch (const FILETIME *ft) +{ + u_int64_t res = (u_int64_t) ft-dwHighDateTime 32; + + res |= ft-dwLowDateTime; + res /= 10; /* from 100 nano-sec periods to usec */ + res -= DELTA_EPOCH_IN_USEC; /* from Win epoch to Unix epoch */ + return (res); +} + +int gettimeofday (struct timeval *tv, void *tz _U_) +{ + FILETIME ft; + u_int64_t tim; + + if (!tv) { + errno = EINVAL; + return (-1); + } + GetSystemTimeAsFileTime (ft); + tim = filetime_to_unix_epoch (ft); + tv-tv_sec = (long) (tim / 100L); + tv-tv_usec = (long) (tim % 100L); + return (0); +} +#endif - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Watcom/Digital Mars patches
I've compiled tcpdump okay with these compilers and some small changes. Digital Mars doesn't allow conversion between unsigned and signed without a cast. So this is needed: --- tcpdump-2004.11.02/print-802_11.c Thu Sep 23 23:57:25 2004 +++ ./print-802_11.c Fri Oct 29 14:48:11 2004 @@ -964,7 +964,7 @@ rc = cpack_uint8(s, u.u8); break; case IEEE80211_RADIOTAP_DBM_TX_POWER: - rc = cpack_uint8(s, u.i8); + rc = cpack_int8(s, u.i8); break; case IEEE80211_RADIOTAP_TSFT: rc = cpack_uint64(s, u.u64); Watcom doesn't have sys/time.h and I can't see why it's needed (it's already in tcpdump-stdinc.h). --- tcpdump-2004.11.02/netdissect.h Thu Jul 22 00:00:10 2004 +++ ./netdissect.h Tue Nov 02 17:35:46 2004 @@ -31,7 +31,6 @@ #include os-proto.h #endif #include sys/types.h -#include sys/time.h #ifndef HAVE___ATTRIBUTE__ #define __attribute__(x) Alternatively add HAVE_SYS_TIME_H and update autoconf. Some other items: --- tcpdump-2004.11.02/print-isakmp.c Thu Mar 25 05:31:05 2004 +++ ./print-isakmp.c Fri Oct 29 14:52:28 2004 @@ -1201,7 +1201,7 @@ * XXX - what if item_len is too short, or too long, * for this payload type? */ - cp = (*NPFUNC(np))(ext, item_len, ep, phase, doi, proto, depth); + cp = (*npfunc[np])(ext, item_len, ep, phase, doi, proto, depth); } else { printf(%s, NPSTR(np)); cp += item_len; --- tcpdump-2004.11.02/print-snmp.c Tue Mar 23 08:59:15 2004 +++ ./print-snmp.c Wed Mar 24 18:05:11 2004 @@ -77,6 +77,8 @@ #include interface.h #include addrtoname.h +#undef OPAQUE /* defined in wingdi.h */ + /* * Universal ASN.1 types * (we only care about the tag values for those allowed in the Internet SMI) @@ -949,6 +951,8 @@ case SMI_BASETYPE_UNKNOWN: ok = 1; break; +default: + ok = 0; } return ok; --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] savefile.c patch
Guy Harris [EMAIL PROTECTED] said: Also, should we save the mode returned by setmode() and restore it when we close a pcap_t or pcap_dumper_t that refers to the standard input or output? Since pcap_dump_close() doesn't have a pcap_t argument, where should the oldmode come from? Can we have two module globals; oldmode_stdin, oldmode_stdout, assuming stdin/stdout won't be opened for capture more than once? Ideally it should be pcap_dump_flush(pcap_t *p), but too late to change that now. --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] savefile.c patch
I feel it's high time we cleanup some of the sources. I'd start with savefile.c. Currently it doesn't work for offline data from stdin. --gv --- libpcap-2004.05.20/savefile.c Tue Mar 23 21:18:08 2004 +++ savefile.c Wed Mar 24 16:29:06 2004 @@ -52,6 +52,12 @@ #define TCPDUMP_MAGIC 0xa1b2c3d4 #define PATCHED_TCPDUMP_MAGIC 0xa1b2cd34 +#if defined(WIN32) || defined(MSDOS) +#define SETMODE(file,mode) setmode(file,mode) +#else +#define SETMODE(file,mode) ((void)0) +#endif + /* * We use the receiver-makes-right approach to byte order, * because time is at a premium when we are writing the file. @@ -587,6 +593,7 @@ { if (p-sf.rfile != stdin) (void)fclose(p-sf.rfile); + elseSETMODE (fileno(stdin),O_TEXT); if (p-sf.base != NULL) free(p-sf.base); } @@ -607,15 +614,12 @@ } memset((char *)p, 0, sizeof(*p)); - - if (fname[0] == '-' fname[1] == '\0') + if (fname[0] == '-' fname[1] == '\0') { fp = stdin; + SETMODE(fileno(fp), O_BINARY); + } else { -#ifndef WIN32 - fp = fopen(fname, r); -#else fp = fopen(fname, rb); -#endif if (fp == NULL) { snprintf(errbuf, PCAP_ERRBUF_SIZE, %s: %s, fname, pcap_strerror(errno)); @@ -726,13 +730,15 @@ break; } -#ifndef WIN32 +#if !defined(WIN32) !defined(MSDOS) /* * You can do select() and poll() on plain files on most * platforms, and should be able to do so on pipes. * * You can't do select() on anything other than sockets in * Windows, so, on Win32 systems, we don't have selectable_fd. +* But one could use 'WaitForSingleObject()' on HANDLE obtained +* from '_get_osfhandle(p-selectable_fd)'. */ p-selectable_fd = fileno(fp); #endif @@ -748,8 +754,10 @@ return (p); bad: - if(fp) + if(fp fp != stdin) fclose(fp); + if (fp == stdin) + SETMODE (fileno(stdin),O_TEXT); free(p); return (NULL); } @@ -973,6 +981,7 @@ pcap_dump_open(pcap_t *p, const char *fname) { FILE *f; + pcap_dumper_t *pd; int linktype; linktype = dlt_to_linktype(p-linktype); @@ -985,26 +994,23 @@ if (fname[0] == '-' fname[1] == '\0') { f = stdout; -#ifdef WIN32 - _setmode(_fileno(f), _O_BINARY); -#endif + SETMODE(fileno(f), O_BINARY); } else { -#ifndef WIN32 - f = fopen(fname, w); -#else f = fopen(fname, wb); -#endif - if (f == NULL) { + setbuf(f, NULL);/* XXX - why? */ + } + + pd = (pcap_dumper_t*)f; + + if (!pd || sf_write_header(f, linktype, p-tzoff, p-snapshot) 0) { snprintf(p-errbuf, PCAP_ERRBUF_SIZE, %s: %s, fname, pcap_strerror(errno)); - return (NULL); + if (pd) + pcap_dump_close(pd); + pd = NULL; + f = NULL; } -#ifdef WIN32 - setbuf(f, NULL);/* XXX - why? */ -#endif - } - (void)sf_write_header(f, linktype, p-tzoff, p-snapshot); - return ((pcap_dumper_t *)f); + return (pd); } FILE * @@ -1026,11 +1032,15 @@ void pcap_dump_close(pcap_dumper_t *p) { + FILE *fil = (FILE*)p; #ifdef notyet - if (ferror((FILE *)p)) + if (ferror(fil)) return-an-error; /* XXX should check return from fclose() too */ #endif - (void)fclose((FILE *)p); + if (fil == stdin || fil == stdout) + SETMODE (fileno(fil),O_TEXT); + else + fclose (fil); } - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] tok2str() patch
I've had problem replying to the list, so this is just a test. BTW. tok2str() is still vulnerable. - Original Message - From: Gisle Vanem [EMAIL PROTECTED] To: tcpdump-workers [EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:26 PM Subject: [tcpdump-workers] tok2str() patch tok2str() is in several files used multiple times in the same printf() statement. This doesn't work if all values 'v' are unknown. I suggest we allow for max 4 buffer to be returned in a round-robin fashion. --- tcpdump-2004.03.24/util.c Mon Dec 29 12:07:17 2003 +++ util.c Wed Mar 24 20:22:23 2004 @@ -212,7 +212,9 @@ tok2str(register const struct tok *lp, register const char *fmt, register int v) { - static char buf[128]; + static char buf[4][128]; + static int idx = 0; + char *ret; while (lp-s != NULL) { if (lp-v == v) @@ -221,8 +223,10 @@ } if (fmt == NULL) fmt = #%d; - (void)snprintf(buf, sizeof(buf), fmt, v); - return (buf); + ret = buf[idx]; + (void)snprintf(ret, sizeof(buf[0]), fmt, v); + idx = (idx+1) 3; + return (const char*) ret; } --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.