Dustin Spicuzza | 8 Aug 02:02 2009

pcap_activate can cause pcap_geterr to return a blank string


On linux using the latest GIT:

If you use pcap_create followed by pcap_activate when an interface
doesn't actually exist (ie, PCAP_ERROR_IFACE_NOT_UP is returned), then
pcap_geterr will return a blank value.

I noticed that the documentation does mention all the various error
codes that could be returned, and that you should call pcap_statustostr
to actually get the string if the error isn't PCAP_ERROR or PCAP_WARNING.

However, thats another decision that has to be made by the user, so it
seems like it would be nice and simple if pcap_geterr just worked no
matter what kind of error was returned. Add two lines to pcap_activate
to make pcap_geterr work as expected:

int
pcap_activate(pcap_t *p)
{
	int status;

	status = p->activate_op(p);
	if (status >= 0)
		p->activated = 1;
	else if (!p->errbuf[0])
		snprintf( p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", p->opt.source,
pcap_statustostr(status) );
	return (status);
}

(Continue reading)

Dustin Spicuzza | 8 Aug 02:09 2009

Re: pcap_activate can cause pcap_geterr to return

Dustin Spicuzza wrote:
> On linux using the latest GIT:
> 
> If you use pcap_create followed by pcap_activate when an interface
> doesn't actually exist (ie, PCAP_ERROR_IFACE_NOT_UP is returned), then
> pcap_geterr will return a blank value.
> 
> I noticed that the documentation does mention all the various error
> codes that could be returned, and that you should call pcap_statustostr
> to actually get the string if the error isn't PCAP_ERROR or PCAP_WARNING.
> 
> However, thats another decision that has to be made by the user, so it
> seems like it would be nice and simple if pcap_geterr just worked no
> matter what kind of error was returned. Add two lines to pcap_activate
> to make pcap_geterr work as expected:
> 
> int
> pcap_activate(pcap_t *p)
> {
> 	int status;
> 
> 	status = p->activate_op(p);
> 	if (status >= 0)
> 		p->activated = 1;
> 	else if (!p->errbuf[0])
> 		snprintf( p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", p->opt.source,
> pcap_statustostr(status) );
> 	return (status);
> }
> 
(Continue reading)

Guy Harris | 12 Aug 06:34 2009
Picon

Re: pcap_activate can cause pcap_geterr to return a blank string


On Aug 7, 2009, at 5:02 PM, Dustin Spicuzza wrote:

> However, thats another decision that has to be made by the user, so it
> seems like it would be nice and simple if pcap_geterr just worked no
> matter what kind of error was returned. Add two lines to pcap_activate
> to make pcap_geterr work as expected:

Checked in and pushed, but:

> 	else if (!p->errbuf[0])
> 		snprintf( p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", p->opt.source,
> pcap_statustostr(status) );

...the error you get from pcap_activate() doesn't include the device  
name - the program displaying the error is expected to do whatever it  
deems appropriate with the error string, which might or might not be  
to put it right next to the error string - so I just set the error  
string to the result of pcap_statustostr().

(pcap_open_live() is different.)
Dustin Spicuzza | 11 Aug 23:26 2009

BUG: pcap_fopen_offline doesn't work with pcap_next [patch]

In git, pcap_fopen_offline (and consequently, any of the other savefile
opens) doesn't work with pcap_next because the oneshot_op is not set to
anything.

One can remedy this by using pcap_create_common to create the pcap_t
instead of doing it manually. Of course, the 'source' isn't set
properly... but it doesn't segfault in any case, so thats a positive thing.

Dustin

-- 
Innovation is just a problem away
diff --git a/savefile.c b/savefile.c
old mode 100644
new mode 100755
index e3687da..431de08
--- a/savefile.c
+++ b/savefile.c
 <at>  <at>  -1361,13 +1361,9  <at>  <at>  pcap_fopen_offline(FILE *fp, char *errbuf)
 	bpf_u_int32 magic;
 	int linklen;

-	p = (pcap_t *)malloc(sizeof(*p));
-	if (p == NULL) {
-		strlcpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE);
+	p = pcap_create_common( "", errbuf );
+	if (p == NULL)
 		return (NULL);
(Continue reading)

Guy Harris | 12 Aug 07:12 2009
Picon

Re: BUG: pcap_fopen_offline doesn't work with pcap_next [patch]


On Aug 11, 2009, at 2:26 PM, Dustin Spicuzza wrote:

> In git, pcap_fopen_offline (and consequently, any of the other  
> savefile
> opens) doesn't work with pcap_next because the oneshot_op is not set  
> to
> anything.
>
> One can remedy this by using pcap_create_common to create the pcap_t
> instead of doing it manually. Of course, the 'source' isn't set
> properly...

It's not set "properly" even before your change, so that's not really  
a huge issue.

Checked in, with a change to set the source to "(savefile)", just in  
case anybody happens to look at it.
Ulrich Windl | 12 Aug 13:22 2009
Picon

decoding NTP data

Hello,

please see the attachment (original message bounced).

Ulrich

Picon
From: Mail Delivery System <MAILER-DAEMON <at> rrzmta1.rz.uni-regensburg.de>
Subject: Undelivered Mail Returned to Sender
Date: 2009-08-12 08:45:32 GMT
This is the mail system at host rrzmta1.rz.uni-regensburg.de.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<tcpdump-workers <at> tcpdump.org>: host mailhost.sandelman.ca[209.87.252.178] said:
    550 <tcpdump-workers <at> tcpdump.org>: Recipient address rejected: User unknown
(Continue reading)

Miroslav Lichvar | 13 Aug 17:44 2009
Picon

[PATCH 1/3] Add getnameinfo support to getname and getname6.

---
 addrtoname.c |   44 ++++++++++++++++++++++++++++++++++++--------
 1 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index e67d114..593840c 100644
--- a/addrtoname.c
+++ b/addrtoname.c
 <at>  <at>  -224,7 +224,6  <at>  <at>  static u_int32_t f_localnet;
 const char *
 getname(const u_char *ap)
 {
-	register struct hostent *hp;
 	u_int32_t addr;
 	static struct hnamemem *p;		/* static for longjmp() */

 <at>  <at>  -236,6 +235,7  <at>  <at>  getname(const u_char *ap)
 	}
 	p->addr = addr;
 	p->nxt = newhnamemem();
+	p->name = NULL;

 	/*
 	 * Print names unless:
 <at>  <at>  -246,12 +246,26  <at>  <at>  getname(const u_char *ap)
 	 */
 	if (!nflag &&
 	    (addr & f_netmask) == f_localnet) {
+#ifdef HAVE_GETNAMEINFO
+		struct sockaddr_in sa;
(Continue reading)

Miroslav Lichvar | 13 Aug 17:44 2009
Picon

[PATCH 3/3] Convert port numbers to service names unless -nn is used.

---
 addrtoname.c |    4 ++--
 tcpdump.1.in |    6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index 593840c..59ee47a 100644
--- a/addrtoname.c
+++ b/addrtoname.c
 <at>  <at>  -736,7 +736,7  <at>  <at>  init_servarray(void)

 		while (table->name)
 			table = table->nxt;
-		if (nflag) {
+		if (nflag > 1) {
 			(void)snprintf(buf, sizeof(buf), "%d", port);
 			table->name = strdup(buf);
 		} else
 <at>  <at>  -1136,7 +1136,7  <at>  <at>  init_addrtoname(u_int32_t localnet, u_int32_t mask)
 		f_localnet = localnet;
 		f_netmask = mask;
 	}
-	if (nflag)
+	if (nflag > 1)
 		/*
 		 * Simplest way to suppress names.
 		 */
diff --git a/tcpdump.1.in b/tcpdump.1.in
index 86174c2..c1dad64 100644
--- a/tcpdump.1.in
(Continue reading)

Miroslav Lichvar | 13 Aug 17:44 2009
Picon

[PATCH 2/3] With -C option drop root before opening first savefile.

This is to avoid having savefiles with different ownership and to avoid
terminating tcpdump with permission denied error when opening second
savefile.
---
 tcpdump.1.in |    4 ++++
 tcpdump.c    |    7 ++++++-
 2 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/tcpdump.1.in b/tcpdump.1.in
index f0f7ce0..86174c2 100644
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
 <at>  <at>  -206,6 +206,10  <at>  <at>  have the name specified with the
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+
+Note that when used with
+.B \-Z
+option, privileges are dropped before opening first savefile.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
diff --git a/tcpdump.c b/tcpdump.c
index 26d1d80..e37de80 100644
--- a/tcpdump.c
+++ b/tcpdump.c
 <at>  <at>  -1109,6 +1109,11  <at>  <at>  main(int argc, char **argv)
 		(void)setsignal(SIGHUP, oldhandler);
 #endif /* WIN32 */
(Continue reading)

Miroslav Lichvar | 14 Aug 12:19 2009
Picon

[PATCH 1/3] Add getnameinfo support to getname and getname6.

---
 addrtoname.c |   44 ++++++++++++++++++++++++++++++++++++--------
 1 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/addrtoname.c b/addrtoname.c
index e67d114..593840c 100644
--- a/addrtoname.c
+++ b/addrtoname.c
 <at>  <at>  -224,7 +224,6  <at>  <at>  static u_int32_t f_localnet;
 const char *
 getname(const u_char *ap)
 {
-	register struct hostent *hp;
 	u_int32_t addr;
 	static struct hnamemem *p;		/* static for longjmp() */

 <at>  <at>  -236,6 +235,7  <at>  <at>  getname(const u_char *ap)
 	}
 	p->addr = addr;
 	p->nxt = newhnamemem();
+	p->name = NULL;

 	/*
 	 * Print names unless:
 <at>  <at>  -246,12 +246,26  <at>  <at>  getname(const u_char *ap)
 	 */
 	if (!nflag &&
 	    (addr & f_netmask) == f_localnet) {
+#ifdef HAVE_GETNAMEINFO
+		struct sockaddr_in sa;
(Continue reading)


Gmane