diff --git a/.gitignore b/.gitignore index 21ab5b9..fc5ef7d 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ tcpdump-4.1.1.tar.gz /generate-tarball.sh /tcpdump-4.5.0-20131108gitb07944a.tar.gz /tcpdump-4.5.1.tar.gz +/tcpdump-4.6.2.tar.gz diff --git a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch new file mode 100644 index 0000000..29d6a4f --- /dev/null +++ b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch @@ -0,0 +1,26 @@ +From 854d1a18df48e793b627b638c6df7fd6fdf57554 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:34:24 +0200 +Subject: [PATCH 1/7] icmp6: print Reachable Time and Retransmit Time from + ICMPv6 as milliseconds + +--- + print-icmp6.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/print-icmp6.c b/print-icmp6.c +index 553bb46..e288630 100644 +--- a/print-icmp6.c ++++ b/print-icmp6.c +@@ -1053,7 +1053,7 @@ icmp6_print(netdissect_options *ndo, + p = (struct nd_router_advert *)dp; + ND_TCHECK(p->nd_ra_retransmit); + ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ +- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", ++ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", + (u_int)p->nd_ra_curhoplimit, + bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), + get_rtpref(p->nd_ra_flags_reserved), +-- +1.8.3.1 + diff --git a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch new file mode 100644 index 0000000..514cb90 --- /dev/null +++ b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -0,0 +1,106 @@ +From e003824412501b060b1c4301c5cef7138c51d630 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:12:46 +0200 +Subject: [PATCH 2/7] Use getnameinfo instead of gethostbyaddr + +--- + addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 46 insertions(+), 2 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index eb0b2ae..277751d 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -221,7 +221,6 @@ static uint32_t f_localnet; + const char * + getname(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + uint32_t addr; + static struct hnamemem *p; /* static for longjmp() */ + +@@ -243,6 +242,28 @@ getname(netdissect_options *ndo, const u_char *ap) + */ + if (!ndo->ndo_nflag && + (addr & f_netmask) == f_localnet) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin_family = AF_INET; ++ sa.sin_addr.s_addr = addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, 4, AF_INET); + if (hp) { + char *dotp; +@@ -256,6 +277,7 @@ getname(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + p->name = strdup(intoa(addr)); + return (p->name); +@@ -269,7 +291,6 @@ getname(netdissect_options *ndo, const u_char *ap) + const char * + getname6(netdissect_options *ndo, const u_char *ap) + { +- register struct hostent *hp; + union { + struct in6_addr addr; + struct for_hash_addr { +@@ -294,6 +315,28 @@ getname6(netdissect_options *ndo, const u_char *ap) + * Do not print names if -n was given. + */ + if (!ndo->ndo_nflag) { ++#ifdef HAVE_GETNAMEINFO ++ struct sockaddr_in6 sa; ++ char hbuf[NI_MAXHOST]; ++ ++ memset(&sa, 0, sizeof (sa)); ++ sa.sin6_family = AF_INET6; ++ sa.sin6_addr = addr.addr; ++ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), ++ hbuf, sizeof (hbuf), NULL, 0, 0)) { ++ if (ndo->ndo_Nflag) { ++ char *dotp; ++ ++ /* Remove domain qualifications */ ++ dotp = strchr(hbuf, '.'); ++ if (dotp) ++ *dotp = '\0'; ++ } ++ p->name = strdup(hbuf); ++ return p->name; ++ } ++#else ++ register struct hostent *hp; + hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); + if (hp) { + char *dotp; +@@ -307,6 +350,7 @@ getname6(netdissect_options *ndo, const u_char *ap) + } + return (p->name); + } ++#endif + } + cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); + p->name = strdup(cp); +-- +1.8.3.1 + diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch new file mode 100644 index 0000000..074854b --- /dev/null +++ b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -0,0 +1,93 @@ +From 964bd27d3544cf952db1820c0badb79a71227b12 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:32:43 +0200 +Subject: [PATCH 3/7] Drop root priviledges before opening first savefile if + running with -Z root + +--- + tcpdump.1.in | 7 ++++++- + tcpdump.c | 34 +++++++++++++++++++++++++++++++--- + 2 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/tcpdump.1.in b/tcpdump.1.in +index a966469..e3a6ef4 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -241,6 +241,9 @@ have the name specified with the + flag, with a number after it, starting at 1 and continuing upward. + The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, + not 1,048,576 bytes). ++ ++Note that when used with \fB\-Z\fR option (enabled by default), privileges ++are dropped before opening first savefile. + .TP + .B \-d + Dump the compiled packet-matching code in a human readable form to +@@ -848,7 +851,9 @@ but before opening any savefiles for output, change the user ID to + and the group ID to the primary group of + .IR user . + .IP +-This behavior can also be enabled by default at compile time. ++This behavior is enabled by default (\fB\-Z tcpdump\fR), and can ++be disabled by \fB\-Z root\fR. ++ + .IP "\fI expression\fP" + .RS + selects which packets will be dumped. +diff --git a/tcpdump.c b/tcpdump.c +index 8d615d7..9110ccf 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -1699,11 +1699,24 @@ main(int argc, char **argv) + } + #endif /* HAVE_CAP_NG_H */ + +- if (getuid() == 0 || geteuid() == 0) { +- if (username || chroot_dir) ++ /* If user is running tcpdump as root and wants to write to the savefile, ++ * we will check if -C is set and if it is, we will drop root ++ * privileges right away and consequent call to pcap_dump_open() ++ * will most likely fail for the first file. If -C flag is not set we ++ * will create file as root then change ownership of file to proper ++ * user(default tcpdump) and drop root privileges. ++ */ ++ int chown_flag = 0; ++ ++ if (WFileName && (getuid() == 0 || geteuid() == 0)) ++ if (Cflag && (username || chroot_dir)) ++ droproot(username, chroot_dir); ++ else ++ chown_flag = 1; ++ else ++ if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir)) + droproot(username, chroot_dir); + +- } + #endif /* WIN32 */ + + if (pcap_setfilter(pd, &fcode) < 0) +@@ -1738,6 +1751,21 @@ main(int argc, char **argv) + MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); + + p = pcap_dump_open(pd, dumpinfo.CurrentFileName); ++ ++ /* Change ownership of file and drop root privileges */ ++ if (chown_flag) { ++ struct passwd *pwd; ++ ++ pwd = getpwnam(username); ++ if (!pwd) ++ error("Couldn't find user '%s'", username); ++ ++ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) ++ error("Couldn't change ownership of savefile"); ++ ++ if (username || chroot_dir) ++ droproot(username, chroot_dir); ++ } + #ifdef HAVE_CAP_NG_H + /* Give up capabilities, clear Effective set */ + capng_clear(CAPNG_EFFECTIVE); +-- +1.8.3.1 + diff --git a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch new file mode 100644 index 0000000..1482a9f --- /dev/null +++ b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch @@ -0,0 +1,88 @@ +From e029973991cf404936e67bafb4b5f94efd3a06cc Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 14:43:04 +0200 +Subject: [PATCH 4/7] tcpslice: update tcpslice patch to 1.2a3 + +--- + tcpslice-1.2a3/search.c | 22 +++++++++++++++------- + tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++ + 2 files changed, 35 insertions(+), 7 deletions(-) + +diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c +index 1e2d051..23aa105 100644 +--- a/tcpslice-1.2a3/search.c ++++ b/tcpslice-1.2a3/search.c +@@ -53,7 +53,7 @@ static const char rcsid[] = + /* Size of a packet header in bytes; easier than typing the sizeof() all + * the time ... + */ +-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) ++#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) + + extern int snaplen; + +@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time + static void + extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) + { +- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); ++ struct pcap_sf_pkthdr hdri; ++ ++ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); + + if ( pcap_is_swapped( p ) ) + { +- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); +- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); +- hdr->len = SWAPLONG(hdr->len); +- hdr->caplen = SWAPLONG(hdr->caplen); ++ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); ++ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); ++ hdr->len = SWAPLONG(hdri.len); ++ hdr->caplen = SWAPLONG(hdri.caplen); ++ } ++ else ++ { ++ hdr->ts.tv_sec = hdri.ts.tv_sec; ++ hdr->ts.tv_usec = hdri.ts.tv_usec; ++ hdr->len = hdri.len; ++ hdr->caplen = hdri.caplen; + } +- + /* + * From bpf/libpcap/savefile.c: + * +diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h +index de4a01c..9b220de 100644 +--- a/tcpslice-1.2a3/tcpslice.h ++++ b/tcpslice-1.2a3/tcpslice.h +@@ -20,6 +20,26 @@ + */ + + ++#include ++/* #include */ ++ ++/* ++ * This is a timeval as stored in disk in a dumpfile. ++ * It has to use the same types everywhere, independent of the actual ++ * `struct timeval' ++ */ ++ ++struct pcap_timeval { ++ bpf_int32 tv_sec; /* seconds */ ++ bpf_int32 tv_usec; /* microseconds */ ++}; ++ ++struct pcap_sf_pkthdr { ++ struct pcap_timeval ts; /* time stamp */ ++ bpf_u_int32 caplen; /* length of portion present */ ++ bpf_u_int32 len; /* length this packet (off wire) */ ++}; ++ + time_t gwtm2secs( struct tm *tm ); + + int sf_find_end( struct pcap *p, struct timeval *first_timestamp, +-- +1.8.3.1 + diff --git a/0005-tcpslice-remove-unneeded-include.patch b/0005-tcpslice-remove-unneeded-include.patch new file mode 100644 index 0000000..cb2b542 --- /dev/null +++ b/0005-tcpslice-remove-unneeded-include.patch @@ -0,0 +1,26 @@ +From c919edf76b8bd2360e50a6155588abdf03481244 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:06:54 +0200 +Subject: [PATCH 5/7] tcpslice: remove unneeded include + +net/bpf.h doesn't exist on Linux. +--- + tcpslice-1.2a3/tcpslice.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index e73d76f..895e54f 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -35,8 +35,6 @@ static const char rcsid[] = + #include + #include + +-#include +- + #include + #ifdef HAVE_FCNTL_H + #include +-- +1.8.3.1 + diff --git a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch new file mode 100644 index 0000000..4438157 --- /dev/null +++ b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch @@ -0,0 +1,27 @@ +From a6a4b6fdb966ca408411d9002082f3a112b1c365 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 15:19:44 +0200 +Subject: [PATCH 6/7] tcpslice: don't test the pointer but pointee for NULL + +--- + tcpslice-1.2a3/tcpslice.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c +index 895e54f..a91439b 100644 +--- a/tcpslice-1.2a3/tcpslice.c ++++ b/tcpslice-1.2a3/tcpslice.c +@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr) + + while (isdigit(*t_stop)) + ++t_stop; +- if (! t_stop) ++ ++ if (!(*t_stop)) ++ /* we've reached end of string -> bad date format */ + error("bad date format %s, problem starting at %s", + time_string, t_start); + +-- +1.8.3.1 + diff --git a/0007-Introduce-nn-option.patch b/0007-Introduce-nn-option.patch new file mode 100644 index 0000000..b7682b6 --- /dev/null +++ b/0007-Introduce-nn-option.patch @@ -0,0 +1,55 @@ +From c653dd118fce60a16f0d17e983fc4693bf1287bd Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 20 Oct 2014 13:26:38 +0200 +Subject: [PATCH 7/7] Introduce -nn option + +This changes the semantics on -n option so only namelookups are skipped. Port +numbers *are* translated to their string representations. Option -nn then has +the same semantics as -n had originally. +--- + addrtoname.c | 4 ++-- + tcpdump.1.in | 6 +++++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/addrtoname.c b/addrtoname.c +index 277751d..ed8376b 100644 +--- a/addrtoname.c ++++ b/addrtoname.c +@@ -787,7 +787,7 @@ init_servarray(netdissect_options *ndo) + + while (table->name) + table = table->nxt; +- if (ndo->ndo_nflag) { ++ if (ndo->ndo_nflag > 1) { + (void)snprintf(buf, sizeof(buf), "%d", port); + table->name = strdup(buf); + } else +@@ -1187,7 +1187,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) + f_localnet = localnet; + f_netmask = mask; + } +- if (ndo->ndo_nflag) ++ if (ndo->ndo_nflag > 1) + /* + * Simplest way to suppress names. + */ +diff --git a/tcpdump.1.in b/tcpdump.1.in +index e3a6ef4..a8e65c2 100644 +--- a/tcpdump.1.in ++++ b/tcpdump.1.in +@@ -532,7 +532,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in + TCP segments with the TCP-MD5 option (RFC 2385), if present. + .TP + .B \-n +-Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. ++Don't convert host addresses to names. This can be used to avoid ++DNS lookups. ++.TP ++.B \-nn ++Don't convert protocol and port numbers etc. to names either. + .TP + .B \-N + Don't print domain name qualification of host names. +-- +1.8.3.1 + diff --git a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch new file mode 100644 index 0000000..371e4e3 --- /dev/null +++ b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch @@ -0,0 +1,39 @@ +From 780db0477c304196a700894bdfd9a3096b5857fd Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 21 Oct 2014 13:37:24 +0200 +Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping + it. + +--- + tcpdump.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/tcpdump.c b/tcpdump.c +index 9110ccf..8ce9102 100644 +--- a/tcpdump.c ++++ b/tcpdump.c +@@ -726,9 +726,7 @@ droproot(const char *username, const char *chroot_dir) + if (ret < 0) { + fprintf(stderr, "error : ret %d\n", ret); + } +- else { +- printf("dropped privs to %s\n", username); +- } ++ + /* We don't need CAP_SETUID and CAP_SETGID */ + capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); + capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID); +@@ -746,9 +744,7 @@ droproot(const char *username, const char *chroot_dir) + pcap_strerror(errno)); + exit(1); + } +- else { +- printf("dropped privs to %s\n", username); +- } ++ + #endif /* HAVE_CAP_NG_H */ + } + else { +-- +1.8.3.1 + diff --git a/sources b/sources index d5d4ea8..c965793 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -973a2513d0076e34aa9da7e15ed98e1b tcpdump-4.5.1.tar.gz +74d0d3728b3cdc60db872d842e7f1598 tcpdump-4.6.2.tar.gz e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz diff --git a/tcpdump-4.0.0-icmp6msec.patch b/tcpdump-4.0.0-icmp6msec.patch deleted file mode 100644 index 912bd94..0000000 --- a/tcpdump-4.0.0-icmp6msec.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up tcpdump/print-icmp6.c.icmp6msec tcpdump/print-icmp6.c ---- tcpdump/print-icmp6.c.icmp6msec 2009-08-19 00:02:37.000000000 +0200 -+++ tcpdump/print-icmp6.c 2009-08-20 16:33:59.000000000 +0200 -@@ -397,7 +397,7 @@ icmp6_print(const u_char *bp, u_int leng - p = (struct nd_router_advert *)dp; - TCHECK(p->nd_ra_retransmit); - printf("\n\thop limit %u, Flags [%s]" \ -- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", -+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", - (u_int)p->nd_ra_curhoplimit, - bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), - get_rtpref(p->nd_ra_flags_reserved), diff --git a/tcpdump-4.0.0-portnumbers.patch b/tcpdump-4.0.0-portnumbers.patch deleted file mode 100644 index 22bd2f2..0000000 --- a/tcpdump-4.0.0-portnumbers.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up tcpdump-3.9.8/addrtoname.c.portnumbers tcpdump-3.9.8/addrtoname.c ---- tcpdump-3.9.8/addrtoname.c.portnumbers 2007-09-26 03:59:52.000000000 +0200 -+++ tcpdump-3.9.8/addrtoname.c 2008-08-29 13:53:12.000000000 +0200 -@@ -704,7 +704,7 @@ init_servarray(void) - - while (table->name) - table = table->nxt; -- if (nflag) { -+ if (nflag > 1) { - (void)snprintf(buf, sizeof(buf), "%d", port); - table->name = strdup(buf); - } else -@@ -1104,7 +1104,7 @@ init_addrtoname(u_int32_t localnet, u_in - f_localnet = localnet; - f_netmask = mask; - } -- if (nflag) -+ if (nflag > 1) - /* - * Simplest way to suppress names. - */ -diff -up tcpdump-3.9.8/tcpdump.1.portnumbers tcpdump-3.9.8/tcpdump.1 ---- tcpdump-3.9.8/tcpdump.1.in.portnumbers 2008-08-29 13:53:12.000000000 +0200 -+++ tcpdump-3.9.8/tcpdump.1.in 2008-08-29 13:53:12.000000000 +0200 -@@ -403,7 +403,11 @@ Use \fIsecret\fP as a shared secret for - TCP segments with the TCP-MD5 option (RFC 2385), if present. - .TP - .B \-n --Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. -+Don't convert host addresses to names. This can be used to avoid -+DNS lookups. -+.TP -+.B \-nn -+Don't convert protocol and port numbers etc. to names either. - .TP - .B \-N - Don't print domain name qualification of host names. diff --git a/tcpdump-4.1.1-manpagefix.patch b/tcpdump-4.1.1-manpagefix.patch deleted file mode 100644 index b97630e..0000000 --- a/tcpdump-4.1.1-manpagefix.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up ./tcpdump.1.in.orig ./tcpdump.1.in ---- ./tcpdump.1.in.orig 2010-03-12 02:56:44.000000000 +0100 -+++ ./tcpdump.1.in 2011-08-24 14:47:56.000000000 +0200 -@@ -256,7 +256,7 @@ Print the link-level header on each dump - .B \-E - Use \fIspi@ipaddr algo:secret\fP for decrypting IPsec ESP packets that - are addressed to \fIaddr\fP and contain Security Parameter Index value --\fIspi\fP. This combination may be repeated with comma or newline seperation. -+\fIspi\fP. This combination may be repeated with comma or newline separation. - .IP - Note that setting the secret for IPv4 ESP packets is supported at this time. - .IP -@@ -272,7 +272,7 @@ The ability to decrypt packets is only p - with cryptography enabled. - .IP - \fIsecret\fP is the ASCII text for ESP secret key. --If preceeded by 0x, then a hex value will be read. -+If preceded by 0x, then a hex value will be read. - .IP - The option assumes RFC2406 ESP, not RFC1827 ESP. - The option is only for debugging purposes, and -@@ -998,7 +998,7 @@ Recall the structure of a TCP header wit - ----------------------------------------------------------------- - | sequence number | - ----------------------------------------------------------------- --| acknowledgment number | -+| acknowledgement number | - ----------------------------------------------------------------- - | HL | rsvd |C|E|U|A|P|R|S|F| window size | - ----------------------------------------------------------------- -@@ -1281,7 +1281,7 @@ Be warned that with -v a single SMB pack - may take up a page or more, so only use -v if you really want all the - gory details. - --For information on SMB packet formats and what all te fields mean see -+For information on SMB packet formats and what all the fields mean see - www.cifs.org or the pub/samba/specs/ directory on your favorite - samba.org mirror site. - The SMB patches were written by Andrew Tridgell diff --git a/tcpdump-4.1.1-testsuite.patch b/tcpdump-4.1.1-testsuite.patch deleted file mode 100644 index 0cff372..0000000 --- a/tcpdump-4.1.1-testsuite.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up tcpdump-4.1.1/tests/TESTLIST.testsuite tcpdump-4.1.1/tests/TESTLIST ---- tcpdump-4.1.1/tests/TESTLIST.testsuite 2010-03-12 02:56:44.000000000 +0100 -+++ tcpdump-4.1.1/tests/TESTLIST 2010-04-06 14:33:20.000000000 +0200 -@@ -11,7 +11,7 @@ esp2 08-sunrise-sunset-esp2.pcap esp2.ou - esp3 02-sunrise-sunset-esp.pcap esp1.out -t -E "3des-cbc-hmac96:0x4043434545464649494a4a4c4c4f4f515152525454575758" - esp4 08-sunrise-sunset-esp2.pcap esp2.out -t -E "file esp-secrets.txt" - esp5 08-sunrise-sunset-aes.pcap esp5.out -t -E "file esp-secrets.txt" --espudp1 espudp1.pcap espudp1.out -t -E "file esp-secrets.txt" -+#espudp1 espudp1.pcap espudp1.out -t -E "file esp-secrets.txt" - - # ISAKMP tests - isakmp1 isakmp-delete-segfault.pcap isakmp1.out -t -diff -up tcpdump-4.1.1/tests/TESTonce.testsuite tcpdump-4.1.1/tests/TESTonce ---- tcpdump-4.1.1/tests/TESTonce.testsuite 2010-03-12 02:56:44.000000000 +0100 -+++ tcpdump-4.1.1/tests/TESTonce 2010-04-06 14:31:12.000000000 +0200 -@@ -40,7 +40,7 @@ if (! -f $input) { - } - - print " "; --exec("../tcpdump -n -r $input $options | tee NEW/$output | diff -w - $output >DIFF/$output.diff"); -+exec("../tcpdump -nn -r $input $options | tee NEW/$output | diff -w - $output >DIFF/$output.diff"); - @cores = glob("core*"); - exit 10 if (@cores > 0); - exit 0; -diff -up tcpdump-4.1.1/tests/espudp1.out.testsuite tcpdump-4.1.1/tests/espudp1.out -diff -up tcpdump-4.1.1/tests/lmp.sh.testsuite tcpdump-4.1.1/tests/lmp.sh ---- tcpdump-4.1.1/tests/lmp.sh.testsuite 2010-03-12 02:56:45.000000000 +0100 -+++ tcpdump-4.1.1/tests/lmp.sh 2010-04-06 14:31:29.000000000 +0200 -@@ -3,7 +3,7 @@ - uudecode lmp.puu - - echo -n test lmp ... --../tcpdump -t -n -v -v -v -r lmp.pcap >lmp.new -+../tcpdump -t -nn -v -v -v -r lmp.pcap >lmp.new - if diff lmp.new lmp.out - then - echo passed. -diff -up tcpdump-4.1.1/tests/print-flags.sh.testsuite tcpdump-4.1.1/tests/print-flags.sh ---- tcpdump-4.1.1/tests/print-flags.sh.testsuite 2010-03-12 02:56:45.000000000 +0100 -+++ tcpdump-4.1.1/tests/print-flags.sh 2010-04-06 14:38:15.000000000 +0200 -@@ -3,7 +3,7 @@ - uudecode print-flags.puu - - for i in x xx X XX A AA; do -- if (../tcpdump -$i -s0 -nr print-flags.pcap | tee NEW/print-$i.new | diff - print-$i.out >DIFF/print-$i.out.diff ) -+ if (TZ=UTC+5 ../tcpdump -$i -s0 -nnr print-flags.pcap | tee NEW/print-$i.new | diff - print-$i.out >DIFF/print-$i.out.diff ) - then - echo print-$i passed. - else diff --git a/tcpdump-4.4.0-eperm.patch b/tcpdump-4.4.0-eperm.patch deleted file mode 100644 index 5750a8a..0000000 --- a/tcpdump-4.4.0-eperm.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up tcpdump-4.4.0/tcpdump.1.in.eperm tcpdump-4.4.0/tcpdump.1.in ---- tcpdump-4.4.0/tcpdump.1.in.eperm 2013-10-07 15:21:26.795602764 +0200 -+++ tcpdump-4.4.0/tcpdump.1.in 2013-10-07 15:21:26.800602762 +0200 -@@ -221,6 +221,9 @@ have the name specified with the - flag, with a number after it, starting at 1 and continuing upward. - The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, - not 1,048,576 bytes). -+ -+Note that when used with \fB\-Z\fR option (enabled by default), privileges -+are dropped before opening first savefile. - .TP - .B \-d - Dump the compiled packet-matching code in a human readable form to -@@ -720,7 +723,9 @@ but before opening any savefiles for out - and the group ID to the primary group of - .IR user . - .IP --This behavior can also be enabled by default at compile time. -+This behavior is enabled by default (\fB\-Z tcpdump\fR), and can -+be disabled by \fB\-Z root\fR. -+ - .IP "\fI expression\fP" - .RS - selects which packets will be dumped. -diff -up tcpdump-4.4.0/tcpdump.c.eperm tcpdump-4.4.0/tcpdump.c ---- tcpdump-4.4.0/tcpdump.c.eperm 2013-03-24 22:49:18.000000000 +0100 -+++ tcpdump-4.4.0/tcpdump.c 2013-10-07 15:22:26.360590143 +0200 -@@ -1426,11 +1426,24 @@ main(int argc, char **argv) - } - #endif /* HAVE_CAP_NG_H */ - -- if (getuid() == 0 || geteuid() == 0) { -- if (username || chroot_dir) -+ /* If user is running tcpdump as root and wants to write to the savefile, -+ * we will check if -C is set and if it is, we will drop root -+ * privileges right away and consequent call to pcap_dump_open() -+ * will most likely fail for the first file. If -C flag is not set we -+ * will create file as root then change ownership of file to proper -+ * user(default tcpdump) and drop root privileges. -+ */ -+ int chown_flag = 0; -+ -+ if (WFileName && (getuid() == 0 || geteuid() == 0)) -+ if (Cflag && (username || chroot_dir)) -+ droproot(username, chroot_dir); -+ else -+ chown_flag = 1; -+ else -+ if ((getuid() == 0 || geteuid() == 0) && (username || chroot_dir)) - droproot(username, chroot_dir); - -- } - #endif /* WIN32 */ - - if (pcap_setfilter(pd, &fcode) < 0) -@@ -1450,6 +1463,21 @@ main(int argc, char **argv) - MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); - - p = pcap_dump_open(pd, dumpinfo.CurrentFileName); -+ -+ /* Change ownership of file and drop root privileges */ -+ if (chown_flag) { -+ struct passwd *pwd; -+ -+ pwd = getpwnam(username); -+ if (!pwd) -+ error("Couldn't find user '%s'", username); -+ -+ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) -+ error("Couldn't change ownership of savefile"); -+ -+ if (username || chroot_dir) -+ droproot(username, chroot_dir); -+ } - #ifdef HAVE_CAP_NG_H - /* Give up capabilities, clear Effective set */ - capng_clear(CAPNG_EFFECTIVE); diff --git a/tcpdump-4.5.0-gethostby.patch b/tcpdump-4.5.0-gethostby.patch deleted file mode 100644 index f1cf324..0000000 --- a/tcpdump-4.5.0-gethostby.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -up tcpdump-4.5.0/addrtoname.c.gethostby tcpdump-4.5.0/addrtoname.c ---- tcpdump-4.5.0/addrtoname.c.gethostby 2013-11-08 09:03:52.166752012 +0100 -+++ tcpdump-4.5.0/addrtoname.c 2013-11-08 09:04:57.792747210 +0100 -@@ -224,7 +224,6 @@ static u_int32_t f_localnet; - const char * - getname(const u_char *ap) - { -- register struct hostent *hp; - u_int32_t addr; - static struct hnamemem *p; /* static for longjmp() */ - -@@ -246,6 +245,28 @@ getname(const u_char *ap) - */ - if (!nflag && - (addr & f_netmask) == f_localnet) { -+#ifdef HAVE_GETNAMEINFO -+ struct sockaddr_in sa; -+ char hbuf[NI_MAXHOST]; -+ -+ memset(&sa, 0, sizeof (sa)); -+ sa.sin_family = AF_INET; -+ sa.sin_addr.s_addr = addr; -+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), -+ hbuf, sizeof (hbuf), NULL, 0, 0)) { -+ if (Nflag) { -+ char *dotp; -+ -+ /* Remove domain qualifications */ -+ dotp = strchr(hbuf, '.'); -+ if (dotp) -+ *dotp = '\0'; -+ } -+ p->name = strdup(hbuf); -+ return p->name; -+ } -+#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, 4, AF_INET); - if (hp) { - char *dotp; -@@ -259,6 +280,7 @@ getname(const u_char *ap) - } - return (p->name); - } -+#endif - } - p->name = strdup(intoa(addr)); - return (p->name); -@@ -272,7 +294,6 @@ getname(const u_char *ap) - const char * - getname6(const u_char *ap) - { -- register struct hostent *hp; - union { - struct in6_addr addr; - struct for_hash_addr { -@@ -297,6 +318,28 @@ getname6(const u_char *ap) - * Do not print names if -n was given. - */ - if (!nflag) { -+#ifdef HAVE_GETNAMEINFO -+ struct sockaddr_in6 sa; -+ char hbuf[NI_MAXHOST]; -+ -+ memset(&sa, 0, sizeof (sa)); -+ sa.sin6_family = AF_INET6; -+ sa.sin6_addr = addr.addr; -+ if (!getnameinfo((struct sockaddr *)&sa, sizeof (sa), -+ hbuf, sizeof (hbuf), NULL, 0, 0)) { -+ if (Nflag) { -+ char *dotp; -+ -+ /* Remove domain qualifications */ -+ dotp = strchr(hbuf, '.'); -+ if (dotp) -+ *dotp = '\0'; -+ } -+ p->name = strdup(hbuf); -+ return p->name; -+ } -+#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); - if (hp) { - char *dotp; -@@ -310,6 +353,7 @@ getname6(const u_char *ap) - } - return (p->name); - } -+#endif - } - cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); - p->name = strdup(cp); diff --git a/tcpdump.spec b/tcpdump.spec index 44e6e58..ce06d3b 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,25 +1,25 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 -Version: 4.5.1 -Release: 3%{?dist} +Version: 4.6.2 +Release: 1%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet Requires(pre): shadow-utils -BuildRequires: openssl-devel libpcap-devel -BuildRequires: automake sharutils +BuildRequires: automake sharutils openssl-devel libpcap-devel git Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz -Patch1: tcpdump-4.0.0-portnumbers.patch -Patch2: tcpdump-4.0.0-icmp6msec.patch -Patch3: tcpdump-4.5.0-gethostby.patch -Patch4: tcpdump-4.4.0-eperm.patch -Patch5: tcpslice-1.2a3-time.patch -Patch6: tcpslice-CVS.20010207-bpf.patch -Patch7: tcpslice-1.2a3-dateformat.patch +Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch +Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +Patch0005: 0005-tcpslice-remove-unneeded-include.patch +Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +Patch0007: 0007-Introduce-nn-option.patch +Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch %define tcpslice_dir tcpslice-1.2a3 @@ -32,20 +32,7 @@ the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %prep -%setup -q -a 1 - -%patch1 -p1 -b .portnumbers -%patch2 -p1 -b .icmp6msec -%patch3 -p1 -b .gethostby -%patch4 -p1 -b .eperm - -pushd %{tcpslice_dir} -%patch5 -p1 -b .time -%patch6 -p1 -b .bpf -%patch7 -p1 -b .dateformat -popd - -find . -name '*.c' -o -name '*.h' | xargs chmod 644 +%autosetup -a 1 -S git %build export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing" @@ -95,6 +82,9 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Mon Oct 20 2014 Michal Sekletar - 14:4.6.2-1 +- update to 4.6.2 (#1124289) + * Mon Aug 18 2014 Fedora Release Engineering - 14:4.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/tcpslice-1.2a3-dateformat.patch b/tcpslice-1.2a3-dateformat.patch deleted file mode 100644 index dd59457..0000000 --- a/tcpslice-1.2a3-dateformat.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up tcpslice-1.2a3/tcpslice.c.orig tcpslice-1.2a3/tcpslice.c ---- tcpslice-1.2a3/tcpslice.c.orig 2005-10-25 00:06:26.000000000 +0200 -+++ tcpslice-1.2a3/tcpslice.c 2011-08-24 13:12:53.215962428 +0200 -@@ -404,7 +404,9 @@ fill_tm(char *time_string, int is_delta, - - while (isdigit(*t_stop)) - ++t_stop; -- if (! t_stop) -+ -+ if (!(*t_stop)) -+ /* we've reached end of string -> bad date format */ - error("bad date format %s, problem starting at %s", - time_string, t_start); - diff --git a/tcpslice-1.2a3-time.patch b/tcpslice-1.2a3-time.patch deleted file mode 100644 index c59448d..0000000 --- a/tcpslice-1.2a3-time.patch +++ /dev/null @@ -1,71 +0,0 @@ ---- tcpslice-1.2a3.orig/search.c 2000-09-10 10:52:40.000000000 +0200 -+++ tcpslice-1.2a3/search.c 2006-07-28 14:56:55.000000000 +0200 -@@ -53,7 +53,7 @@ - /* Size of a packet header in bytes; easier than typing the sizeof() all - * the time ... - */ --#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) -+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) - - extern int snaplen; - -@@ -111,16 +111,24 @@ - static void - extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) - { -- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); -+ struct pcap_sf_pkthdr hdri; -+ -+ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); - - if ( pcap_is_swapped( p ) ) - { -- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); -- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); -- hdr->len = SWAPLONG(hdr->len); -- hdr->caplen = SWAPLONG(hdr->caplen); -+ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); -+ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); -+ hdr->len = SWAPLONG(hdri.len); -+ hdr->caplen = SWAPLONG(hdri.caplen); -+ } -+ else -+ { -+ hdr->ts.tv_sec = hdri.ts.tv_sec; -+ hdr->ts.tv_usec = hdri.ts.tv_usec; -+ hdr->len = hdri.len; -+ hdr->caplen = hdri.caplen; - } -- - /* - * From bpf/libpcap/savefile.c: - * ---- tcpslice-1.2a3.orig/tcpslice.h 1995-11-02 00:40:53.000000000 +0100 -+++ tcpslice-1.2a3/tcpslice.h 2006-07-28 14:56:55.000000000 +0200 -@@ -20,6 +20,26 @@ - */ - - -+#include -+/* #include */ -+ -+/* -+ * This is a timeval as stored in disk in a dumpfile. -+ * It has to use the same types everywhere, independent of the actual -+ * `struct timeval' -+ */ -+ -+struct pcap_timeval { -+ bpf_int32 tv_sec; /* seconds */ -+ bpf_int32 tv_usec; /* microseconds */ -+}; -+ -+struct pcap_sf_pkthdr { -+ struct pcap_timeval ts; /* time stamp */ -+ bpf_u_int32 caplen; /* length of portion present */ -+ bpf_u_int32 len; /* length this packet (off wire) */ -+}; -+ - time_t gwtm2secs( struct tm *tm ); - - int sf_find_end( struct pcap *p, struct timeval *first_timestamp, diff --git a/tcpslice-CVS.20010207-bpf.patch b/tcpslice-CVS.20010207-bpf.patch deleted file mode 100644 index 8aaad3b..0000000 --- a/tcpslice-CVS.20010207-bpf.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur tcpdump-3.8.1/tcpslice/tcpslice.c tcpdump-3.8.1.new/tcpslice/tcpslice.c ---- tcpslice/tcpslice.c 2004-01-15 17:35:53.000000000 +0100 -+++ tcpslice/tcpslice.c 2004-01-15 16:12:57.000000000 +0100 -@@ -35,7 +35,7 @@ - #include - #include - --#include -+/* #include */ - - #include - #ifdef HAVE_FCNTL_H