From 5fe7d801116f0bec31849d306a524399a95659d4 Mon Sep 17 00:00:00 2001 From: Apple OSS Distributions <91980991+AppleOSSDistributions@users.noreply.github.com> Date: Thu, 18 Nov 2021 18:47:11 +0000 Subject: [PATCH] tcpdump-114.100.1 Imported from tcpdump-114.100.1.tar.gz --- tcpdump/netdissect.h | 24 +++++----- tcpdump/pktaputil.c | 4 +- tcpdump/pktmetadatafilter.c | 21 +++++++-- tcpdump/pktmetadatafilter.h | 1 + tcpdump/print_pktap.c | 17 ++++++- tcpdump/tcpdump.1 | 4 +- tcpdump/tcpdump.c | 94 ++++++++++++++++++++++++++++++------- 7 files changed, 129 insertions(+), 36 deletions(-) diff --git a/tcpdump/netdissect.h b/tcpdump/netdissect.h index 26ca5f2..4097892 100644 --- a/tcpdump/netdissect.h +++ b/tcpdump/netdissect.h @@ -266,17 +266,19 @@ struct netdissect_options { /* * Values of ndo_flags that control printing of packet metadata */ -#define PRMD_NONE 0x0000 -#define PRMD_IF 0x0001 -#define PRMD_PNAME 0x0002 -#define PRMD_PID 0x0004 -#define PRMD_SVC 0x0008 -#define PRMD_DIR 0x0010 -#define PRMD_COMMENT 0x0020 -#define PRMD_PUUID 0x0040 -#define PRMD_VERBOSE 0x0800 /* print pcapng description blocks */ -#define PRMD_FLAGS 0x1000 -#define PRMD_DEFAULT (PRMD_IF|PRMD_PNAME|PRMD_PID|PRMD_SVC|PRMD_DIR|PRMD_COMMENT|PRMD_FLAGS) +#define PRMD_NONE 0x0000 +#define PRMD_IF 0x0001 +#define PRMD_PNAME 0x0002 +#define PRMD_PID 0x0004 +#define PRMD_SVC 0x0008 +#define PRMD_DIR 0x0010 +#define PRMD_COMMENT 0x0020 +#define PRMD_PUUID 0x0040 +#define PRMD_VERBOSE 0x0800 /* print pcapng description blocks */ +#define PRMD_FLAGS 0x1000 +#define PRMD_FLOWID 0x2000 +#define PRMD_TRACETAG 0x4000 +#define PRMD_DEFAULT (PRMD_IF|PRMD_PNAME|PRMD_PID|PRMD_SVC|PRMD_DIR|PRMD_COMMENT|PRMD_FLAGS) #define PRMD_ALL 0xffff #endif /* __APPLE__ */ diff --git a/tcpdump/pktaputil.c b/tcpdump/pktaputil.c index b0eb3bc..a9634b4 100644 --- a/tcpdump/pktaputil.c +++ b/tcpdump/pktaputil.c @@ -132,10 +132,12 @@ pktap_filter_packet(netdissect_options *ndo, struct pcap_if_info *if_info, pmd.svc = svc2str(pktp_hdr->pth_svc); pmd.dir = (pktp_hdr->pth_flags & PTH_FLAG_DIR_IN) ? "in" : (pktp_hdr->pth_flags & PTH_FLAG_DIR_OUT) ? "out" : ""; + pmd.flowid = pktp_hdr->pth_flowid; match = evaluate_expression(pkt_meta_data_expression, &pmd); - if (match == 0) + if (match == 0) { packets_mtdt_fltr_drop++; + } } return (match); diff --git a/tcpdump/pktmetadatafilter.c b/tcpdump/pktmetadatafilter.c index 8bc4447..bfdf226 100644 --- a/tcpdump/pktmetadatafilter.c +++ b/tcpdump/pktmetadatafilter.c @@ -75,6 +75,7 @@ X(TOK_EPID) \ X(TOK_SVC) \ X(TOK_DIR) \ + X(TOK_FLOWID) \ X(TOK_EQ) \ X(TOK_NEQ) \ X(TOK_STR) \ @@ -106,6 +107,7 @@ struct token tokens[] = { { TOK_EPID, "epid", 0 }, { TOK_SVC, "svc", 0 }, { TOK_DIR, "dir", 0 }, + { TOK_FLOWID, "flowid", 0 }, { TOK_EQ, "=", 0 }, { TOK_NEQ, "!=", 0 }, @@ -120,7 +122,7 @@ struct token tokens[] = { struct node { int id; char *str; - int num; + uint32_t num; int op; struct node *left_node; struct node *right_node; @@ -331,6 +333,7 @@ parse_term_expression(const char **ptr) case TOK_EPID: case TOK_SVC: case TOK_DIR: + case TOK_FLOWID: term_node = alloc_node(lex_token.tok_id); get_token(ptr); @@ -342,7 +345,7 @@ parse_term_expression(const char **ptr) } get_token(ptr); if (lex_token.tok_id != TOK_STR) { - warnx("missig comparison string at: %s", *ptr); + warnx("missing comparison string at: %s", *ptr); goto fail; } /* @@ -352,8 +355,9 @@ parse_term_expression(const char **ptr) term_node->str = strdup(lex_token.tok_label); - if (term_node->id == TOK_PID || term_node->id == TOK_EPID) - term_node->num = atoi(term_node->str); + if (term_node->id == TOK_PID || term_node->id == TOK_EPID || term_node->id == TOK_FLOWID) { + term_node->num = (uint32_t)strtoul(term_node->str, NULL, 0); + } break; default: @@ -581,6 +585,11 @@ evaluate_expression(node_t *expression, struct pkt_meta_data *p) if (expression->op == TOK_NEQ) match = !match; break; + case TOK_FLOWID: + match = (p->flowid == expression->num); + if (expression->op == TOK_NEQ) + match = !match; + break; default: break; } @@ -622,6 +631,7 @@ print_expression(node_t *expression) case TOK_EPID: case TOK_SVC: case TOK_DIR: + case TOK_FLOWID: switch (expression->id) { case TOK_IF: printf("if"); @@ -644,6 +654,9 @@ print_expression(node_t *expression) case TOK_DIR: printf("dir"); break; + case TOK_FLOWID: + printf("flowid"); + break; } switch (expression->op) { case TOK_EQ: diff --git a/tcpdump/pktmetadatafilter.h b/tcpdump/pktmetadatafilter.h index 50ac283..45f8af3 100644 --- a/tcpdump/pktmetadatafilter.h +++ b/tcpdump/pktmetadatafilter.h @@ -40,6 +40,7 @@ struct pkt_meta_data { pid_t epid; const char *dir; const char *svc; + uint32_t flowid; }; diff --git a/tcpdump/print_pktap.c b/tcpdump/print_pktap.c index 074b08a..7b08c24 100644 --- a/tcpdump/print_pktap.c +++ b/tcpdump/print_pktap.c @@ -59,6 +59,7 @@ print_pktap_header(struct netdissect_options *ndo, struct pktap_header *pktp_hdr ND_PRINT((ndo, " frame_pre_length %u", pktp_hdr->pth_frame_pre_length)); ND_PRINT((ndo, " frame_post_length %u", pktp_hdr->pth_frame_post_length)); ND_PRINT((ndo, " iftype %u\n", pktp_hdr->pth_iftype)); + ND_PRINT((ndo, " flowid 0x%x\n", pktp_hdr->pth_flowid)); } #endif /* DEBUG */ @@ -184,14 +185,26 @@ pktap_if_print(struct netdissect_options *ndo, const struct pcap_pkthdr *h, prsep)); prsep = ", "; } -#ifdef PTH_FLAG_WAKE_PKT if ((pktp_hdr->pth_flags & PTH_FLAG_WAKE_PKT)) { ND_PRINT((ndo, "%s" "wk", prsep)); prsep = ", "; } -#endif /* PTH_FLAG_WAKE_PKT */ } + if ((ndo->ndo_kflag & PRMD_FLOWID)) { + ND_PRINT((ndo, "%s" "flowid 0x%x", + prsep, + pktp_hdr->pth_flowid)); + prsep = ", "; + } +#ifdef PKTAP_HAS_TRACE_TAG + if ((ndo->ndo_kflag & PRMD_TRACETAG)) { + ND_PRINT((ndo, "%s" "ttag 0x%x", + prsep, + pktp_hdr->pth_trace_tag)); + prsep = ", "; + } +#endif /* PKTAP_HAS_TRACE_TAG */ ND_PRINT((ndo, ") ")); } diff --git a/tcpdump/tcpdump.1 b/tcpdump/tcpdump.1 index 870978c..7e818ec 100644 --- a/tcpdump/tcpdump.1 +++ b/tcpdump/tcpdump.1 @@ -567,9 +567,11 @@ where each character corresponds to a type of packet metadata as follows: \fBS\fP service class \fBD\fP direction \fBC\fP comment -\fBC\fP flags +\fBF\fP flags \fBU\fP process UUID (not shown by default) \fBV\fP verbose printf of pcap-ng blocks (not shown by default) +\fBf\fP flow identifier +\fBt\fP trace tag \fBA\fP display all types of metadata .fi .RE diff --git a/tcpdump/tcpdump.c b/tcpdump/tcpdump.c index 967ec8e..d4693a8 100644 --- a/tcpdump/tcpdump.c +++ b/tcpdump/tcpdump.c @@ -654,6 +654,8 @@ static const struct option longopts[] = { { "apple-tzo", required_argument, NULL, OPTION_TIME_ZONE_OFFSET }, { "apple-truncate", no_argument, NULL, OPTION_APPLE_TRUNCATE }, { "apple-arp-plain", no_argument, NULL, OPTION_APPLE_ARP_PLAIN }, + { "apple-print-metadata", optional_argument, NULL, 'k' }, + { "apple-pcapng", no_argument, NULL, 'P' }, #endif /* __APPLE__ */ { NULL, 0, NULL, 0 } }; @@ -1476,16 +1478,24 @@ main(int argc, char **argv) case 'V': val |= PRMD_VERBOSE; break; - + case 'f': + val |= PRMD_FLOWID; + break; + case 't': + val |= PRMD_TRACETAG; + break; default: /* - * Was most likely parsing a filter expression - * if we do not recognize the character + * This is most likely parsing a filter expression + * if we do not recognize of the flag so ignore + * any already parsed flag */ - if (val == 0) - break; - error("Invalid flag for option '-k'"); - /* NOT REACHED */ + val = 0; + break; + } + /* stop the parsing as we hit an unrecognized charater */ + if (val == 0) { + break; } } if (val == 0) @@ -2096,7 +2106,7 @@ main(int argc, char **argv) */ if (pcap_datalink(pd) != DLT_PKTAP && (ndo->ndo_kflag || ndo->ndo_Pflag) && pcap_apple_set_exthdr(pd, on) == -1) - warning("%s", pcap_geterr(pd)); + warning("%s", pcap_geterr(pd)); #endif /* __APPLE__ */ i = pcap_snapshot(pd); @@ -3238,9 +3248,9 @@ print_usage(void) "\t\t[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]\n"); #ifdef __APPLE__ (void)fprintf(stderr, -"\t\t[ -g ] [ -k ] [ -o ] [ -P ] [ -Q meta-data-expression]\n"); +"\t\t[ -g ] [ -k (flags) ] [ -o ] [ -P ] [ -Q meta-data-expression ]\n"); (void)fprintf(stderr, -"\t\t[ --apple-tzo offset] [--apple-truncate]\n"); +"\t\t[ --apple-tzo offset ] [--apple-truncate ]\n"); #endif /* __APPLE__ */ (void)fprintf(stderr, "\t\t[ -Z user ] [ expression ]\n"); @@ -3275,6 +3285,9 @@ handle_bpf_exthdr_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h, #define SWAPLONG(y) \ ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) +#define SWAPSHORT(y) \ +((((y)&0xff00)>>8) | (((y)>>24)&0xff)) + int handle_pcap_ng_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h, const u_char *sp) @@ -3412,13 +3425,11 @@ handle_pcap_ng_dump(struct dump_info *dump_info, const struct pcap_pkthdr *h, goto done; } -#ifdef PCAPNG_BT_DSB case PCAPNG_BT_DSB: { pcap_ng_dump_block(dump_info->p, block); goto done; } -#endif /* PCAPNG_BT_DSB */ default: goto done; } @@ -3645,6 +3656,10 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) uint32_t pkt_svc = -1; uint32_t packet_flags = 0; uint32_t pmdflags = 0; + uint32_t flow_id = 0; +#ifdef PCAPNG_EPB_TRACE_TAG + uint16_t trace_tag = 0; +#endif /* PCAPNG_EPB_TRACE_TAG */ struct pcapng_option_info option_info; block = pcap_ng_block_alloc_with_raw_block(ndo->ndo_pcap, (u_char *)sp); @@ -3774,6 +3789,31 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) if (pcap_is_swapped(ndo->ndo_pcap)) packet_flags = SWAPLONG(pmdflags); } +#ifdef PCAPNG_EPB_FLOW_ID + if (pcap_ng_block_get_option(block, PCAPNG_EPB_FLOW_ID, &option_info) == 1) { + if (option_info.length != 4) { + warning("%s: flow_id option length %u != 4", __func__, option_info.length); + goto done; + } + flow_id = *(uint32_t *)(option_info.value); + if (pcap_is_swapped(ndo->ndo_pcap)) { + flow_id = SWAPLONG(flow_id); + } + } +#endif /* PCAPNG_EPB_FLOW_ID */ + +#ifdef PCAPNG_EPB_TRACE_TAG + if (pcap_ng_block_get_option(block, PCAPNG_EPB_TRACE_TAG, &option_info) == 1) { + if (option_info.length != 2) { + warning("%s: trace_tag option length %u != 2", __func__, option_info.length); + goto done; + } + trace_tag = *(uint16_t *)(option_info.value); + if (pcap_is_swapped(ndo->ndo_pcap)) { + trace_tag = SWAPSHORT(trace_tag); + } + } +#endif /* PCAPNG_EPB_TRACE_TAG */ if_id = epbp->interface_id; @@ -3827,7 +3867,6 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) } goto done; } -#ifdef PCAPNG_BT_DSB case PCAPNG_BT_DSB: { if (ndo->ndo_kflag & PRMD_VERBOSE) { char secrets_type_str[64]; @@ -3861,7 +3900,6 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) } goto done; } -#endif /* PCAPNG_BT_DSB */ default: goto done; } @@ -3908,7 +3946,8 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) pmd.epid = (e_proc_info != NULL) ? e_proc_info->proc_pid : -1; pmd.svc = (pkt_svc != -1) ? svc2str(pkt_svc) : ""; pmd.dir = (packet_flags & 3) == 2 ? "out" : - (packet_flags & 3) == 1 ? "in" : ""; + (packet_flags & 3) == 1 ? "in" : ""; + pmd.flowid = flow_id; if (evaluate_expression(pkt_meta_data_expression, &pmd) == 0) { packets_mtdt_fltr_drop++; @@ -4004,15 +4043,36 @@ print_pcap_ng_block(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) prsep)); prsep = ", "; } -#ifdef PCAPNG_EPB_PMDF_WAKE_PKT if ((pmdflags & PCAPNG_EPB_PMDF_WAKE_PKT)) { ND_PRINT((ndo, "%s" "wk", prsep)); prsep = ", "; } -#endif /* PCAPNG_EPB_PMDF_WAKE_PKT */ } +#ifdef PCAPNG_EPB_FLOW_ID + /* + * Flow-id + */ + if (ndo->ndo_kflag & PRMD_FLOWID) { + ND_PRINT((ndo, "%s" "flowid 0x%x", + prsep, + flow_id)); + prsep = ", "; + } +#endif /* PCAPNG_EPB_FLOW_ID */ +#ifdef PCAPNG_EPB_TRACE_TAG + /* + * trace_tag + */ + if (ndo->ndo_kflag & PRMD_TRACETAG) { + ND_PRINT((ndo, "%s" "ttag 0x%x", + prsep, + trace_tag)); + prsep = ", "; + } +#endif /* PCAPNG_EPB_TRACE_TAG */ + /* * Comment */