Hello community, here is the log from the commit of package tcpdump.3508 for openSUSE:13.1:Update checked in at 2015-02-13 15:58:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/tcpdump.3508 (Old) and /work/SRC/openSUSE:13.1:Update/.tcpdump.3508.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcpdump.3508" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.tcpdump.3508.new/tcpdump.changes 2015-02-13 15:58:44.000000000 +0100 @@ -0,0 +1,518 @@ +------------------------------------------------------------------- +Fri Feb 6 12:29:26 UTC 2015 - [email protected] + +- fix CVE-2014-8767 (bnc#905870) + * denial of service in verbose mode using malformed OLSR payload + * added tcpdump-CVE-2014-8767.patch +- fix CVE-2014-8769 (bnc#905872) + * unreliable output using malformed AOVD payload + * added tcpdump-CVE-2014-8769.patch + * added 0001-Clean-up-error-message-printing.patch + +------------------------------------------------------------------- +Fri Sep 13 20:37:14 UTC 2013 - [email protected] + +- verify source signature + +------------------------------------------------------------------- +Wed Sep 11 11:51:41 UTC 2013 - [email protected] + +- update to 4.4.0 + - RPKI-RTR (RFC6810) is now official (TCP Port 323) + - Fix detection of OpenSSL libcrypto. + - Add DNSSL (RFC6106) support. + - Add "radius" as an option for -T. + - Update Action codes for handle_action function according to + 802.11s amendment. + - Decode DHCPv6 AFTR-Name option (RFC6334). + - Updates for Babel. + - Fix printing of infinite lifetime in ICMPv6. + - Added support for SPB, SPBM Service Identifier, and Unicast + Address sub-TLV in ISIS. + - Decode RIPv2 authentication up to RFC4822. + - Fix RIP Request/full table decoding issues. + - On Linux systems with cap-ng.h, drop root privileges + using Linux Capabilities. + - Add support for reading multiple files. + +------------------------------------------------------------------- +Fri Jun 15 15:37:15 CEST 2012 - [email protected] + +- remove tcpdump-4.0.0-uninitialized.patch, it's solved differently + +------------------------------------------------------------------- +Thu Jun 14 23:48:25 CEST 2012 - [email protected] + +- update to 4.3.0 + - fixes for forces: SPARSE data (per RFC 5810) + - some more test cases added + - updates to documentation on -l, -U and -w flags. + - Fix printing of BGP optional headers. + - Tried to include DLT_PFSYNC support, failed due to headers required. + - added TIPC support. + - Fix LLDP Network Policy bit definitions. + - fixes for IGMPv3's Max Response Time: it is in units of 0.1 second. + - SIGUSR1 can be used rather than SIGINFO for stats + - permit -n flag to affect print-ip for protocol numbers + - ND_OPT_ADVINTERVAL is in milliseconds, not seconds + - Teach PPPoE parser about RFC 4638 + +------------------------------------------------------------------- +Tue Jan 3 14:48:56 UTC 2012 - [email protected] + +- update to 4.2.1 + - Only build the Babel printer if IPv6 is enabled. + - Support Babel on port 6696 as well as 6697. + - Include ppi.h in release tarball. + - Include all the test files in the release tarball, and don't + "include" test files that no longer exist. + - Don't assume we have <rpc/rpc.h> - check for it. + - Support "-T carp" as a way of dissecting IP protocol 112 as CARP + rather than VRRP. + - Support Hilscher NetAnalyzer link-layer header format. + - Constify some pointers and fix compiler warnings. + - Get rid of never-true test. + - Fix an unintended fall-through in a case statement in the ARP + printer. + - Fix several cases where sizeof(sizeof(XXX)) was used when just + sizeof(XXX) was intended. + - Make stricter sanity checks in the ES-IS printer. + - Get rid of some GCCisms that caused builds to fail with compilers + that don't support them. + - Fix typo in man page. + - Added length checks to Babel printer. +- drop tcpdump-4.2.0-ppi.patch (upstream) + +------------------------------------------------------------------- +Mon Nov 28 12:32:25 UTC 2011 - [email protected] + +- update to 4.2.0 + * patch that adds missing ppi.h + * Summary for 4.2.0 + - merged 802.15.4 decoder from Dmitry Eremin-Solenikov <dbaryshkov + at gmail dot com> + - updates to forces for new port numbers + - Use "-H", not "-h", for the 802.11s option. (-h always help) + - Better ICMPv6 checksum handling. + - add support for the RPKI/Router Protocol, per -ietf-sidr-rpki-rtr-12 + - get rid of uuencoded pcap test files, git can do binary. + - sFlow changes for 64-bit counters. + - fixes for PPI packet header handling and printing. + - Add DCB Exchange protocol (DCBX) version 1.01. + - Babel dissector, from Juliusz Chroboczek and Grégoire Henry. + - improvements to radiotap for rate values > 127. + - Many improvements to ForCES decode, including fix SCTP TML port + - updated RPL type code to RPL-17 draft + - Improve printout of DHCPv6 options. + - added support and test case for QinQ (802.1q VLAN) packets + - Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4. + - Build fixes for Sparc and other machines with alignment restrictions. + - Merged changes from Debian package. + - PGM: Add ACK decoding and add PGMCC DATA and FEEDBACK options. + - Build fixes for OSX (Snow Leopard and others) + - Add support for IEEE 802.15.4 packets + * Summary for 4.1.2 tcpdump release + - If -U is specified, flush the file after creating it, so it's + not zero-length + - Fix TCP flags output description, and some typoes, in the man + page + - Add a -h flag, and only attempt to recognize 802.11s mesh + headers if it's set + - When printing the link-layer type list, send *all* output to + stderr + - Include the CFLAGS setting when configure was run in the + compiler flags + +------------------------------------------------------------------- +Tue Apr 6 09:13:45 UTC 2010 - [email protected] + +- update to tcpdump-4.1.1 + * Don't blow up if a zero-length link-layer address is passed to + linkaddr_string() + * Fix printing of MAC addresses for VLAN frames with a length + field + * Add some additional bounds checks and use the EXTRACT_ macros + more + * Add a -b flag to print the AS number in BGP packets in ASDOT + notation rather than ASPLAIN notation + * Add ICMPv6 RFC 5006 support + * Decode the access flags in NFS access requests + * Handle the new DLT_ for memory-mapped USB captures on Linux + * Make the default snapshot (-s) the maximum + * Print name of device (when -L is used) + * Print new TCP flags + * Add support for RPL DIO + * Add support for TCP User Timeout (UTO) + * Add support for non-standard Ethertypes used by 3com PPPoE gear + * Add support for 802.11n and 802.11s + * Add support for Transparent Ethernet Bridge ethertype in GRE + * Add 4 byte AS support for BGP printer + * Add support for the MDT SAFI 66 BG printer + * Add basic IPv6 support to print-olsr + * Add USB printer + * Add printer for ForCES + * Handle frames with an FCS + * Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames + * Fix TCP sequence number printing + * Report 802.2 packets as 802.2 instead of 802.3 +- drop tcpdump-4.0.0-autoconf.patch (not needed with new autoconf) +- compile with -fno-strict-aliasing + +------------------------------------------------------------------- +Wed Jan 14 16:48:42 CET 2009 - [email protected] + +- updated to 4.0.0 + * Add support for Bluetooth Sniffing + * Add support for Realtek Remote Control Protocol (openrrcp.org.ru) + * Add support for 802.11 AVS + * Add support for SMB over TCP + * Add support for 4 byte BGP AS printing + * Add support for compiling on case-insensitive file systems + * Add support for ikev2 printing + * Update support for decoding AFS + * Update DHCPv6 printer + * Use newer libpcap API's (allows -B option on all platforms) + * Add -I to turn on monitor mode + * Bugfixes in lldp, lspping, dccp, ESP, NFS printers + * Cleanup unused files and various cruft +- dropped obsoleted juniper.patch (included in update) + +------------------------------------------------------------------- +Tue Jan 8 18:04:02 CET 2008 - [email protected] + +- updated to 3.9.8 + * Rework ARP printer + * Rework OSPFv3 printer + * Add support for Frame-Relay ARP + * Decode DHCP Option 121 (RFC 3442 Classless Static Route) + * Decode DHCP Option 249 (MS Classless Static Route) the same as Option 121 + * TLV: Add support for Juniper .pcap extensions + * Print EGP header in new-world-order style + * Converted print-isakmp.c to NETDISSECT + * Moved AF specific stuff into af.h + * Test subsystem now table driven, and saves outputs and diffs to one place + * Require <net/pfvar.h> for pf definitions - allows reading of pflog formatted + libpcap files on an OS other than where the file was generated + +------------------------------------------------------------------- ++++ 321 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.tcpdump.3508.new/tcpdump.changes New: ---- 0001-Clean-up-error-message-printing.patch tcpdump-4.0.0-aliasing.patch tcpdump-4.0.0-prototypes.patch tcpdump-4.4.0.tar.gz tcpdump-4.4.0.tar.gz.sig tcpdump-CVE-2014-8767.patch tcpdump-CVE-2014-8769.patch tcpdump-qeth tcpdump.changes tcpdump.keyring tcpdump.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tcpdump.spec ++++++ # # spec file for package tcpdump # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: tcpdump Version: 4.4.0 Release: 0 Url: http://www.tcpdump.org/ Summary: A Packet Sniffer License: BSD-3-Clause Group: Productivity/Networking/Diagnostic Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: tcpdump-qeth Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring Patch0: tcpdump-4.0.0-prototypes.patch Patch2: tcpdump-4.0.0-aliasing.patch Patch3: tcpdump-CVE-2014-8767.patch Patch5: tcpdump-CVE-2014-8769.patch Patch6: 0001-Clean-up-error-message-printing.patch BuildRequires: libpcap-devel BuildRequires: libsmi-devel BuildRequires: openssl-devel %if 0%{?suse_version} >= 1230 BuildRequires: gpg-offline %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This program can "read" all or only certain packets going over the ethernet. It can be used to debug specific network problems. %prep %{?gpg_verify: %gpg_verify %{S:2}} %setup -q %patch0 %patch2 %patch3 -p1 %patch5 -p1 %patch6 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing" %configure \ --enable-ipv6 make %install make DESTDIR=$RPM_BUILD_ROOT install %ifarch s390 s390x install -D -m 755 $RPM_SOURCE_DIR/tcpdump-qeth $RPM_BUILD_ROOT%{_sbindir} %endif %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc CHANGES CREDITS LICENSE README *.awk %doc %{_mandir}/man?/* %{_sbindir}/* %changelog ++++++ 0001-Clean-up-error-message-printing.patch ++++++ >From 3e8a443c3671baa37ae7870f08fb9b4bf386fd24 Mon Sep 17 00:00:00 2001 From: Guy Harris <[email protected]> Date: Tue, 11 Nov 2014 18:37:35 -0800 Subject: [PATCH] Clean up error message printing. Have "struct aodv_rerr" just be the header, not including the actual destinations. Simplify the logic somewhat, and make it similar in the print routines for the three types of error messages. --- print-aodv.c | 88 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 46 insertions(+), 42 deletions(-) Index: tcpdump-4.5.1/print-aodv.c =================================================================== --- tcpdump-4.5.1.orig/print-aodv.c 2014-12-12 13:42:54.088588139 +0100 +++ tcpdump-4.5.1/print-aodv.c 2014-12-12 14:01:23.943454376 +0100 @@ -143,34 +143,31 @@ aodv_rrep(const struct aodv_rrep *ap, co } static void -aodv_rerr(const struct aodv_rerr *ap, const u_char *dat, u_int length) +aodv_rerr(netdissect_options *ndo, const struct aodv_rerr *ap, const u_char *dat, u_int length) { - u_int i; - const struct rerr_unreach *dp = NULL; - int n, trunc; + u_int i, dc; + const struct rerr_unreach *dp; if (snapend < dat) { printf(" [|aodv]"); return; } i = min(length, (u_int)(snapend - dat)); - if (i < offsetof(struct aodv_rerr, r)) { + if (i < sizeof(*ap)) { printf(" [|rerr]"); return; } - i -= offsetof(struct aodv_rerr, r); - dp = &ap->r.dest[0]; - n = ap->rerr_dc * sizeof(ap->r.dest[0]); + i -= sizeof(*ap); printf(" rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length); - trunc = n - (i/sizeof(ap->r.dest[0])); - for (; i >= sizeof(ap->r.dest[0]); - ++dp, i -= sizeof(ap->r.dest[0])) { + dp = (struct rerr_unreach *)(void *)(ap + 1); + for (dc = ap->rerr_dc; dc != 0 && i >= sizeof(*dp); + ++dp, --dc, i -= sizeof(*dp)) { printf(" {%s}(%ld)", ipaddr_string(&dp->u_da), (unsigned long)EXTRACT_32BITS(&dp->u_ds)); } - if (trunc) + if ((i % sizeof(*dp)) != 0) printf("[|rerr]"); } @@ -253,28 +250,35 @@ aodv_v6_rrep(const struct aodv_rrep6 *ap static void #ifdef INET6 -aodv_v6_rerr(const struct aodv_rerr *ap, u_int length) +aodv_v6_rerr(netdissect_options *ndo, const struct aodv_rerr *ap, const u_char *dat, u_int length) #else -aodv_v6_rerr(const struct aodv_rerr *ap _U_, u_int length) +aodv_v6_rerr(netdissect_options *ndo, const struct aodv_rerr *ap _U_, const u_char *dat, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct rerr_unreach6 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->r.dest6[0]); - dp6 = &ap->r.dest6[0]; - n = ap->rerr_dc * j; + if (ndo->ndo_snapend < dat) { + ND_PRINT((ndo, " [|aodv]")); + return; + } + i = min(length, (u_int)(ndo->ndo_snapend - dat)); + if (i < sizeof(*ap)) { + ND_PRINT((ndo, " [|rerr]")); + return; + } + i -= sizeof(*ap); printf(" rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + dp6 = (struct rerr_unreach6 *)(void *)(ap + 1); + for (dc = ap->rerr_dc; dc != 0 && i >= sizeof(*dp6); + ++dp6, --dc, i -= sizeof(*dp6)) { printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds)); } - if (trunc) + if ((i % sizeof(*dp6)) != 0) printf("[|rerr]"); #else printf(" rerr %u", length); @@ -361,28 +365,35 @@ aodv_v6_draft_01_rrep(const struct aodv_ static void #ifdef INET6 -aodv_v6_draft_01_rerr(const struct aodv_rerr *ap, u_int length) +aodv_v6_draft_01_rerr(netdissect_options *ndo, const struct aodv_rerr *ap, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rerr(const struct aodv_rerr *ap _U_, u_int length) +aodv_v6_draft_01_rerr(netdissect_options *ndo, const struct aodv_rerr *ap _U_, const u_char *dat, u_int length) #endif { #ifdef INET6 - const struct rerr_unreach6_draft_01 *dp6 = NULL; - int i, j, n, trunc; + u_int i, dc; + const struct rerr_unreach6_draft_01 *dp6; - i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->r.dest6_draft_01[0]); - dp6 = &ap->r.dest6_draft_01[0]; - n = ap->rerr_dc * j; + if (ndo->ndo_snapend < dat) { + ND_PRINT((ndo, " [|aodv]")); + return; + } + i = min(length, (u_int)(ndo->ndo_snapend - dat)); + if (i < sizeof(*ap)) { + ND_PRINT((ndo, " [|rerr]")); + return; + } + i -= sizeof(*ap); printf(" rerr %s [items %u] [%u]:", ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ap->rerr_dc, length); - trunc = n - (i/j); - for (; i -= j >= 0; ++dp6) { + dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1); + for (dc = ap->rerr_dc; dc != 0 && i >= sizeof(*dp6); + ++dp6, --dc, i -= sizeof(*dp6)) { printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), (unsigned long)EXTRACT_32BITS(&dp6->u_ds)); } - if (trunc) + if ((i % sizeof(*dp6)) != 0) printf("[|rerr]"); #else printf(" rerr %u", length); @@ -421,9 +432,9 @@ aodv_print(netdissect_options *ndo, case AODV_RERR: if (is_ip6) - aodv_v6_rerr((const struct aodv_rerr *)dat, length); + aodv_v6_rerr(ndo, (const struct aodv_rerr *)dat, dat, length); else - aodv_rerr((const struct aodv_rerr *)dat, dat, length); + aodv_rerr(ndo, (const struct aodv_rerr *)dat, dat, length); break; case AODV_RREP_ACK: @@ -439,7 +450,7 @@ aodv_print(netdissect_options *ndo, break; case AODV_V6_DRAFT_01_RERR: - aodv_v6_draft_01_rerr((const struct aodv_rerr *)dat, length); + aodv_v6_draft_01_rerr(ndo, (const struct aodv_rerr *)dat, dat, length); break; case AODV_V6_DRAFT_01_RREP_ACK: ++++++ tcpdump-4.0.0-aliasing.patch ++++++ Index: icmp6.h =================================================================== --- icmp6.h.orig +++ icmp6.h @@ -404,7 +404,11 @@ struct icmp6_router_renum { /* router re u_int8_t rr_segnum; u_int8_t rr_flags; u_int16_t rr_maxdelay; + union { + u_int8_t rr_reserved8[4]; + u_int16_t rr_reserved16[2]; u_int32_t rr_reserved; + }; }; #define ICMP6_RR_FLAGS_TEST 0x80 #define ICMP6_RR_FLAGS_REQRESULT 0x40 Index: print-icmp.c =================================================================== --- print-icmp.c.orig +++ print-icmp.c @@ -47,6 +47,12 @@ static const char rcsid[] _U_ = * Per RFC 792, September 1981. */ +/* rfc1191 */ +struct mtu_discovery { + u_int16_t unused; + u_int16_t nexthopmtu; +}; + /* * Structure of an icmp header. */ @@ -61,8 +67,12 @@ struct icmp { u_int16_t icd_id; u_int16_t icd_seq; } ih_idseq; + union { u_int32_t ih_void; + struct mtu_discovery ih_mtu_discovery; + }; } icmp_hun; +#define icmp_mtu_discovery icmp_hun.ih_mtu_discovery #define icmp_pptr icmp_hun.ih_pptr #define icmp_gwaddr icmp_hun.ih_gwaddr #define icmp_id icmp_hun.ih_idseq.icd_id @@ -243,12 +253,6 @@ static struct tok type2str[] = { { 0, NULL } }; -/* rfc1191 */ -struct mtu_discovery { - u_int16_t unused; - u_int16_t nexthopmtu; -}; - /* rfc1256 */ struct ih_rdiscovery { u_int8_t ird_addrnum; @@ -413,7 +417,7 @@ icmp_print(const u_char *bp, u_int plen, case ICMP_UNREACH_NEEDFRAG: { register const struct mtu_discovery *mp; - mp = (struct mtu_discovery *)(u_char *)&dp->icmp_void; + mp = &dp->icmp_mtu_discovery; mtu = EXTRACT_16BITS(&mp->nexthopmtu); if (mtu) { (void)snprintf(buf, sizeof(buf), Index: print-icmp6.c =================================================================== --- print-icmp6.c.orig +++ print-icmp6.c @@ -1279,7 +1279,7 @@ icmp6_rrenum_print(const u_char *bp, con printf("seg=%u,", rr6->rr_segnum); printf("maxdelay=%u", EXTRACT_16BITS(&rr6->rr_maxdelay)); if (rr6->rr_reserved) - printf("rsvd=0x%x", EXTRACT_32BITS(&rr6->rr_reserved)); + printf("rsvd=0x%x", EXTRACT_16BITS(&rr6->rr_reserved16[0])); /*[*/ printf("]"); #undef F Index: print-timed.c =================================================================== --- print-timed.c.orig +++ print-timed.c @@ -86,8 +86,8 @@ timed_print(register const u_char *bp) fputs(" [|timed]", stdout); return; } - sec = EXTRACT_32BITS(&tsp->tsp_time.tv_sec); - usec = EXTRACT_32BITS(&tsp->tsp_time.tv_usec); + sec = EXTRACT_32BITS(&tsp->tsp_time.tv_sec32[0]); + usec = EXTRACT_32BITS(&tsp->tsp_time.tv_usec32[0]); if (usec < 0) /* corrupt, skip the rest of the packet */ return; Index: timed.h =================================================================== --- timed.h.orig +++ timed.h @@ -54,7 +54,16 @@ struct tsp { u_int8_t tsp_vers; u_int16_t tsp_seq; union { - struct tsp_timeval tspu_time; + struct { + union { + int tv_sec32[2]; + long tv_sec; + }; + union { + int tv_usec32[2]; + long tv_usec; + }; + } tspu_time; int8_t tspu_hopcnt; } tsp_u; int8_t tsp_name[256]; ++++++ tcpdump-4.0.0-prototypes.patch ++++++ --- print-radius.c +++ print-radius.c @@ -56,6 +56,7 @@ #include <string.h> #include <stdio.h> +#include <time.h> #include "interface.h" #include "addrtoname.h" --- setsignal.c +++ setsignal.c @@ -39,6 +39,10 @@ #include "os-proto.h" #endif +#ifdef HAVE_SIGSET +void *sigset(int signum, void (*handler)(int)); +#endif + #include "setsignal.h" /* ++++++ tcpdump-CVE-2014-8767.patch ++++++ >From 4038f83ebf654804829b258dde5e0a508c1c2003 Mon Sep 17 00:00:00 2001 From: Guy Harris <[email protected]> Date: Tue, 11 Nov 2014 16:49:39 -0800 Subject: [PATCH 2/3] Do more bounds checking and length checking. Don't run past the end of the captured data, and don't run past the end of the packet (i.e., don't make the length variable go negative). Also, stop dissecting if the message length isn't valid. --- print-olsr.c | 56 +++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 13 deletions(-) Index: tcpdump-4.4.0/print-olsr.c =================================================================== --- tcpdump-4.4.0.orig/print-olsr.c 2015-02-06 13:34:25.029044047 +0100 +++ tcpdump-4.4.0/print-olsr.c 2015-02-06 13:34:25.986052774 +0100 @@ -181,14 +181,16 @@ struct olsr_lq_neighbor6 { /* * print a neighbor list with LQ extensions. */ -static void -olsr_print_lq_neighbor4 (const u_char *msg_data, u_int hello_len) +static int +olsr_print_lq_neighbor4 (netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { struct olsr_lq_neighbor4 *lq_neighbor; while (hello_len >= sizeof(struct olsr_lq_neighbor4)) { lq_neighbor = (struct olsr_lq_neighbor4 *)msg_data; + if (!ND_TTEST(*lq_neighbor)) + return (-1); printf("\n\t neighbor %s, link-quality %.2lf%%" ", neighbor-link-quality %.2lf%%", @@ -199,17 +201,20 @@ olsr_print_lq_neighbor4 (const u_char *m msg_data += sizeof(struct olsr_lq_neighbor4); hello_len -= sizeof(struct olsr_lq_neighbor4); } + return (0); } #if INET6 -static void -olsr_print_lq_neighbor6 (const u_char *msg_data, u_int hello_len) +static int +olsr_print_lq_neighbor6 (netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { struct olsr_lq_neighbor6 *lq_neighbor; while (hello_len >= sizeof(struct olsr_lq_neighbor6)) { lq_neighbor = (struct olsr_lq_neighbor6 *)msg_data; + if (!ND_TTEST(*lq_neighbor)) + return (-1); printf("\n\t neighbor %s, link-quality %.2lf%%" ", neighbor-link-quality %.2lf%%", @@ -220,14 +225,15 @@ olsr_print_lq_neighbor6 (const u_char *m msg_data += sizeof(struct olsr_lq_neighbor6); hello_len -= sizeof(struct olsr_lq_neighbor6); } + return (0); } #endif /* INET6 */ /* * print a neighbor list. */ -static void -olsr_print_neighbor (const u_char *msg_data, u_int hello_len) +static int +olsr_print_neighbor (netdissect_options *ndo, const u_char *msg_data, u_int hello_len) { int neighbor; @@ -236,6 +242,8 @@ olsr_print_neighbor (const u_char *msg_d while (hello_len >= sizeof(struct in_addr)) { + if (!ND_TTEST2(*msg_data, sizeof(struct in_addr))) + return (-1); /* print 4 neighbors per line */ printf("%s%s", ipaddr_string(msg_data), @@ -244,11 +252,12 @@ olsr_print_neighbor (const u_char *msg_d msg_data += sizeof(struct in_addr); hello_len -= sizeof(struct in_addr); } + return (0); } void -olsr_print (const u_char *pptr, u_int length, int is_ipv6) +olsr_print (netdissect_options *ndo, const u_char *pptr, u_int length, int is_ipv6) { union { const struct olsr_common *common; @@ -328,6 +337,9 @@ olsr_print (const u_char *pptr, u_int le ME_TO_DOUBLE(msgptr.v6->vtime), EXTRACT_16BITS(msgptr.v6->msg_seq), msg_len, (msg_len_valid == 0) ? " (invalid)" : ""); + if (!msg_len_valid) { + return; + } msg_tlen = msg_len - sizeof(struct olsr_msg6); msg_data = tptr + sizeof(struct olsr_msg6); @@ -356,6 +368,9 @@ olsr_print (const u_char *pptr, u_int le ME_TO_DOUBLE(msgptr.v4->vtime), EXTRACT_16BITS(msgptr.v4->msg_seq), msg_len, (msg_len_valid == 0) ? " (invalid)" : ""); + if (!msg_len_valid) { + return; + } msg_tlen = msg_len - sizeof(struct olsr_msg4); msg_data = tptr + sizeof(struct olsr_msg4); @@ -364,6 +379,8 @@ olsr_print (const u_char *pptr, u_int le switch (msg_type) { case OLSR_HELLO_MSG: case OLSR_HELLO_LQ_MSG: + if (msg_tlen < sizeof(struct olsr_hello)) + goto trunc; if (!TTEST2(*msg_data, sizeof(struct olsr_hello))) goto trunc; @@ -405,15 +422,20 @@ olsr_print (const u_char *pptr, u_int le msg_tlen -= sizeof(struct olsr_hello_link); hello_len -= sizeof(struct olsr_hello_link); + if (!TTEST2(*msg_data, hello_len)) + goto trunc; if (msg_type == OLSR_HELLO_MSG) { - olsr_print_neighbor(msg_data, hello_len); + if (olsr_print_neighbor(ndo, msg_data, hello_len) == -1) + goto trunc; } else { #if INET6 if (is_ipv6) - olsr_print_lq_neighbor6(msg_data, hello_len); + if (olsr_print_lq_neighbor6(ndo, msg_data, hello_len) == -1) + goto trunc; else #endif - olsr_print_lq_neighbor4(msg_data, hello_len); + if (olsr_print_lq_neighbor4(ndo, msg_data, hello_len) == -1) + goto trunc; } msg_data += hello_len; @@ -423,6 +445,8 @@ olsr_print (const u_char *pptr, u_int le case OLSR_TC_MSG: case OLSR_TC_LQ_MSG: + if (msg_tlen < sizeof(struct olsr_tc)) + goto trunc; if (!TTEST2(*msg_data, sizeof(struct olsr_tc))) goto trunc; @@ -433,14 +457,17 @@ olsr_print (const u_char *pptr, u_int le msg_tlen -= sizeof(struct olsr_tc); if (msg_type == OLSR_TC_MSG) { - olsr_print_neighbor(msg_data, msg_tlen); + if (olsr_print_neighbor(ndo, msg_data, msg_tlen) == -1) + goto trunc; } else { #if INET6 if (is_ipv6) - olsr_print_lq_neighbor6(msg_data, msg_tlen); + if (olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen) == -1) + goto trunc; else #endif - olsr_print_lq_neighbor4(msg_data, msg_tlen); + if (olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen) == -1) + goto trunc; } break; Index: tcpdump-4.4.0/interface.h =================================================================== --- tcpdump-4.4.0.orig/interface.h 2015-02-06 13:34:25.029044047 +0100 +++ tcpdump-4.4.0/interface.h 2015-02-06 13:34:25.987052783 +0100 @@ -157,6 +157,7 @@ extern u_int16_t create_osi_cksum(const /* The printer routines. */ #include <pcap.h> +#include "netdissect.h" extern int print_unknown_data(const u_char *, const char *,int); extern void ascii_print(const u_char *, u_int); @@ -222,7 +223,7 @@ extern const u_char * ns_nprint (registe extern void ntp_print(const u_char *, u_int); extern u_int null_if_print(const struct pcap_pkthdr *, const u_char *); extern void ospf_print(const u_char *, u_int, const u_char *); -extern void olsr_print (const u_char *, u_int, int); +extern void olsr_print (netdissect_options *, const u_char *, u_int, int); extern void pimv1_print(const u_char *, u_int); extern void cisco_autorp_print(const u_char *, u_int); extern void rsvp_print(const u_char *, u_int); @@ -351,7 +352,6 @@ extern void bpf_dump(const struct bpf_pr #endif -#include "netdissect.h" /* forward compatibility */ Index: tcpdump-4.4.0/print-udp.c =================================================================== --- tcpdump-4.4.0.orig/print-udp.c 2015-02-06 13:34:25.029044047 +0100 +++ tcpdump-4.4.0/print-udp.c 2015-02-06 13:34:25.987052783 +0100 @@ -356,7 +356,7 @@ udpipaddr_print(const struct ip *ip, int } void -udp_print(register const u_char *bp, u_int length, +udp_print(netdissect_options *ndo, register const u_char *bp, u_int length, register const u_char *bp2, int fragmented) { register const struct udphdr *up; @@ -641,7 +641,7 @@ udp_print(register const u_char *bp, u_i else if (ISPORT(LDP_PORT)) ldp_print((const u_char *)(up + 1), length); else if (ISPORT(OLSR_PORT)) - olsr_print((const u_char *)(up + 1), length, + olsr_print(ndo, (const u_char *)(up + 1), length, #if INET6 (IP_V(ip) == 6) ? 1 : 0); #else ++++++ tcpdump-CVE-2014-8769.patch ++++++ >From ab4e52b94aac6cb729a5a695aa612d5ebda2ec3a Mon Sep 17 00:00:00 2001 From: Guy Harris <[email protected]> Date: Tue, 11 Nov 2014 17:24:12 -0800 Subject: [PATCH 3/3] Add initial bounds check, get rid of union aodv. Fetch the type field without using a structure, and check to make sure it's not past the end of the packet. Pass to each dissection routine a pointer to the appropriate message type structure, rather than a pointer to a union of all the message type structures. --- print-aodv.c | 274 ++++++++++++++++++++++++++++------------------------------- 1 file changed, 130 insertions(+), 144 deletions(-) Index: tcpdump-4.5.1/print-aodv.c =================================================================== --- tcpdump-4.5.1.orig/print-aodv.c 2014-12-02 12:17:12.977039456 +0100 +++ tcpdump-4.5.1/print-aodv.c 2014-12-11 17:30:44.255771307 +0100 @@ -82,7 +82,7 @@ aodv_extension(const struct aodv_ext *ep } static void -aodv_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_rreq(const struct aodv_rreq *ap, const u_char *dat, u_int length) { u_int i; @@ -91,30 +91,30 @@ aodv_rreq(const union aodv *ap, const u_ return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq)) { + if (i < sizeof(*ap)) { printf(" [|rreq]"); return; } - i -= sizeof(ap->rreq); + i -= sizeof(*ap); printf(" rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_id), - ipaddr_string(&ap->rreq.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_ds), - ipaddr_string(&ap->rreq.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ipaddr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ipaddr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq + 1), i); + aodv_extension((void *)(ap + 1), i); } static void -aodv_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_rrep(const struct aodv_rrep *ap, const u_char *dat, u_int length) { u_int i; @@ -123,27 +123,27 @@ aodv_rrep(const union aodv *ap, const u_ return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep)) { + if (i < sizeof(*ap)) { printf(" [|rrep]"); return; } - i -= sizeof(ap->rrep); + i -= sizeof(*ap); printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep.rrep_ps & RREP_PREFIX_MASK, - ap->rrep.rrep_hops, - ipaddr_string(&ap->rrep.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_ds), - ipaddr_string(&ap->rrep.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ipaddr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ipaddr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep + 1), i); + aodv_extension((void *)(ap + 1), i); } static void -aodv_rerr(const union aodv *ap, const u_char *dat, u_int length) +aodv_rerr(const struct aodv_rerr *ap, const u_char *dat, u_int length) { u_int i; const struct rerr_unreach *dp = NULL; @@ -159,14 +159,14 @@ aodv_rerr(const union aodv *ap, const u_ return; } i -= offsetof(struct aodv_rerr, r); - dp = &ap->rerr.r.dest[0]; - n = ap->rerr.rerr_dc * sizeof(ap->rerr.r.dest[0]); + dp = &ap->r.dest[0]; + n = ap->rerr_dc * sizeof(ap->r.dest[0]); printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); - trunc = n - (i/sizeof(ap->rerr.r.dest[0])); - for (; i >= sizeof(ap->rerr.r.dest[0]); - ++dp, i -= sizeof(ap->rerr.r.dest[0])) { + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); + trunc = n - (i/sizeof(ap->r.dest[0])); + for (; i >= sizeof(ap->r.dest[0]); + ++dp, i -= sizeof(ap->r.dest[0])) { printf(" {%s}(%ld)", ipaddr_string(&dp->u_da), (unsigned long)EXTRACT_32BITS(&dp->u_ds)); } @@ -176,9 +176,9 @@ aodv_rerr(const union aodv *ap, const u_ static void #ifdef INET6 -aodv_v6_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rreq(const struct aodv_rreq6 *ap, const u_char *dat, u_int length) #else -aodv_v6_rreq(const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rreq(const struct aodv_rreq6 *ap _U_, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 @@ -189,26 +189,26 @@ aodv_v6_rreq(const union aodv *ap _U_, c return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq6)) { + if (i < sizeof(*ap)) { printf(" [|rreq6]"); return; } - i -= sizeof(ap->rreq6); + i -= sizeof(*ap); printf(" v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_id), - ip6addr_string(&ap->rreq6.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_ds), - ip6addr_string(&ap->rreq6.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq6 + 1), i); + aodv_extension((void *)(ap + 1), i); #else printf(" v6 rreq %u", length); #endif @@ -216,9 +216,9 @@ aodv_v6_rreq(const union aodv *ap _U_, c static void #ifdef INET6 -aodv_v6_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_rrep(const struct aodv_rrep6 *ap, const u_char *dat, u_int length) #else -aodv_v6_rrep(const union aodv *ap _U_, const u_char *dat _U_, u_int length) +aodv_v6_rrep(const struct aodv_rrep6 *ap _U_, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 @@ -229,23 +229,23 @@ aodv_v6_rrep(const union aodv *ap _U_, c return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep6)) { + if (i < sizeof(*ap)) { printf(" [|rrep6]"); return; } - i -= sizeof(ap->rrep6); + i -= sizeof(*ap); printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6.rrep_hops, - ip6addr_string(&ap->rrep6.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_ds), - ip6addr_string(&ap->rrep6.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep6 + 1), i); + aodv_extension((void *)(ap + 1), i); #else printf(" rrep %u", length); #endif @@ -253,9 +253,9 @@ aodv_v6_rrep(const union aodv *ap _U_, c static void #ifdef INET6 -aodv_v6_rerr(const union aodv *ap, u_int length) +aodv_v6_rerr(const struct aodv_rerr *ap, u_int length) #else -aodv_v6_rerr(const union aodv *ap _U_, u_int length) +aodv_v6_rerr(const struct aodv_rerr *ap _U_, u_int length) #endif { #ifdef INET6 @@ -263,12 +263,12 @@ aodv_v6_rerr(const union aodv *ap _U_, u int i, j, n, trunc; i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6[0]); - dp6 = &ap->rerr.r.dest6[0]; - n = ap->rerr.rerr_dc * j; + j = sizeof(ap->r.dest6[0]); + dp6 = &ap->r.dest6[0]; + n = ap->rerr_dc * j; printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); trunc = n - (i/j); for (; i -= j >= 0; ++dp6) { printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), @@ -283,10 +283,9 @@ aodv_v6_rerr(const union aodv *ap _U_, u static void #ifdef INET6 -aodv_v6_draft_01_rreq(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rreq(const struct aodv_rreq6_draft_01 *ap, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rreq(const union aodv *ap _U_, const u_char *dat _U_, - u_int length) +aodv_v6_draft_01_rreq(const struct aodv_rreq6_draft_01 *ap _U_, const u_char *dat _U_, u_int length) #endif { #ifdef INET6 @@ -297,26 +296,26 @@ aodv_v6_draft_01_rreq(const union aodv * return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rreq6_draft_01)) { + if (i < sizeof(*ap)) { printf(" [|rreq6]"); return; } - i -= sizeof(ap->rreq6_draft_01); + i -= sizeof(*ap); printf(" rreq %u %s%s%s%s%shops %u id 0x%08lx\n" "\tdst %s seq %lu src %s seq %lu", length, - ap->rreq6_draft_01.rreq_type & RREQ_JOIN ? "[J]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_REPAIR ? "[R]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_GRAT ? "[G]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_DEST ? "[D]" : "", - ap->rreq6_draft_01.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", - ap->rreq6_draft_01.rreq_hops, - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_id), - ip6addr_string(&ap->rreq6_draft_01.rreq_da), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_ds), - ip6addr_string(&ap->rreq6_draft_01.rreq_oa), - (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_os)); + ap->rreq_type & RREQ_JOIN ? "[J]" : "", + ap->rreq_type & RREQ_REPAIR ? "[R]" : "", + ap->rreq_type & RREQ_GRAT ? "[G]" : "", + ap->rreq_type & RREQ_DEST ? "[D]" : "", + ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", + ap->rreq_hops, + (unsigned long)EXTRACT_32BITS(&ap->rreq_id), + ip6addr_string(&ap->rreq_da), + (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), + ip6addr_string(&ap->rreq_oa), + (unsigned long)EXTRACT_32BITS(&ap->rreq_os)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rreq6_draft_01 + 1), i); + aodv_extension((void *)(ap + 1), i); #else printf(" rreq %u", length); #endif @@ -324,9 +323,9 @@ aodv_v6_draft_01_rreq(const union aodv * static void #ifdef INET6 -aodv_v6_draft_01_rrep(const union aodv *ap, const u_char *dat, u_int length) +aodv_v6_draft_01_rrep(const struct aodv_rrep6_draft_01 *ap, const u_char *dat, u_int length) #else -aodv_v6_draft_01_rrep(const union aodv *ap _U_, const u_char *dat _U_, +aodv_v6_draft_01_rrep(const struct aodv_rrep6_draft_01 *ap _U_, const u_char *dat _U_, u_int length) #endif { @@ -338,23 +337,23 @@ aodv_v6_draft_01_rrep(const union aodv * return; } i = min(length, (u_int)(snapend - dat)); - if (i < sizeof(ap->rrep6_draft_01)) { + if (i < sizeof(*ap)) { printf(" [|rrep6]"); return; } - i -= sizeof(ap->rrep6_draft_01); + i -= sizeof(*ap); printf(" rrep %u %s%sprefix %u hops %u\n" "\tdst %s dseq %lu src %s %lu ms", length, - ap->rrep6_draft_01.rrep_type & RREP_REPAIR ? "[R]" : "", - ap->rrep6_draft_01.rrep_type & RREP_ACK ? "[A] " : " ", - ap->rrep6_draft_01.rrep_ps & RREP_PREFIX_MASK, - ap->rrep6_draft_01.rrep_hops, - ip6addr_string(&ap->rrep6_draft_01.rrep_da), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_ds), - ip6addr_string(&ap->rrep6_draft_01.rrep_oa), - (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_life)); + ap->rrep_type & RREP_REPAIR ? "[R]" : "", + ap->rrep_type & RREP_ACK ? "[A] " : " ", + ap->rrep_ps & RREP_PREFIX_MASK, + ap->rrep_hops, + ip6addr_string(&ap->rrep_da), + (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), + ip6addr_string(&ap->rrep_oa), + (unsigned long)EXTRACT_32BITS(&ap->rrep_life)); if (i >= sizeof(struct aodv_ext)) - aodv_extension((void *)(&ap->rrep6_draft_01 + 1), i); + aodv_extension((void *)(ap + 1), i); #else printf(" rrep %u", length); #endif @@ -362,9 +361,9 @@ aodv_v6_draft_01_rrep(const union aodv * static void #ifdef INET6 -aodv_v6_draft_01_rerr(const union aodv *ap, u_int length) +aodv_v6_draft_01_rerr(const struct aodv_rerr *ap, u_int length) #else -aodv_v6_draft_01_rerr(const union aodv *ap _U_, u_int length) +aodv_v6_draft_01_rerr(const struct aodv_rerr *ap _U_, u_int length) #endif { #ifdef INET6 @@ -372,12 +371,12 @@ aodv_v6_draft_01_rerr(const union aodv * int i, j, n, trunc; i = length - offsetof(struct aodv_rerr, r); - j = sizeof(ap->rerr.r.dest6_draft_01[0]); - dp6 = &ap->rerr.r.dest6_draft_01[0]; - n = ap->rerr.rerr_dc * j; + j = sizeof(ap->r.dest6_draft_01[0]); + dp6 = &ap->r.dest6_draft_01[0]; + n = ap->rerr_dc * j; printf(" rerr %s [items %u] [%u]:", - ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", - ap->rerr.rerr_dc, length); + ap->rerr_flags & RERR_NODELETE ? "[D]" : "", + ap->rerr_dc, length); trunc = n - (i/j); for (; i -= j >= 0; ++dp6) { printf(" {%s}(%ld)", ip6addr_string(&dp6->u_da), @@ -391,42 +390,40 @@ aodv_v6_draft_01_rerr(const union aodv * } void -aodv_print(const u_char *dat, u_int length, int is_ip6) +aodv_print(netdissect_options *ndo, + const u_char *dat, u_int length, int is_ip6) { - const union aodv *ap; + uint8_t msg_type; - ap = (union aodv *)dat; - if (snapend < dat) { - printf(" [|aodv]"); - return; - } - if (min(length, (u_int)(snapend - dat)) < sizeof(ap->rrep_ack)) { - printf(" [|aodv]"); - return; - } + /* + * The message type is the first byte; make sure we have it + * and then fetch it. + */ + ND_TCHECK(*dat); + msg_type = *dat; printf(" aodv"); - switch (ap->rerr.rerr_type) { + switch (msg_type) { case AODV_RREQ: if (is_ip6) - aodv_v6_rreq(ap, dat, length); + aodv_v6_rreq((const struct aodv_rreq6 *)dat, dat, length); else - aodv_rreq(ap, dat, length); + aodv_rreq((const struct aodv_rreq *)dat, dat, length); break; case AODV_RREP: if (is_ip6) - aodv_v6_rrep(ap, dat, length); + aodv_v6_rrep((const struct aodv_rrep6 *)dat, dat, length); else - aodv_rrep(ap, dat, length); + aodv_rrep((const struct aodv_rrep *)dat, dat, length); break; case AODV_RERR: if (is_ip6) - aodv_v6_rerr(ap, length); + aodv_v6_rerr((const struct aodv_rerr *)dat, length); else - aodv_rerr(ap, dat, length); + aodv_rerr((const struct aodv_rerr *)dat, dat, length); break; case AODV_RREP_ACK: @@ -434,15 +431,15 @@ aodv_print(const u_char *dat, u_int leng break; case AODV_V6_DRAFT_01_RREQ: - aodv_v6_draft_01_rreq(ap, dat, length); + aodv_v6_draft_01_rreq((const struct aodv_rreq6_draft_01 *)dat, dat, length); break; case AODV_V6_DRAFT_01_RREP: - aodv_v6_draft_01_rrep(ap, dat, length); + aodv_v6_draft_01_rrep((const struct aodv_rrep6_draft_01 *)dat, dat, length); break; case AODV_V6_DRAFT_01_RERR: - aodv_v6_draft_01_rerr(ap, length); + aodv_v6_draft_01_rerr((const struct aodv_rerr *)dat, length); break; case AODV_V6_DRAFT_01_RREP_ACK: @@ -450,6 +447,9 @@ aodv_print(const u_char *dat, u_int leng break; default: - printf(" %u %u", ap->rreq.rreq_type, length); + printf(" type %u %u", msg_type, length); } + return; +trunc: + printf(" [|aodv]"); } Index: tcpdump-4.5.1/interface.h =================================================================== --- tcpdump-4.5.1.orig/interface.h 2013-11-08 00:22:54.000000000 +0100 +++ tcpdump-4.5.1/interface.h 2014-12-11 17:27:07.106229519 +0100 @@ -187,7 +188,7 @@ extern int llc_print(const u_char *, u_i const u_char *, u_short *); extern int snap_print(const u_char *, u_int, u_int, u_int); extern void aarp_print(const u_char *, u_int); -extern void aodv_print(const u_char *, u_int, int); +extern void aodv_print(netdissect_options *, const u_char *, u_int, int); extern void atalk_print(const u_char *, u_int); extern void atm_print(u_int, u_int, u_int, const u_char *, u_int, u_int); extern u_int atm_if_print(const struct pcap_pkthdr *, const u_char *); @@ -298,7 +299,7 @@ extern void tcp_print(const u_char *, u_ extern void tftp_print(const u_char *, u_int); extern void timed_print(const u_char *); extern void udld_print(const u_char *, u_int); -extern void udp_print(const u_char *, u_int, const u_char *, int); +extern void udp_print(netdissect_options *, const u_char *, u_int, const u_char *, int); extern void vtp_print(const u_char *, u_int); extern void wb_print(const void *, u_int); extern int ah_print(register const u_char *); Index: tcpdump-4.5.1/print-ip6.c =================================================================== --- tcpdump-4.5.1.orig/print-ip6.c 2013-11-08 00:22:54.000000000 +0100 +++ tcpdump-4.5.1/print-ip6.c 2014-12-11 17:21:57.345601167 +0100 @@ -199,7 +199,7 @@ ip6_print(netdissect_options *ndo, const tcp_print(cp, len, (const u_char *)ip6, fragmented); return; case IPPROTO_UDP: - udp_print(cp, len, (const u_char *)ip6, fragmented); + udp_print(ndo, cp, len, (const u_char *)ip6, fragmented); return; case IPPROTO_ICMPV6: icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); Index: tcpdump-4.5.1/print-udp.c =================================================================== --- tcpdump-4.5.1.orig/print-udp.c 2013-11-08 00:22:54.000000000 +0100 +++ tcpdump-4.5.1/print-udp.c 2014-12-11 17:18:23.035090577 +0100 @@ -462,7 +462,7 @@ udp_print(register const u_char *bp, u_i case PT_AODV: udpipaddr_print(ip, sport, dport); - aodv_print((const u_char *)(up + 1), length, + aodv_print(ndo, (const u_char *)(up + 1), length, #ifdef INET6 ip6 != NULL); #else @@ -584,7 +584,7 @@ udp_print(register const u_char *bp, u_i else if (ISPORT(RIP_PORT)) rip_print((const u_char *)(up + 1), length); else if (ISPORT(AODV_PORT)) - aodv_print((const u_char *)(up + 1), length, + aodv_print(ndo, (const u_char *)(up + 1), length, #ifdef INET6 ip6 != NULL); #else Index: tcpdump-4.5.1/print-ip.c =================================================================== --- tcpdump-4.5.1.orig/print-ip.c 2013-11-08 00:22:54.000000000 +0100 +++ tcpdump-4.5.1/print-ip.c 2014-12-11 17:32:26.063962957 +0100 @@ -379,7 +379,7 @@ again: case IPPROTO_UDP: /* pass on the MF bit plus the offset to detect fragments */ - udp_print(ipds->cp, ipds->len, (const u_char *)ipds->ip, + udp_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip, ipds->off & (IP_MF|IP_OFFMASK)); break; ++++++ tcpdump-qeth ++++++ #!/usr/bin/perl # (C)2002 by IBM Corporation, published under terms of the GPL V2 # Author: Holger Smolinski <[email protected]> # this file is a wrapper around tcpdump, which provides the capability # for debugging qeth and/or HiperSocket(TM) network interfaces under # Linux for S/390 and zSeries. tcpdump Syntax is preserved. # Bugs: When the input pipe ends the process is not stopped. use Getopt::Std; my $incmd,$outcmd; getopts ("adeflnNOpqRStuvxXc:C:F:i:m:r:s:T:w:E:",\%options); # Check which options to replace for the reader process if ( defined($options{'r'}) ) { $incmd = "cat $options{'r'}"; $filter_out = 1; } else { $incmd = "tcpdump -l -w -"; $filter_out = 0; if ( defined($options{'i'}) ) { $incmd .= " -i ".$options{'i'}; delete $options{'i'}; # remove -i option from option list } foreach $key (@ARGV) { $incmd .= " $key"; } } $outcmd = "tcpdump -r -"; # Rebuild arglist for the writer process delete $options{'r'}; # remove -r option from option list foreach $key (keys %options) { if ((index "adeflnNOpqRStuvxX",$key) >= 0 ) { $outcmd .= " -$key"; } else { $outcmd .= " -$key $options{$key}"; } if ( $filter_out == 1 ) { foreach $key (@ARGV) { $outcmd .= " $key"; } } } open READER,"$incmd|" or die "Cannot spawn reader command $incmd"; open WRITER,"|$outcmd" or die "Cannot spawn writer command $outcmd"; sysread READER,$filehdr,24 or die "Cannot read file header"; ($magic,$version_major,$version_minor,$thiszone,$sigfigs,$snaplen,$linktype) = unpack("ISSIIII",$filehdr); $snaplen += 14; $filehdr = pack ("ISSIIII",($magic,$version_major,$version_minor,$thiszone,$sigfigs,$snaplen,$linktype)); syswrite WRITER,$filehdr,24; $etherheaderip6 = pack ("IIIS",(0,0,0,0x8dd)); $etherheaderip4 = pack ("IIIS",(0,0,0,0x800)); while ( 1 ) { $hdrd = 0; do {$hdrd += sysread READER, $pkthdr, 16-$hdrd, $hdrd; } while ($hdrd < 16); ($seconds,$usecs,$caplen,$len) = unpack ("IIII",$pkthdr); $hdrd = 0; do {$hdrd += sysread READER, $packet,$caplen-$hdrd, $hdrd; } while ($hdrd < $caplen); $paktype = unpack("C",$packet); if ( $paktype & 0xf0 == 0x60 ) { $caplen += 14; $len += 14; $header = $etehrheaderip6; } elsif ($paktype >= 0x45 && $paktype <= 0x4f ) { $caplen += 14; $len += 14; $header = $etherheaderip4; } else { $header = ""; } $pkthdr = pack ("IIII",($seconds,$usecs,$caplen,$len)); syswrite WRITER,"$pkthdr$header$packet",16+$caplen; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
