From 86b0d3b00b021375a7c9aede7a7596540c84ab80 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Sat, 25 Jun 2022 16:59:30 +0200 Subject: [PATCH] tcpdump: update to 4.99.1 Adjust - 100-tcpdump_mini.patch Remove upstreamed patches: - 101-CVE-2020-8037.patch - 102-CVE-2018-16301.patch Changelog: Wednesday, June 9, 2021 by gharris Summary for 4.99.1 tcpdump release Source code: Squelch some compiler warnings ICMP: Update the snapend for some nested IP packets. MACsec: Update the snapend thus the ICV field is not payload for the caller. EIGRP: Fix packet header fields SMB: Disable printer by default in CMake builds OLSR: Print the protocol name even if the packet is invalid MSDP: Print ": " before the protocol name ESP: Remove padding, padding length and next header from the buffer DHCPv6: Update the snapend for nested DHCPv6 packets OpenFlow 1.0: Get snapend right for nested frames. TCP: Update the snapend before decoding a MPTCP option Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks ForCES: Refine SPARSEDATA-TLV length check. ASCII/hex: Use nd_trunc_longjmp() in truncation cases GeoNet: Add a ND_TCHECK_LEN() call Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). BGP: Fix overwrites of global 'astostr' temporary buffer ARP: fix overwrites of static buffer in q922_string(). Frame Relay: have q922_string() handle errors better. Building and testing: Rebuild configure script when building release Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: man: Update a reference as www.cifs.org is gone. [skip ci] man: Update DNS sections Solaris: Fix a compile error with Sun C Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. Summary for 4.99.0 tcpdump release CVE-2018-16301: For the -F option handle large input files safely. Improve the contents, wording and formatting of the man page. Print unsupported link-layer protocol packets in hex. Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. User interface: Make SLL2 the default for Linux "any" pseudo-device. Add --micro and --nano shorthands. Add --count to print a counter only instead of decoding. Add --print, to cause packet printing even with -w. Add support for remote capture if libpcap supports it. Display the "wireless" flag and connection status. Flush the output packet buffer on a SIGUSR2. Add the snapshot length to the "reading from file ..." message. Fix local time printing (DST offset in timestamps). Allow -C arguments > 2^31-1 GB if they can fit into a long. Handle very large -f files by rejecting them. Report periodic stats only when safe to do so. Print the number of packets captured only as often as necessary. With no -s, or with -s 0, don't specify the snapshot length with newer versions of libpcap. Improve version and usage message printing. Building and testing: Install into bindir, not sbindir. autoconf: replace --with-system-libpcap with --disable-local-libpcap. Require the compiler to support C99. Better detect and use various C compilers and their features. Add CMake as the second build system. Make out-of-tree builds more reliable. Use pkg-config to detect libpcap if available. Improve Windows support. Add more tests and improve the scripts that run them. Test both with "normal" and "x87" floating-point. Eliminate dependency on libdnet. FreeBSD: Print a proper error message about monitor mode VAP. Use libcasper if available. Fix failure to capture on RDMA device. Include the correct capsicum header. Source code: Start the transition to longjmp() for packet truncation handling. Introduce new helper functions, including GET_*(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. Put integer signedness right in many cases. Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. Fix many C compiler, Coverity, UBSan and cppcheck warnings. Fix issues detected with AddressSanitizer. Remove many workarounds for older compilers and OSes. Add a sanity check on packet header length. Add and remove plenty of bounds checks. Clean up pcap_findalldevs() call to find the first interface. Use a short timeout, rather than immediate mode, for text output. Handle DLT_ENC files *not* written on the same OS and byte-order host. Add, and use, macros to do locale-independent case mapping. Use a table instead of getprotobynumber(). Get rid of ND_UNALIGNED and ND_TCHECK(). Make roundup2() generally available. Resync SMI list against Wireshark. Fix many typos. Co-Developed-by: Ivan Pavlov Signed-off-by: Ivan Pavlov Signed-off-by: Nick Hainke --- package/network/utils/tcpdump/Makefile | 10 +- .../patches/001-remove_pcap_debug.patch | 6 +- .../tcpdump/patches/100-tcpdump_mini.patch | 703 +++++++++--------- .../tcpdump/patches/101-CVE-2020-8037.patch | 47 -- .../tcpdump/patches/102-CVE-2018-16301.patch | 101 --- 5 files changed, 361 insertions(+), 506 deletions(-) delete mode 100644 package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch delete mode 100644 package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index f14f86e9a3..d6da50f25e 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump -PKG_VERSION:=4.9.3 -PKG_RELEASE:=4 +PKG_VERSION:=4.99.1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.tcpdump.org/release/ -PKG_HASH:=2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 +PKG_HASH:=79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe PKG_MAINTAINER:=Felix Fietkau PKG_LICENSE:=BSD-3-Clause @@ -58,8 +58,8 @@ ifeq ($(BUILD_VARIANT),mini) endif define Package/tcpdump/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tcpdump $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tcpdump $(1)/usr/bin/ endef Package/tcpdump-mini/install = $(Package/tcpdump/install) diff --git a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch index 3da979dd35..e79de526a1 100644 --- a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch +++ b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch @@ -1,8 +1,8 @@ --- a/configure +++ b/configure -@@ -6183,97 +6183,6 @@ $as_echo "no" >&6; } - fi - fi +@@ -6230,97 +6230,6 @@ fi + + -# -# Check for special debugging functions diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch index 17477d2799..ad7c3feb4e 100644 --- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch +++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch @@ -1,13 +1,14 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -72,6 +72,80 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ +@@ -73,6 +73,85 @@ DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ - CSRC = setsignal.c tcpdump.c + CSRC = fptype.c tcpdump.c +ifdef TCPDUMP_MINI + +LIBNETDISSECT_SRC=\ + netdissect.c \ ++ netdissect-alloc.c \ + addrtoname.c \ + addrtostr.c \ + af.c \ @@ -15,17 +16,18 @@ + checksum.c \ + cpack.c \ + gmpls.c \ -+ gmt2local.c \ + in_cksum.c \ + ipproto.c \ + l2vpn.c \ + machdep.c \ ++ ntp.c \ + nlpid.c \ + oui.c \ + parsenfsfh.c \ + print.c \ + print-802_11.c \ + print-aodv.c \ ++ print-arista.c \ + print-arp.c \ + print-ascii.c \ + print-bootp.c \ @@ -39,6 +41,7 @@ + print-icmp.c \ + print-icmp6.c \ + print-igmp.c \ ++ print-ip-demux.c \ + print-ip.c \ + print-ip6.c \ + print-ip6opts.c \ @@ -47,6 +50,7 @@ + print-llc.c \ + print-lldp.c \ + print-loopback.c \ ++ print-macsec.c \ + print-nfs.c \ + print-ntp.c \ + print-null.c \ @@ -72,6 +76,7 @@ + print-telnet.c \ + print-tftp.c \ + print-udp.c \ ++ print-unsupported.c \ + signature.c \ + strtoaddr.c \ + util-print.c @@ -81,19 +86,19 @@ LIBNETDISSECT_SRC=\ addrtoname.c \ addrtostr.c \ -@@ -237,6 +311,8 @@ LIBNETDISSECT_SRC=\ +@@ -252,6 +331,8 @@ LIBNETDISSECT_SRC=\ strtoaddr.c \ util-print.c +endif + LOCALSRC = @LOCALSRC@ - GENSRC = version.c LIBOBJS = @LIBOBJS@ + --- a/addrtoname.c +++ b/addrtoname.c -@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo, - if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN) +@@ -683,8 +683,10 @@ linkaddr_string(netdissect_options *ndo, + if (type == LINKADDR_ETHER && len == MAC_ADDR_LEN) return (etheraddr_string(ndo, ep)); +#ifndef TCPDUMP_MINI @@ -103,7 +108,7 @@ tp = lookup_bytestring(ndo, ep, len); if (tp->bs_name) -@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo, +@@ -1263,6 +1265,7 @@ init_addrtoname(netdissect_options *ndo, init_ipxsaparray(ndo); } @@ -111,7 +116,7 @@ const char * dnaddr_string(netdissect_options *ndo, u_short dnaddr) { -@@ -1230,6 +1233,7 @@ dnaddr_string(netdissect_options *ndo, u +@@ -1279,6 +1282,7 @@ dnaddr_string(netdissect_options *ndo, u return(tp->name); } @@ -119,138 +124,45 @@ /* Return a zero'ed hnamemem struct and cuts down on calloc() overhead */ struct hnamemem * ---- a/print.c -+++ b/print.c -@@ -48,6 +48,7 @@ static const struct printer printers[] = - #ifdef DLT_IPNET - { ipnet_if_print, DLT_IPNET }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_IEEE802_15_4 - { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, - #endif -@@ -57,12 +58,14 @@ static const struct printer printers[] = - #ifdef DLT_PPI - { ppi_if_print, DLT_PPI }, - #endif -+#endif - #ifdef DLT_NETANALYZER - { netanalyzer_if_print, DLT_NETANALYZER }, - #endif - #ifdef DLT_NETANALYZER_TRANSPARENT - { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, - #endif -+#ifndef TCPDUMP_MINI - #if defined(DLT_NFLOG) && defined(HAVE_PCAP_NFLOG_H) - { nflog_if_print, DLT_NFLOG}, - #endif -@@ -75,10 +78,12 @@ static const struct printer printers[] = - #ifdef DLT_IP_OVER_FC - { ipfc_if_print, DLT_IP_OVER_FC }, - #endif -+#endif - { null_if_print, DLT_NULL }, - #ifdef DLT_LOOP - { null_if_print, DLT_LOOP }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_APPLE_IP_OVER_IEEE1394 - { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, - #endif -@@ -92,7 +97,9 @@ static const struct printer printers[] = - #ifdef DLT_ARCNET_LINUX - { arcnet_linux_if_print, DLT_ARCNET_LINUX }, - #endif -+#endif - { raw_if_print, DLT_RAW }, -+#ifndef TCPDUMP_MINI - #ifdef DLT_IPV4 - { raw_if_print, DLT_IPV4 }, - #endif -@@ -116,17 +123,21 @@ static const struct printer printers[] = - #ifdef DLT_HDLC - { chdlc_if_print, DLT_HDLC }, - #endif -+#endif - #ifdef DLT_PPP_ETHER - { pppoe_if_print, DLT_PPP_ETHER }, - #endif -+#ifndef TCPDUMP_MINI - #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H) - { pflog_if_print, DLT_PFLOG }, - #endif - { token_if_print, DLT_IEEE802 }, - { fddi_if_print, DLT_FDDI }, -+#endif - #ifdef DLT_LINUX_SLL - { sll_if_print, DLT_LINUX_SLL }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_FR - { fr_if_print, DLT_FR }, - #endif -@@ -198,6 +209,7 @@ static const struct printer printers[] = - #ifdef DLT_PKTAP - { pktap_if_print, DLT_PKTAP }, - #endif -+#endif - #ifdef DLT_IEEE802_11_RADIO - { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, - #endif -@@ -214,12 +226,14 @@ static const struct printer printers[] = - #ifdef DLT_PPP_WITHDIRECTION - { ppp_if_print, DLT_PPP_WITHDIRECTION }, - #endif -+#ifndef TCPDUMP_MINI - #ifdef DLT_PPP_BSDOS - { ppp_bsdos_if_print, DLT_PPP_BSDOS }, - #endif - #ifdef DLT_PPP_SERIAL - { ppp_hdlc_if_print, DLT_PPP_SERIAL }, - #endif -+#endif - { NULL, 0 }, - }; - --- a/print-ether.c +++ b/print-ether.c -@@ -342,6 +342,7 @@ ethertype_print(netdissect_options *ndo, - arp_print(ndo, p, length, caplen); +@@ -539,6 +539,7 @@ ethertype_print(netdissect_options *ndo, + arp_print(ndo, p, length, caplen); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_DN: decnet_print(ndo, p, length, caplen); return (1); -@@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo, - } +@@ -569,6 +570,7 @@ ethertype_print(netdissect_options *ndo, + ND_TCHECK_LEN(p, 1); isoclns_print(ndo, p + 1, length - 1); return(1); +#endif case ETHERTYPE_PPPOED: case ETHERTYPE_PPPOES: -@@ -380,9 +382,11 @@ ethertype_print(netdissect_options *ndo, - eap_print(ndo, p, length); +@@ -581,9 +583,11 @@ ethertype_print(netdissect_options *ndo, + eapol_print(ndo, p); return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_RRCP: - rrcp_print(ndo, p, length, src, dst); + rrcp_print(ndo, p, length, src, dst); return (1); +#endif case ETHERTYPE_PPP: if (length) { -@@ -391,6 +395,7 @@ ethertype_print(netdissect_options *ndo, +@@ -592,6 +596,7 @@ ethertype_print(netdissect_options *ndo, } return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPCP: - mpcp_print(ndo, p, length); + mpcp_print(ndo, p, length); return (1); -@@ -403,6 +408,7 @@ ethertype_print(netdissect_options *ndo, +@@ -604,19 +609,23 @@ ethertype_print(netdissect_options *ndo, case ETHERTYPE_CFM_OLD: cfm_print(ndo, p, length); return (1); @@ -258,17 +170,25 @@ case ETHERTYPE_LLDP: lldp_print(ndo, p, length); -@@ -412,6 +418,7 @@ ethertype_print(netdissect_options *ndo, + return (1); + ++#ifndef TCPDUMP_MINI + case ETHERTYPE_NSH: + nsh_print(ndo, p, length); + return (1); ++#endif + + case ETHERTYPE_LOOPBACK: loopback_print(ndo, p, length); - return (1); + return (1); +#ifndef TCPDUMP_MINI case ETHERTYPE_MPLS: case ETHERTYPE_MPLS_MULTI: mpls_print(ndo, p, length); -@@ -441,6 +448,7 @@ ethertype_print(netdissect_options *ndo, - case ETHERTYPE_MEDSA: - medsa_print(ndo, p, length, caplen, src, dst); +@@ -646,6 +655,7 @@ ethertype_print(netdissect_options *ndo, + case ETHERTYPE_PTP: + ptp_print(ndo, p, length); return (1); +#endif @@ -276,7 +196,7 @@ case ETHERTYPE_SCA: --- a/print-gre.c +++ b/print-gre.c -@@ -216,6 +216,7 @@ gre_print_0(netdissect_options *ndo, con +@@ -207,6 +207,7 @@ gre_print_0(netdissect_options *ndo, con case ETHERTYPE_IPV6: ip6_print(ndo, bp, len); break; @@ -284,104 +204,63 @@ case ETHERTYPE_MPLS: mpls_print(ndo, bp, len); break; -@@ -231,6 +232,7 @@ gre_print_0(netdissect_options *ndo, con +@@ -219,6 +220,7 @@ gre_print_0(netdissect_options *ndo, con + case ETHERTYPE_GRE_ISO: + isoclns_print(ndo, bp, len); + break; ++#endif case ETHERTYPE_TEB: - ether_print(ndo, bp, len, ndo->ndo_snapend - bp, NULL, NULL); + ether_print(ndo, bp, len, ND_BYTES_AVAILABLE_AFTER(bp), NULL, NULL); break; +--- a/print-icmp6.c ++++ b/print-icmp6.c +@@ -1384,7 +1384,7 @@ get_upperlayer(netdissect_options *ndo, + nh = GET_U_1(fragh->ip6f_nxt); + hlen = sizeof(struct ip6_frag); + break; +- ++#ifndef TCPDUMP_MINI + case IPPROTO_AH: + ah = (const struct ah *)bp; + if (!ND_TTEST_1(ah->ah_len)) +@@ -1392,7 +1392,7 @@ get_upperlayer(netdissect_options *ndo, + nh = GET_U_1(ah->ah_nxt); + hlen = (GET_U_1(ah->ah_len) + 2) << 2; + break; +- +#endif - default: - ND_PRINT((ndo, "gre-proto-0x%x", prot)); - } + default: /* unknown or undecodable header */ + *prot = nh; /* meaningless, but set here anyway */ + return(NULL); --- a/print-igmp.c +++ b/print-igmp.c -@@ -306,6 +306,7 @@ igmp_print(netdissect_options *ndo, - ND_TCHECK2(bp[4], 4); - ND_PRINT((ndo, "igmp leave %s", ipaddr_string(ndo, &bp[4]))); +@@ -269,6 +269,7 @@ igmp_print(netdissect_options *ndo, + case 0x17: + ND_PRINT("igmp leave %s", GET_IPADDR_STRING(bp + 4)); break; +#ifndef TCPDUMP_MINI case 0x13: - ND_PRINT((ndo, "igmp dvmrp")); + ND_PRINT("igmp dvmrp"); if (len < 8) -@@ -317,6 +318,7 @@ igmp_print(netdissect_options *ndo, - ND_PRINT((ndo, "igmp pimv1")); +@@ -280,6 +281,7 @@ igmp_print(netdissect_options *ndo, + ND_PRINT("igmp pimv1"); pimv1_print(ndo, bp, len); break; +#endif case 0x1e: - print_mresp(ndo, bp, len); + print_mtrace(ndo, "mresp", bp, len); break; ---- a/print-ip6.c -+++ b/print-ip6.c -@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - break; -+#ifndef TCPDUMP_MINI - case IPPROTO_FRAGMENT: - advance = frag6_print(ndo, cp, (const u_char *)ip6); - if (advance < 0 || ndo->ndo_snapend <= cp + advance) -@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - return; -+#endif - case IPPROTO_ROUTING: - ND_TCHECK(*cp); - advance = rt6_print(ndo, cp, (const u_char *)ip6); -@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const - return; - nh = *cp; - break; -+#ifndef TCPDUMP_MINI - case IPPROTO_SCTP: - sctp_print(ndo, cp, (const u_char *)ip6, len); - return; - case IPPROTO_DCCP: - dccp_print(ndo, cp, (const u_char *)ip6, len); - return; -+#endif - case IPPROTO_TCP: - tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; -@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_ICMPV6: - icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented); - return; -+#ifndef TCPDUMP_MINI - case IPPROTO_AH: - advance = ah_print(ndo, cp); - if (advance < 0) -@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const - case IPPROTO_PIM: - pim_print(ndo, cp, len, (const u_char *)ip6); - return; -+#endif - - case IPPROTO_OSPF: - ospf6_print(ndo, cp, len); -@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const - ip_print(ndo, cp, len); - return; - -+#ifndef TCPDUMP_MINI - case IPPROTO_PGM: - pgm_print(ndo, cp, len, (const u_char *)ip6); - return; -+#endif - - case IPPROTO_GRE: - gre_print(ndo, cp, len); ---- a/print-ip.c -+++ b/print-ip.c -@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo, +--- a/print-ip-demux.c ++++ b/print-ip-demux.c +@@ -48,6 +48,7 @@ ip_demux_print(netdissect_options *ndo, again: - switch (ipds->nh) { + switch (nh) { +#ifndef TCPDUMP_MINI case IPPROTO_AH: - if (!ND_TTEST(*ipds->cp)) { - ND_PRINT((ndo, "[|AH]")); -@@ -382,7 +383,9 @@ again: + if (!ND_TTEST_1(bp)) { + ndo->ndo_protocol = "ah"; +@@ -85,7 +86,9 @@ again: */ break; } @@ -389,61 +268,94 @@ +#ifndef TCPDUMP_MINI case IPPROTO_SCTP: - sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); + sctp_print(ndo, bp, iph, length); break; -@@ -390,6 +393,7 @@ again: +@@ -93,7 +96,7 @@ again: case IPPROTO_DCCP: - dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len); + dccp_print(ndo, bp, iph, length); break; +- +#endif - case IPPROTO_TCP: - /* pass on the MF bit plus the offset to detect fragments */ -@@ -409,6 +413,7 @@ again: - ipds->off & (IP_MF|IP_OFFMASK)); + tcp_print(ndo, bp, length, iph, fragmented); + break; +@@ -122,6 +125,7 @@ again: + } break; +#ifndef TCPDUMP_MINI case IPPROTO_PIGP: /* * XXX - the current IANA protocol number assignments -@@ -429,14 +434,17 @@ again: +@@ -142,14 +146,17 @@ again: case IPPROTO_EIGRP: - eigrp_print(ndo, ipds->cp, ipds->len); + eigrp_print(ndo, bp, length); break; +#endif case IPPROTO_ND: - ND_PRINT((ndo, " nd %d", ipds->len)); + ND_PRINT(" nd %u", length); break; +#ifndef TCPDUMP_MINI case IPPROTO_EGP: - egp_print(ndo, ipds->cp, ipds->len); + egp_print(ndo, bp, length); break; +#endif case IPPROTO_OSPF: - ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); -@@ -469,6 +477,7 @@ again: - gre_print(ndo, ipds->cp, ipds->len); + if (ver == 6) +@@ -186,6 +193,7 @@ again: + gre_print(ndo, bp, length); break; +#ifndef TCPDUMP_MINI case IPPROTO_MOBILE: - mobile_print(ndo, ipds->cp, ipds->len); + mobile_print(ndo, bp, length); break; -@@ -497,6 +506,7 @@ again: +@@ -205,6 +213,7 @@ again: case IPPROTO_PGM: - pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip); + pgm_print(ndo, bp, length, iph); break; +#endif - default: - if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) + case IPPROTO_ETHERNET: + if (ver == 6) +--- a/print-ip6.c ++++ b/print-ip6.c +@@ -135,10 +135,11 @@ ip6_finddst(netdissect_options *ndo, nd_ + * Only one routing header to a customer. + */ + goto done; +- ++#ifndef TCPDUMP_MINI + case IPPROTO_AH: + case IPPROTO_ESP: + case IPPROTO_IPCOMP: ++#endif + default: + /* + * AH and ESP are, in the RFCs that describe them, +@@ -357,6 +358,7 @@ ip6_print(netdissect_options *ndo, const + nh = GET_U_1(cp); + break; + ++#ifndef TCPDUMP_MINI + case IPPROTO_FRAGMENT: + advance = frag6_print(ndo, cp, (const u_char *)ip6); + if (advance < 0 || ndo->ndo_snapend <= cp + advance) { +@@ -387,7 +389,7 @@ ip6_print(netdissect_options *ndo, const + nh = GET_U_1(cp); + nd_pop_packet_info(ndo); + return; +- ++#endif + case IPPROTO_ROUTING: + ND_TCHECK_1(cp); + advance = rt6_print(ndo, cp, (const u_char *)ip6); --- a/print-llc.c +++ b/print-llc.c -@@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const +@@ -207,6 +207,7 @@ llc_print(netdissect_options *ndo, const hdrlen = 4; /* DSAP, SSAP, 2-byte control field */ } @@ -451,7 +363,7 @@ if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an -@@ -228,6 +229,7 @@ llc_print(netdissect_options *ndo, const +@@ -229,6 +230,7 @@ llc_print(netdissect_options *ndo, const ipx_print(ndo, p, length); return (0); /* no LLC header */ } @@ -459,7 +371,7 @@ dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; -@@ -291,6 +293,7 @@ llc_print(netdissect_options *ndo, const +@@ -292,6 +294,7 @@ llc_print(netdissect_options *ndo, const return (hdrlen); } @@ -467,7 +379,7 @@ if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && control == LLC_UI) { /* -@@ -304,6 +307,7 @@ llc_print(netdissect_options *ndo, const +@@ -305,6 +308,7 @@ llc_print(netdissect_options *ndo, const ipx_print(ndo, p, length); return (hdrlen); } @@ -475,7 +387,7 @@ #ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI -@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const +@@ -323,12 +327,13 @@ llc_print(netdissect_options *ndo, const return (hdrlen); } #endif @@ -490,15 +402,15 @@ if (!ndo->ndo_eflag) { if (ssap == dsap) { if (src == NULL || dst == NULL) -@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons +@@ -484,6 +489,7 @@ snap_print(netdissect_options *ndo, cons case OUI_CISCO: switch (et) { +#ifndef TCPDUMP_MINI case PID_CISCO_CDP: - cdp_print(ndo, p, length, caplen); + cdp_print(ndo, p, length); return (1); -@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons +@@ -496,6 +502,7 @@ snap_print(netdissect_options *ndo, cons case PID_CISCO_VTP: vtp_print(ndo, p, length); return (1); @@ -506,7 +418,7 @@ case PID_CISCO_PVST: case PID_CISCO_VLANBRIDGE: stp_print(ndo, p, length); -@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons +@@ -508,6 +515,7 @@ snap_print(netdissect_options *ndo, cons case OUI_RFC2684: switch (et) { @@ -514,7 +426,7 @@ case PID_RFC2684_ETH_FCS: case PID_RFC2684_ETH_NOFCS: /* -@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons +@@ -569,6 +577,7 @@ snap_print(netdissect_options *ndo, cons */ fddi_print(ndo, p, length, caplen); return (1); @@ -542,25 +454,25 @@ /* unknown AF_ value */ --- a/print-ppp.c +++ b/print-ppp.c -@@ -1367,6 +1367,7 @@ trunc: - return 0; - } - +@@ -1355,6 +1355,7 @@ trunc: + * The length argument is the on-the-wire length, not the captured + * length; we can only un-escape the captured part. + */ +#ifndef TCPDUMP_MINI static void ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) -@@ -1445,6 +1446,7 @@ trunc: - free(b); - ND_PRINT((ndo, "[|ppp]")); + const u_char *p, u_int length) +@@ -1440,17 +1441,19 @@ trunc: + ndo->ndo_snapend = se; + nd_print_trunc(ndo); } +- +#endif - /* PPP */ -@@ -1452,10 +1454,12 @@ static void + static void handle_ppp(netdissect_options *ndo, - u_int proto, const u_char *p, int length) + u_int proto, const u_char *p, u_int length) { +#ifndef TCPDUMP_MINI if ((proto & 0xff00) == 0x7e00) { /* is this an escape code ? */ @@ -571,7 +483,7 @@ switch (proto) { case PPP_LCP: /* fall through */ -@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo, +@@ -1483,6 +1486,7 @@ handle_ppp(netdissect_options *ndo, case PPP_IPV6: ip6_print(ndo, p, length); break; @@ -579,33 +491,30 @@ case ETHERTYPE_IPX: /*XXX*/ case PPP_IPX: ipx_print(ndo, p, length); -@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo, +@@ -1494,6 +1498,7 @@ handle_ppp(netdissect_options *ndo, case PPP_MPLS_MCAST: mpls_print(ndo, p, length); break; +#endif case PPP_COMP: - ND_PRINT((ndo, "compressed PPP data")); + ND_PRINT("compressed PPP data"); break; -@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo, - return (0); +@@ -1634,6 +1639,7 @@ ppp_if_print(netdissect_options *ndo, + ppp_print(ndo, p, length); } +#ifndef TCPDUMP_MINI /* * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547, -@@ -1866,6 +1873,7 @@ printx: +@@ -1877,3 +1883,4 @@ printx: #endif /* __bsdi__ */ - return (hdrlength); + ndo->ndo_ll_hdr_len += hdrlength; } +#endif - - - /* --- a/print-sll.c +++ b/print-sll.c -@@ -249,12 +249,14 @@ recurse: +@@ -460,12 +460,14 @@ recurse: */ switch (ether_type) { @@ -622,22 +531,24 @@ /* --- a/print-tcp.c +++ b/print-tcp.c -@@ -589,12 +589,14 @@ tcp_print(netdissect_options *ndo, - ND_PRINT((ndo, " %u", utoval)); +@@ -612,6 +612,7 @@ tcp_print(netdissect_options *ndo, + ND_PRINT(" %u", utoval); break; +#ifndef TCPDUMP_MINI case TCPOPT_MPTCP: - datalen = len - 2; - LENCHECK(datalen); - if (!mptcp_print(ndo, cp-2, len, flags)) + { + const u_char *snapend_save; +@@ -635,7 +636,7 @@ tcp_print(netdissect_options *ndo, goto bad; break; + } +- +#endif - case TCPOPT_FASTOPEN: datalen = len - 2; -@@ -670,6 +672,7 @@ tcp_print(netdissect_options *ndo, + LENCHECK(datalen); +@@ -720,6 +721,7 @@ tcp_print(netdissect_options *ndo, return; } @@ -645,7 +556,7 @@ if (ndo->ndo_packettype) { switch (ndo->ndo_packettype) { case PT_ZMTP1: -@@ -681,28 +684,36 @@ tcp_print(netdissect_options *ndo, +@@ -735,6 +737,7 @@ tcp_print(netdissect_options *ndo, } return; } @@ -653,11 +564,12 @@ if (IS_SRC_OR_DST_PORT(TELNET_PORT)) { telnet_print(ndo, bp, length); - } else if (IS_SRC_OR_DST_PORT(SMTP_PORT)) { - ND_PRINT((ndo, ": ")); - smtp_print(ndo, bp, length); +@@ -745,24 +748,31 @@ tcp_print(netdissect_options *ndo, + ND_PRINT(": "); + ndo->ndo_protocol = "whois"; /* needed by txtproto_print() */ + txtproto_print(ndo, bp, length, NULL, 0); /* RFC 3912 */ - } else if (IS_SRC_OR_DST_PORT(BGP_PORT)) -+ } ++ } +#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(BGP_PORT)) bgp_print(ndo, bp, length); @@ -667,12 +579,14 @@ +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(REDIS_PORT)) resp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SSH_PORT)) + ssh_print(ndo, bp, length); +#endif #ifdef ENABLE_SMB else if (IS_SRC_OR_DST_PORT(NETBIOS_SSN_PORT)) nbt_tcp_print(ndo, bp, length); - else if (IS_SRC_OR_DST_PORT(SMB_PORT)) - smb_tcp_print(ndo, bp, length); + else if (IS_SRC_OR_DST_PORT(SMB_PORT)) + smb_tcp_print(ndo, bp, length); #endif +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(BEEP_PORT)) @@ -681,41 +595,40 @@ openflow_print(ndo, bp, length); +#endif else if (IS_SRC_OR_DST_PORT(FTP_PORT)) { - ND_PRINT((ndo, ": ")); + ND_PRINT(": "); ftp_print(ndo, bp, length); -@@ -725,6 +736,7 @@ tcp_print(netdissect_options *ndo, - * XXX packet could be unaligned, it can go strange - */ - ns_print(ndo, bp + 2, length - 2, 0); +@@ -775,12 +785,14 @@ tcp_print(netdissect_options *ndo, + } else if (IS_SRC_OR_DST_PORT(NAMESERVER_PORT)) { + /* over_tcp: TRUE, is_mdns: FALSE */ + domain_print(ndo, bp, length, TRUE, FALSE); +#ifndef TCPDUMP_MINI } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { msdp_print(ndo, bp, length); } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { -@@ -732,6 +744,7 @@ tcp_print(netdissect_options *ndo, - } - else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) { + rpki_rtr_print(ndo, bp, length); + } else if (IS_SRC_OR_DST_PORT(LDP_PORT)) { ldp_print(ndo, bp, length); +#endif - } - else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && - length >= 4 && ND_TTEST2(*bp, 4)) { + } else if ((IS_SRC_OR_DST_PORT(NFS_PORT)) && + length >= 4 && ND_TTEST_4(bp)) { + /* --- a/print-udp.c +++ b/print-udp.c -@@ -430,10 +430,12 @@ udp_print(netdissect_options *ndo, regis - vat_print(ndo, (const void *)(up + 1), up); +@@ -435,10 +435,12 @@ udp_print(netdissect_options *ndo, const + vat_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI case PT_WB: udpipaddr_print(ndo, ip, sport, dport); - wb_print(ndo, (const void *)(up + 1), length); + wb_print(ndo, cp, length); break; +#endif case PT_RPC: - rp = (const struct sunrpc_msg *)(up + 1); -@@ -462,10 +464,12 @@ udp_print(netdissect_options *ndo, regis - snmp_print(ndo, (const u_char *)(up + 1), length); + rp = (const struct sunrpc_msg *)cp; +@@ -467,10 +469,12 @@ udp_print(netdissect_options *ndo, const + snmp_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI @@ -727,131 +640,221 @@ case PT_TFTP: udpipaddr_print(ndo, ip, sport, dport); -@@ -483,6 +487,7 @@ udp_print(netdissect_options *ndo, regis +@@ -488,6 +492,7 @@ udp_print(netdissect_options *ndo, const radius_print(ndo, cp, length); break; +#ifndef TCPDUMP_MINI case PT_VXLAN: udpipaddr_print(ndo, ip, sport, dport); - vxlan_print(ndo, (const u_char *)(up + 1), length); -@@ -497,6 +502,7 @@ udp_print(netdissect_options *ndo, regis + vxlan_print(ndo, cp, length); +@@ -510,6 +515,7 @@ udp_print(netdissect_options *ndo, const udpipaddr_print(ndo, ip, sport, dport); - lmp_print(ndo, cp, length); + someip_print(ndo, cp, length); break; +#endif - } - return; - } -@@ -574,31 +580,40 @@ udp_print(netdissect_options *ndo, regis - ns_print(ndo, (const u_char *)(up + 1), length, 0); + case PT_DOMAIN: + udpipaddr_print(ndo, ip, sport, dport); + /* over_tcp: FALSE, is_mdns: FALSE */ +@@ -596,29 +602,37 @@ udp_print(netdissect_options *ndo, const else if (IS_SRC_OR_DST_PORT(MULTICASTDNS_PORT)) - ns_print(ndo, (const u_char *)(up + 1), length, 1); + /* over_tcp: FALSE, is_mdns: TRUE */ + domain_print(ndo, cp, length, FALSE, TRUE); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(TIMED_PORT)) - timed_print(ndo, (const u_char *)(up + 1)); + timed_print(ndo, (const u_char *)cp); +#endif else if (IS_SRC_OR_DST_PORT(TFTP_PORT)) - tftp_print(ndo, (const u_char *)(up + 1), length); + tftp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(BOOTPC_PORT) || IS_SRC_OR_DST_PORT(BOOTPS_PORT)) - bootp_print(ndo, (const u_char *)(up + 1), length); + bootp_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(RIP_PORT)) - rip_print(ndo, (const u_char *)(up + 1), length); + rip_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(AODV_PORT)) - aodv_print(ndo, (const u_char *)(up + 1), length, + aodv_print(ndo, cp, length, ip6 != NULL); +#ifndef TCPDUMP_MINI - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT)) - isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); -+ - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT)) - isakmp_rfc3948_print(ndo, (const u_char *)(up + 1), length, bp2); - #if 1 /*???*/ - else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2)) - isakmp_print(ndo, (const u_char *)(up + 1), length, bp2); - #endif + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT)) + isakmp_print(ndo, cp, length, bp2); + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_NATT)) + isakmp_rfc3948_print(ndo, cp, length, bp2, IP_V(ip), fragmented, ttl_hl); + else if (IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER1) || IS_SRC_OR_DST_PORT(ISAKMP_PORT_USER2)) + isakmp_print(ndo, cp, length, bp2); +#endif else if (IS_SRC_OR_DST_PORT(SNMP_PORT) || IS_SRC_OR_DST_PORT(SNMPTRAP_PORT)) - snmp_print(ndo, (const u_char *)(up + 1), length); + snmp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(NTP_PORT)) - ntp_print(ndo, (const u_char *)(up + 1), length); + ntp_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(KERBEROS_PORT) || IS_SRC_OR_DST_PORT(KERBEROS_SEC_PORT)) - krb_print(ndo, (const void *)(up + 1)); + krb_print(ndo, (const u_char *)cp); +#endif else if (IS_SRC_OR_DST_PORT(L2TP_PORT)) - l2tp_print(ndo, (const u_char *)(up + 1), length); + l2tp_print(ndo, cp, length); #ifdef ENABLE_SMB -@@ -609,6 +624,7 @@ udp_print(netdissect_options *ndo, regis +@@ -629,6 +643,7 @@ udp_print(netdissect_options *ndo, const #endif else if (dport == VAT_PORT) - vat_print(ndo, (const void *)(up + 1), up); + vat_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(ZEPHYR_SRV_PORT) || IS_SRC_OR_DST_PORT(ZEPHYR_CLT_PORT)) - zephyr_print(ndo, (const void *)(up + 1), length); + zephyr_print(ndo, cp, length); /* -@@ -621,8 +637,11 @@ udp_print(netdissect_options *ndo, regis +@@ -641,8 +656,11 @@ udp_print(netdissect_options *ndo, const (const u_char *) ip); else if (IS_SRC_OR_DST_PORT(RIPNG_PORT)) - ripng_print(ndo, (const u_char *)(up + 1), length); + ripng_print(ndo, cp, length); +#endif + else if (IS_SRC_OR_DST_PORT(DHCP6_SERV_PORT) || IS_SRC_OR_DST_PORT(DHCP6_CLI_PORT)) - dhcp6_print(ndo, (const u_char *)(up + 1), length); + dhcp6_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(AHCP_PORT)) - ahcp_print(ndo, (const u_char *)(up + 1), length); + ahcp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(BABEL_PORT) || IS_SRC_OR_DST_PORT(BABEL_PORT_OLD)) -@@ -636,6 +655,7 @@ udp_print(netdissect_options *ndo, regis - wb_print(ndo, (const void *)(up + 1), length); +@@ -656,6 +674,7 @@ udp_print(netdissect_options *ndo, const + wb_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(CISCO_AUTORP_PORT)) - cisco_autorp_print(ndo, (const void *)(up + 1), length); + cisco_autorp_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(RADIUS_PORT) || IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) || IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) || -@@ -643,15 +663,18 @@ udp_print(netdissect_options *ndo, regis +@@ -663,15 +682,18 @@ udp_print(netdissect_options *ndo, const IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) || IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) ) - radius_print(ndo, (const u_char *)(up+1), length); + radius_print(ndo, cp, length); +#ifndef TCPDUMP_MINI else if (dport == HSRP_PORT) - hsrp_print(ndo, (const u_char *)(up + 1), length); + hsrp_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(LWRES_PORT)) - lwres_print(ndo, (const u_char *)(up + 1), length); + lwres_print(ndo, cp, length); else if (IS_SRC_OR_DST_PORT(LDP_PORT)) - ldp_print(ndo, (const u_char *)(up + 1), length); + ldp_print(ndo, cp, length); +#endif else if (IS_SRC_OR_DST_PORT(OLSR_PORT)) - olsr_print(ndo, (const u_char *)(up + 1), length, + olsr_print(ndo, cp, length, (IP_V(ip) == 6) ? 1 : 0); +#ifndef TCPDUMP_MINI else if (IS_SRC_OR_DST_PORT(MPLS_LSP_PING_PORT)) - lspping_print(ndo, (const u_char *)(up + 1), length); - else if (dport == BFD_CONTROL_PORT || -@@ -669,10 +692,12 @@ udp_print(netdissect_options *ndo, regis - lwapp_control_print(ndo, (const u_char *)(up + 1), length, 0); - else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT)) - lwapp_data_print(ndo, (const u_char *)(up + 1), length); -+#endif - else if (IS_SRC_OR_DST_PORT(SIP_PORT)) - sip_print(ndo, (const u_char *)(up + 1), length); - else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT)) - syslog_print(ndo, (const u_char *)(up + 1), length); -+#ifndef TCPDUMP_MINI - else if (IS_SRC_OR_DST_PORT(OTV_PORT)) - otv_print(ndo, (const u_char *)(up + 1), length); - else if (IS_SRC_OR_DST_PORT(VXLAN_PORT)) -@@ -689,7 +714,9 @@ udp_print(netdissect_options *ndo, regis - if (ndo->ndo_vflag) - ND_PRINT((ndo, "kip ")); - llap_print(ndo, cp, length); -- } else { -+ } -+#endif -+ else { - if (ulen > length) - ND_PRINT((ndo, "UDP, bad length %u > %u", - ulen, length)); + lspping_print(ndo, cp, length); + else if (sport == BCM_LI_PORT) +@@ -693,10 +715,12 @@ udp_print(netdissect_options *ndo, const + lwapp_control_print(ndo, cp, length, 0); + else if (IS_SRC_OR_DST_PORT(LWAPP_DATA_PORT)) + lwapp_data_print(ndo, cp, length); ++#endif + else if (IS_SRC_OR_DST_PORT(SIP_PORT)) + sip_print(ndo, cp, length); + else if (IS_SRC_OR_DST_PORT(SYSLOG_PORT)) + syslog_print(ndo, cp, length); ++#ifndef TCPDUMP_MINI + else if (IS_SRC_OR_DST_PORT(OTV_PORT)) + otv_print(ndo, cp, length); + else if (IS_SRC_OR_DST_PORT(VXLAN_PORT)) +@@ -722,6 +746,7 @@ udp_print(netdissect_options *ndo, const + ptp_print(ndo, cp, length); + } else if (IS_SRC_OR_DST_PORT(SOMEIP_PORT)) + someip_print(ndo, cp, length); ++#endif + else { + if (ulen > length && !fragmented) + ND_PRINT("UDP, bad length %u > %u", +--- a/print.c ++++ b/print.c +@@ -48,6 +48,7 @@ struct printer { + }; + + static const struct printer printers[] = { ++#ifndef TCPDUMP_MINI + #ifdef DLT_APPLE_IP_OVER_IEEE1394 + { ap1394_if_print, DLT_APPLE_IP_OVER_IEEE1394 }, + #endif +@@ -86,7 +87,9 @@ static const struct printer printers[] = + #ifdef DLT_ENC + { enc_if_print, DLT_ENC }, + #endif ++#endif + { ether_if_print, DLT_EN10MB }, ++#ifndef TCPDUMP_MINI + { fddi_if_print, DLT_FDDI }, + #ifdef DLT_FR + { fr_if_print, DLT_FR }, +@@ -94,6 +97,7 @@ static const struct printer printers[] = + #ifdef DLT_FRELAY + { fr_if_print, DLT_FRELAY }, + #endif ++#endif + #ifdef DLT_IEEE802_11 + { ieee802_11_if_print, DLT_IEEE802_11}, + #endif +@@ -103,6 +107,7 @@ static const struct printer printers[] = + #ifdef DLT_IEEE802_11_RADIO + { ieee802_11_radio_if_print, DLT_IEEE802_11_RADIO }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_IEEE802_15_4 + { ieee802_15_4_if_print, DLT_IEEE802_15_4 }, + #endif +@@ -115,9 +120,11 @@ static const struct printer printers[] = + #ifdef DLT_IP_OVER_FC + { ipfc_if_print, DLT_IP_OVER_FC }, + #endif ++#endif + #ifdef DLT_IPNET + { ipnet_if_print, DLT_IPNET }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_IPOIB + { ipoib_if_print, DLT_IPOIB }, + #endif +@@ -172,19 +179,23 @@ static const struct printer printers[] = + #ifdef DLT_MFR + { mfr_if_print, DLT_MFR }, + #endif ++#endif + #ifdef DLT_NETANALYZER + { netanalyzer_if_print, DLT_NETANALYZER }, + #endif + #ifdef DLT_NETANALYZER_TRANSPARENT + { netanalyzer_transparent_if_print, DLT_NETANALYZER_TRANSPARENT }, + #endif ++#ifndef TCPDUMP_MINI + #ifdef DLT_NFLOG + { nflog_if_print, DLT_NFLOG}, + #endif ++#endif + { null_if_print, DLT_NULL }, + #ifdef DLT_LOOP + { null_if_print, DLT_LOOP }, + #endif ++#ifndef TCPDUMP_MINI + #if defined(DLT_PFLOG) && defined(HAVE_NET_IF_PFLOG_H) + { pflog_if_print, DLT_PFLOG }, + #endif +@@ -200,6 +211,7 @@ static const struct printer printers[] = + #ifdef DLT_PPP_SERIAL + { ppp_hdlc_if_print, DLT_PPP_SERIAL }, + #endif ++#endif + { ppp_if_print, DLT_PPP }, + #ifdef DLT_PPP_PPPD + { ppp_if_print, DLT_PPP_PPPD }, +@@ -211,6 +223,7 @@ static const struct printer printers[] = + { prism_if_print, DLT_PRISM_HEADER }, + #endif + { raw_if_print, DLT_RAW }, ++#ifndef TCPDUMP_MINI + #ifdef DLT_IPV4 + { raw_if_print, DLT_IPV4 }, + #endif +@@ -243,6 +256,7 @@ static const struct printer printers[] = + #ifdef DLT_VSOCK + { vsock_if_print, DLT_VSOCK }, + #endif ++#endif + { NULL, 0 }, + }; + diff --git a/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch b/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch deleted file mode 100644 index 281854777d..0000000000 --- a/package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch +++ /dev/null @@ -1,47 +0,0 @@ ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1368,19 +1368,29 @@ trunc: - } - - #ifndef TCPDUMP_MINI -+/* -+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. -+ * The length argument is the on-the-wire length, not the captured -+ * length; we can only un-escape the captured part. -+ */ - static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -+ u_int caplen = ndo->ndo_snapend - p; - u_char *b, *t, c; - const u_char *s; -- int i, proto; -+ u_int i; -+ int proto; - const void *se; - -+ if (caplen == 0) -+ return; -+ - if (length <= 0) - return; - -- b = (u_char *)malloc(length); -+ b = (u_char *)malloc(caplen); - if (b == NULL) - return; - -@@ -1389,10 +1399,10 @@ ppp_hdlc(netdissect_options *ndo, - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { -+ for (s = p, t = b, i = caplen; i != 0; i--) { - c = *s++; - if (c == 0x7d) { -- if (i <= 1 || !ND_TTEST(*s)) -+ if (i <= 1) - break; - i--; - c = *s++ ^ 0x20; diff --git a/package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch b/package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch deleted file mode 100644 index 39cd368915..0000000000 --- a/package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Wed, 30 Sep 2020 11:37:30 -0700 -Subject: [PATCH] Handle very large -f files by rejecting them. - -_read(), on Windows, has a 32-bit size argument and a 32-bit return -value, so reject -f files that have more than 2^31-1 characters. - -Add some #defines so that, on Windows, we use _fstati64 to get the size -of that file, to handle large files. - -Don't assume that our definition for ssize_t is the same size as size_t; -by the time we want to print the return value of the read, we know it'll -fit into an int, so just cast it to int and print it with %d. - -(cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77) ---- - netdissect-stdinc.h | 16 +++++++++++++++- - tcpdump.c | 15 ++++++++++++--- - 2 files changed, 27 insertions(+), 4 deletions(-) - ---- a/netdissect-stdinc.h -+++ b/netdissect-stdinc.h -@@ -149,10 +149,17 @@ - #ifdef _MSC_VER - #define stat _stat - #define open _open --#define fstat _fstat - #define read _read - #define close _close - #define O_RDONLY _O_RDONLY -+ -+/* -+ * We define our_fstat64 as _fstati64, and define our_statb as -+ * struct _stati64, so we get 64-bit file sizes. -+ */ -+#define our_fstat _fstati64 -+#define our_statb struct _stati64 -+ - #endif /* _MSC_VER */ - - /* -@@ -211,6 +218,13 @@ typedef char* caddr_t; - - #include - -+/* -+ * We should have large file support enabled, if it's available, -+ * so just use fstat as our_fstat and struct stat as our_statb. -+ */ -+#define our_fstat fstat -+#define our_statb struct stat -+ - #endif /* _WIN32 */ - - #ifndef HAVE___ATTRIBUTE__ ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -108,6 +108,7 @@ The Regents of the University of Califor - #endif /* HAVE_CAP_NG_H */ - #endif /* HAVE_LIBCAP_NG */ - -+#include "netdissect-stdinc.h" - #include "netdissect.h" - #include "interface.h" - #include "addrtoname.h" -@@ -861,15 +862,22 @@ read_infile(char *fname) - { - register int i, fd, cc; - register char *cp; -- struct stat buf; -+ our_statb buf; - - fd = open(fname, O_RDONLY|O_BINARY); - if (fd < 0) - error("can't open %s: %s", fname, pcap_strerror(errno)); - -- if (fstat(fd, &buf) < 0) -+ if (our_fstat(fd, &buf) < 0) - error("can't stat %s: %s", fname, pcap_strerror(errno)); - -+ /* -+ * Reject files whose size doesn't fit into an int; a filter -+ * *that* large will probably be too big. -+ */ -+ if (buf.st_size > INT_MAX) -+ error("%s is too large", fname); -+ - cp = malloc((u_int)buf.st_size + 1); - if (cp == NULL) - error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1, -@@ -878,7 +886,8 @@ read_infile(char *fname) - if (cc < 0) - error("read %s: %s", fname, pcap_strerror(errno)); - if (cc != buf.st_size) -- error("short read %s (%d != %d)", fname, cc, (int)buf.st_size); -+ error("short read %s (%d != %d)", fname, (int) cc, -+ (int)buf.st_size); - - close(fd); - /* replace "# comment" with spaces */ -- 2.30.2