Commit Graph

129 Commits

Author SHA1 Message Date
pjd
6eb6964b97 If we cannot connect to casperd we don't enter sandbox, but if we can connect
to casperd, but we cannot access the service we need we exit with an error.
This should not happen and just indicates some configuration error which
should be fixed, so we force the user to do it by failing.

Discussed with:	emaste
2013-12-19 00:51:48 +00:00
pjd
457e0637b9 Make use of casperd's system.dns service when running without the -n option.
Now tcpdump(8) is sandboxed even if DNS resolution is required.

Sponsored by:	The FreeBSD Foundation
2013-12-15 23:02:36 +00:00
pfg
80415152a8 MFV: removes strict-aliasing warnings from GCC in tcpdump.
Reported by:	tinderbox (gjb)
Submitted by:	glebius
MFC after:	2 weeks
2013-11-25 18:46:08 +00:00
glebius
b0bc7b1d54 Make userland tools honor WITHOUT_PF build option.
Tested by:	dt71@gmx.com
2013-10-29 17:38:13 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
rpaulo
26d2d7b7cc When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP,
tcpdump will print an error message saying rfmon is not supported.
Give a concise explanation as to how one might solve this problem by
creating a monitor mode VAP.
2013-07-31 02:13:18 +00:00
pjd
c7afd8bc1c Sandbox tcpdump(8) using Capsicum's capability mode and capabilities.
For now, sandboxing is done only if -n option was specified and neither -z nor
-V options were given. Because it is very common to run tcpdump(8) with the -n
option for speed, I decided to commit sandboxing now. To also support
sandboxing when -n option wasn't specified, we need Casper daemon and its
services that are not available in FreeBSD yet.

- Limit file descriptors of a file specified by -r option or files specified
  via -V option to CAP_READ only.

- If neither -r nor -V options were specified, we operate on /dev/bpf.
  Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to
  BIOCGSTATS only.

- Limit file descriptor of a file specified by -w option to CAP_SEEK and
  CAP_WRITE.

- If either -C or -G options were specified, we open directory containing
  destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL,
  CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created
  files are limited to CAP_SEEK and CAP_WRITE only.

- Enter capability mode if -n option was specified and neither -z nor -V
  options were specified.

Approved by:	delphij, wxs
Sponsored by:	The FreeBSD Foundation
2013-07-07 21:19:53 +00:00
delphij
a275d94491 MFV: Redo the fixup using the submitted version accepted by upstream. 2013-05-31 22:55:23 +00:00
delphij
e8f07dcad6 Diff reduction against tcpdump revision 949a22064d3534eddeb8aa2b9c36a50e45fe16fa. 2013-05-30 21:25:55 +00:00
delphij
cc86f13365 MFV: tcpdump 4.4.0.
MFC after:	4 weeks
2013-05-30 20:51:22 +00:00
pfg
245e35ae97 Clean some 'svn:executable' properties in the tree.
Submitted by:	Christoph Mallon
MFC after:	3 days
2013-01-26 22:08:21 +00:00
eadler
0af88b7eae Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by:	Erik Cederstrand <erik@cederstrand.dk>
Reviewed by:	imp, toolchain@
Approved by:	cperciva
MFC after:	2 weeks
2012-12-06 01:31:25 +00:00
delphij
dca5e2df84 MFV: tcpdump 4.3.0.
MFC after:	4 weeks
2012-10-05 20:19:28 +00:00
glebius
9aada32871 Provide ability for printing and decoding pfsync(4) traffic. This
doesn't mean supporting IFT_PFSYNC (which I hope will eventually
die). This means decoding packets with IP protocol of 240 caught
on any normal interface like Ethernet.

  The code is based on couple of files from OpenBSD, significantly
modified by myself.

  Parser differentiates for four levels of verbosity: no -v, -v,
-vv and -vvv.

  We don't yet forward this code upstream, because currently it
strongly relies on if_pfsync.h and even on pfvar.h. I hope that
this can be fixed in future.

Reviewed by:	gnn, delphij
2012-10-05 07:51:21 +00:00
delphij
661b9d9441 Merge tcpdump 4.2.1.
MFC after:	2 weeks
2012-05-17 05:11:57 +00:00
kevlo
8ccf51483c Fix incorrect uses of sizeof().
The details of the fix can be found in the tcpdump git repository:
commit 684955d58611ee94eccdc34e82b32e676337188c
2011-12-28 05:58:31 +00:00
dim
83a41e00af In contrib/tcpdump/print-icmp6.c, fix a problem where the comparison
against icmp6_hdr::icmp6_type is done incorrectly.  (This fix has
already been applied upstream, but we do not have the latest version of
tcpdump.)

MFC after:	1 week
2011-12-19 17:32:54 +00:00
rpaulo
0e642ca0cb Remove useless stuff. 2010-10-28 19:10:15 +00:00
rpaulo
1e8ad3bd80 Merge tcpdump-4.1.1. 2010-10-28 19:06:17 +00:00
rpaulo
38b5375bb9 Add parsing code for TCP UTO (User Timeout Option).
Submitted by:	fangwang@
Obtained from:	//depot/projects/soc2009/tcputo/
2009-10-07 09:07:06 +00:00
sam
9990f66d44 correct IEEE80211_RADIOTAP_XCHANNEL to match system
Submitted by:	Guy Harris
Approved by:	re (kib)
2009-07-15 13:50:06 +00:00
sam
9a9b86768c Updates, mostly to add 802.11s support:
o add missing Status and Reason codes
o parse/display Action frames
o parse/display Mesh data frames
o parse/display BA frames

Reviewed by:	rpaulo
Approved by:	re (kib)
2009-07-14 17:11:06 +00:00
rpaulo
b0069d00e9 Fix WITHOUT_IPV6=yes build.
Reported by:	Andrzej Tobola ato at iem.pw.edu.pl
2009-03-21 21:56:23 +00:00
rpaulo
a7b3086920 Merge tcpdump 4.0.0 from the vendor branch. 2009-03-21 18:30:25 +00:00
rpaulo
ee5eb0283c Fix a path. 2009-03-21 16:08:40 +00:00
rpaulo
b423254b4f Exclude list for tcpdump imports. 2009-03-21 15:46:37 +00:00
rpaulo
04b1d6babe Flatten vendor/tcpdump and remove keyword expansion. 2009-03-20 13:27:51 +00:00
sam
eb396aa0f4 unbreak printing 802.11 tx/rx rates
MFC after:	3 days
2008-02-25 01:28:14 +00:00
mlaier
7c3417c989 Avoid excessive error message printout.
PR:		bin/118150
Reported by:	keramida
MFC after:	3 days
2007-11-21 12:52:26 +00:00
mlaier
7407d685ab Resolve merge conflicts
Approved by:	re (kensmith)
Obtained from:	tcpdump.org
2007-10-16 02:31:48 +00:00
mlaier
3b74598d7e Import of tcpdump v3.9.8 2007-10-16 02:20:42 +00:00
mlaier
f0e5d335e3 This commit was generated by cvs2svn to compensate for changes in r172683,
which included commits to RCS files with non-trunk default branches.
2007-10-16 02:20:42 +00:00
simon
68a3d30d4e Correct buffer overflow in tcpdump(1).
Security:	FreeBSD-SA-07:06.tcpdump
Security:	CVE-2007-3798
Obtained from:	tcpdump.org
Approved by:	re (security blanket)
2007-08-01 20:40:44 +00:00
simon
7a0a14613b This commit was generated by cvs2svn to compensate for changes in r171682,
which included commits to RCS files with non-trunk default branches.
2007-08-01 20:40:44 +00:00
sam
860e02a293 o add minimal radiotap support for 11n 2007-06-11 04:04:30 +00:00
thompsa
dfbc1e9a3f Pull in latest print-stp.c from vendor 2007-04-04 21:17:33 +00:00
thompsa
905a5d05e0 This commit was generated by cvs2svn to compensate for changes in r168371,
which included commits to RCS files with non-trunk default branches.
2007-04-04 21:17:33 +00:00
sam
a8bc04a53e resolve merge conflicts
MFC after:	1 month
2006-09-04 20:25:04 +00:00
sam
498672d448 Import of tcpdump v3.9.4 2006-09-04 20:04:42 +00:00
sam
a6a758d9f4 This commit was generated by cvs2svn to compensate for changes in r162017,
which included commits to RCS files with non-trunk default branches.
2006-09-04 20:04:42 +00:00
obrien
705134c240 Document that 'bad cksum 0' is expected on NICs with checksum off-loading. 2006-06-20 05:04:05 +00:00
sam
6dcc5281a5 correct check for whether or not md5 signature matches; applied
to vendor branch since this is already in their depot
2005-11-13 19:28:17 +00:00
sam
32ef291767 This commit was generated by cvs2svn to compensate for changes in r152390,
which included commits to RCS files with non-trunk default branches.
2005-11-13 19:28:17 +00:00
sam
5d66575dd9 resolve merge conflicts
Approved by:	re (scottl)
2005-07-11 04:14:02 +00:00
sam
1166f90fe8 Virgin import of tcpdump v3.9.1 (release) from tcpdump.org
Approved by:	re (scottl)
2005-07-11 03:54:22 +00:00
sam
357fae9fdf This commit was generated by cvs2svn to compensate for changes in r147899,
which included commits to RCS files with non-trunk default branches.
2005-07-11 03:54:22 +00:00
sam
e1999dee5d pullup security fix on vendor branch 2005-06-09 15:54:42 +00:00
sam
a6836add6e Correct several denial-of-service vulnerabilities in tcpdump.
Security:	FreeBSD-SA-05:10.tcpdump
Security:	CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280
Obtained from:	tcpdump.org
2005-06-09 15:42:58 +00:00
sam
22f120bd5e This commit was generated by cvs2svn to compensate for changes in r147173,
which included commits to RCS files with non-trunk default branches.
2005-06-09 15:42:58 +00:00
sam
7dacff5dd0 resolve merge conflicts and update for proper build; including:
o print-fr.c returned to code on vendor branch
o remove pmap_prot.h include from print-sunrprc.c
o remove gcc/i386-specific ntoh* write-arounds from tcpdump-stdinc.h

Reviewed by:	bms
2005-05-29 19:09:28 +00:00