Re: [tcpdump-workers] tok2str() patch
I've had problem replying to the list, so this is just a test.
BTW. tok2str() is still vulnerable.
- Original Message -
From: "Gisle Vanem" <[EMAIL PROTECTED]>
To: "tcpdump-workers" <[EMAIL PROTECTED]>
Sent: Wednesday, March 24, 2004 9:26 PM
Subject: [tcpdump-workers] tok2str() patch
> tok2str() is in several files used multiple times in the same
> printf() statement. This doesn't work if all values 'v' are unknown.
> I suggest we allow for max 4 buffer to be returned in a round-robin
> fashion.
>
> --- tcpdump-2004.03.24/util.c Mon Dec 29 12:07:17 2003
> +++ util.c Wed Mar 24 20:22:23 2004
> @@ -212,7 +212,9 @@
> tok2str(register const struct tok *lp, register const char *fmt,
> register int v)
> {
> - static char buf[128];
> + static char buf[4][128];
> + static int idx = 0;
> + char *ret;
>
> while (lp->s != NULL) {
> if (lp->v == v)
> @@ -221,8 +223,10 @@
> }
> if (fmt == NULL)
> fmt = "#%d";
> - (void)snprintf(buf, sizeof(buf), fmt, v);
> - return (buf);
> + ret = buf[idx];
> + (void)snprintf(ret, sizeof(buf[0]), fmt, v);
> + idx = (idx+1) & 3;
> + return (const char*) ret;
> }
>
> --gv
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] savefile.c patch
I feel it's high time we cleanup some of the sources. I'd start
with savefile.c. Currently it doesn't work for offline data from stdin.
--gv
--- libpcap-2004.05.20/savefile.c Tue Mar 23 21:18:08 2004
+++ savefile.c Wed Mar 24 16:29:06 2004
@@ -52,6 +52,12 @@
#define TCPDUMP_MAGIC 0xa1b2c3d4
#define PATCHED_TCPDUMP_MAGIC 0xa1b2cd34
+#if defined(WIN32) || defined(MSDOS)
+#define SETMODE(file,mode) setmode(file,mode)
+#else
+#define SETMODE(file,mode) ((void)0)
+#endif
+
/*
* We use the "receiver-makes-right" approach to byte order,
* because time is at a premium when we are writing the file.
@@ -587,6 +593,7 @@
{
if (p->sf.rfile != stdin)
(void)fclose(p->sf.rfile);
+ elseSETMODE (fileno(stdin),O_TEXT);
if (p->sf.base != NULL)
free(p->sf.base);
}
@@ -607,15 +614,12 @@
}
memset((char *)p, 0, sizeof(*p));
-
- if (fname[0] == '-' && fname[1] == '\0')
+ if (fname[0] == '-' && fname[1] == '\0') {
fp = stdin;
+ SETMODE(fileno(fp), O_BINARY);
+ }
else {
-#ifndef WIN32
- fp = fopen(fname, "r");
-#else
fp = fopen(fname, "rb");
-#endif
if (fp == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname,
pcap_strerror(errno));
@@ -726,13 +730,15 @@
break;
}
-#ifndef WIN32
+#if !defined(WIN32) && !defined(MSDOS)
/*
* You can do "select()" and "poll()" on plain files on most
* platforms, and should be able to do so on pipes.
*
* You can't do "select()" on anything other than sockets in
* Windows, so, on Win32 systems, we don't have "selectable_fd".
+* But one could use 'WaitForSingleObject()' on HANDLE obtained
+* from '_get_osfhandle(p->selectable_fd)'.
*/
p->selectable_fd = fileno(fp);
#endif
@@ -748,8 +754,10 @@
return (p);
bad:
- if(fp)
+ if(fp && fp != stdin)
fclose(fp);
+ if (fp == stdin)
+ SETMODE (fileno(stdin),O_TEXT);
free(p);
return (NULL);
}
@@ -973,6 +981,7 @@
pcap_dump_open(pcap_t *p, const char *fname)
{
FILE *f;
+ pcap_dumper_t *pd;
int linktype;
linktype = dlt_to_linktype(p->linktype);
@@ -985,26 +994,23 @@
if (fname[0] == '-' && fname[1] == '\0') {
f = stdout;
-#ifdef WIN32
- _setmode(_fileno(f), _O_BINARY);
-#endif
+ SETMODE(fileno(f), O_BINARY);
} else {
-#ifndef WIN32
- f = fopen(fname, "w");
-#else
f = fopen(fname, "wb");
-#endif
- if (f == NULL) {
+ setbuf(f, NULL);/* XXX - why? */
+ }
+
+ pd = (pcap_dumper_t*)f;
+
+ if (!pd || sf_write_header(f, linktype, p->tzoff, p->snapshot) < 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s",
fname, pcap_strerror(errno));
- return (NULL);
+ if (pd)
+ pcap_dump_close(pd);
+ pd = NULL;
+ f = NULL;
}
-#ifdef WIN32
- setbuf(f, NULL);/* XXX - why? */
-#endif
- }
- (void)sf_write_header(f, linktype, p->tzoff, p->snapshot);
- return ((pcap_dumper_t *)f);
+ return (pd);
}
FILE *
@@ -1026,11 +1032,15 @@
void
pcap_dump_close(pcap_dumper_t *p)
{
+ FILE *fil = (FILE*)p;
#ifdef notyet
- if (ferror((FILE *)p))
+ if (ferror(fil))
return-an-error;
/* XXX should check return from fclose() too */
#endif
- (void)fclose((FILE *)p);
+ if (fil == stdin || fil == stdout)
+ SETMODE (fileno(fil),O_TEXT);
+ else
+ fclose (fil);
}
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] savefile.c patch
"Guy Harris" <[EMAIL PROTECTED]> said:
> Also, is "setmode()" sufficient with all the compilers that could be
> used to compile libpcap/WinPcap on Windows (MSVC++, MinGW, etc.), or is
> "_setmode()" needed with some compilers? (The code currently uses
> "_setmode()".)
MSVC/MingW/CygWin have both, Watcom has only setmode().
_setmode() is just the same ('_' prefixed since it's non-ANSI I assume).
> > -#ifndef WIN32
> > - fp = fopen(fname, "r");
> > -#else
> > fp = fopen(fname, "rb");
> > -#endif
>
> Presumably there are no interesting UN*X platforms left that wouldn't
> ignore the "b" (Ethereal's library for reading capture files
> unconditionally uses "rb"), so that should be OK.
Think that's safe to assume.
> > - if (f == NULL) {
> > + setbuf(f, NULL); /* XXX - why? */
> > + }
>
> I'm not sure why we're setting the output unbuffered on Windows; even
> if there's a legitimate reason to do so, I don't see any reason to do
> so on UN*X - we really don't want to have the standard I/O library
> routines make a separate "write()" call for every "fwrite()" etc. call
> to the file.
I wasn't sure why either. Maybe reducing the chance of a file with
truncated packets. I just moved setbuf() further up.
--gv
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] savefile.c patch
"Guy Harris" <[EMAIL PROTECTED]> said: > Also, should we save the mode returned by "setmode()" and restore it > when we close a "pcap_t" or "pcap_dumper_t" that refers to the standard > input or output? Since pcap_dump_close() doesn't have a pcap_t argument, where should the oldmode come from? Can we have two module globals; oldmode_stdin, oldmode_stdout, assuming stdin/stdout won't be opened for capture more than once? Ideally it should be "pcap_dump_flush(pcap_t *p)", but too late to change that now. --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] savefile.c patch
> Since pcap_dump_close() doesn't have a pcap_t argument, where should
> the oldmode come from? Can we have two module globals; oldmode_stdin,
> oldmode_stdout, assuming stdin/stdout won't be opened for capture more
> than once?
I've added a 'long filemode' to 'struct pcap' (long since O_BINARY is 0x8000
on some targets and 16-bit DOS/Win is still used, *not*). Also some heuristics
for restoring the mode in pcap_dump_close(). Updated patch attached.
--gv--- libpcap-2004.05.20/pcap-int.h Wed Apr 07 20:41:00 2004
+++ pcap-int.h Thu May 27 16:51:35 2004
@@ -111,6 +111,7 @@
int offset; /* offset for proper alignment */
int break_loop; /* flag set to force break from packet-reading loop */
+ long filemode; /* previous translation mode for stdin/stdout */
struct pcap_sf sf;
struct pcap_md md;
--- libpcap-2004.05.20/savefile.c Tue Mar 23 21:18:08 2004
+++ savefile.c Thu May 27 17:04:24 2004
@@ -52,6 +52,12 @@
#define TCPDUMP_MAGIC 0xa1b2c3d4
#define PATCHED_TCPDUMP_MAGIC 0xa1b2cd34
+#if defined(WIN32) || defined(MSDOS)
+#define SETMODE(file,mode) setmode(file,mode)
+#else
+#define SETMODE(file,mode) (-1)
+#endif
+
/*
* We use the "receiver-makes-right" approach to byte order,
* because time is at a premium when we are writing the file.
@@ -515,6 +521,20 @@
return linktype;
}
+/*
+ * Close dump/save-file or restore old translation mode of stdin/stdout.
+ */
+static int
+file_close(FILE *fil, long filemode)
+{
+ if (fil != stdin && fil != stdout)
+ return fclose (fil);
+
+ (void) SETMODE (fileno(fil), filemode > -1L ? filemode : O_TEXT);
+ return (0);
+}
+
+
static int
sf_write_header(FILE *fp, int linktype, int thiszone, int snaplen)
{
@@ -585,8 +605,7 @@
static void
sf_close(pcap_t *p)
{
- if (p->sf.rfile != stdin)
- (void)fclose(p->sf.rfile);
+ file_close(p->sf.rfile, p->filemode);
if (p->sf.base != NULL)
free(p->sf.base);
}
@@ -602,20 +621,18 @@
p = (pcap_t *)malloc(sizeof(*p));
if (p == NULL) {
- strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
+ strlcpy(errbuf, "out of memory", PCAP_ERRBUF_SIZE);
return (NULL);
}
memset((char *)p, 0, sizeof(*p));
-
- if (fname[0] == '-' && fname[1] == '\0')
+ if (fname[0] == '-' && fname[1] == '\0') {
fp = stdin;
+ p->filemode = SETMODE(fileno(fp), O_BINARY);
+ }
else {
-#ifndef WIN32
- fp = fopen(fname, "r");
-#else
+ p->filemode = -1L; /* Always binary, but we don't need this */
fp = fopen(fname, "rb");
-#endif
if (fp == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname,
pcap_strerror(errno));
@@ -726,13 +743,15 @@
break;
}
-#ifndef WIN32
+#if !defined(WIN32) && !defined(MSDOS)
/*
* You can do "select()" and "poll()" on plain files on most
* platforms, and should be able to do so on pipes.
*
* You can't do "select()" on anything other than sockets in
* Windows, so, on Win32 systems, we don't have "selectable_fd".
+* But one could use 'WaitForSingleObject()' on HANDLE obtained
+* from '_get_osfhandle(p->selectable_fd)'.
*/
p->selectable_fd = fileno(fp);
#endif
@@ -749,7 +768,7 @@
return (p);
bad:
if(fp)
- fclose(fp);
+ file_close(fp, p->filemode);
free(p);
return (NULL);
}
@@ -985,26 +1004,22 @@
if (fname[0] == '-' && fname[1] == '\0') {
f = stdout;
-#ifdef WIN32
- _setmode(_fileno(f), _O_BINARY);
-#endif
+ p->filemode = SETMODE(fileno(f), O_BINARY);
} else {
-#ifndef WIN32
- f = fopen(fname, "w");
-#else
+ p->filemode = -1L;
f = fopen(fname, "wb");
-#endif
- if (f == NULL) {
+ /* setbuf(f, NULL); */ /* XXX - why? */
+ }
+
+ if (!f || sf_write_header(f, linktype, p->tzoff, p->snapshot) < 0) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s",
fname, pcap_strerror(errno));
- return (NULL);
- }
-#ifdef WIN32
- setbuf(f, NULL);/* XXX - why? */
-#endif
+ if (f)
+ file_close(f, p->filemode);
+ p->filemode = -1L;
+ f = NULL;
}
- (void)sf_write_header(f, linktype, p->tzoff, p->snapshot);
- return ((pcap_dumper_t *)f);
+ return (pcap_dumper_t*)f;
}
FILE *
@@ -1026,11 +1041,13 @@
void
pcap_dump_close(pcap_dumper_t *p)
{
+ FILE *fil = (FILE*)p;
#ifdef notyet
- if (ferror((FILE *)p))
+ if (ferror(fil))
[tcpdump-workers] Nightly tar-balls
http://www.tcpdump.org/daily/tcpdump-current.tar.gz of a few minutes ago contains files from 22 July. i.e. the direcory prefix is "tcpdump-2004.07.22". Isn't the current file built by a cron job irrespective of any files having been changed or not? Or has crond gone down or taken summer-holiday ? Gisle V. # rm /bin/laden /bin/laden: Not found - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Watcom/Digital Mars patches
I've compiled tcpdump okay with these compilers and some
small changes.
Digital Mars doesn't allow conversion between unsigned
and signed without a cast. So this is needed:
--- tcpdump-2004.11.02/print-802_11.c Thu Sep 23 23:57:25 2004
+++ ./print-802_11.c Fri Oct 29 14:48:11 2004
@@ -964,7 +964,7 @@
rc = cpack_uint8(s, &u.u8);
break;
case IEEE80211_RADIOTAP_DBM_TX_POWER:
- rc = cpack_uint8(s, &u.i8);
+ rc = cpack_int8(s, &u.i8);
break;
case IEEE80211_RADIOTAP_TSFT:
rc = cpack_uint64(s, &u.u64);
Watcom doesn't have sys/time.h and I can't see why it's
needed (it's already in tcpdump-stdinc.h).
--- tcpdump-2004.11.02/netdissect.h Thu Jul 22 00:00:10 2004
+++ ./netdissect.h Tue Nov 02 17:35:46 2004
@@ -31,7 +31,6 @@
#include "os-proto.h"
#endif
#include
-#include
#ifndef HAVE___ATTRIBUTE__
#define __attribute__(x)
Alternatively add HAVE_SYS_TIME_H and update autoconf.
Some other items:
--- tcpdump-2004.11.02/print-isakmp.c Thu Mar 25 05:31:05 2004
+++ ./print-isakmp.c Fri Oct 29 14:52:28 2004
@@ -1201,7 +1201,7 @@
* XXX - what if item_len is too short, or too long,
* for this payload type?
*/
- cp = (*NPFUNC(np))(ext, item_len, ep, phase, doi, proto, depth);
+ cp = (*npfunc[np])(ext, item_len, ep, phase, doi, proto, depth);
} else {
printf("%s", NPSTR(np));
cp += item_len;
--- tcpdump-2004.11.02/print-snmp.c Tue Mar 23 08:59:15 2004
+++ ./print-snmp.c Wed Mar 24 18:05:11 2004
@@ -77,6 +77,8 @@
#include "interface.h"
#include "addrtoname.h"
+#undef OPAQUE /* defined in */
+
/*
* Universal ASN.1 types
* (we only care about the tag values for those allowed in the Internet SMI)
@@ -949,6 +951,8 @@
case SMI_BASETYPE_UNKNOWN:
ok = 1;
break;
+default:
+ ok = 0;
}
return ok;
--gv
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Patches for MingW etc.
Some of the ifdefs for MingW/MSVC are completely unnecessary.
There should be no need for _errno() etc in the sources. Looks like
tcpdump was patched to suite a very old MingW. MingW also have
getnameinfo().
I've also added:
IPv6 capability to inet_pton.c. Courtesy of Paul Vixie.
inline ntohl() / ntohs() functions for gcc/i386.
use correct program_name in Win32/src/getopt.c.
some hacks for importing eproto_db[].
Patch attached.
--gv
diff -u3 -Hb -r tcpdump-2004.12.28\addrtoname.c .\addrtoname.c
--- tcpdump-2004.12.28\addrtoname.c Mon Dec 13 04:55:37 2004
+++ .\addrtoname.c Tue Dec 28 15:18:35 2004
@@ -103,10 +103,6 @@
memset(&addr6, 0, sizeof(addr6));
addr6.sin6_family = AF_INET6;
memcpy(&addr6.sin6_addr, addr, len);
-#ifdef __MINGW32__
- /* MinGW doesn't provide getnameinfo */
- return NULL;
-#else
if (getnameinfo((struct sockaddr *)&addr6, sizeof(addr6),
hname, sizeof(hname), NULL, 0, 0)) {
return NULL;
@@ -114,14 +110,13 @@
strcpy(host.h_name, hname);
return &host;
}
-#endif /* __MINGW32__ */
break;
default:
return NULL;
}
}
#define gethostbyaddr win32_gethostbyaddr
-#endif /* INET6 & WIN32*/
+#endif /* INET6 & WIN32 */
#ifdef INET6
struct h6namemem {
@@ -703,13 +698,14 @@
endservent();
}
-/*XXX from libbpfc.a */
-#ifndef WIN32
-extern struct eproto {
+/* in libpcap.a (nametoaddr.c) */
+#if defined(WIN32) && !defined(USE_STATIC_LIBPCAP)
+__declspec(dllimport)
#else
-__declspec( dllimport) struct eproto {
+extern
#endif
- char *s;
+const struct eproto {
+ const char *s;
u_short p;
} eproto_db[];
diff -u3 -Hb -r tcpdump-2004.12.28\missing\inet_ntop.c .\missing\inet_ntop.c
--- tcpdump-2004.12.28\missing\inet_ntop.c Sun Nov 16 08:36:50 2003
+++ .\missing\inet_ntop.c Sun Jan 18 14:49:41 2004
@@ -52,8 +52,12 @@
*
*/
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN16
+#ifndef IN6ADDRSZ
+#define IN6ADDRSZ 16 /* IPv6 T_ */
+#endif
+
+#ifndef INT16SZ
+#define INT16SZ 2/* word size */
#endif
static const char *
@@ -91,12 +95,123 @@
return orig_dst;
}
+#ifdef INET6
+/*
+ * Convert IPv6 binary address into presentation (printable) format.
+ */
+static const char *
+inet_ntop_v6 (const u_char *src, char *dst, size_t size)
+{
+ /*
+ * Note that int32_t and int16_t need only be "at least" large enough
+ * to contain a value of the specified size. On some systems, like
+ * Crays, there is no such thing as an integer variable with 16 bits.
+ * Keep this in mind if you think this function should have been coded
+ * to use pointer overlays. All the world's not a VAX.
+ */
+ char tmp [INET6_ADDRSTRLEN+1];
+ char *tp;
+ struct {
+long base;
+long len;
+ } best, cur;
+ u_long words [IN6ADDRSZ / INT16SZ];
+ inti;
+
+ /* Preprocess:
+ * Copy the input (bytewise) array into a wordwise array.
+ * Find the longest run of 0x00's in src[] for :: shorthanding.
+ */
+ memset (words, 0, sizeof(words));
+ for (i = 0; i < IN6ADDRSZ; i++)
+ words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
+
+ best.base = -1;
+ cur.base = -1;
+ for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
+ {
+if (words[i] == 0)
+{
+ if (cur.base == -1)
+ cur.base = i, cur.len = 1;
+ else cur.len++;
+}
+else if (cur.base != -1)
+{
+ if (best.base == -1 || cur.len > best.len)
+ best = cur;
+ cur.base = -1;
+}
+ }
+ if ((cur.base != -1) && (best.base == -1 || cur.len > best.len))
+ best = cur;
+ if (best.base != -1 && best.len < 2)
+ best.base = -1;
+
+ /* Format the result.
+ */
+ tp = tmp;
+ for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
+ {
+/* Are we inside the best run of 0x00's?
+ */
+if (best.base != -1 && i >= best.base && i < (best.base + best.len))
+{
+ if (i == best.base)
+ *tp++ = ':';
+ continue;
+}
+
+/* Are we following an initial run of 0x00s or any real hex?
+ */
+if (i != 0)
+ *tp++ = ':';
+
+/* Is this address an encapsulated IPv4?
+ */
+if (i == 6 && best.base == 0 &&
+(best.len == 6 || (best.len == 5 && words[5] == 0x)))
+{
+ if (!inet_ntop_v4(src+12, tp, sizeof(tmp) - (tp - tmp)))
+ {
+errno = ENOSPC;
+return (NULL);
+ }
+ tp += strlen(tp);
+ break;
+}
+tp += sprintf (tp, "%lX", words[i]);
+ }
+
+ /* Was it a trailing run of 0x00's?
+ */
+ if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
+ *tp++ = ':';
+ *tp++ = '\0';
+
+ /* Check for overflow, copy, and we're done.
+ */
+ if ((size_t)(tp - tmp) > size)
+ {
+errno = ENOSPC;
+return (NULL);
+ }
+ return strcpy (dst, tmp);
+ return (NULL);
+}
+#endif /* INET6 */
+
+
const ch
Re: [tcpdump-workers] Patches for MingW etc.
"Guy Harris" wrote:
Does anything other than tcpdump.c and util.c need ? If not,
then there's no need to include in tcpdump-stdinc.h - you can
just move the include of in tcpdump.c outside of the #ifndef
WIN32.
is needed in missing/get*info.c and missing/inet*.c too. And in
machdep.c for __osf_ (whatever that is). So you can remove it from
tcpdump-stdinc.h.
Similarly, does anything other than util.c need ? If not,
there's no need to include it in tcpdump-stdinc.h.
Agreed. New patch attached. Fixed some signed/unsigned and
truncation warnings in print-snmp.c/print-nfs.c too. Fixed the wrong
NTOHL() macro in previous diff (if you care to use it).
Btw. IMHO, it's ugly that netdissect.h/interface.h macro hides the
lvalue like this. Why not use std. ntohl()? So this from print-nfs.c:
len = *dp++;
NTOHL(len);
becomes:
len = ntohl (*dp++);
--gv
diff -u3 -Hb -r tcpdump-2005.01.04/machdep.c ./machdep.c
--- tcpdump-2005.01.04/machdep.cMon Dec 15 02:53:21 2003
+++ ./machdep.c Tue Jan 04 13:25:43 2005
@@ -43,6 +43,7 @@
#ifdef __osf__
#include
#include
+#include
#if !defined(HAVE_SNPRINTF)
int snprintf(char *, size_t, const char *, ...)
diff -u3 -Hb -r tcpdump-2005.01.04/missing/inet_ntop.c ./missing/inet_ntop.c
--- tcpdump-2005.01.04/missing/inet_ntop.c Sun Nov 16 08:36:50 2003
+++ ./missing/inet_ntop.c Sun Jan 18 14:49:41 2004
@@ -52,8 +52,12 @@
*
*/
-#ifndef INET_ADDRSTRLEN
-#define INET_ADDRSTRLEN16
+#ifndef IN6ADDRSZ
+#define IN6ADDRSZ 16 /* IPv6 T_ */
+#endif
+
+#ifndef INT16SZ
+#define INT16SZ 2/* word size */
#endif
static const char *
@@ -91,12 +95,123 @@
return orig_dst;
}
+#ifdef INET6
+/*
+ * Convert IPv6 binary address into presentation (printable) format.
+ */
+static const char *
+inet_ntop_v6 (const u_char *src, char *dst, size_t size)
+{
+ /*
+ * Note that int32_t and int16_t need only be "at least" large enough
+ * to contain a value of the specified size. On some systems, like
+ * Crays, there is no such thing as an integer variable with 16 bits.
+ * Keep this in mind if you think this function should have been coded
+ * to use pointer overlays. All the world's not a VAX.
+ */
+ char tmp [INET6_ADDRSTRLEN+1];
+ char *tp;
+ struct {
+long base;
+long len;
+ } best, cur;
+ u_long words [IN6ADDRSZ / INT16SZ];
+ inti;
+
+ /* Preprocess:
+ * Copy the input (bytewise) array into a wordwise array.
+ * Find the longest run of 0x00's in src[] for :: shorthanding.
+ */
+ memset (words, 0, sizeof(words));
+ for (i = 0; i < IN6ADDRSZ; i++)
+ words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
+
+ best.base = -1;
+ cur.base = -1;
+ for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
+ {
+if (words[i] == 0)
+{
+ if (cur.base == -1)
+ cur.base = i, cur.len = 1;
+ else cur.len++;
+}
+else if (cur.base != -1)
+{
+ if (best.base == -1 || cur.len > best.len)
+ best = cur;
+ cur.base = -1;
+}
+ }
+ if ((cur.base != -1) && (best.base == -1 || cur.len > best.len))
+ best = cur;
+ if (best.base != -1 && best.len < 2)
+ best.base = -1;
+
+ /* Format the result.
+ */
+ tp = tmp;
+ for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++)
+ {
+/* Are we inside the best run of 0x00's?
+ */
+if (best.base != -1 && i >= best.base && i < (best.base + best.len))
+{
+ if (i == best.base)
+ *tp++ = ':';
+ continue;
+}
+
+/* Are we following an initial run of 0x00s or any real hex?
+ */
+if (i != 0)
+ *tp++ = ':';
+
+/* Is this address an encapsulated IPv4?
+ */
+if (i == 6 && best.base == 0 &&
+(best.len == 6 || (best.len == 5 && words[5] == 0x)))
+{
+ if (!inet_ntop_v4(src+12, tp, sizeof(tmp) - (tp - tmp)))
+ {
+errno = ENOSPC;
+return (NULL);
+ }
+ tp += strlen(tp);
+ break;
+}
+tp += sprintf (tp, "%lX", words[i]);
+ }
+
+ /* Was it a trailing run of 0x00's?
+ */
+ if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))
+ *tp++ = ':';
+ *tp++ = '\0';
+
+ /* Check for overflow, copy, and we're done.
+ */
+ if ((size_t)(tp - tmp) > size)
+ {
+errno = ENOSPC;
+return (NULL);
+ }
+ return strcpy (dst, tmp);
+ return (NULL);
+}
+#endif /* INET6 */
+
+
const char *
inet_ntop(int af, const void *src, char *dst, size_t size)
{
switch (af) {
case AF_INET :
return inet_ntop_v4 (src, dst, size);
+#ifdef INET6
+case AF_INET6:
+ return inet_ntop_v6 ((const u_char*)src, dst, size);
+#endif
default :
errno = EAFNOSUPPORT;
return NULL;
diff -u3 -Hb -r tcpdump-2005.01.04/print-nfs.c ./print-nfs.c
--- tcpdump-2005.01.04/print-nfs.c Sun Dec 26 23:41:31 2004
+++ ./print-nfs.c Tue Jan 04 13:37:30 2005
@@ -177,7 +177,7 @@
res = EXTRACT_64BITS((u_int8_t *)dp);
switch (how) {
case SIGNED:
- printf("%" PRId64, res);
Re: [tcpdump-workers] Patches for MingW etc.
"Guy Harris" wrote: Are there any OSes where ntohl() and ntohs() are defined as assembler macros on x86? If so, we might not want to override those definitions, if either 1) the OS is 486-and-later-only and uses the 32-bit byte-swapping instruction for ntohl() My version (ripped from Linux) should work for all 386 based OS'es. On Windows ntohl() etc. are in wsock32.dll. So maybe the inliners should be limited to gcc on Windows? Probably not important since these functions are used in so few places. Your call. --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] gettimeofday() on Win32
The recent (?) -G option requires gettimeofday() which isn't available
on Win32. Attached is a patch to util.c which adds this function.
--gv
--- tcpdump-2005.12.03/util.c Thu Jun 16 00:19:38 2005
+++ util.c Sat Dec 03 17:01:05 2005
@@ -526,3 +526,44 @@
else
printf("\\%03o", ch);
}
+
+#ifdef WIN32
+/*
+ * Number of micro-seconds between the beginning of the Windows epoch
+ * (Jan. 1, 1601) and the Unix epoch (Jan. 1, 1970).
+ *
+ * This assumes all Win32 compilers have 64-bit support.
+ */
+#if defined(_MSC_VER) || defined(_MSC_EXTENSIONS) || defined(__WATCOMC__)
+ #define DELTA_EPOCH_IN_USEC 116444736Ui64
+#else
+ #define DELTA_EPOCH_IN_USEC 116444736ULL
+#endif
+
+static u_int64_t filetime_to_unix_epoch (const FILETIME *ft)
+{
+ u_int64_t res = (u_int64_t) ft->dwHighDateTime << 32;
+
+ res |= ft->dwLowDateTime;
+ res /= 10; /* from 100 nano-sec periods to usec */
+ res -= DELTA_EPOCH_IN_USEC; /* from Win epoch to Unix epoch */
+ return (res);
+}
+
+int gettimeofday (struct timeval *tv, void *tz _U_)
+{
+ FILETIME ft;
+ u_int64_t tim;
+
+ if (!tv) {
+ errno = EINVAL;
+ return (-1);
+ }
+ GetSystemTimeAsFileTime (&ft);
+ tim = filetime_to_unix_epoch (&ft);
+ tv->tv_sec = (long) (tim / 100L);
+ tv->tv_usec = (long) (tim % 100L);
+ return (0);
+}
+#endif
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [patch] print-dccp.c, dccp.h
The print-dccp.c file is rather gcc centric in the way it uses declarations
after code statements. E.g.:
TCHECK2(*dh_ack,8);
u_int32_t ack_low = dh_ack->dccph_ack_nr_low;
Which doesn't work in MSVC7.
The attached patch also removes the dccp_hdr_data() function.
It's not used and besides writing 'struct X* X(...)' is not legal in MSVC
AFAICS.
--gv
--- tcpdump-2005.12.03/dccp.h Tue Sep 20 05:25:19 2005
+++ dccp.h Sat Dec 03 17:29:23 2005
@@ -86,12 +86,14 @@
u_int32_t dccph_resp_service;
};
+#if 0
static inline struct dccp_hdr_data *dccp_hdr_data(struct dccp_hdr *hdrg)
{
const int ext = DCCPH_X(hdrg) ? sizeof(struct dccp_hdr_ext) : 0;
return (struct dccp_hdr_data *)(((u_char *)hdrg) + sizeof(hdrg) + ext);
}
+#endif
/**
* struct dccp_hdr_reset - Unconditionally shut down a connection
--- tcpdump-2005.12.03/print-dccp.c Tue Nov 08 01:48:14 2005
+++ print-dccp.cSat Dec 03 17:49:46 2005
@@ -165,14 +165,18 @@
const struct dccp_hdr *dh = (const struct dccp_hdr *)bp;
const struct dccp_hdr_ack_bits *dh_ack =
(struct dccp_hdr_ack_bits *)(bp + dccp_basic_hdr_len(dh));
+ u_int32_t ack_high;
+ u_int64_t ackno;
TCHECK2(*dh_ack,4);
- u_int32_t ack_high = DCCPH_ACK(dh_ack);
- u_int64_t ackno = EXTRACT_24BITS(&ack_high) & 0xFF;
+ ack_high = DCCPH_ACK(dh_ack);
+ ackno = EXTRACT_24BITS(&ack_high) & 0xFF;
if (DCCPH_X(dh) != 0) {
+ u_int32_t ack_low;
+
TCHECK2(*dh_ack,8);
- u_int32_t ack_low = dh_ack->dccph_ack_nr_low;
+ ack_low = dh_ack->dccph_ack_nr_low;
ackno &= 0x00; /* clear reserved field */
ackno = (ackno << 32) + EXTRACT_32BITS(&ack_low);
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Missing af.h
This file is needed by print-bgp.c, print-ldp.c and print-rip.c, but missing from the tar-ball. Should it be generated by configure? And the FILES list af.c as well. That's missing too. BTW. addrtoname.c on Win32 is missing ETHER_ADDR_LEN. A fix: --- tcpdump-2006.02.25\addrtoname.c Sat Feb 11 21:11:40 2006 +++ addrtoname.cSat Feb 25 17:26:17 2006 @@ -68,6 +68,10 @@ #include "extract.h" #include "oui.h" +#ifndef ETHER_ADDR_LEN +#include "ether.h" +#endif + /* * hash tables for whatever-to-name translations * --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Missing af.h
"Guy Harris" <[EMAIL PROTECTED]> wrote: No - it, and af.c, should probably be generated from the stuff removed from print-bgp.c. I've checked in versions of af.c and af.h generated that way. netdissect.h isn't atomic; it needs ahead of it (from tcpdump-stdinc.h). Hence: --- tcpdump-2006.02.26\af.c Sat Feb 25 19:42:32 2006 +++ af.cSun Feb 26 16:18:00 2006 @@ -32,6 +32,8 @@ "@(#) $Header: /tcpdump/master/tcpdump/af.c,v 1.1 2006/02/25 20:42:32 guy Exp $ (LBL)"; #endif +#include + #include "netdissect.h" #include "af.h" --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] tcpdump-current.tar.gz
FYI, trying "wget -S http://www.tcpdump.org/daily/tcpdump-current.tar.gz"; gives HTTP/1.1 200 OK Date: Mon, 15 May 2006 17:30:13 GMT Server: Apache/2.0.54 (Debian GNU/Linux) Last-Modified: Mon, 15 May 2006 05:04:03 GMT ETag: "3f06-0-9d7836c0" Accept-Ranges: bytes Content-Length: 0 ... Hope this gets fixed. --gv - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Unknown values
The recent pcap-win32.c adds these link types: NdisMediumBare80211 NdisMediumRadio80211 Searching MS and Google came up blank on these. What values should these have? IMHO, something like this should be added to the top of pcap-win32.c: #ifndef NdisMediumBare80211 #define NdisMediumBare80211 10 #endif #ifndef NdisMediumRadio80211 #define NdisMediumRadio80211 11 #endif --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] typo in pcap.c
--- CVS-Latest/pcap.c Wed Oct 17 17:52:41 2007
+++ pcap.c Tue Nov 06 15:04:27 2007
@@ -789,7 +789,7 @@
int
pcap_setmintocopy(pcap_t *p, int size)
{
- return p->setintocopy_op(p, size);
+ return p->setmintocopy_op(p, size);
}
static int
--gv
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] pcap-dos.c
The recent change for pcap_activate() broke the DOS-port.
Here's a small fix:
--- pcap-dos.c.orig Mon Apr 14 19:40:58 2008
+++ pcap-doc.cThu Apr 17 15:33:00 2008
@@ -97,10 +97,10 @@
static struct device *handle_to_device [20];
-static void pcap_activate_dos (pcap_t *p);
+static int pcap_activate_dos (pcap_t *p);
static int pcap_read_dos (pcap_t *p, int cnt, pcap_handler callback,
u_char *data);
-static void pcap_close_dos (pcap_t *p);
+static void pcap_cleanup_dos (pcap_t *p);
static int pcap_stats_dos (pcap_t *p, struct pcap_stat *ps);
static int pcap_sendpacket_dos (pcap_t *p, const void *buf, size_t len);
static int pcap_setfilter_dos (pcap_t *p, struct bpf_program *fp);
@@ -152,6 +152,7 @@
return (NULL);
p->activate_op = pcap_activate_dos;
+ p->md.device = device;
return (p);
}
@@ -163,7 +164,7 @@
{
int err = 0;
- if (p->opt.rfmon) {
+ if (pcap->opt.rfmon) {
/*
* No monitor mode on DOS.
*/
@@ -201,7 +202,7 @@
"Cannot use different devices simultaneously "
"(`%s' vs. `%s')", active_dev->name, pcap->md.device);
free (pcap);
-err = PCAP_ERROR;
+err = PCAP_ERROR_ACTIVATED;
}
handle_to_device [pcap->fd-1] = active_dev;
return (err);
@@ -743,7 +744,7 @@
fprintf (stderr, "Catching signal %d.\n", sig);
}
exc_occured = 1;
- pcap_close_dos (NULL);
+ pcap_cleanup_dos (NULL);
}
#endif /* __DJGPP__ */
--gv
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
"Guy Harris" <[EMAIL PROTECTED]> wrote: @@ -201,7 +202,7 @@ "Cannot use different devices simultaneously " "(`%s' vs. `%s')", active_dev->name, pcap->md.device); free (pcap); -err = PCAP_ERROR; +err = PCAP_ERROR_ACTIVATED; PCAP_ERROR_ACTIVATED means you've called pcap_activate() on a pcap_t that's already had pcap_activate() called on it; this is a different case. Ok, but I reckoned PCAP_ERROR was too vague. I'm not sure what errorcode would cover this case. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
Two more details:
--- pcap-dos.c.orig Sat Apr 19 16:49:21 2008
+++ pcap-dos.cTue Apr 22 17:50:52 2008
@@ -1,6 +1,6 @@
/*
* This file is part of DOS-libpcap
- * Ported to DOS/DOSX by G. Vanem <[EMAIL PROTECTED]>
+ * Ported to DOS/DOSX by G. Vanem <[EMAIL PROTECTED]>
*
* pcap-dos.c: Interface to PKTDRVR, NDIS2 and 32-bit pmode
* network drivers.
@@ -996,7 +996,7 @@
* Application config hooks to set various driver parameters.
*/
-static struct config_table debug_tab[] = {
+static const struct config_table debug_tab[] = {
{ "PKT.DEBUG", ARG_ATOI, &pcap_pkt_debug},
{ "PKT.VECTOR", ARG_ATOX_W, NULL },
{ "NDIS.DEBUG", ARG_ATOI, NULL },
--- CREDITS.orig Fri Feb 08 00:34:49 2008
+++ CREDITS Tue Apr 22 18:06:13 2008
@@ -38,7 +38,7 @@
Fulko Hew
Gianluca Varenni
Gilbert Hoyek
- Gisle Vanem
+ Gisle Vanem
Graeme Hewson
Greg Stark
Greg Troxel
--gv
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] msdos/pktdrvr.c
* gnuc.c not needed.
* sys/pack*.h was renamed in a recent Watt-32 distro.
--- msdos/pktdrvr.c.orig Sat Dec 18 07:52:14 2004
+++ msdos/pktdrvr.c Wed Dec 13 15:55:00 2006
@@ -21,7 +21,6 @@
#include
#include
-#include "gnuc.h"
#include "pcap-dos.h"
#include "pcap-int.h"
#include "msdos/pktdrvr.h"
@@ -61,7 +60,7 @@
#if (DOSX & (DJGPP|DOS4GW))
- #include
+ #include
struct DPMI_regs {
DWORD r_di;
@@ -91,7 +90,7 @@
WORD _fanIndex;
BYTE _PktReceiver[15]; /* starts on a paragraph (16byte) */
} PktRealStub;
- #include
+ #include
static BYTE real_stub_array [] = {
#include "pkt_stub.inc" /* generated opcode array */
--gv
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] [Patch] pcap-dos.c
"Guy Harris" <[EMAIL PROTECTED]> wrote: So what *is* this case? The error message is "Cannot use different devices simultaneously"; does that mean that you can have multiple instances of the same device open at the same time, but you can't have instances of more than one device open at the same time? At least with a packet-driver (not tested other types) one can have 1 instances open at the same time. But I'm not sure it's important to be able to open 2 pcap-handles on DOS (since we have no threads etc). We could probably leave the error-code as-is. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] CVS access
What's up with the cvs access? I'm getting this error now: no such user tcpdump in CVSROOT/passwd when logging in with the command cvs -d :pserver:[EMAIL PROTECTED]:/tcpdump/master login --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] signature.c
bzero() and bcopy() are not universally available. But
memset() and memcpy() are AFAICS. Attached diffs-5.txt.
--gv
--- CVS-Latest/signature.c Sat Aug 16 10:36:20 2008
+++ signature.c Mon Sep 22 16:58:20 2008
@@ -83,10 +83,10 @@
*/
/* start out by storing key in pads */
-bzero(k_ipad, sizeof k_ipad);
-bzero(k_opad, sizeof k_opad);
-bcopy(key, k_ipad, key_len);
-bcopy(key, k_opad, key_len);
+memset(k_ipad, 0, sizeof k_ipad);
+memset(k_opad, 0, sizeof k_opad);
+memcpy(k_ipad, key, key_len);
+memcpy(k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i=0; i<64; i++) {
@@ -127,8 +127,8 @@
/*
* Save the signature before clearing it.
*/
-bcopy(sig_ptr, rcvsig, sizeof(rcvsig));
-bzero(sig_ptr, sizeof(rcvsig));
+memcpy(rcvsig, sig_ptr, sizeof(rcvsig));
+memset(sig_ptr, 0, sizeof(rcvsig));
if (!sigsecret) {
return (CANT_CHECK_SIGNATURE);
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] libpcap, pcap-stdinc.h
* Added header-guard. * Include IP6_misc.h unconditionally (why treat MingW specially?) --gv --- CVS-Latest/pcap-stdinc.h Mon Oct 06 14:27:32 2008 +++ pcap-stdinc.hThu Feb 12 21:25:34 2009 @@ -30,6 +30,8 @@ * * @(#) $Header: /tcpdump/master/libpcap/pcap-stdinc.h,v 1.11 2008-10-06 15:27:32 gianluca Exp $ (LBL) */ +#ifndef pcap_stdinc_h +#define pcap_stdinc_h #define SIZEOF_CHAR 1 #define SIZEOF_SHORT 2 @@ -54,9 +56,7 @@ #include #include -#ifndef __MINGW32__ #include "IP6_misc.h" -#endif #define caddr_t char* @@ -88,3 +88,4 @@ #endif #endif /*__MINGW32__*/ +#endif /* pcap_stdinc_h */ - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] libpcap, nametoaddr.c
* nametoaddr.c with DECNETLIB defined needs included. And which again needs . * Remove "IP6_misc.h" since it's already included in pcap-stdinc.h (ref. my patch to this file). --gv --- CVS-Latest/nametoaddr.cWed Feb 06 09:21:30 2008 +++ nametoaddr.c Mon Sep 22 16:04:13 2008 @@ -31,6 +31,11 @@ #include "config.h" #endif +#ifdef DECNETLIB +#include +#include +#endif + #ifdef WIN32 #include @@ -43,13 +48,6 @@ #include #endif /* WIN32 */ - -/* - * XXX - why was this included even on UNIX? - */ -#ifdef __MINGW32__ -#include "IP6_misc.h" -#endif #ifndef WIN32 #ifdef HAVE_ETHER_HOSTTON - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] help with packet tracer
"Tyler Littlefield" wrote: I rewrote my callback function to work a bit differently, but it's still giving me weird sizes. What do you mean exactly? in capt_h(): ip_hdr* ip=(ip_hdr*)(packet+sizeof(ether_hdr)); cout << "From: " << inet_ntoa(ip->ip_src) << "\t\t" << "to: " << inet_ntoa(ip->ip_dst) << ".\n"
Re: [tcpdump-workers] help with packet tracer
the size of the Ip works, but when I get the tcp packet, things don't work as planned--it gives invalid ports. I see: tcp = (tcp_hdr *) ((packet + sizeof (ether_hdr)) + ip_size); cout << "Source port: " << tcp->th_sport << "\t\tDestination port: " << tcp->th_dport << "." << endl; You forgot to use ntohs(). These are 16-bit on network order. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] [Patch] findalldevtest.c
A small patch to make this file compile on Windows: --- Git-latest/findalldevstest.c Tue Feb 17 16:55:35 2009 +++ findalldevstest.c Wed Feb 18 12:45:00 2009 @@ -4,10 +4,13 @@ #include #include + +#ifndef WIN32 #include #include #include #include +#endif #include -- --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Fwd: New datasource implementation
"Guy Harris" wrote: Send us a patch, submit it on SourceForge, or do whatever the shiny new Git magic is for that (Michael, how do people do that?). This is what I do (and what the sourceforge page [1] states). 1st time checkout: git clone git://bpf.tcpdump.org/libpcap Then "git fetch" to update. But using Sourceforge to commit patches and feature requests is not ideal IMHO (besides SF is so slow). Why not send patches to this list so reach a larger audience of critical readers? [1] http://www.tcpdump.org/#source --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Welcome to the "tcpdump-workers" mailing list
"Michael Richardson" wrote: I hope that things work okay. https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers uses a cacert.org certificate. visit www.cacert.org to load it into your browser. I can ping the host, but it doesn't reply at the TCP-level: nmap -sT -p443 209.87.252.184 Starting Nmap 6.02 ( http://nmap.org ) at 2012-08-07 13:14 CET Nmap scan report for tuna.sandelman.ca (209.87.252.184) Host is up. PORTSTATESERVICE 443/tcp filtered https Nmap done: 1 IP address (1 host up) scanned in 14.02 seconds Nothing to do with CERTs AFAICS. --gv - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
[tcpdump-workers] Duplicated dirs on Git-hub
It doesn't matter much for folks with case-insensitive file-systems, but the Git-repo contains these two directories: https://github.com/mcr/tcpdump/tree/master/win32 https://github.com/mcr/tcpdump/tree/master/Win32 Maybe the files under 'Win32' should be moved into 'win32'? PS. I'm trying to send this message again. My 1st attempt got trapped by tcpdump-workers-boun...@lists.tcpdump.org alltought I'm subscribed. Seems everybody here are put on moderation. Michael what's up? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Duplicated dirs on Git-hub
It doesn't matter much for folks with case-insensitive file-systems, but the Git-repo contains these two directories: https://github.com/mcr/tcpdump/tree/master/win32 https://github.com/mcr/tcpdump/tree/master/Win32 Maybe the files under 'Win32' should be moved into 'win32'? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-dhcp6.c
This file doesn't compile using MSVC v16 (from VC-Express 2010)
because it has variable definitions after statements ('<< problem X' below).
tcpdump should be in pure C, not C++ or gcc features. Right?
Patch:
--- Git-Latest\print-dhcp6.cThu Feb 28 16:10:44 2013
+++ print-dhcp6.c Mon Mar 04 13:25:40 2013
@@ -335,6 +335,8 @@
size_t optlen;
u_int8_t auth_proto;
u_int authinfolen, authrealmlen;
+ int remain_len; /* Length of remaining options */
+ int label_len; /* Label length */
if (cp == ep)
return;
@@ -723,10 +725,9 @@
break;
}
tp = (u_char *)(dh6o + 1);
- int remain_len = optlen; << !! problem 1
+ remain_len = optlen;
printf(" ");
/* Encoding is described in section 3.1 of RFC 1035 */
- int label_len; /* Label length */ << !! problem 2
while (remain_len && *tp) {
label_len = *tp++;
if (label_len < remain_len - 1) {
---
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] pcap-dos.c
This file has fallen behind since pcap_create() was put in
pcap.c long time ago (a more generic create-function). Hence:
--- Git-Latest\pcap-dos.c Wed Nov 28 23:41:44 2012
+++ pcap-dos.c Thu Nov 29 00:00:12 2012
@@ -143,7 +143,7 @@
return handle_to_device [fd-1];
}
-pcap_t *pcap_create (const char *device, char *ebuf)
+pcap_t *pcap_create_interface (const char *device, char *ebuf)
{
pcap_t *p;
@@ -211,7 +211,7 @@
pcap_read_one (pcap_t *p, pcap_handler callback, u_char *data)
{
struct pcap_pkthdr pcap;
- struct timeval now, expiry;
+ struct timeval now, expiry = { 0,0 };
BYTE *rx_buf;
intrx_len = 0;
@@ -287,7 +287,7 @@
return (1);
}
-/* If not to wait for a packet or pcap_close() called from
+/* If not to wait for a packet or pcap_cleanup_dos() called from
* e.g. SIGINT handler, exit loop now.
*/
if (p->md.timeout <= 0 || (volatile int)p->fd <= 0)
--
The change in the comment is just to make it clear it's not pcap_close()
that's called directly.
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] -W options to gcc
"Michael Richardson" wrote: If one wants to add -W options to the standard build, I'm wondering what the right autoconf magic is to enable such a thing. fxlb suggested: "-Wunused -Wunused-parameter" I compile using MingW (gcc 4.7.2) and normally I use -Wall -W. But this gives tons of warnings. Hence I use these to supress most of them: -Wno-unused-but-set-variable -Wno-unused-function -Wno-strict-aliasing This results in only these warnings: missing/inet_ntop.c: In function 'inet_ntop': missing/inet_ntop.c:146:44: warning: 'best.len' may be used uninitialized in this function [-Wmaybe-uninitialized] missing/inet_ntop.c:117:5: note: 'best.len' was declared here Must be one of the oldest file in tcpdump. From 2005. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] fad-win32.c
This is a similar patch to the change of pcap-dos.c:
https://github.com/mcr/libpcap/commit/73b5f0387199fbaa75130837b931faf770471640
I.e. the '_interfaces' suffix got lost in some other change to the puplic API.
(I don't know when). Since 'pcap_findalldevs()' is now a more generic version in
pcap.c, the platform-specific function is called 'pcap_findalldevs_interfaces()' in
fad-win32.c:
--- Git-Latest\fad-win32.c Wed Nov 28 23:41:44 2012
+++ fad-win32.c Wed Mar 27 16:14:02 2013
@@ -216,13 +216,13 @@
* Win32 implementation, based on WinPcap
*/
int
-pcap_findalldevs(pcap_if_t **alldevsp, char *errbuf)
+pcap_findalldevs_interfaces(pcap_if_t **alldevsp, char *errbuf)
{
pcap_if_t *devlist = NULL;
int ret = 0;
const char *desc;
char *AdaptersName;
- ULONG NameLength;
+ ULONG NameLength = 0;
char *name;
if (!PacketGetAdapterNames(NULL, &NameLength))
-
'NameLength = 0' is just in case 'PacketGetAdapterNames()' fails
w/o setting '*NameLength == 0'. It really could do that; ref. Packet32.c
in WinPcap.
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] fad-win32.c
"Guy Harris" wrote:
'NameLength = 0' is just in case 'PacketGetAdapterNames()' fails
w/o setting '*NameLength == 0'. It really could do that; ref. Packet32.c in
WinPcap.
Really? I don't see that. (The first call should *always* "fail", in the sense of
returning FALSE; if the cause of the "failure" is that the buffer pointer argument
is NULL, not that it couldn't get the interface list, it should set NameLength
to the size of the buffer it needs.)
What is the oldest version of WinPcap we should support in
libpcap? Here are the lines in question from an old version of
\Packet9x\DLL\Packet32.c:
BOOLEAN PacketGetAdapterNames (PTSTR pStr,
PULONG BufferSize)
{
ULONG Result,i;
LONG Status;
...
PPACKET_OID_DATA OidData;
...
OidData=GlobalAllocPtr(GMEM_MOVEABLE | GMEM_ZEROINIT,256);
if (OidData == NULL)
{
return FALSE;
}
(dated 8 July 2006 here).
Clearly it could return FALSE w/o touching '*BufferSize'. The
GlobalAllocPtr() is the 1st code in this function. Hence the precaution
in fad-win32.c. Allthough no sane person should be using Win9x anymore,
there could be an old version of PacketNtx\Dll\Packet32.c with the same
lines.
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Use of critical section on Win32
I really don't understand the motivation behind the Win32-code
for pcap_compile(). In gencode.c:
int
pcap_compile(pcap_t *p, struct bpf_program *program,
const char *buf, int optimize, bpf_u_int32 mask)
{
int result;
EnterCriticalSection(&g_PcapCompileCriticalSection);
result = pcap_compile_unsafe(p, program, buf, optimize, mask);
LeaveCriticalSection(&g_PcapCompileCriticalSection);
return result;
}
--
Why doesn't other libpcap functions needs this critical-section protection
too?
And how about the case when DllMain() hasn't been called (because libpcap
is used as a static lib) and someone calls e.g. pcap_compile(). Then this
'g_PcapCompileCriticalSection' struct is left un-initialised and the program
will crash.
Can we maybe sprinkle calls to 'wsockinit()' where needed and let 'wsockinit()'
do it's task only once? I could make the needed patches if we agree on this.
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Adding support for ETSI GeoNetworking networkand BTP transport protocol
"Denis Ovsienko" wrote:
is anybody else willing to review this pull request?
https://github.com/the-tcpdump-group/tcpdump/pull/324
I just did a build with MSVC after a new checkout of
https://github.com/the-tcpdump-group/tcpdump.git
It didn't work out-of-the box because my MSVC (v16 from Visual C
Express 2010) isn't a C99 compiler; you cannot have code ahead of
declarations. Hence these patches should be applied:
--- Git-Latest/print-calm-fast.c2013-07-03 09:24:42 +
+++ ./print-calm-fast.c 2013-07-03 09:53:37 +
@@ -42,13 +42,12 @@
void
calm_fast_print(netdissect_options *ndo, const u_char *eth, const u_char *bp,
u_int length)
{
- printf("CALM FAST src:%s; ", etheraddr_string(eth+6));
-
int srcNwref = bp[0];
int dstNwref = bp[1];
length -= 2;
bp += 2;
+ printf("CALM FAST src:%s; ", etheraddr_string(eth+6));
printf("SrcNwref:%d; ", srcNwref);
printf("DstNwref:%d; ", dstNwref);
--- Git-Latest/print-geonet.c 2013-07-03 09:24:42 +
+++ ./print-geonet.c2013-07-03 09:54:27 +
@@ -58,14 +58,18 @@
static void
print_btp_body(const u_char *bp, u_int length)
{
+ int version;
+ int msg_type;
+ const char *msg_type_str;
+
if (length <= 2) {
return;
}
// Assuming ItsDpuHeader
- int version = bp[0];
- int msg_type = bp[1];
- const char *msg_type_str = tok2str(msg_type_values, "unknown (%u)",
msg_type);
+ version = bp[0];
+ msg_type = bp[1];
+ msg_type_str = tok2str(msg_type_values, "unknown (%u)", msg_type);
printf("; ItsPduHeader v:%d t:%d-%s", version, msg_type, msg_type_str);
}
And must go on Windows:
--- Git-Latest/print-carp.c 2013-07-03 09:24:42 +
+++ ./print-carp.c 2011-12-22 19:56:22 +
@@ -44,7 +44,9 @@
#include
#include
+#ifndef WIN32
#include
+#endif
#include "interface.h"
#include "extract.h"
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Adding support for ETSI GeoNetworking networkand BTP transport protocol
"Denis Ovsienko" wrote: And must go on Windows: I addressed this in a little cleaner way. The changes are in the master branch now, could you check? Works fine with MSVC. I've added a comment on print-carp.c: https://github.com/the-tcpdump-group/tcpdump/commit/9a68bf303ada7a69d853eeefa09634a5a077e48e#commitcomment-3560517 --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-nfs.c
'int32_t' isn't 'int' for all targets. Some Windows targets have
it defined as 'signed int' in . So print-nfs.c
does not compile cleanly; conflicting definition of xid_map_find().
A fix:
--- Git-Latest/print-nfs.c 2013-07-03 09:24:42 +
+++ print-nfs.c 2013-07-04 07:39:33 +
@@ -981,7 +981,7 @@
* Returns 0 and puts NFSPROC_xxx in proc return and
* version in vers return, or returns -1 on failure
*/
-static int
+static int32_t
xid_map_find(const struct sunrpc_msg *rp, const u_char *bp, u_int32_t *proc,
u_int32_t *vers)
{
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] print-nfs.c
"Denis Ovsienko" wrote: 10.07.2013, 15:18, "Gisle Vanem" : 'int32_t' isn't 'int' for all targets. Some Windows targets have it defined as 'signed int' in . So print-nfs.c does not compile cleanly; conflicting definition of xid_map_find(). Should both declarations be just "int" then? That could be simpler, yes. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] 'private' in pcap-int.h
'struct pcap' has a member:
void *private; /* private data for methods */
Which doesn't work so well when including pcap-int.h
from a C++ program. The file looks to be meant for C++
because of:
#ifdef __cplusplus
extern "C" {
#endif
Can this be renamed to 'priv' or '_private' ?
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] capturing packets with identical MAC for source and destination
"Lentes, Bernd" wrote: I'd like to capture all packets which have the same MAC-address for sender and destination. But i don't know the MAC which is causing these messages. So i have to use an universal filter. I tried to use "tcpdump 'ether[8:6] = ether[14:6]'". Beginning with byte 8 is the destination MAC and beginning with byte 14 is the source MAC. And each MAC has the size of 6 bytes. But i got this message: "tcpdump: data size must be 1, 2, or 4". Is there a way to capture the desired 6 bytes ? I think you'll have to split up in 2 checks. 1 for 4 bytes and 1 for 2 bytes. Something like: tcpdump -d "(ether[8:4]=ether[14:4]) && (ether[12:2]=ether[18:2])" (000) ld [8] (001) st M[1] (002) ld [14] (003) tax (004) ld M[1] (005) jeq xjt 6jf 13 (006) ldh [12] (007) st M[4] (008) ldh [18] (009) tax (010) ld M[4] (011) jeq xjt 12 jf 13 (012) ret #65535 (013) ret #0 Looks like the pseudo-asm code is correct w/o knowing what 'tax' is. (Note; I had to use '&&' in my shell to escape the '&'). --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] RCS/CVS keywords ($Id$, $Header$, $OpenBSD$ etc)
Guy Harris alum.mit.edu> writes: > The tcpdump/libpcap RCS/CVS IDs serve no purpose now that > libpcap and tcpdump are kept in Git, as far as I can see. Then you (or someone else) can change the WIN32 version stuff: char WDversion[]="current-cvs.tcpdump.org"; #if !defined(HAVE_GENERATED_VERSION) char version[]="current-cvs.tcpdump.org"; #endif into something related to Git. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] print-rx.c time format
Building windump using MingW + gcc 4.7.2, I get:
print-rx.c: In function 'fs_print':
print-rx.c:929:4: warning: unknown conversion type character 'T' in format
[-Wformat]
print-rx.c:933:4: warning: unknown conversion type character 'T' in format
[-Wformat]
This comes from the macro DATEOUT():
strftime(str, 256, "%Y/%m/%d %T", tm); \
If I should trust what my 'man strftime' says:
%T or %X
is equivalent to %H:%M:%S.
we could show the time using this format instead (as print-ntp.c does).
IMHO. there should be an easy-access function in util.c for this.
Something like: const char *get_tm_str (time_t t);
But for now this patch makes gcc/MingW shutup:
--- Git-Latest/print-rx.c2014-01-14 17:51:07 +
+++ print-rx.c 2014-02-13 13:08:40 +
@@ -788,7 +788,7 @@
t = (time_t) EXTRACT_32BITS(bp); \
bp += sizeof(int32_t); \
tm = localtime(&t); \
- strftime(str, 256, "%Y/%m/%d %T", tm); \
+ strftime(str, 256, "%Y/%m/%d %H:%M:%S", tm); \
printf(" %s", str); \
}
-
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] [Patch] print-zeromq.c
The prototype and implementation of 'zmtp1_print_datagram()'
is slightly different; the prototype has a 'const u_int len' as the last
parameter. Whereas the implementation has no 'const'. Hence
I get a warning from MSVC. Hence:
diff -u3 Git-Latest/print-zeromq.c ./print-zeromq.c
--- Git-Latest/print-zeromq.c 2014-01-14 17:51:07 +
+++ ./print-zeromq.c2014-03-01 14:41:53 +
@@ -207,7 +207,7 @@
}
void
-zmtp1_print_datagram(const u_char *cp, const u_int len) {
+zmtp1_print_datagram(const u_char *cp, u_int len) {
const u_char *ep = MIN(snapend, cp + len);
cp = zmtp1_print_intermediate_part(cp, len);
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] [Patch] print-zeromq.c
"François-Xavier Le Bail" wrote: Is it not better to add const in the propotype ? Comparing to other print-function with a 'len' as last parameter, I think not. Looking through interface.h for *_print() functions, only these have a 'const u_int' as last arg: openflow_print, ahcp_print. IMHO, we should be consistent; a 'const u_int len' or simply a 'u_int len'. Some even have a 'register' modifier which seems odd. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] print-ahcp.c on MSVC
I'm sure my old MSVC v16 has a bit stupid C-preprocessor. At least when expanding this (line 153): ND_PRINT((ndo, "%s%s", sep, #ifdef INET6 ip6addr_string(cp) #else "(compiled w/o IPv6)" #endif /* INET6 */ into this (all on one line): (*ndo->ndo_printf)(ndo, "%s%s", sep, #ifdef 1 getname6((const u_char *) (cp)) #else "(compiled w/o IPv6)" #endif ); (verified by cl -E). Applying this patch fixes it though: --- Git-Latest/print-ahcp.c 2014-03-11 18:33:14 + +++ print-ahcp.c2014-03-11 19:29:41 + @@ -150,13 +150,12 @@ if (cp + 16 > ep) goto corrupt; ND_TCHECK2(*cp, 16); - ND_PRINT((ndo, "%s%s", sep, #ifdef INET6 - ip6addr_string(cp) + ND_PRINT((ndo, "%s%s", sep, ip6addr_string(cp))); #else - "(compiled w/o IPv6)" + ND_PRINT((ndo, "%s%s", sep, "(compiled w/o IPv6)")); #endif /* INET6 */ - )); + cp += 16; sep = ", "; } @@ -202,13 +201,12 @@ if (cp + 17 > ep) goto corrupt; ND_TCHECK2(*cp, 17); - ND_PRINT((ndo, "%s%s/%u", sep, #ifdef INET6 - ip6addr_string(cp), + ND_PRINT((ndo, "%s%s/%u", sep, ip6addr_string(cp), *(cp + 16))); #else - "(compiled w/o IPv6)", + ND_PRINT((ndo, "%s%s/%u", sep, "(compiled w/o IPv6)", *(cp + 16))); #endif /* INET6 */ - *(cp + 16))); + cp += 17; sep = ", "; } -- Time for an INET6 aware util.c print-function for these cases? --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] print-ahcp.c on MSVC
"Gisle Vanem" wrote:
I'm sure my old MSVC v16 has a bit stupid C-preprocessor. At least when
expanding this (line 153):
Now this C-preprocessor "bug" got me into problems with print-olsr.c too.
A patch:
--- Git-Latest/print-olsr.c 2014-04-02 17:02:01 +
+++ print-olsr.c2014-04-02 19:07:49 +
@@ -457,12 +457,15 @@
while (msg_tlen >= addr_size) {
if (!ND_TTEST2(*msg_data, addr_size))
goto trunc;
-
-ND_PRINT((ndo, "\n\t interface address %s",
#if INET6
+ND_PRINT((ndo, "\n\t interface address %s",
is_ipv6 ? ip6addr_string(msg_data) :
-#endif
ipaddr_string(msg_data)));
+#else
+ND_PRINT((ndo, "\n\t interface address %s",
+ipaddr_string(msg_data)));
+#endif
+
msg_data += addr_size;
msg_tlen -= addr_size;
}
BTW. It seems it's impossible to build with w/o "#define INET6".
How is e.g. print-dhcp6.c supposed to be compiled on Windows
w/o it? A '#ifdef INET6' surrounding the whole file?
I assume with autotools it's not compiled w/o INET6. Or?
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] in the Win32 version
I note that a local "Win32/include/errno.h" is shadowing for the real which is not nice. And shouldn't sys-headers come first in missing/inet_pton.c? #include #include Since MSVC's has a 'EAFNOSUPPORT', but MingW+Watcom does not, I think it's cleaner to remove the local Win32/include/errno.h and do some checks in tcpdump-stdinc.h instead: -#include +#include << #include #include +#include ... +/* It is in MSVC's , but not defined in MingW+Watcom. + */ +#ifndef EAFNOSUPPORT +#define EAFNOSUPPORT WSAEAFNOSUPPORT +#endif + Other targets using missing/inet_pton.c should thus work as before. BTW. there is a similar issue with EAFNOSUPPORT (and _errno()) in libpcap that I can come back to. --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] parse_elements() in print-802_11.c
The use of function parse_elements() in print-802_11.c looks a bit fishy.
E.g. in handle_beacon():
ret = parse_elements(ndo, &pbody, p, offset, length);
PRINT_SSID(pbody);
PRINT_RATES(pbody);
Here parse_elements() has set 'pbody.ssid' to a local (on stack)
SSID in it's 'struct ssid_t ssid':
if (!pbody->ssid_present) {
pbody->ssid = ssid; <<
pbody->ssid_present++;
}
Then PRINT_SSID() prints something that could possible contain garbage.
So should those local variables in parse_elements() be made static? Or
use a memcpy()?
Besides, isn't it better to print hex-codes in the SSID as-is (if any)? Like so:
@@ -697,7 +697,7 @@
#define PRINT_SSID(p) \
if (p.ssid_present) { \
ND_PRINT((ndo, " (")); \
- fn_print(ndo, p.ssid.ssid, NULL); \
+ safeputs(ndo, p.ssid.ssid, sizeof(p.ssid.ssid)); \
ND_PRINT((ndo, ")")); \
}
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] ND_PRINT() parenthesis errors
Here are some errors in lost parenthesis errors I've found when building using
MSVC:
diff -Hb -u3 Git-Latest/print-802_15_4.c ./print-802_15_4.c
--- Git-Latest/print-802_15_4.c 2014-04-10 23:49:50 +
+++ ./print-802_15_4.c 2014-04-15 13:22:13 +
@@ -143,7 +143,7 @@
p += 8;
break;
}
- ND_PRINT((ndo,"< ");
+ ND_PRINT((ndo,"< "));
switch ((fc >> 14) & 0x3) {
case 0x00:
@@ -165,7 +165,7 @@
panid = EXTRACT_LE_16BITS(p);
p += 2;
}
-ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(p;
+ND_PRINT((ndo,"%04x:%s ", panid, le64addr_string(p)));
p += 8;
break;
}
diff -Hb -u3 Git-Latest/print-tcp.c ./print-tcp.c
--- Git-Latest/print-tcp.c 2014-04-10 23:49:50 +
+++ ./print-tcp.c 2014-04-15 13:24:31 +
@@ -810,8 +810,8 @@
tp1 = *tp;
if (ndo->ndo_sigsecret == NULL) {
- ND_PRINT((ndo, "shared secret not supplied with -M, ");
-return (CANT_CHECK_SIGNATURE));
+ ND_PRINT((ndo, "shared secret not supplied with -M, "));
+return (CANT_CHECK_SIGNATURE);
}
MD5_Init(&ctx);
Building with MingW/gcc 4.7.2 these errors went unnoticed :-(
I assume the 'gcc -E ' stage is more liberal, but the preprocessor output is
crap in this case. The:
ND_PRINT((ndo,"< ");
switch ((fc >> 14) & 0x3) {
...
showed a big blob of output on a single line.
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Adding loopback adapter detection for Windows
Yang Luo wrote: > 1) Modified the CMakeLists.txt Line 3 from > set( PROJECT_NAME pcap ) > to > set( PROJECT_NAME wpcap ) > I thought the output binary should be wpcap.dll instead of pcap.dll, so I > just changed it, I don't know if this is the correct move.. No, it seems be require "set( PROJECT_NAME PCAP )" (upper-case). Why? Look in pcap/export-defs.h: #if defined(_WIN32) #ifdef BUILDING_PCAP /* * We're compiling libpcap, so we should export functions in our * API. */ #define PCAP_API_DEF__declspec(dllexport) #else #define PCAP_API_DEF__declspec(dllimport) #endif - Otherwise the generated *.make files says '-DBUILDING_pcap'. Thus your wpcap.dll exports nothing. But this produces PCAP.dll. But I'm not familiar with Cmake. > 3) Open the generated J:\npcap\wpcap\PRJ\wpcap.sln with MSVC 2005. Then > build the solution with configuration "Release" "Win32". (I don't know how > to generate both "Win32" and "x64" using CMake, it's inconvenient to only > have one platform in one sln). Not sure, but my cmake supports: cmake -G "Visual Studio 14 2015 Win64" .. (Win32 is implicit). -- --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Adding loopback adapter detection for Windows
Yang Luo wrote:
> But the trunk code of libpcap is lower-case,
> see https://github.com/the-tcpdump-group/libpcap/blob/master/CMakeLists.txt
I don't know how Cmake translates a ${PROJECT_NAME} into '-DBUILDING_pcap'.
(and I don't really care to learn the contorted mess called Cmake).
> And in fact, I used a tool called DLL Export Viewer (also used Depends.exe)
> and saw exported functions in my built
> wpcap.dll. So the functions seem to have be successfully exported?
Okay, but what does dumpcap.exe need in order for 'has_wpcap' to be TRUE?
In other words, how was dumpcap configured and compiled? Maybe it was built
with some 'HAVE_PCAP_xx' and your wpcap.dll doesn't export those?
But does other WinPcap examples work okay?
> What do you mean by implicit?
Just that Cmake's generators have "Win32" default in some of it's generator
names. From 'cmake -h':
The following generators are available on this platform:
Visual Studio 14 2015 [arch] = Generates Visual Studio 2015 project files.
Optional [arch] can be "Win64" or "ARM".
...
So you want Cmake to generate .sln/.vcxproj files capable of both "Win32"
and "Win64" targets? It is probably possible.
--
--gv
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] WinDump fails to compile on latest libpcap
Yang Luo wrote: > Given that WinDump is kind of "official" example to use libpcap/Npcap API, > it's not good that they can't compile. Why do you say that? IMHO, tcpdump/WinDump at: https://github.com/the-tcpdump-group/tcpdump.git is the "official". Works fine for me on Windows. Have you tried it? It's good we've got rid of the mess with "bittypes.h" etc. -- --gv ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
