[SRM] Stable update for libpcap

To: debian-release@lists.debian.org
Cc: Jonathan Wiltshire <jmw@debian.org>
Subject: [SRM] Stable update for libpcap
From: Romain Francoise <rfrancoise@debian.org>
Date: Sun, 10 Jul 2011 19:57:24 +0200
Message-id: <[🔎] 87sjqerpbv.fsf@silenus.orebokech.com>
Hi,

I'd like to upload the following update for libpcap in squeeze, it
addresses two bugs:
- #612803: device detection is broken if the bonding module is loaded
  because it creates an extra file in /sys/class/net, the upstream fix is
  used verbatim.
- #623868 (aka CVE-2011-1935): a security issue that was not serious
  enough to warrant a DSA. The patch is the result of several upstream
  commits that were backported to libpcap 1.1.1.

Thanks!

 changelog                         |    9 +++
 patches/45_bonding.diff           |   24 ++++++++++
 patches/46_tpacket_alignment.diff |   88 ++++++++++++++++++++++++++++++++++++++
 patches/series                    |    2 
 4 files changed, 123 insertions(+)

diff -Nru libpcap-1.1.1/debian/changelog libpcap-1.1.1/debian/changelog
--- libpcap-1.1.1/debian/changelog	2010-04-06 21:38:44.000000000 +0200
+++ libpcap-1.1.1/debian/changelog	2011-07-10 19:26:04.000000000 +0200
@@ -1,3 +1,12 @@
+libpcap (1.1.1-2+squeeze1) stable; urgency=low
+
+  * Backport changes from upstream to fix corruption of snapshot length on
+    live captures (CVE-2011-1935) (closes: #623868).
+  * Backport fix from upstream to fix device detection when the bonding
+    module is loaded (closes: #612803).
+
+ -- Romain Francoise <rfrancoise@debian.org>  Sun, 10 Jul 2011 19:26:04 +0200
+
 libpcap (1.1.1-2) unstable; urgency=low
 
   * debian/patches/50_kfreebsd.diff: Fix configure script to properly
diff -Nru libpcap-1.1.1/debian/patches/45_bonding.diff libpcap-1.1.1/debian/patches/45_bonding.diff
--- libpcap-1.1.1/debian/patches/45_bonding.diff	1970-01-01 01:00:00.000000000 +0100
+++ libpcap-1.1.1/debian/patches/45_bonding.diff	2011-07-10 19:22:56.000000000 +0200
@@ -0,0 +1,24 @@
+commit 073a8b37f97b684a34d29800400879e4e902ff63
+Author: andy-1 <andy-1@sourceforge.net>
+Date:   Tue Apr 27 23:33:23 2010 -0700
+
+    Ignore /sys/net/dev files if we get ENODEV for them, not just ENXIO.
+    
+    Both of them are indications that there's no such interface, so the file
+    probably corresponds to something other than a device.
+    
+    Reviewed-By: Guy Harris <guy@alum.mit.edu>
+
+diff --git a/pcap-linux.c b/pcap-linux.c
+index af12543..de3239a 100644
+--- a/pcap-linux.c
++++ b/pcap-linux.c
+@@ -1883,7 +1883,7 @@ scan_sys_class_net(pcap_if_t **devlistp, char *errbuf)
+ 		 */
+ 		strncpy(ifrflags.ifr_name, name, sizeof(ifrflags.ifr_name));
+ 		if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
+-			if (errno == ENXIO)
++			if (errno == ENXIO || errno == ENODEV)
+ 				continue;
+ 			(void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
+ 			    "SIOCGIFFLAGS: %.*s: %s",
diff -Nru libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff
--- libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff	1970-01-01 01:00:00.000000000 +0100
+++ libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff	2011-07-10 19:22:12.000000000 +0200
@@ -0,0 +1,88 @@
+From cc4298babe767e394dc673c87ef3dbabe3fdb7c9 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm@savines.alpes.fr.eu.org>
+Date: Tue, 22 Mar 2011 23:53:15 -0700
+Subject: [PATCH] Fix the calculation of the frame size in memory-mapped
+ captures.
+
+The old calculation truncated packets to a smaller value than the
+snapshot length.
+---
+ pcap-linux.c |   61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 58 insertions(+), 3 deletions(-)
+
+--- a/pcap-linux.c
++++ b/pcap-linux.c
+@@ -3057,15 +3057,70 @@
+ {
+ 	unsigned i, j, frames_per_block;
+ 	struct tpacket_req req;
++	socklen_t len;
++	unsigned int sk_type, tp_reserve, maclen, tp_hdrlen, netoff, macoff;
+ 
+ 	/* Note that with large snapshot (say 64K) only a few frames 
+ 	 * will be available in the ring even with pretty large ring size
+ 	 * (and a lot of memory will be unused). 
+ 	 * The snap len should be carefully chosen to achive best
+ 	 * performance */
+-	req.tp_frame_size = TPACKET_ALIGN(handle->snapshot +
+-					  TPACKET_ALIGN(handle->md.tp_hdrlen) +
+-					  sizeof(struct sockaddr_ll));
++	
++	/* NOTE: calculus matching those in tpacket_rcv()
++	 * in linux-2.6/net/packet/af_packet.c
++	 */
++	len = sizeof(sk_type);
++	if (getsockopt(handle->fd, SOL_SOCKET, SO_TYPE, &sk_type, &len) < 0) {
++		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "getsockopt: %s", pcap_strerror(errno));
++		return -1;
++	}
++#ifdef PACKET_RESERVE
++	len = sizeof(tp_reserve);
++	if (getsockopt(handle->fd, SOL_PACKET, PACKET_RESERVE, &tp_reserve, &len) < 0) {
++		if (errno != ENOPROTOOPT) {
++			/*
++			 * ENOPROTOOPT means "kernel doesn't support
++			 * PACKET_RESERVE", in which case we fall back
++			 * as best we can.
++			 */
++			snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "getsockopt: %s", pcap_strerror(errno));
++			return -1;
++		}
++		tp_reserve = 0;	/* older kernel, reserve not supported */
++	}
++#else
++	tp_reserve = 0;
++#endif
++	maclen = (sk_type == SOCK_DGRAM) ? 0 : MAX_LINKHEADER_SIZE;
++		/* XXX: in the kernel maclen is calculated from
++		 * LL_ALLOCATED_SPACE(dev) and vnet_hdr.hdr_len
++		 * in:  packet_snd()           in linux-2.6/net/packet/af_packet.c
++		 * then packet_alloc_skb()     in linux-2.6/net/packet/af_packet.c
++		 * then sock_alloc_send_pskb() in linux-2.6/net/core/sock.c
++		 * but I see no way to get those sizes in userspace,
++		 * like for instance with an ifreq ioctl();
++		 * the best thing I've found so far is MAX_HEADER in the kernel
++		 * part of linux-2.6/include/linux/netdevice.h
++		 * which goes up to 128+48=176; since pcap-linux.c defines
++		 * a MAX_LINKHEADER_SIZE of 256 which is greater than that,
++		 * let's use it.. maybe is it even large enough to directly
++		 * replace macoff..
++		 */
++	tp_hdrlen = TPACKET_ALIGN(handle->md.tp_hdrlen) + sizeof(struct sockaddr_ll) ;
++	netoff = TPACKET_ALIGN(tp_hdrlen + (maclen < 16 ? 16 : maclen)) + tp_reserve;
++		/* NOTE: AFAICS tp_reserve may break the TPACKET_ALIGN of
++		 * netoff, which contradicts
++		 * linux-2.6/Documentation/networking/packet_mmap.txt
++		 * documenting that:
++		 * "- Gap, chosen so that packet data (Start+tp_net)
++		 * aligns to TPACKET_ALIGNMENT=16"
++		 */
++		/* NOTE: in linux-2.6/include/linux/skbuff.h:
++		 * "CPUs often take a performance hit
++		 *  when accessing unaligned memory locations"
++		 */
++	macoff = netoff - maclen;
++	req.tp_frame_size = TPACKET_ALIGN(macoff + handle->snapshot);
+ 	req.tp_frame_nr = handle->opt.buffer_size/req.tp_frame_size;
+ 
+ 	/* compute the minumum block size that will handle this frame. 
diff -Nru libpcap-1.1.1/debian/patches/series libpcap-1.1.1/debian/patches/series
--- libpcap-1.1.1/debian/patches/series	2010-04-06 19:11:56.000000000 +0200
+++ libpcap-1.1.1/debian/patches/series	2011-07-10 19:27:35.000000000 +0200
@@ -2,5 +2,7 @@
 15_linker_script.diff
 30_man_fixes.diff
 40_fix_bus_usb_path.diff
+45_bonding.diff
+46_tpacket_alignment.diff
 50_kfreebsd.diff
 50_autotools-dev.diff
Reply to:
Follow-Ups:
- Re: [SRM] Stable update for libpcap
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Prev by Date: Bug#633486: transition: libdbi
Next by Date: NEW changes in proposedupdates
Previous by thread: Bug#633486: transition: libdbi
Next by thread: Re: [SRM] Stable update for libpcap
Index(es):
- Date
- Thread