tcpdump-114.100.1

Imported from tcpdump-114.100.1.tar.gz

tcpdump/netdissect.h

@@ -266,17 +266,19 @@ struct netdissect_options {
 /*
  * Values of ndo_flags that control printing of packet metadata
  */
-#define PRMD_NONE		0x0000
-#define PRMD_IF			0x0001
-#define PRMD_PNAME		0x0002
-#define PRMD_PID		0x0004
-#define PRMD_SVC		0x0008
-#define PRMD_DIR		0x0010
-#define PRMD_COMMENT		0x0020
-#define PRMD_PUUID		0x0040
-#define PRMD_VERBOSE		0x0800 /* print pcapng description blocks */
-#define PRMD_FLAGS		0x1000
-#define PRMD_DEFAULT		(PRMD_IF|PRMD_PNAME|PRMD_PID|PRMD_SVC|PRMD_DIR|PRMD_COMMENT|PRMD_FLAGS)
+#define PRMD_NONE       0x0000
+#define PRMD_IF         0x0001
+#define PRMD_PNAME      0x0002
+#define PRMD_PID        0x0004
+#define PRMD_SVC        0x0008
+#define PRMD_DIR        0x0010
+#define PRMD_COMMENT    0x0020
+#define PRMD_PUUID      0x0040
+#define PRMD_VERBOSE    0x0800 /* print pcapng description blocks */
+#define PRMD_FLAGS      0x1000
+#define PRMD_FLOWID     0x2000
+#define PRMD_TRACETAG   0x4000
+#define PRMD_DEFAULT    (PRMD_IF|PRMD_PNAME|PRMD_PID|PRMD_SVC|PRMD_DIR|PRMD_COMMENT|PRMD_FLAGS)
 #define PRMD_ALL		0xffff
 #endif /* __APPLE__ */
 

tcpdump/pktaputil.c

@@ -132,10 +132,12 @@ pktap_filter_packet(netdissect_options *ndo, struct pcap_if_info *if_info,
 		pmd.svc = svc2str(pktp_hdr->pth_svc);
 		pmd.dir = (pktp_hdr->pth_flags & PTH_FLAG_DIR_IN) ? "in" :
 			(pktp_hdr->pth_flags & PTH_FLAG_DIR_OUT) ? "out" : "";
+		pmd.flowid = pktp_hdr->pth_flowid;
 
 		match = evaluate_expression(pkt_meta_data_expression, &pmd);
-		if (match == 0)
+		if (match == 0) {
 			packets_mtdt_fltr_drop++;
+		}
 	}
 
 	return (match);

tcpdump/pktmetadatafilter.c

@@ -75,6 +75,7 @@
 	X(TOK_EPID)		\
 	X(TOK_SVC)		\
 	X(TOK_DIR)		\
+	X(TOK_FLOWID)	\
 	X(TOK_EQ)		\
 	X(TOK_NEQ)		\
 	X(TOK_STR)		\
@@ -106,6 +107,7 @@ struct token tokens[] = {
 	{ TOK_EPID, "epid", 0 },
 	{ TOK_SVC, "svc", 0 },
 	{ TOK_DIR, "dir", 0 },
+	{ TOK_FLOWID, "flowid", 0 },
 	{ TOK_EQ, "=", 0 },
     { TOK_NEQ, "!=", 0 },
 
@@ -120,7 +122,7 @@ struct token tokens[] = {
 struct node {
 	int	id;
 	char *str;
-	int num;
+	uint32_t num;
 	int op;
 	struct node *left_node;
 	struct node *right_node;
@@ -331,6 +333,7 @@ parse_term_expression(const char **ptr)
 		case TOK_EPID:
 		case TOK_SVC:
 		case TOK_DIR:
+		case TOK_FLOWID:
 			term_node = alloc_node(lex_token.tok_id);
 			get_token(ptr);
 
@@ -342,7 +345,7 @@ parse_term_expression(const char **ptr)
 			}
 			get_token(ptr);
 			if (lex_token.tok_id != TOK_STR) {
-				warnx("missig comparison string at: %s", *ptr);
+				warnx("missing comparison string at: %s", *ptr);
 				goto fail;
 			}
 			/*
@@ -352,8 +355,9 @@ parse_term_expression(const char **ptr)
 
 			term_node->str = strdup(lex_token.tok_label);
 
-			if (term_node->id == TOK_PID || term_node->id == TOK_EPID)
-				term_node->num = atoi(term_node->str);
+			if (term_node->id == TOK_PID || term_node->id == TOK_EPID || term_node->id == TOK_FLOWID) {
+				term_node->num = (uint32_t)strtoul(term_node->str, NULL, 0);
+			}
 			break;
 
 		default:
@@ -581,6 +585,11 @@ evaluate_expression(node_t *expression, struct pkt_meta_data *p)
 			if (expression->op == TOK_NEQ)
 				match = !match;
 			break;
+		case TOK_FLOWID:
+			match = (p->flowid == expression->num);
+			if (expression->op == TOK_NEQ)
+				match = !match;
+			break;
 		default:
 			break;
 	}
@@ -622,6 +631,7 @@ print_expression(node_t *expression)
 		case TOK_EPID:
 		case TOK_SVC:
 		case TOK_DIR:
+		case TOK_FLOWID:
 			switch (expression->id) {
 				case TOK_IF:
 					printf("if");
@@ -644,6 +654,9 @@ print_expression(node_t *expression)
 				case TOK_DIR:
 					printf("dir");
 					break;
+				case TOK_FLOWID:
+					printf("flowid");
+					break;
 			}
 			switch (expression->op) {
 				case TOK_EQ:

tcpdump/pktmetadatafilter.h

@@ -40,6 +40,7 @@ struct pkt_meta_data {
 	pid_t epid;
 	const char *dir;
 	const char *svc;
+	uint32_t flowid;
 };
 
 

tcpdump/print_pktap.c

@@ -59,6 +59,7 @@ print_pktap_header(struct netdissect_options *ndo, struct pktap_header *pktp_hdr
 	ND_PRINT((ndo, " frame_pre_length %u", pktp_hdr->pth_frame_pre_length));
 	ND_PRINT((ndo, " frame_post_length %u", pktp_hdr->pth_frame_post_length));
 	ND_PRINT((ndo, " iftype %u\n", pktp_hdr->pth_iftype));
+	ND_PRINT((ndo, " flowid 0x%x\n", pktp_hdr->pth_flowid));
 }
 #endif /* DEBUG */
 
@@ -184,14 +185,26 @@ pktap_if_print(struct netdissect_options *ndo, const struct pcap_pkthdr *h,
 					  prsep));
 				prsep = ", ";
 			}
-#ifdef PTH_FLAG_WAKE_PKT
 			if ((pktp_hdr->pth_flags & PTH_FLAG_WAKE_PKT)) {
 				ND_PRINT((ndo, "%s" "wk",
 					  prsep));
 				prsep = ", ";
 			}
-#endif /* PTH_FLAG_WAKE_PKT */
 		}
+		if ((ndo->ndo_kflag & PRMD_FLOWID)) {
+			ND_PRINT((ndo, "%s" "flowid 0x%x",
+				  prsep,
+				  pktp_hdr->pth_flowid));
+			prsep = ", ";
+		}
+#ifdef PKTAP_HAS_TRACE_TAG
+		if ((ndo->ndo_kflag & PRMD_TRACETAG)) {
+			ND_PRINT((ndo, "%s" "ttag 0x%x",
+				  prsep,
+				  pktp_hdr->pth_trace_tag));
+			prsep = ", ";
+		}
+#endif /* PKTAP_HAS_TRACE_TAG */
 		ND_PRINT((ndo, ") "));
 	}
 

tcpdump/tcpdump.1

@@ -567,9 +567,11 @@ where each character corresponds to a type of packet metadata as follows:
 \fBS\fP     service class
 \fBD\fP     direction
 \fBC\fP     comment
-\fBC\fP     flags
+\fBF\fP     flags
 \fBU\fP     process UUID (not shown by default)
 \fBV\fP     verbose printf of pcap-ng blocks (not shown by default)
+\fBf\fP     flow identifier
+\fBt\fP     trace tag
 \fBA\fP     display all types of metadata
 .fi
 .RE

tcpdump/tcpdump.c

@@ -654,6 +654,8 @@ static const struct option longopts[] = {
 	{ "apple-tzo", required_argument, NULL, OPTION_TIME_ZONE_OFFSET },
 	{ "apple-truncate", no_argument, NULL, OPTION_APPLE_TRUNCATE },
 	{ "apple-arp-plain", no_argument, NULL, OPTION_APPLE_ARP_PLAIN },
+	{ "apple-print-metadata", optional_argument, NULL, 'k' },
+	{ "apple-pcapng", no_argument, NULL, 'P' },
 #endif /* __APPLE__ */
 	{ NULL, 0, NULL, 0 }
 };
@@ -1476,16 +1478,24 @@ main(int argc, char **argv)
 					case 'V':
 						val |= PRMD_VERBOSE;
 						break;
-
+					case 'f':
+						val |= PRMD_FLOWID;
+						break;
+					case 't':
+						val |= PRMD_TRACETAG;
+						break;
 					default:
 						/*
-						 * Was most likely parsing a filter expression
-						 * if we do not recognize the character
+						 * This is most likely parsing a filter expression
+						 * if we do not recognize of the flag so ignore
+						 * any already parsed flag
 						 */
-						if (val == 0)
-							break;
-						error("Invalid flag for option '-k'");
-						/* NOT REACHED */
+						val = 0;
+						break;
+				}
+				/* stop the parsing as we hit an unrecognized charater */
+				if (val == 0) {
+					break;
 				}
 			}
 			if (val == 0)
@@ -2096,7 +2106,7 @@ main(int argc, char **argv)
 		 */
 		if (pcap_datalink(pd) != DLT_PKTAP &&
 			(ndo->ndo_kflag || ndo->ndo_Pflag) && pcap_apple_set_exthdr(pd, on) == -1)
-			warning("%s", pcap_geterr(pd));
+				warning("%s", pcap_geterr(pd));
 #endif /* __APPLE__ */
 
 		i = pcap_snapshot(pd);
@@ -3238,9 +3248,9 @@ print_usage(void)
 "\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]\n");
 #ifdef __APPLE__
 	(void)fprintf(stderr,
-"\t\t[ -g ] [ -k ] [ -o ] [ -P ] [ -Q meta-data-expression]\n");
+"\t\t[ -g ] [ -k (flags) ] [ -o ] [ -P ] [ -Q meta-data-expression ]\n");
 	(void)fprintf(stderr,
-"\t\t[ --apple-tzo offset] [--apple-truncate]\n");
+"\t\t[ --apple-tzo offset ] [--apple-truncate ]\n");
 #endif /* __APPLE__ */
 	(void)fprintf(stderr,
 "\t\t[ -Z user ] [ expression ]\n");
@@ -3275,6 +3285,9 @@ handle_bpf_exthdr_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h,
 #define	SWAPLONG(y) \
 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
 
+#define	SWAPSHORT(y) \
+((((y)&0xff00)>>8) | (((y)>>24)&0xff))
+
 int
 handle_pcap_ng_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h,
 					const u_char *sp)
@@ -3412,13 +3425,11 @@ handle_pcap_ng_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h,
 
 			goto done;
 		}
-#ifdef PCAPNG_BT_DSB
 		case PCAPNG_BT_DSB: {
 			pcap_ng_dump_block(dump_info->p, block);
 
 			goto done;
 		}
-#endif /* PCAPNG_BT_DSB */
 		default:
 			goto done;
 	}
@@ -3645,6 +3656,10 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 	uint32_t pkt_svc = -1;
 	uint32_t packet_flags = 0;
 	uint32_t pmdflags = 0;
+	uint32_t flow_id = 0;
+#ifdef PCAPNG_EPB_TRACE_TAG
+	uint16_t trace_tag = 0;
+#endif /* PCAPNG_EPB_TRACE_TAG */
 	struct pcapng_option_info option_info;
 
 	block = pcap_ng_block_alloc_with_raw_block(ndo->ndo_pcap, (u_char *)sp);
@@ -3774,6 +3789,31 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 				if (pcap_is_swapped(ndo->ndo_pcap))
 					packet_flags = SWAPLONG(pmdflags);
 			}
+#ifdef PCAPNG_EPB_FLOW_ID
+			if (pcap_ng_block_get_option(block, PCAPNG_EPB_FLOW_ID, &option_info) == 1) {
+				if (option_info.length != 4) {
+					warning("%s: flow_id option length %u != 4", __func__, option_info.length);
+					goto done;
+				}
+				flow_id = *(uint32_t *)(option_info.value);
+				if (pcap_is_swapped(ndo->ndo_pcap)) {
+					flow_id = SWAPLONG(flow_id);
+				}
+			}
+#endif /* PCAPNG_EPB_FLOW_ID */
+
+#ifdef PCAPNG_EPB_TRACE_TAG
+			if (pcap_ng_block_get_option(block, PCAPNG_EPB_TRACE_TAG, &option_info) == 1) {
+				if (option_info.length != 2) {
+					warning("%s: trace_tag option length %u != 2", __func__, option_info.length);
+					goto done;
+				}
+				trace_tag = *(uint16_t *)(option_info.value);
+				if (pcap_is_swapped(ndo->ndo_pcap)) {
+					trace_tag = SWAPSHORT(trace_tag);
+				}
+			}
+#endif /* PCAPNG_EPB_TRACE_TAG */
 
 			if_id = epbp->interface_id;
 
@@ -3827,7 +3867,6 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 			}
 			goto done;
 		}
-#ifdef PCAPNG_BT_DSB
 		case PCAPNG_BT_DSB: {
 			if (ndo->ndo_kflag & PRMD_VERBOSE) {
 				char secrets_type_str[64];
@@ -3861,7 +3900,6 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 			}
 			goto done;
 		}
-#endif /* PCAPNG_BT_DSB */
 		default:
 			goto done;
 	}
@@ -3908,7 +3946,8 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 		pmd.epid = (e_proc_info != NULL) ? e_proc_info->proc_pid : -1;
 		pmd.svc = (pkt_svc != -1) ? svc2str(pkt_svc) : "";
 		pmd.dir =  (packet_flags & 3) == 2 ? "out" :
-		(packet_flags & 3) == 1 ? "in" : "";
+		    (packet_flags & 3) == 1 ? "in" : "";
+		pmd.flowid = flow_id;
 
 		if (evaluate_expression(pkt_meta_data_expression, &pmd) == 0) {
 			packets_mtdt_fltr_drop++;
@@ -4004,15 +4043,36 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 					  prsep));
 				prsep = ", ";
 			}
-#ifdef PCAPNG_EPB_PMDF_WAKE_PKT
 			if ((pmdflags & PCAPNG_EPB_PMDF_WAKE_PKT)) {
 				ND_PRINT((ndo, "%s" "wk",
 					  prsep));
 				prsep = ", ";
 			}
-#endif /* PCAPNG_EPB_PMDF_WAKE_PKT */
 		}
 
+#ifdef PCAPNG_EPB_FLOW_ID
+		/*
+		 * Flow-id
+		 */
+		if (ndo->ndo_kflag & PRMD_FLOWID) {
+			ND_PRINT((ndo, "%s" "flowid 0x%x",
+					  prsep,
+					  flow_id));
+			prsep = ", ";
+		}
+#endif /* PCAPNG_EPB_FLOW_ID */
+#ifdef PCAPNG_EPB_TRACE_TAG
+		/*
+		 * trace_tag
+		 */
+		if (ndo->ndo_kflag & PRMD_TRACETAG) {
+			ND_PRINT((ndo, "%s" "ttag 0x%x",
+					  prsep,
+					  trace_tag));
+			prsep = ", ";
+		}
+#endif /* PCAPNG_EPB_TRACE_TAG */
+
 		/*
 		 * Comment
 		 */