[SRM] Stable update for libpcap
Hi,
I'd like to upload the following update for libpcap in squeeze, it
addresses two bugs:
- #612803: device detection is broken if the bonding module is loaded
because it creates an extra file in /sys/class/net, the upstream fix is
used verbatim.
- #623868 (aka CVE-2011-1935): a security issue that was not serious
enough to warrant a DSA. The patch is the result of several upstream
commits that were backported to libpcap 1.1.1.
Thanks!
changelog | 9 +++
patches/45_bonding.diff | 24 ++++++++++
patches/46_tpacket_alignment.diff | 88 ++++++++++++++++++++++++++++++++++++++
patches/series | 2
4 files changed, 123 insertions(+)
diff -Nru libpcap-1.1.1/debian/changelog libpcap-1.1.1/debian/changelog
--- libpcap-1.1.1/debian/changelog 2010-04-06 21:38:44.000000000 +0200
+++ libpcap-1.1.1/debian/changelog 2011-07-10 19:26:04.000000000 +0200
@@ -1,3 +1,12 @@
+libpcap (1.1.1-2+squeeze1) stable; urgency=low
+
+ * Backport changes from upstream to fix corruption of snapshot length on
+ live captures (CVE-2011-1935) (closes: #623868).
+ * Backport fix from upstream to fix device detection when the bonding
+ module is loaded (closes: #612803).
+
+ -- Romain Francoise <rfrancoise@debian.org> Sun, 10 Jul 2011 19:26:04 +0200
+
libpcap (1.1.1-2) unstable; urgency=low
* debian/patches/50_kfreebsd.diff: Fix configure script to properly
diff -Nru libpcap-1.1.1/debian/patches/45_bonding.diff libpcap-1.1.1/debian/patches/45_bonding.diff
--- libpcap-1.1.1/debian/patches/45_bonding.diff 1970-01-01 01:00:00.000000000 +0100
+++ libpcap-1.1.1/debian/patches/45_bonding.diff 2011-07-10 19:22:56.000000000 +0200
@@ -0,0 +1,24 @@
+commit 073a8b37f97b684a34d29800400879e4e902ff63
+Author: andy-1 <andy-1@sourceforge.net>
+Date: Tue Apr 27 23:33:23 2010 -0700
+
+ Ignore /sys/net/dev files if we get ENODEV for them, not just ENXIO.
+
+ Both of them are indications that there's no such interface, so the file
+ probably corresponds to something other than a device.
+
+ Reviewed-By: Guy Harris <guy@alum.mit.edu>
+
+diff --git a/pcap-linux.c b/pcap-linux.c
+index af12543..de3239a 100644
+--- a/pcap-linux.c
++++ b/pcap-linux.c
+@@ -1883,7 +1883,7 @@ scan_sys_class_net(pcap_if_t **devlistp, char *errbuf)
+ */
+ strncpy(ifrflags.ifr_name, name, sizeof(ifrflags.ifr_name));
+ if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) {
+- if (errno == ENXIO)
++ if (errno == ENXIO || errno == ENODEV)
+ continue;
+ (void)snprintf(errbuf, PCAP_ERRBUF_SIZE,
+ "SIOCGIFFLAGS: %.*s: %s",
diff -Nru libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff
--- libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff 1970-01-01 01:00:00.000000000 +0100
+++ libpcap-1.1.1/debian/patches/46_tpacket_alignment.diff 2011-07-10 19:22:12.000000000 +0200
@@ -0,0 +1,88 @@
+From cc4298babe767e394dc673c87ef3dbabe3fdb7c9 Mon Sep 17 00:00:00 2001
+From: Julien Moutinho <julm@savines.alpes.fr.eu.org>
+Date: Tue, 22 Mar 2011 23:53:15 -0700
+Subject: [PATCH] Fix the calculation of the frame size in memory-mapped
+ captures.
+
+The old calculation truncated packets to a smaller value than the
+snapshot length.
+---
+ pcap-linux.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 58 insertions(+), 3 deletions(-)
+
+--- a/pcap-linux.c
++++ b/pcap-linux.c
+@@ -3057,15 +3057,70 @@
+ {
+ unsigned i, j, frames_per_block;
+ struct tpacket_req req;
++ socklen_t len;
++ unsigned int sk_type, tp_reserve, maclen, tp_hdrlen, netoff, macoff;
+
+ /* Note that with large snapshot (say 64K) only a few frames
+ * will be available in the ring even with pretty large ring size
+ * (and a lot of memory will be unused).
+ * The snap len should be carefully chosen to achive best
+ * performance */
+- req.tp_frame_size = TPACKET_ALIGN(handle->snapshot +
+- TPACKET_ALIGN(handle->md.tp_hdrlen) +
+- sizeof(struct sockaddr_ll));
++
++ /* NOTE: calculus matching those in tpacket_rcv()
++ * in linux-2.6/net/packet/af_packet.c
++ */
++ len = sizeof(sk_type);
++ if (getsockopt(handle->fd, SOL_SOCKET, SO_TYPE, &sk_type, &len) < 0) {
++ snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "getsockopt: %s", pcap_strerror(errno));
++ return -1;
++ }
++#ifdef PACKET_RESERVE
++ len = sizeof(tp_reserve);
++ if (getsockopt(handle->fd, SOL_PACKET, PACKET_RESERVE, &tp_reserve, &len) < 0) {
++ if (errno != ENOPROTOOPT) {
++ /*
++ * ENOPROTOOPT means "kernel doesn't support
++ * PACKET_RESERVE", in which case we fall back
++ * as best we can.
++ */
++ snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "getsockopt: %s", pcap_strerror(errno));
++ return -1;
++ }
++ tp_reserve = 0; /* older kernel, reserve not supported */
++ }
++#else
++ tp_reserve = 0;
++#endif
++ maclen = (sk_type == SOCK_DGRAM) ? 0 : MAX_LINKHEADER_SIZE;
++ /* XXX: in the kernel maclen is calculated from
++ * LL_ALLOCATED_SPACE(dev) and vnet_hdr.hdr_len
++ * in: packet_snd() in linux-2.6/net/packet/af_packet.c
++ * then packet_alloc_skb() in linux-2.6/net/packet/af_packet.c
++ * then sock_alloc_send_pskb() in linux-2.6/net/core/sock.c
++ * but I see no way to get those sizes in userspace,
++ * like for instance with an ifreq ioctl();
++ * the best thing I've found so far is MAX_HEADER in the kernel
++ * part of linux-2.6/include/linux/netdevice.h
++ * which goes up to 128+48=176; since pcap-linux.c defines
++ * a MAX_LINKHEADER_SIZE of 256 which is greater than that,
++ * let's use it.. maybe is it even large enough to directly
++ * replace macoff..
++ */
++ tp_hdrlen = TPACKET_ALIGN(handle->md.tp_hdrlen) + sizeof(struct sockaddr_ll) ;
++ netoff = TPACKET_ALIGN(tp_hdrlen + (maclen < 16 ? 16 : maclen)) + tp_reserve;
++ /* NOTE: AFAICS tp_reserve may break the TPACKET_ALIGN of
++ * netoff, which contradicts
++ * linux-2.6/Documentation/networking/packet_mmap.txt
++ * documenting that:
++ * "- Gap, chosen so that packet data (Start+tp_net)
++ * aligns to TPACKET_ALIGNMENT=16"
++ */
++ /* NOTE: in linux-2.6/include/linux/skbuff.h:
++ * "CPUs often take a performance hit
++ * when accessing unaligned memory locations"
++ */
++ macoff = netoff - maclen;
++ req.tp_frame_size = TPACKET_ALIGN(macoff + handle->snapshot);
+ req.tp_frame_nr = handle->opt.buffer_size/req.tp_frame_size;
+
+ /* compute the minumum block size that will handle this frame.
diff -Nru libpcap-1.1.1/debian/patches/series libpcap-1.1.1/debian/patches/series
--- libpcap-1.1.1/debian/patches/series 2010-04-06 19:11:56.000000000 +0200
+++ libpcap-1.1.1/debian/patches/series 2011-07-10 19:27:35.000000000 +0200
@@ -2,5 +2,7 @@
15_linker_script.diff
30_man_fixes.diff
40_fix_bus_usb_path.diff
+45_bonding.diff
+46_tpacket_alignment.diff
50_kfreebsd.diff
50_autotools-dev.diff
Reply to: