Paolo Abeni [Tue, 23 Mar 2021 17:29:45 +0000 (18:29 +0100)]
MPTCP: parse MPC data_len field
The RFC 8684 introduced a new field in the MPC header: the data_len.
If the client has not seen yet a DSS sub-option from the server, it
must use MPC with data_lan instead of a DSS for the first packet
carrying a data payload.
This change print the data_len, if present, after the receiver_key.
The field is already there in the existent pcap test trace, we just
need to update the expected output.
Refine README.md and some related files. [skip ci]
Lose the README symlink, it was a bad idea of mine to add it in the
first place as it made the packaging problem space bigger, not smaller.
Remove two CI badges at the top of README.md. One badge was stale
anyway, and the other does not represent the current CI configuration,
which is bigger, changes frequently and fits the web-site much better.
Remove the reference to ITA, it has been down for quite a while, it
looks like it won't re-emerge this time.
Denis Ovsienko [Mon, 29 Mar 2021 14:49:58 +0000 (15:49 +0100)]
ForCES: Refine SPARSEDATA-TLV length check.
When ilv_valid() returns a non-zero in sdatailv_print(), the amount of
bytes declared remaining may be insufficient to contain a complete
header, let alone any data. Thus do not try to hex dump the data,
instead print an error message and be done with it.
This fixes an inconsistency discovered by Francois-Xavier.
Francois-Xavier Le Bail [Sat, 27 Mar 2021 15:14:27 +0000 (16:14 +0100)]
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
In functions ascii_print(), hex_and_ascii_print_with_offset() and
hex_print_with_offset().
Therefore indirectly for the functions hex_and_ascii_print(), hex_print()
and ndo_default_print().
Even if hex_and_ascii_print(), hex_print() and ascii_print() are used in
print.c after the setjmp() block with the calls:
sp and h->caplen are unmodified, ndo->ndo_snapend was restored.
1), 3) and 5) the length to print is caplen => no truncation can occur.
2), 4) and 6) the length to print is (caplen - hdrlen) after a shift of
hdrlen => no truncation can occur.
Moreover:
Update the output of three tests accordingly.
Remove an useless comment.
Fix indentation.
Denis Ovsienko [Sun, 21 Mar 2021 12:18:35 +0000 (12:18 +0000)]
CI: Apply more cleanups. [skip appveyor]
Lose travis-conditions in the Travis CI script. Simplify libpcap
cloning. Dissolve choose_libpcap() as it just packed two separate
single-use functions into one, also lose a temporary variable. Fixup
indentation.
Denis Ovsienko [Thu, 18 Mar 2021 02:14:37 +0000 (02:14 +0000)]
CI: Use libpcap.a on MATRIX_BUILD_LIBPCAP=yes. [skip appveyor]
The only way to pass tests on OpenBSD is to link with the upstream
libpcap using ../libpcap/libpcap.a (hence not using CMake) because
-lpcap always results in linking with OpenBSD /usr/lib/libpcap.so
regardless of the libpcap.a and libpcap.so that build.sh installs under
/tmp/local/.
Work around by not cleaning in ../libpcap on MATRIX_BUILD_LIBPCAP=yes,
so Autoconf can pick the static library up. On MATRIX_BUILD_LIBPCAP=no
do the cleaning so it cannot.
Denis Ovsienko [Wed, 17 Mar 2021 04:02:23 +0000 (04:02 +0000)]
Squelch compiler warnings on OpenBSD.
With these changes tcpdump passes "CFLAGS=-Werror make" on OpenBSD 6.8
AMD64, so build.sh has one less reason to fail.
gcc (GCC) 4.2.1 20070719
(also from OpenBSD clang version 10.0.1 with different wording)
./addrtoname.c: In function 'etheraddr_string':
./addrtoname.c:605: warning: passing argument 2 of 'ether_ntohost'
discards qualifiers from pointer target type
./addrtoname.c: In function 'init_etherarray':
./addrtoname.c:980: warning: passing argument 2 of 'ether_ntohost'
discards qualifiers from pointer target type
./print.c: In function 'pretty_print_packet':
./print.c:389: warning: passing argument 2 of 'ts_print' from
incompatible pointer type
./bpf_dump.c:34: warning: no previous prototype for 'bpf_dump'
Denis Ovsienko [Thu, 4 Mar 2021 21:43:16 +0000 (21:43 +0000)]
CI: Relax the branch filters back. [skip ci]
Address feedback from Francois-Xavier and do not limit everyday CI to
the branches that are known-good for running build_matrix.sh, only mind
to skip the coverity_scan branch. Although this arrangement is not what
an upstream repository should use, it keeps CI simple in fork
repositories that have arbitrarily named branches with a working
build_matrix.sh.
This should also restore pull requests CI if the strict filters had
affected it.
Bill Fenner [Fri, 5 Feb 2021 05:10:31 +0000 (21:10 -0800)]
BFD: add SBFD support (RFC7880 and RFC7881)
Add support for SBFD on UDP port 7784. SBFD is different
in that packets from the reflector will be sent with *source*
port 7784; in all other BFD mechanisms, it is only the
destination port that matters. For SBFD print-udp.c has to
check both source and destination port.
Francois-Xavier Le Bail [Thu, 11 Feb 2021 20:09:00 +0000 (21:09 +0100)]
TCP: Update the snapend before decoding a MPTCP option
Update the snapend to the end of the option before calling mptcp_print().
Some options (MPTCP or others) may be present after a MPTCP option.
This prevents that, in mptcp_print(), the remaining length < the remaining
caplen.
Francois-Xavier Le Bail [Thu, 11 Feb 2021 16:46:02 +0000 (17:46 +0100)]
DHCPv6: Update the snapend for nested DHCPv6 packets
Update the snapend to the end of the option before calling recursively
dhcp6_print() for the nested packet.
Other options may be present after the nested DHCPv6 packet.
This prevents that, in dhcp6_print(), for the nested DHCPv6 packet,
the remaining length < remaining caplen.
Whatever the underlying reason, freebsd-13-0-snap used to take a couple
times more time to make it through the build than the other two image
families. After switching to the full nested matrix this started to
cause task timeouts and rescheduling. Let's see if a different
distribution of resources can improve this. Update the Linux task
comment while at it.
Denis Ovsienko [Wed, 10 Feb 2021 16:27:15 +0000 (16:27 +0000)]
Cirrus CI: Refine some resource allocation. [skip appveyor] [skip travis]
For FreeBSD and Linux request less memory than the default 4 GB.
Cirrus build graph claims that both FreeBSD and Linux tasks never use
more than 2 CPUs. For FreeBSD request 2 CPUs instead of 4 to enable all
three permutations run in parallel. For Linux request 4 CPUs instead of
8 to enable two concurrent tasks and split the nested matrix into two to
take advantage of that.
Denis Ovsienko [Wed, 10 Feb 2021 14:10:06 +0000 (14:10 +0000)]
Remove the REMOTE dimension from the nested matrix. [skip appveyor]
Neither the build process nor the tests of tcpdump currently depend on
presence or absence of the libpcap remote feature, and there is already
the libpcap nested matrix to cover that dimension, thus in the tcpdump
nested matrix just leave this aspect of the local libpcap build
unspecified and reduce the total number of rounds from 48 to 32.
Francois-Xavier Le Bail [Sun, 7 Feb 2021 10:22:24 +0000 (11:22 +0100)]
Add the build_matrix.sh and build.sh scripts
Use them with Travis CI to build with less builders and save CI runtime.
This will currently run five builders: amd64, arm64, ppc64le, s390x and osx.
The build_matrix.sh script executes the matrix loops, exclude tests and
cleaning.
It conditionally builds libpcap running the build.sh script of libpcap.
It calls the build.sh script which runs one build with setup environment
variables: BUILD_LIBPCAP, REMOTE, CC, CMAKE, CRYPTO and SMB
(default: BUILD_LIBPCAP=no, REMOTE=no, CC=gcc, CMAKE=no, CRYPTO=no, SMB=no).
The matrix can be configured with environment variables
MATRIX_BUILD_LIBPCAP, MATRIX_REMOTE, MATRIX_CC, MATRIX_CMAKE, MATRIX_CRYPTO
and MATRIX_SMB
(default: MATRIX_BUILD_LIBPCAP='no yes', MATRIX_REMOTE='no yes',
MATRIX_CC='gcc clang', MATRIX_CMAKE='no yes', MATRIX_CRYPTO='no yes',
MATRIX_SMB='no yes').
These scripts can easily be updated to run new tests (32 bits builds,
sanitizers, coverage, etc).
They can be used locally for build tests or used with other CI systems.
Denis Ovsienko [Fri, 5 Feb 2021 14:25:11 +0000 (14:25 +0000)]
Refine Markdown in README.md. [skip appveyor]
Move "by TTG" to the main header and eliminate a few duplicate "by"
sentences. Update a CI badge to use the travis-ci.com URLs. Make the
security note bold to help more people actually get it. Change the git
URL to github.com to be consistent with libpcap. Add and refine a few
headers. Add and improve hyperlink formatting in a few places. Lose a
few excess generic sentences. Fixup some minor editorial issues. Fence
the "from LBL" boilerplate, move it to the bottom of the dedicated
section and eliminate a few duplicate "from" sentences.
Skip only some CI on this occasion, so Travis CI can transfer the build
history from travis-ci.org to travus-ci.com and complete the migration.
Francois-Xavier Le Bail [Mon, 1 Feb 2021 09:31:34 +0000 (10:31 +0100)]
MSDP: Print ": " before the protocol name
Like with most TCP encapsulated protocols.
Use nd_print_protocol().
No more ":" after protocol name.
This change will print the protocol name even in truncation cases.
Denis Ovsienko [Mon, 25 Jan 2021 19:09:49 +0000 (19:09 +0000)]
RPKI-Router: Refine length and bounds checks. [skip ci]
Fetch PDU version only once and use the PDU header structure for that.
Check data length before accessing it. Remove two redundant
ND_TCHECK_LEN() instances and move the associated comments below
respective GET_BE_U_4() instances.
Denis Ovsienko [Mon, 25 Jan 2021 12:51:54 +0000 (12:51 +0000)]
OpenFlow 1.0: Simplify the snapend management. [skip ci]
As Guy explains it, nd_push_snapend() makes it easy to save and to
restore the snapend from different functions or different invocations
of the same function. In a simple case a local variable and ND_MIN()
do the job just as well without the associated memory management and
error checking.
Francois-Xavier Le Bail [Sun, 24 Jan 2021 09:52:50 +0000 (10:52 +0100)]
ICMP: Update the snapend for some nested IP packets
Update the snapend because extensions (MPLS, ...) may be present
after the IP packet. In this case the current (outer) packet's
snapend is not what ip_print() needs to decode an IP packet nested
in the middle of an ICMP payload.
This prevents that, in ip_print(), for the nested IP packet, the
remaining length < remaining caplen.
Moreover:
Reduce the scope of a variable.
Fix spaces
Enable ND_LONGJMP_FROM_TCHECK. Remove one redundant ND_TCHECK_SIZE()
instance and place the remaining ones after the code that prints
individual structure fields, so it can print incomplete structures. Lose
intermediate snprintf() calls and associated props. Lose trailing spaces
in v1 and v5 output.
Denis Ovsienko [Fri, 22 Jan 2021 12:51:15 +0000 (12:51 +0000)]
OpenFlow 1.0: Get snapend right for nested frames. [skip ci]
The current and the nested packets can and do have different snapend,
implement and comment that in of10_packet_data_print() to fix an issue
discovered by Francois-Xavier Le Bail.
Denis Ovsienko [Fri, 22 Jan 2021 01:24:15 +0000 (01:24 +0000)]
IEEE 802.11: Simplify handle_action(). [skip ci]
Lose PRINT_MESHLINK_ACTION(), PRINT_MESHPEERING_ACTION() and
PRINT_MESHPATH_ACTION(), which were unused since commit f1c0553. Convert
the remaining 5 macros and hard-coded strings using tok2str() and
uint2tokary().
Denis Ovsienko [Thu, 21 Jan 2021 01:43:42 +0000 (01:43 +0000)]
ForCES: Modernize packet parsing style.
Enable ND_LONGJMP_FROM_TCHECK. Add and use many standard "invalid"
sections. Use tok2str() in asttlv_print(). In forces_print() don't
hex-dump the invalid data by default, there's ndo_vflag for that.
Simplify some code in genoptlv_print(). In pdata_print() instead of 0
return the value that pdatacnt_print() returned if it was not good. Lose
a disabled debug line.
Denis Ovsienko [Wed, 20 Jan 2021 14:50:59 +0000 (14:50 +0000)]
SNMP: Modernize packet parsing style.
Enable ND_LONGJMP_FROM_TCHECK. Remove a few redundant ND_TCHECK*()
instances. Make asn1_print_octets() and asn1_print_string() void. Harden
an improvised snapshot end guard with ND_TCHECK_LEN().
Denis Ovsienko [Mon, 18 Jan 2021 23:59:45 +0000 (23:59 +0000)]
NTP: Modernize packet parsing style. [skip ci]
Enable ND_LONGJMP_FROM_TCHECK. Remove a few redundant ND_TCHECK()
instances. Move one ND_TCHECK_4() to where it belongs. Have nd_printjn()
guard the snapshot end.
Denis Ovsienko [Sun, 17 Jan 2021 21:22:34 +0000 (21:22 +0000)]
TCP: Modernize packet parsing style.
Enable ND_LONGJMP_FROM_TCHECK. Report invalid packets as invalid. Remove
most ND_TCHECK*() instances as they were redundant. Update a custom
snapend guard to use nd_trunc_longjmp(). Reduce arity of
print_tcp_fastopen_option(). Use ND_TTEST_LEN() in
tcp_verify_signature() and nd_printn() in print_tcp_rst_data(). For
NFS_PORT remove ND_TTEST_4() from the test condition as it is not a
valid factor, there is the subsequent GET_BE_U_4() to check bounds.
Denis Ovsienko [Fri, 15 Jan 2021 22:30:40 +0000 (22:30 +0000)]
AODV: Modernize packet parsing style.
Make all ND_TCHECK_SIZE() instances redundant and remove them. Always
print a reason when reporting a packet as invalid. Undo the changes from
commit f875106 to remove support for draft-perkins-aodv6-01, which had
expired in 2001. Use tok2str() to print the message type. Don't print an
additional "v6" for RREQ, as the address family is apparent from the UDP
header. Update a test.
Denis Ovsienko [Thu, 14 Jan 2021 03:48:28 +0000 (03:48 +0000)]
RIP: Modernize packet parsing style.
Enable ND_LONGJMP_FROM_TCHECK. Report invalid packets as invalid. Remove
two redundant ND_TCHECK_SIZE() instances and an improvised snapshot end
guard. Check bounds for the remaining part of the packet header after
printing version and command, not before. Lose one pointer and one
length variable in rip_print(), also account for the header size when
estimating the number of routes. Update two tests.
projects / tcpdump / log
