| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Run them through the same code that's used for numbers in the lexical
analyzer, for consistency.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In gencode.h and pcap/bpf.h include necessary headers in order not to
depend on other files to do so.
In gencode.c, grammar.c (via grammar.y.in) and scanner.c (via scanner.l)
include gencode.h and grammar.h as early as it takes for the token enum
identifiers not to clash with the named constants defined in system
headers. This fixes the following error with Clang (also with GCC and a
more vague message):
./grammar.h:116:5: error: expected identifier
ESP = 326,
/usr/include/sys/regset.h:86:14: note: expanded from macro 'ESP'
#define ESP 7
In build.sh add an exemption rule for the remaining warnings. Now
libpcap can complete the default matrix build (4 rounds with GCC 7.3.0
and 4 rounds with Clang 6.0.0).
|
| | |
|
| |
|
|
|
| |
We don't want it anyway, as what it provides are 1) locale-dependent and
2) not guaranteed to handle negative values (from sign-extending a char).
|
| |
|
|
|
| |
Updated pcap-filter.manmisc.in to clarify new token usage
Added an example to pcap-filter.manmisc.in for ip6 protochain for fragments
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Numbers in filter expressions are unsigned; use bpf_u_int32 for them.
Use u_int for offsets and sizes that don't come from numbers in the
filter.
Have the scanner routine that parses numbers check for overflow and
report an error.
Make some routines not used outside gencode.c static.
Expand some error messages to include more details.
For 802.11 type and subtype tests with a numeric argument, make sure
we're not testing bits outside the type and subtype fields.
Credit to OSS-Fuzz for finding an integer overflow issue that the error
checking, and use of unsigned values, addresses.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using setjmp() in a routine requires that anything whose value needs
*not* to be restored to its value when setjmp() was called in a
longjmp() be declare "volatile".
We can't force Bison or Berkeley YACC to do that with variables in the
parser function, so we can't safely do a setjmp() in the parser
function. *Some* compilers might recognize setjmp() and automatically
do that, either silently or with a warning, but that's not guaranteed by
the C language specification.
This could cause a problem if it trashes the value of local variables
storing pointers to the parser's pushdown stack, if they're assumed to
point to the *current* stack at the time the stack is freed at the end
of the parser function.
Instead, use setjmp/longjmp only inside functions defined in gencode.c;
have all functions called by the parser do a setjmp and, if it returns
1, return a null pointer, and have all those calls check the return
value and, if it's null, do a YYABORT.
Add a bpf_set_error() routine, for use *outside* gencode.c, which just
sets the error string. In the parser, do a YYABORT after calling it;
in the lexical analyzer, return a token even for errors, but make sure
the token will cause the parse to stop.
Credit to OSS-Fuzz for possibly finding this issue (it may be what's
causing crashes in some tests).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For ARCNET and MAC addresses, don't convert them to binary until we get
to gen_acode() and gen_ecode(); instead, just save the string in a buffe
that's allocated in a way that gets cleaned up when the parser finishes,
the same way we do for some other string tokens. Otherwise, if the
parser fails before we get to free it, it gets leaked; that was
happening.
Save the generated binary address in the parser state until we're done
with it, so that, if a call that uses the parser state calls
bpf_error(), the generated binary address gets freed.
Credit to OSS-Fuzz for finding this issue.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
pcap-types.h no longer includes <inttypes.h>; that's now done by
<pcap/pcap-inttypes.h>.
|
| | |
|
| |
|
|
|
| |
On Windows, in each file, include whatever that particular file needs,
just as we do on UN*X and MS-DOS.
|
| |
|
|
|
|
|
|
|
| |
Have pcap-types.h arrange to define the intN_t/u_intN_t types, and the
INTn_MAX/UINTn_MAX values, on all platforms, and use it wherever it's
appropriate.
Include it up front in scanner.l, to avoid redefinitions of the
INTn_MAX/UINTn_MAX types.
|
| |
|
|
|
|
|
|
| |
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
|
| | |
|
| |
|
|
|
|
|
| |
That doesn't fix the problem with scanner.h, and CMake already generates
MSVC project files that define it, so it's not necessary with CMake.
Other build processes should arrange either that it be defined or that
the code protected by it doesn't get generated.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows multiple pcap_compile() calls to be in progress on different
pcap_t's in different threads.
(No, you can't count on that behavior in older versions of libpcap, so
only do that if you know you're using a newer version of libpcap.)
|
| | |
|
| |
|
|
|
|
| |
We require a version of Flex that supports it.
That avoids having to change the signature of yywrap().
|
| |
|
|
|
|
|
| |
This doesn't make pcap_compile() completely reentrant and thread-safe,
but it's a significant step along the way.
Get rid of some stuff left over from when we supported classic Lex.
|
| |
|
|
|
|
|
|
|
| |
Use AC_PROG_LEX and AC_PROG_YACC to find {f}lex and yacc/bison/byacc.
Once we've found them, make sure {f}lex can handle -P, --header-file,
--nounput, and -o, and can parse our scanner.l, and make sure
yacc/bison/byacc can handle -p and -o. If that fails, fail, suggesting
that the user get versions that can (such as Flex and Bison/Berkeley
YACC). If that doesn't fail, use those options; don't use runlex.sh.
|
| |\
| |
| |
| | |
into bonsaiviking-aix-large-files
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This works around _LARGE_FILES difficulties on AIX. See
http://seclists.org/nmap-dev/2012/q1/459 for example.
Original patch credit David Fifield of the Nmap project
(https://svn.nmap.org/nmap/libpcap/NMAP_MODIFICATIONS/pre-configure.patch)
|
| | |
| |
| |
| |
| |
| |
| | |
This reverts commit 1dcc0d42a4afa488022d984db25db3cdae6b590a.
This is part of a move to require Flex 2.5.31 or later and to use
features in those versions of Flex, including %top.
|
| | |
| |
| |
| |
| |
| |
| | |
Include <Wspiapi.h> to make sure we get access to getaddrinfo() on
Windows.
Get rid of Win32/Src/getaddrinfo.c (we weren't building with it anyway).
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
While we're at it, decorate some #endif's with comments indicating
what's been ended.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It's _WIN32, with a leading underscore, not WIN32. See, for example:
https://sourceforge.net/p/predef/wiki/OperatingSystems/
and
https://msdn.microsoft.com/en-us/library/b0084kay.aspx
*Some* environments may also define WIN32, but we shouldn't depend on
that.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
"geneve" can be used to filter on Geneve encapsulated packets. It
also allows later filters to look at frames inside the tunnel
headers.
The Geneve protocol is documented here:
http://tools.ietf.org/html/draft-gross-geneve-02
|
| |/
|
|
|
|
|
| |
This works around _LARGE_FILES difficulties on AIX. See
http://seclists.org/nmap-dev/2012/q1/459 for example.
This is an alternative to the flex-only solution in #359
|
| |
|
|
|
|
|
|
|
|
| |
Same opcodes as on Linux. We support them in BPF filters, but warn, in
the man page, that using them on anything other than Linux 3.7 or later
will cause the filter to run in userland and thus require more resources
and perhaps cause more packets to be dropped. (The filter will
presumably be rejected by the kernel-mode code if it doesn't support
BPF_MOD or BPF_XOR, and libpcap will fall back on running the filter in
userland.)
|
| |
|
|
|
|
| |
This change removes CVS keywords that express that the file belongs to
libpcap repository. All such keywords represented the revision and
timestamp by the end of 2008 or even older.
|
| |
|
|
|
|
|
| |
Originally written by Florent Drouin; applied to 1.3.0 by
dzejarczech@sourceforge.net.
Reviewed-By: Guy Harris <guy@alum.mit.edu>
|
| |
|
|
|
| |
That also means that the lexical analyzer, which calls
pcap_ether_aton(), needs to check for pcap_ether_aton() failing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the INET6-only code just be code that depends on having
getaddrinfo(), as per a complaint that, on a machine that either doesn't
have getaddrinfo() or doesn't have INET6 enabled, a filter
dst host 127.0.0.1 and (icmp or icmp6 or ((tcp or udp or sctp) and (src
host 127.0.0.1)))
Not having a full IPv6 stack shouldn't keep you from, for example,
having a filter that just checks the packet type field for IPv6 or that
looks at the protocol field in the IPv6 header. You can't check for
IPv6 *hosts* (although we could perhaps allow them to be specified
numerically).
|
| |
|
|
|
|
|
|
|
|
| |
Allow "carp" to be used as a filter, rather than requiring "ip proto
112" or one of "ip proto {vrrp,carp}" depending on whether you're
running an OS that chooses to have 112 as CARP rather than VRRP in
/etc/protocols. (Yes, that means that "carp" will capture VRRP
packets. So it goes....)
Reviewed-By: Guy Harris <guy@alum.mit.edu>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The RA field is absent from management frames (addr1 is DA there), and
addr1 in other frames.
The TA field is absent from management frames (addr2 is SA there), and
addr2, if present, in other frames.
While we're at it, fix a font glitch in the pcap-filter man page.
|
| | |
|
| |
|
|
| |
make it a "const char *" as well.
|
| |
|
|
|
|
|
|
|
| |
structure we got back from getaddrinfo().
Plug some other getaddrinfo() leaks while we're at it.
Fail if you try to use "gateway" on ATM if we're not checking for ATM
LANE.
|
| | |
|
| |
|
|
|
|
|
|
| |
address types for 802.11.
Support the OpenBSD names for some of the 802.11 frame types.
Support OpenBSD's "dir" keyword for 802.11 frame directions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
|
