#
7e0a7ef9 |
|
15-Sep-2023 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
tcpdump: Initialize tzcode early. An explicit tzset() call is usually not needed as it happens implicitly the first time we call localtime() or mktime(), but in some cases (sandboxing, chroot) this may be too late. PR: 273807 MFC after: 3 days Reviewed by: jrm Differential Revision: https://reviews.freebsd.org/D41880
|
#
ee67461e |
|
08-Jun-2023 |
Joseph Mingrone <jrm@FreeBSD.org> |
tpcdump: Update to 4.99.4 Local changes: - Update some local modifications to fix build - Synch config.h with upstream as much as possible Changelog: https://git.tcpdump.org/tcpdump/blob/55bc126b0216cfe409b8d6bd378f65679d136ddf:/CHANGES Reviewed by: emaste Obtained from: https://www.tcpdump.org/release/tcpdump-4.99.4.tar.gz Sponsored by: The FreeBSD Foundation
|
#
39e421e8 |
|
21-Dec-2019 |
Cy Schubert <cy@FreeBSD.org> |
MFV r353143 (phillip): Update tcpdump from 4.9.2 to 4.9.3. MFC after: 2 weeks
|
#
42668853 |
|
15-Apr-2019 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after: 2 weeks |
#
46caeeca |
|
12-Dec-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Don't register IOCTLs with capsicum when there is no valid file descriptor. This fixes tcpdump when using mlx5_X devices. Differential Revision: https://reviews.freebsd.org/D18499 Reviewed by: kib@, slavash@, oshogbo@ MFC after: 1 week Sponsored by: Mellanox Technologies |
#
752d135e |
|
12-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcasper: ange the name of limits in cap_dns so the intentions are obvious. Reported by: pjd MFC after: 3 weeks |
#
e6895e80 |
|
12-Sep-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Fix for backends which doesn't support capsicum. Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. MFC after: 3 days Discussed with: emaste@ Approved by: re (kib) Sponsored by: Mellanox Technologies |
#
ddeb4e8a |
|
29-May-2018 |
Slava Shwartsman <slavash@FreeBSD.org> |
MFV r333668: Vendor import two upstream commits: c1bb8784abd3ca978e376b0d10e324db0491237b 9c4af7213cc2543a1f5586d8f2c19f86aa0cbe72 When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP, tcpdump will print an error message saying rfmon is not supported. Give a concise explanation as to how one might solve this problem by creating a monitor mode VAP. MFC after: 1 month Approved by: hselasky (mentor), kib (mentor) Sponsored by: Mellanox Technologies
|
#
0bff6a5a |
|
05-Dec-2017 |
Ed Maste <emaste@FreeBSD.org> |
Update tcpdump to 4.9.2 It contains many fixes, including bounds checking, buffer overflows (in SLIP and bittok2str_internal), buffer over-reads, and infinite loops. One other notable change: Do not use getprotobynumber() for protocol name resolution. Do not do any protocol name resolution if -n is specified. Submitted by: gordon Reviewed by: delphij, emaste, glebius MFC after: 1 week Relnotes: Yes Security: CVE-2017-11108, CVE-2017-11541, CVE-2017-11542 Security: CVE-2017-11543, CVE-2017-12893, CVE-2017-12894 Security: CVE-2017-12895, CVE-2017-12896, CVE-2017-12897 Security: CVE-2017-12898, CVE-2017-12899, CVE-2017-12900 Security: CVE-2017-12901, CVE-2017-12902, CVE-2017-12985 Security: CVE-2017-12986, CVE-2017-12987, CVE-2017-12988 Security: CVE-2017-12989, CVE-2017-12990, CVE-2017-12991 Security: CVE-2017-12992, CVE-2017-12993, CVE-2017-12994 Security: CVE-2017-12995, CVE-2017-12996, CVE-2017-12997 Security: CVE-2017-12998, CVE-2017-12999, CVE-2017-13000 Security: CVE-2017-13001, CVE-2017-13002, CVE-2017-13003 Security: CVE-2017-13004, CVE-2017-13005, CVE-2017-13006 Security: CVE-2017-13007, CVE-2017-13008, CVE-2017-13009 Security: CVE-2017-13010, CVE-2017-13011, CVE-2017-13012 Security: CVE-2017-13013, CVE-2017-13014, CVE-2017-13015 Security: CVE-2017-13016, CVE-2017-13017, CVE-2017-13018 Security: CVE-2017-13019, CVE-2017-13020, CVE-2017-13021 Security: CVE-2017-13022, CVE-2017-13023, CVE-2017-13024 Security: CVE-2017-13025, CVE-2017-13026, CVE-2017-13027 Security: CVE-2017-13028, CVE-2017-13029, CVE-2017-13030 Security: CVE-2017-13031, CVE-2017-13032, CVE-2017-13033 Security: CVE-2017-13034, CVE-2017-13035, CVE-2017-13036 Security: CVE-2017-13037, CVE-2017-13038, CVE-2017-13039 Security: CVE-2017-13040, CVE-2017-13041, CVE-2017-13042 Security: CVE-2017-13043, CVE-2017-13044, CVE-2017-13045 Security: CVE-2017-13046, CVE-2017-13047, CVE-2017-13048 Security: CVE-2017-13049, CVE-2017-13050, CVE-2017-13051 Security: CVE-2017-13052, CVE-2017-13053, CVE-2017-13054 Security: CVE-2017-13055, CVE-2017-13687, CVE-2017-13688 Security: CVE-2017-13689, CVE-2017-13690, CVE-2017-13725 Differential Revision: https://reviews.freebsd.org/D12404
|
#
b01988a5 |
|
04-Oct-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Partially revert r323866. Using HAVE_* is a internal tcpdump style standard. We want to be consistent with the standard to upstream those changes in the future. Requested by: glebius@ |
#
2560d181 |
|
21-Sep-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
We use a few different ifdef's names to check if we are using Casper or not, let's standardize this. Now we are always use WITH_CASPER name. Discussed with: emaste@ MFC after: 1 month |
#
f9707404 |
|
25-Apr-2017 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Cherry-pick 5d3c5151c2b885aab36627bafb8539238da27b2d, it fixes use after free if tcpdump(1) is run on non-existent interface. Suggested by: zeising |
#
3057e051 |
|
02-Feb-2017 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Reduce diff to upstream using HAVE_CAPSICUM instead of __FreeBSD__. It'll also make it easier to upstream HAVE_CASPER patch. |
#
3340d773 |
|
01-Feb-2017 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Update tcpdump to 4.9.0. It fixes many buffer overflow in different protocol parsers, but none of them are critical, even in absense of Capsicum. Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925 Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929 Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933 Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937 Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973 Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984 Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993 Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203 Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342 Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485 Security: CVE-2017-5486
|
#
b02f20f4 |
|
06-Dec-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
tcpdump: allow to use BIOCROTZBUF in capability mode The libpcap library can use a BIOCROTZBUF ioctl when net.bpf.zerocopy_enable sysctl is set. Reported by: olivier@ Tested by: olivier@ |
#
568415f2 |
|
19-Sep-2016 |
Ed Maste <emaste@FreeBSD.org> |
tcpdump: remove sys/capability.h #include sys/capability.h is just a backwards compatibility wrapper around sys/capsicum.h, which is already #included. |
#
9f51f389 |
|
08-Jun-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
The code responsible for opening and rotating pcap files is independent of Capser and should use openat(2) unconditionally on FreeBSD. openat(2) is mandatory when sandboxed with Capsicum, but still works in the absence of Capsicum. Reviewed by: AllanJude |
#
e29a5e1b |
|
08-Jun-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Fix spelling of the casper introduced in the r296047. PR: 210031 Reported by: AllanJude, jmallett |
#
c501d73c |
|
25-Feb-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Convert casperd(8) daemon to the libcasper. After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture. Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277 |
#
8bdc5a62 |
|
08-Jul-2015 |
Patrick Kelsey <pkelsey@FreeBSD.org> |
MFV r285191: tcpdump 4.7.4. Also, the changes made in r272451 and r272653 that were lost in the merge of 4.6.2 (r276788) have been restored. PR: 199568 Differential Revision: https://reviews.freebsd.org/D3007 Reviewed by: brooks, hiren Approved by: jmallett (mentor) MFC after: 1 month
|
#
c36e54bb |
|
02-Jul-2015 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Let the nv.h and dnv.h includes be only in sys directory. Change consumers to include those files from sys. Add duplicated files to ObsoleteFiles. Approved by: pjd (mentor) |
#
5743dcb3 |
|
04-May-2015 |
Brooks Davis <brooks@FreeBSD.org> |
Remove "capability mode sandbox enabled" messages. These messages serve little purpose and break some consumers. PR: 199855 Differential Revision: https://reviews.freebsd.org/D2440 Reviewed by: rwatson Approved by: pjd MFC after: 1 week Sponsored by: DARPA, AFRL |
#
2fae2ab4 |
|
23-Jan-2015 |
Xin LI <delphij@FreeBSD.org> |
Don't include libcapsicum headers when requested. Reported by: luigi MFC after: 14 days X-MFC-with: r276788 |
#
3c602fab |
|
07-Jan-2015 |
Xin LI <delphij@FreeBSD.org> |
MFV r276761: tcpdump 4.6.2. MFC after: 1 month
|
#
2d4dfaf5 |
|
06-Oct-2014 |
Luigi Rizzo <luigi@FreeBSD.org> |
Fix comment and sort rights by name MFC after: 3 days |
#
884c0e11 |
|
02-Oct-2014 |
Luigi Rizzo <luigi@FreeBSD.org> |
add CAP_EVENT for the libpcap device so we will be able to use pcap--netmap which does poll() on the file descriptor MFC after: 2 weeks |
#
b881b8be |
|
16-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Update most userspace consumers of capability.h to use capsicum.h instead. auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. MFC after: 3 weeks |
#
8ff3952b |
|
18-Dec-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
If we cannot connect to casperd we don't enter sandbox, but if we can connect to casperd, but we cannot access the service we need we exit with an error. This should not happen and just indicates some configuration error which should be fixed, so we force the user to do it by failing. Discussed with: emaste |
#
197731f6 |
|
15-Dec-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Make use of casperd's system.dns service when running without the -n option. Now tcpdump(8) is sandboxed even if DNS resolution is required. Sponsored by: The FreeBSD Foundation |
#
7008be5b |
|
04-Sep-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way. The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough. The structure definition looks like this: struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; }; The initial CAP_RIGHTS_VERSION is 0. The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements. The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future. To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg. #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) We still support aliases that combine few rights, but the rights have to belong to the same array element, eg: #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) There is new API to manage the new cap_rights_t structure: cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg: cap_rights_t rights; cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT); There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg: #define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...); Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1: cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL); Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition. This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x. Sponsored by: The FreeBSD Foundation |
#
480d5cc8 |
|
30-Jul-2013 |
Rui Paulo <rpaulo@FreeBSD.org> |
When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP, tcpdump will print an error message saying rfmon is not supported. Give a concise explanation as to how one might solve this problem by creating a monitor mode VAP. |
#
457f64b4 |
|
07-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities. For now, sandboxing is done only if -n option was specified and neither -z nor -V options were given. Because it is very common to run tcpdump(8) with the -n option for speed, I decided to commit sandboxing now. To also support sandboxing when -n option wasn't specified, we need Casper daemon and its services that are not available in FreeBSD yet. - Limit file descriptors of a file specified by -r option or files specified via -V option to CAP_READ only. - If neither -r nor -V options were specified, we operate on /dev/bpf. Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to BIOCGSTATS only. - Limit file descriptor of a file specified by -w option to CAP_SEEK and CAP_WRITE. - If either -C or -G options were specified, we open directory containing destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL, CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created files are limited to CAP_SEEK and CAP_WRITE only. - Enter capability mode if -n option was specified and neither -z nor -V options were specified. Approved by: delphij, wxs Sponsored by: The FreeBSD Foundation |
#
d03c0883 |
|
30-May-2013 |
Xin LI <delphij@FreeBSD.org> |
MFV: tcpdump 4.4.0. MFC after: 4 weeks
|
#
d09a7e67 |
|
05-Oct-2012 |
Xin LI <delphij@FreeBSD.org> |
MFV: tcpdump 4.3.0. MFC after: 4 weeks
|
#
cac3dcd5 |
|
16-May-2012 |
Xin LI <delphij@FreeBSD.org> |
Merge tcpdump 4.2.1. MFC after: 2 weeks
|
#
27df3f5d |
|
28-Oct-2010 |
Rui Paulo <rpaulo@FreeBSD.org> |
Merge tcpdump-4.1.1.
|
#
a5779b6e |
|
21-Mar-2009 |
Rui Paulo <rpaulo@FreeBSD.org> |
Merge tcpdump 4.0.0 from the vendor branch.
|
#
81ceab71 |
|
20-Mar-2009 |
Rui Paulo <rpaulo@FreeBSD.org> |
Flatten vendor/tcpdump and remove keyword expansion. |
#
7b8d9f5c |
|
20-Nov-2007 |
Max Laier <mlaier@FreeBSD.org> |
Avoid excessive error message printout. PR: bin/118150 Reported by: keramida MFC after: 3 days |
#
abf25193 |
|
15-Oct-2007 |
Max Laier <mlaier@FreeBSD.org> |
Resolve merge conflicts Approved by: re (kensmith) Obtained from: tcpdump.org |
#
b5bfcb5d |
|
15-Oct-2007 |
Max Laier <mlaier@FreeBSD.org> |
Import of tcpdump v3.9.8 |
#
17cb103c |
|
04-Sep-2006 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts MFC after: 1 month |
#
2ebc47db |
|
04-Sep-2006 |
Sam Leffler <sam@FreeBSD.org> |
Import of tcpdump v3.9.4 |
#
29292c17 |
|
10-Jul-2005 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts Approved by: re (scottl) |
#
f4d0c64a |
|
10-Jul-2005 |
Sam Leffler <sam@FreeBSD.org> |
Virgin import of tcpdump v3.9.1 (release) from tcpdump.org Approved by: re (scottl) |
#
c1ad1296 |
|
29-May-2005 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts and update for proper build; including: o print-fr.c returned to code on vendor branch o remove pmap_prot.h include from print-sunrprc.c o remove gcc/i386-specific ntoh* write-arounds from tcpdump-stdinc.h Reviewed by: bms |
#
1de50e9f |
|
29-May-2005 |
Sam Leffler <sam@FreeBSD.org> |
Virgin import of tcpdump v3.9.1 (alpha 096) from tcpdump.org |
#
cc391cce |
|
31-Mar-2004 |
Bruce M Simpson <bms@FreeBSD.org> |
Merge of tcpdump 3.8.3 from tcpdump.org, with the following caveats: print-atm.c no longer performs special handling for FORE headers; these can no doubt be re-added at a later date. print-fr.c is effectively a no-op. print-llc.c has had the default_print_unaligned() call removed as tcpdump no longer defines this function, however the prototype is still present. Suggest we roll in a diff to use print_unknown_data(). |
#
5b0fe478 |
|
31-Mar-2004 |
Bruce M Simpson <bms@FreeBSD.org> |
Import tcpdump 3.8.3, from http://www.tcpdump.org/releases/tcpdump-3.8.3.tar.gz |
#
aa1a4c13 |
|
25-Jan-2003 |
Bill Fenner <fenner@FreeBSD.org> |
Merge Multi-DLT support. |
#
0ccd7b51 |
|
25-Jan-2003 |
Bill Fenner <fenner@FreeBSD.org> |
Commit tcpdump.org's multi-DLT support to vendor branch. |
#
a1c2090e |
|
20-Jun-2002 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.7.1 MFC after: 2 weeks |
#
a90e161b |
|
20-Jun-2002 |
Bill Fenner <fenner@FreeBSD.org> |
Import tcpdump 3.7.1, from http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz |
#
943ee2b1 |
|
03-Apr-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.6.2 |
#
685295f4 |
|
03-Apr-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of tcpdump.org tcpdump v3.6.2 |
#
a88113a8 |
|
29-Jan-2000 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.5 |
#
b0453382 |
|
29-Jan-2000 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of tcpdump.org tcpdump v3.5 |
#
37eaa1d1 |
|
26-Jan-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Add the -X flag to dump the buffer in "emacs-hexl" style, that is, with ASCII character decoding. Obtained from: OpenBSD |
#
722012cc |
|
20-Feb-1999 |
Julian Elischer <julian@FreeBSD.org> |
World, I'd like you to meet the first FreeBSD token Ring driver. This is for various Olicom cards. An IBM driver is following. This patch also adds support to tcpdump to decode packets on tokenring. Congratulations to the proud father.. (below) Submitted by: Larry Lile <lile@stdio.com> |
#
4644f044 |
|
15-Sep-1998 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of LBL tcpdump v3.4 |
#
4de76e31 |
|
26-May-1997 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of LBL tcpdump v3.3 |
#
4edb46e9 |
|
19-Aug-1996 |
Paul Traina <pst@FreeBSD.org> |
Virgin import of unmodified tcpdump v3.2.1 distribution from LBL. Obtained from: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z on 19-Aug-1996. |
#
42668853 |
|
15-Apr-2019 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after: 2 weeks
|
#
46caeeca |
|
12-Dec-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Don't register IOCTLs with capsicum when there is no valid file descriptor. This fixes tcpdump when using mlx5_X devices. Differential Revision: https://reviews.freebsd.org/D18499 Reviewed by: kib@, slavash@, oshogbo@ MFC after: 1 week Sponsored by: Mellanox Technologies
|
#
752d135e |
|
12-Nov-2018 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
libcasper: ange the name of limits in cap_dns so the intentions are obvious. Reported by: pjd MFC after: 3 weeks
|
#
e6895e80 |
|
12-Sep-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Fix for backends which doesn't support capsicum. Not all libpcap backends use the BPF compatible set of IOCTLs. For example the mlx5 backend uses libibverbs which is currently not capsicum compatible. Disable sandboxing for such backends. MFC after: 3 days Discussed with: emaste@ Approved by: re (kib) Sponsored by: Mellanox Technologies
|
#
b01988a5 |
|
04-Oct-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Partially revert r323866. Using HAVE_* is a internal tcpdump style standard. We want to be consistent with the standard to upstream those changes in the future. Requested by: glebius@
|
#
2560d181 |
|
21-Sep-2017 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
We use a few different ifdef's names to check if we are using Casper or not, let's standardize this. Now we are always use WITH_CASPER name. Discussed with: emaste@ MFC after: 1 month
|
#
f9707404 |
|
25-Apr-2017 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Cherry-pick 5d3c5151c2b885aab36627bafb8539238da27b2d, it fixes use after free if tcpdump(1) is run on non-existent interface. Suggested by: zeising
|
#
3057e051 |
|
02-Feb-2017 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Reduce diff to upstream using HAVE_CAPSICUM instead of __FreeBSD__. It'll also make it easier to upstream HAVE_CASPER patch.
|
#
b02f20f4 |
|
06-Dec-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
tcpdump: allow to use BIOCROTZBUF in capability mode The libpcap library can use a BIOCROTZBUF ioctl when net.bpf.zerocopy_enable sysctl is set. Reported by: olivier@ Tested by: olivier@
|
#
568415f2 |
|
19-Sep-2016 |
Ed Maste <emaste@FreeBSD.org> |
tcpdump: remove sys/capability.h #include sys/capability.h is just a backwards compatibility wrapper around sys/capsicum.h, which is already #included.
|
#
9f51f389 |
|
08-Jun-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
The code responsible for opening and rotating pcap files is independent of Capser and should use openat(2) unconditionally on FreeBSD. openat(2) is mandatory when sandboxed with Capsicum, but still works in the absence of Capsicum. Reviewed by: AllanJude
|
#
e29a5e1b |
|
08-Jun-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Fix spelling of the casper introduced in the r296047. PR: 210031 Reported by: AllanJude, jmallett
|
#
c501d73c |
|
25-Feb-2016 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Convert casperd(8) daemon to the libcasper. After calling the cap_init(3) function Casper will fork from it's original process, using pdfork(2). Forking from a process has a lot of advantages: 1. We have the same cwd as the original process. 2. The same uid, gid and groups. 3. The same MAC labels. 4. The same descriptor table. 5. The same routing table. 6. The same umask. 7. The same cpuset(1). From now services are also in form of libraries. We also removed libcapsicum at all and converts existing program using Casper to new architecture. Discussed with: pjd, jonathan, ed, drysdale@google.com, emaste Partially reviewed by: drysdale@google.com, bdrewery Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4277
|
#
c36e54bb |
|
02-Jul-2015 |
Mariusz Zaborski <oshogbo@FreeBSD.org> |
Let the nv.h and dnv.h includes be only in sys directory. Change consumers to include those files from sys. Add duplicated files to ObsoleteFiles. Approved by: pjd (mentor)
|
#
5743dcb3 |
|
04-May-2015 |
Brooks Davis <brooks@FreeBSD.org> |
Remove "capability mode sandbox enabled" messages. These messages serve little purpose and break some consumers. PR: 199855 Differential Revision: https://reviews.freebsd.org/D2440 Reviewed by: rwatson Approved by: pjd MFC after: 1 week Sponsored by: DARPA, AFRL
|
#
2fae2ab4 |
|
23-Jan-2015 |
Xin LI <delphij@FreeBSD.org> |
Don't include libcapsicum headers when requested. Reported by: luigi MFC after: 14 days X-MFC-with: r276788
|
#
2d4dfaf5 |
|
06-Oct-2014 |
Luigi Rizzo <luigi@FreeBSD.org> |
Fix comment and sort rights by name MFC after: 3 days
|
#
884c0e11 |
|
02-Oct-2014 |
Luigi Rizzo <luigi@FreeBSD.org> |
add CAP_EVENT for the libpcap device so we will be able to use pcap--netmap which does poll() on the file descriptor MFC after: 2 weeks
|
#
b881b8be |
|
16-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Update most userspace consumers of capability.h to use capsicum.h instead. auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. MFC after: 3 weeks
|
#
8ff3952b |
|
18-Dec-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
If we cannot connect to casperd we don't enter sandbox, but if we can connect to casperd, but we cannot access the service we need we exit with an error. This should not happen and just indicates some configuration error which should be fixed, so we force the user to do it by failing. Discussed with: emaste
|
#
197731f6 |
|
15-Dec-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Make use of casperd's system.dns service when running without the -n option. Now tcpdump(8) is sandboxed even if DNS resolution is required. Sponsored by: The FreeBSD Foundation
|
#
7008be5b |
|
04-Sep-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way. The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough. The structure definition looks like this: struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; }; The initial CAP_RIGHTS_VERSION is 0. The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements. The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future. To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg. #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) We still support aliases that combine few rights, but the rights have to belong to the same array element, eg: #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) There is new API to manage the new cap_rights_t structure: cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg: cap_rights_t rights; cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT); There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg: #define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...); Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1: cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL); Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition. This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x. Sponsored by: The FreeBSD Foundation
|
#
480d5cc8 |
|
30-Jul-2013 |
Rui Paulo <rpaulo@FreeBSD.org> |
When using tcpdump -I -i wlanN and wlanN is not a monitor mode VAP, tcpdump will print an error message saying rfmon is not supported. Give a concise explanation as to how one might solve this problem by creating a monitor mode VAP.
|
#
457f64b4 |
|
07-Jul-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Sandbox tcpdump(8) using Capsicum's capability mode and capabilities. For now, sandboxing is done only if -n option was specified and neither -z nor -V options were given. Because it is very common to run tcpdump(8) with the -n option for speed, I decided to commit sandboxing now. To also support sandboxing when -n option wasn't specified, we need Casper daemon and its services that are not available in FreeBSD yet. - Limit file descriptors of a file specified by -r option or files specified via -V option to CAP_READ only. - If neither -r nor -V options were specified, we operate on /dev/bpf. Limit its descriptor to CAP_READ and CAP_IOCTL plus limit allowed ioctls to BIOCGSTATS only. - Limit file descriptor of a file specified by -w option to CAP_SEEK and CAP_WRITE. - If either -C or -G options were specified, we open directory containing destination file and we limit directory descriptor to CAP_CREATE, CAP_FCNTL, CAP_FTRUNCATE, CAP_LOOKUP, CAP_SEEK and CAP_WRITE. Newly opened/created files are limited to CAP_SEEK and CAP_WRITE only. - Enter capability mode if -n option was specified and neither -z nor -V options were specified. Approved by: delphij, wxs Sponsored by: The FreeBSD Foundation
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
7b8d9f5c |
|
20-Nov-2007 |
Max Laier <mlaier@FreeBSD.org> |
Avoid excessive error message printout. PR: bin/118150 Reported by: keramida MFC after: 3 days
|
#
abf25193 |
|
15-Oct-2007 |
Max Laier <mlaier@FreeBSD.org> |
Resolve merge conflicts Approved by: re (kensmith) Obtained from: tcpdump.org
|
#
b5bfcb5d |
|
15-Oct-2007 |
Max Laier <mlaier@FreeBSD.org> |
Import of tcpdump v3.9.8
|
#
17cb103c |
|
04-Sep-2006 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts MFC after: 1 month
|
#
2ebc47db |
|
04-Sep-2006 |
Sam Leffler <sam@FreeBSD.org> |
Import of tcpdump v3.9.4
|
#
29292c17 |
|
10-Jul-2005 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts Approved by: re (scottl)
|
#
f4d0c64a |
|
10-Jul-2005 |
Sam Leffler <sam@FreeBSD.org> |
Virgin import of tcpdump v3.9.1 (release) from tcpdump.org Approved by: re (scottl)
|
#
c1ad1296 |
|
29-May-2005 |
Sam Leffler <sam@FreeBSD.org> |
resolve merge conflicts and update for proper build; including: o print-fr.c returned to code on vendor branch o remove pmap_prot.h include from print-sunrprc.c o remove gcc/i386-specific ntoh* write-arounds from tcpdump-stdinc.h Reviewed by: bms
|
#
1de50e9f |
|
29-May-2005 |
Sam Leffler <sam@FreeBSD.org> |
Virgin import of tcpdump v3.9.1 (alpha 096) from tcpdump.org
|
#
cc391cce |
|
31-Mar-2004 |
Bruce M Simpson <bms@FreeBSD.org> |
Merge of tcpdump 3.8.3 from tcpdump.org, with the following caveats: print-atm.c no longer performs special handling for FORE headers; these can no doubt be re-added at a later date. print-fr.c is effectively a no-op. print-llc.c has had the default_print_unaligned() call removed as tcpdump no longer defines this function, however the prototype is still present. Suggest we roll in a diff to use print_unknown_data().
|
#
5b0fe478 |
|
31-Mar-2004 |
Bruce M Simpson <bms@FreeBSD.org> |
Import tcpdump 3.8.3, from http://www.tcpdump.org/releases/tcpdump-3.8.3.tar.gz
|
#
aa1a4c13 |
|
25-Jan-2003 |
Bill Fenner <fenner@FreeBSD.org> |
Merge Multi-DLT support.
|
#
0ccd7b51 |
|
25-Jan-2003 |
Bill Fenner <fenner@FreeBSD.org> |
Commit tcpdump.org's multi-DLT support to vendor branch.
|
#
a1c2090e |
|
20-Jun-2002 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.7.1 MFC after: 2 weeks
|
#
a90e161b |
|
20-Jun-2002 |
Bill Fenner <fenner@FreeBSD.org> |
Import tcpdump 3.7.1, from http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz
|
#
943ee2b1 |
|
03-Apr-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.6.2
|
#
685295f4 |
|
03-Apr-2001 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of tcpdump.org tcpdump v3.6.2
|
#
a88113a8 |
|
29-Jan-2000 |
Bill Fenner <fenner@FreeBSD.org> |
Merge tcpdump 3.5
|
#
b0453382 |
|
29-Jan-2000 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of tcpdump.org tcpdump v3.5
|
#
37eaa1d1 |
|
26-Jan-2000 |
Archie Cobbs <archie@FreeBSD.org> |
Add the -X flag to dump the buffer in "emacs-hexl" style, that is, with ASCII character decoding. Obtained from: OpenBSD
|
#
722012cc |
|
20-Feb-1999 |
Julian Elischer <julian@FreeBSD.org> |
World, I'd like you to meet the first FreeBSD token Ring driver. This is for various Olicom cards. An IBM driver is following. This patch also adds support to tcpdump to decode packets on tokenring. Congratulations to the proud father.. (below) Submitted by: Larry Lile <lile@stdio.com>
|
#
4644f044 |
|
15-Sep-1998 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of LBL tcpdump v3.4
|
#
4de76e31 |
|
26-May-1997 |
Bill Fenner <fenner@FreeBSD.org> |
Virgin import of LBL tcpdump v3.3
|
#
4edb46e9 |
|
19-Aug-1996 |
Paul Traina <pst@FreeBSD.org> |
Virgin import of unmodified tcpdump v3.2.1 distribution from LBL. Obtained from: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z on 19-Aug-1996.
|