Commit Graph

145 Commits

Author SHA1 Message Date
Ed Maste
568415f29d tcpdump: remove sys/capability.h #include
sys/capability.h is just a backwards compatibility wrapper around
sys/capsicum.h, which is already #included.
2016-09-19 17:51:56 +00:00
Mariusz Zaborski
9f51f38916 The code responsible for opening and rotating pcap files is independent
of Capser and should use openat(2) unconditionally on FreeBSD.
openat(2) is mandatory when sandboxed with Capsicum, but still works
in the absence of Capsicum.

Reviewed by:	AllanJude
2016-06-08 23:22:59 +00:00
Mariusz Zaborski
e29a5e1bb9 Fix spelling of the casper introduced in the r296047.
PR:		210031
Reported by:	AllanJude, jmallett
2016-06-08 22:30:21 +00:00
Mariusz Zaborski
c501d73c7e Convert casperd(8) daemon to the libcasper.
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.

Discussed with:		pjd, jonathan, ed, drysdale@google.com, emaste
Partially reviewed by:	drysdale@google.com, bdrewery
Approved by:		pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Patrick Kelsey
358fd7dabb MFV r285292:
Merge upstream fix to eliminate build-breaking gcc warnings of no
importance.

commit: cab33b7a0acba7d2268a23c4383be6167106e549

Update ND_TTEST2 to fix issue 443

Add IS_NOT_NEGATIVE macro.
Avoid these warnings:
- comparison of unsigned expression >= 0 is always true [-Wtype-limits],
- comparison is always true due to limited range of data type [-Wtype-limits].

Reviewed by: adrian
Approved by: jmallett (mentor)
MFC after: 1 month
2015-07-08 23:57:58 +00:00
Patrick Kelsey
8bdc5a6251 MFV r285191: tcpdump 4.7.4.
Also, the changes made in r272451 and r272653 that were lost in the
merge of 4.6.2 (r276788) have been restored.

PR: 199568
Differential Revision: https://reviews.freebsd.org/D3007
Reviewed by: brooks, hiren
Approved by: jmallett (mentor)
MFC after: 1 month
2015-07-08 16:19:32 +00:00
Mariusz Zaborski
c36e54bb32 Let the nv.h and dnv.h includes be only in sys directory.
Change consumers to include those files from sys.
Add duplicated files to ObsoleteFiles.

Approved by:	pjd (mentor)
2015-07-02 21:58:10 +00:00
Brooks Davis
5743dcb3c2 Remove "capability mode sandbox enabled" messages.
These messages serve little purpose and break some consumers.

PR:		199855
Differential Revision:	https://reviews.freebsd.org/D2440
Reviewed by:	rwatson
Approved by:	pjd
MFC after:	1 week
Sponsored by:	DARPA, AFRL
2015-05-04 21:44:51 +00:00
Brooks Davis
04c5335197 Merge from CheriBSD: 1065cf515a7c2062598009c1318055aacbb39e80
Convert the pfsync dissector to use the netdissect framework.

Differential Revision:	https://reviews.freebsd.org/D2359
Reviewed by:	glebius
Sponsored by:	DARPA, AFRL
2015-04-24 16:11:22 +00:00
Pedro F. Giffuni
4a7f186ea6 MFV r277981:
Upstream fixes for issues found with afl (Issue #417).

- Fix length checking.

Check both the captured length and the on-the-wire length (the latter
*should* be greater than or equal to the former, but that's not
guaranteed).

Add some additional length checks, so neither caplen nor length
underflow.

If we stop dissecting because the packet is too short, return 1, not 0,
as we've "dissected" what we can; 0 means "this is LLC+SNAP with an OUI
of 0 and an unknown Ethertype".

commit:	743bcecdc92f88b118ec7aac4f68b606601205cc

- Clean up length checks.

Check only the amount of length that matters at any given point; yes,
this means we do multiple checks, but so it goes.

We don't need to check for LLC+SNAP - llc_print() does that for us.  We
do, however, need to check to make sure we can safely skip the Fore
header.

commit:	5c65e7532fa16308e01299988852b0dc5b027559
2015-01-31 16:34:39 +00:00
Pedro F. Giffuni
20869109e3 MFV r277782:
Merge some cherry-picked fixes originating in OpenBSD

Check whether the version field is available before looking at it.
While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.

commit c67afe913011138a2504ec4d3d423b48e73b12f3

Do more length checking. From OpenBSD.

commit d7516761f9c4877bcb05bb6543be3543e165249
2015-01-27 01:45:47 +00:00
Xin LI
2fae2ab4c7 Don't include libcapsicum headers when requested.
Reported by:	luigi
MFC after:	14 days
X-MFC-with:	r276788
2015-01-24 06:06:46 +00:00
Xin LI
3c602fabf9 MFV r276761: tcpdump 4.6.2.
MFC after:	1 month
2015-01-07 19:55:18 +00:00
Luigi Rizzo
2d4dfaf58b Fix comment and sort rights by name
MFC after:	3 days
2014-10-06 15:03:08 +00:00
Luigi Rizzo
884c0e1112 add CAP_EVENT for the libpcap device so we will be able to use
pcap--netmap which does poll() on the file descriptor

MFC after:	2 weeks
2014-10-02 21:34:52 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Glen Barber
8c82632e0b Fix build with WITHOUT_CAPSICUM.
Submitted by:	dt71 gmx com
Sponsored by:	The FreeBSD Foundation
2013-12-21 12:45:35 +00:00
Pawel Jakub Dawidek
8ff3952b72 If we cannot connect to casperd we don't enter sandbox, but if we can connect
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.

Discussed with:	emaste
2013-12-19 00:51:48 +00:00
Pawel Jakub Dawidek
197731f68f Make use of casperd's system.dns service when running without the -n option.
Now tcpdump(8) is sandboxed even if DNS resolution is required.

Sponsored by:	The FreeBSD Foundation
2013-12-15 23:02:36 +00:00
Pedro F. Giffuni
340b342723 MFV: removes strict-aliasing warnings from GCC in tcpdump.
Reported by:	tinderbox (gjb)
Submitted by:	glebius
MFC after:	2 weeks
2013-11-25 18:46:08 +00:00
Gleb Smirnoff
3e4d5cd37b Make userland tools honor WITHOUT_PF build option.
Tested by:	dt71@gmx.com
2013-10-29 17:38:13 +00:00
Pawel Jakub Dawidek
7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
Rui Paulo
480d5cc8f7 When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP,
tcpdump will print an error message saying rfmon is not supported.
Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.
2013-07-31 02:13:18 +00:00
Pawel Jakub Dawidek
457f64b4ed Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.

- Limit file descriptors of a file specified by -r option or files specified
  via -V option to CAP_READ only.

- If neither -r nor -V options were specified, we operate on /dev/bpf.
  Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
  BIOCGSTATS only.

- Limit file descriptor of a file specified by -w option to CAP_SEEK and
  CAP_WRITE.

- If either -C or -G options were specified, we open directory containing
  destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
  CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
  files are limited to CAP_SEEK and CAP_WRITE only.

- Enter capability mode if -n option was specified and neither -z nor -V
  options were specified.

Approved by:	delphij, wxs
Sponsored by:	The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
Xin LI
049c53d3ff MFV: Redo the fixup using the submitted version accepted by upstream. 2013-05-31 22:55:23 +00:00
Xin LI
356c1037fa Diff reduction against tcpdump revision 949a22064d3534eddeb8aa2b9c36a50e45fe16fa. 2013-05-30 21:25:55 +00:00
Xin LI
d03c0883ad MFV: tcpdump 4.4.0.
MFC after:	4 weeks
2013-05-30 20:51:22 +00:00
Pedro F. Giffuni
646a7fea0c Clean some 'svn:executable' properties in the tree.
Submitted by:	Christoph Mallon
MFC after:	3 days
2013-01-26 22:08:21 +00:00
Eitan Adler
37a6031461 Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by:	Erik Cederstrand <erik@cederstrand.dk>
Reviewed by:	imp, toolchain@
Approved by:	cperciva
MFC after:	2 weeks
2012-12-06 01:31:25 +00:00
Xin LI
d09a7e67b9 MFV: tcpdump 4.3.0.
MFC after:	4 weeks
2012-10-05 20:19:28 +00:00
Gleb Smirnoff
ffe9c13e2a Provide ability for printing and decoding pfsync(4) traffic. This
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.

  The code is based on couple of files from OpenBSD, significantly
modified by myself.

  Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.

  We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.

Reviewed by:	gnn, delphij
2012-10-05 07:51:21 +00:00
Xin LI
cac3dcd5f9 Merge tcpdump 4.2.1.
MFC after:	2 weeks
2012-05-17 05:11:57 +00:00
Kevin Lo
5610c31cb2 Fix incorrect uses of sizeof().
The details of the fix can be found in the tcpdump git repository:
commit 684955d58611ee94eccdc34e82b32e676337188c
2011-12-28 05:58:31 +00:00
Dimitry Andric
3803473797 In contrib/tcpdump/print-icmp6.c, fix a problem where the comparison
against icmp6_hdr::icmp6_type is done incorrectly.  (This fix has
already been applied upstream, but we do not have the latest version of
tcpdump.)

MFC after:	1 week
2011-12-19 17:32:54 +00:00
Rui Paulo
c2ab553ee5 Remove useless stuff. 2010-10-28 19:10:15 +00:00
Rui Paulo
27df3f5ddd Merge tcpdump-4.1.1. 2010-10-28 19:06:17 +00:00
Rui Paulo
ce3ed1caa1 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
Sam Leffler
649874e159 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
Sam Leffler
0b73e40339 Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
Rui Paulo
661c9d81e0 Fix WITHOUT_IPV6=yes build.
Reported by:	Andrzej Tobola ato at iem.pw.edu.pl
2009-03-21 21:56:23 +00:00
Rui Paulo
a5779b6e02 Merge tcpdump 4.0.0 from the vendor branch. 2009-03-21 18:30:25 +00:00
Rui Paulo
ef1946bcf8 Fix a path. 2009-03-21 16:08:40 +00:00
Rui Paulo
58ffff611f Exclude list for tcpdump imports. 2009-03-21 15:46:37 +00:00
Rui Paulo
81ceab7147 Flatten vendor/tcpdump and remove keyword expansion. 2009-03-20 13:27:51 +00:00
Sam Leffler
ba4e014b5c unbreak printing 802.11 tx/rx rates
MFC after:	3 days
2008-02-25 01:28:14 +00:00
Max Laier
7b8d9f5cb3 Avoid excessive error message printout.
PR:		bin/118150
Reported by:	keramida
MFC after:	3 days
2007-11-21 12:52:26 +00:00
Max Laier
abf2519367 Resolve merge conflicts
Approved by:	re (kensmith)
Obtained from:	tcpdump.org
2007-10-16 02:31:48 +00:00
Max Laier
b5bfcb5d8a Import of tcpdump v3.9.8 2007-10-16 02:20:42 +00:00
Max Laier
e57e181f09 This commit was generated by cvs2svn to compensate for changes in r172683,
which included commits to RCS files with non-trunk default branches.
2007-10-16 02:20:42 +00:00
Simon L. B. Nielsen
faeb38d111 Correct buffer overflow in tcpdump(1).
Security:	FreeBSD-SA-07:06.tcpdump
Security:	CVE-2007-3798
Obtained from:	tcpdump.org
Approved by:	re (security blanket)
2007-08-01 20:40:44 +00:00