debian/0000755000000000000000000000000011374541737007202 5ustar debian/patches/0000755000000000000000000000000011267561355010630 5ustar debian/patches/series0000644000000000000000000000016411267560663012047 0ustar 01_time.patch 02_largefile.patch 03_bpf_h.patch 04_zero_and_one_packet_captures.patch 05_fix_freed_memory_use.patch debian/patches/03_bpf_h.patch0000644000000000000000000000126411267544570013234 0ustar diff -Naru tcpslice-1.2a3/tcpslice.c tcpslice-patched/tcpslice.c --- tcpslice-1.2a3/tcpslice.c 2005-10-24 19:06:26.000000000 -0300 +++ tcpslice-patched/tcpslice.c 2007-09-11 11:27:23.000000000 -0300 @@ -35,8 +35,6 @@ #include #include -#include - #include #ifdef HAVE_FCNTL_H #include diff -Naru tcpslice-1.2a3/tcpslice.h tcpslice-patched/tcpslice.h --- tcpslice-1.2a3/tcpslice.h 2007-09-11 11:48:04.000000000 -0300 +++ tcpslice-patched/tcpslice.h 2007-09-11 11:49:06.000000000 -0300 @@ -21,7 +21,7 @@ #include -#include +#include /* * This is a timeval as stored in disk in a dumpfile. debian/patches/02_largefile.patch0000644000000000000000000000035711267544570014111 0ustar --- tcpslice-1.2a3.orig/configure.in 1999-06-24 02:30:23.000000000 +0200 +++ tcpslice-1.2a3/configure.in 2006-07-28 15:25:14.000000000 +0200 @@ -7,7 +7,7 @@ dnl AC_INIT(tcpslice.c) - +AC_SYS_LARGEFILE AC_CANONICAL_SYSTEM umask 002 debian/patches/01_time.patch0000644000000000000000000000411311267544570013106 0ustar --- tcpslice-1.2a3.orig/search.c 2000-09-10 10:52:40.000000000 +0200 +++ tcpslice-1.2a3/search.c 2006-07-28 14:56:55.000000000 +0200 @@ -53,7 +53,7 @@ /* Size of a packet header in bytes; easier than typing the sizeof() all * the time ... */ -#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) +#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) extern int snaplen; @@ -111,16 +111,24 @@ static void extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) { - memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); + struct pcap_sf_pkthdr hdri; + + memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); if ( pcap_is_swapped( p ) ) { - hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); - hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); - hdr->len = SWAPLONG(hdr->len); - hdr->caplen = SWAPLONG(hdr->caplen); + hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); + hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); + hdr->len = SWAPLONG(hdri.len); + hdr->caplen = SWAPLONG(hdri.caplen); + } + else + { + hdr->ts.tv_sec = hdri.ts.tv_sec; + hdr->ts.tv_usec = hdri.ts.tv_usec; + hdr->len = hdri.len; + hdr->caplen = hdri.caplen; } - /* * From bpf/libpcap/savefile.c: * --- tcpslice-1.2a3.orig/tcpslice.h 1995-11-02 00:40:53.000000000 +0100 +++ tcpslice-1.2a3/tcpslice.h 2006-07-28 14:56:55.000000000 +0200 @@ -20,6 +20,26 @@ */ +#include +#include + +/* + * This is a timeval as stored in disk in a dumpfile. + * It has to use the same types everywhere, independent of the actual + * `struct timeval' + */ + +struct pcap_timeval { + bpf_int32 tv_sec; /* seconds */ + bpf_int32 tv_usec; /* microseconds */ +}; + +struct pcap_sf_pkthdr { + struct pcap_timeval ts; /* time stamp */ + bpf_u_int32 caplen; /* length of portion present */ + bpf_u_int32 len; /* length this packet (off wire) */ +}; + time_t gwtm2secs( struct tm *tm ); int sf_find_end( struct pcap *p, struct timeval *first_timestamp, debian/patches/05_fix_freed_memory_use.patch0000644000000000000000000000200711267561350016346 0ustar Index: tcpslice-1.2a3/tcpslice.c =================================================================== --- tcpslice-1.2a3.orig/tcpslice.c 2009-10-21 12:30:50.000000000 +0200 +++ tcpslice-1.2a3/tcpslice.c 2009-10-21 12:30:50.000000000 +0200 @@ -623,6 +623,7 @@ pcap_dumper_t *dumper; struct timeval temp1, temp2, relative_start, relative_stop; int i; + struct state *statetemplate = NULL; struct state *last_state; /* remember the last packet */ struct pcap_pkthdr last_hdr; /* in order to remove duplicates */ @@ -664,6 +665,10 @@ continue; } + if (statetemplate == NULL) { + statetemplate = s; + } + /* * sf_find_packet() requires that the time it's passed as * its last argument be in the range [min_time, max_time], @@ -682,7 +687,7 @@ get_next_packet(s); } - dumper = pcap_dump_open(states->p, write_file_name); + dumper = pcap_dump_open(statetemplate->p, write_file_name); if (! dumper) { error( "error creating output file %s: ", write_file_name, pcap_geterr( states->p ) ); debian/patches/04_zero_and_one_packet_captures.patch0000644000000000000000000001021511267561355020052 0ustar Index: tcpslice-1.2a3/search.c =================================================================== --- tcpslice-1.2a3.orig/search.c 2009-10-21 12:29:51.000000000 +0200 +++ tcpslice-1.2a3/search.c 2009-10-21 12:30:50.000000000 +0200 @@ -327,8 +327,25 @@ if ( fread( (char *) bufpos, num_bytes, 1, pcap_file( p ) ) != 1 ) goto done; - if ( find_header( p, bufpos, num_bytes, - first_time, 0L, &hdrpos, &hdr ) != HEADER_DEFINITELY ) + status = find_header( p, bufpos, num_bytes, + first_time, 0L, &hdrpos, &hdr ); + + /* When find_header finds what looks like a header it tries to verify + * that looking forward by caplen also finds what looks like a header. + * If moving forward points past the end of the buffer it returns + * _PERHAPS, because there wasn't enough data passed to it to verify + * the next header. However, we know that the buffer ends with the + * last data in the file. If the _PERHAPS header just found + caplen + * points to exactly past the end of the file, that's as-if it pointed + * to a valid header, and we promote _PERHAPS to _DEFINITELY. + * + * This condition occurs with a single-packet capture. + */ + if ( status == HEADER_PERHAPS && + ( hdrpos + PACKET_HDR_LEN + hdr.caplen ) == bufend ) + status = HEADER_DEFINITELY; + + if ( status != HEADER_DEFINITELY ) goto done; /* Okay, we have a definite header in our hands. Follow its Index: tcpslice-1.2a3/tcpslice.c =================================================================== --- tcpslice-1.2a3.orig/tcpslice.c 2009-10-21 12:29:52.000000000 +0200 +++ tcpslice-1.2a3/tcpslice.c 2009-10-21 12:31:07.000000000 +0200 @@ -112,6 +112,7 @@ struct timeval first_packet_time(char filename[], pcap_t **p_addr); struct timeval lowest_start_time(struct state *states, int numfiles); void get_next_packet(struct state *s); +void get_first_packet(const char *filename, pcap_t *p, struct pcap_pkthdr *hdr); struct state *open_files(char *filenames[], int numfiles); void extract_slice(struct state *states, int numfiles, char *write_file_name, struct timeval *start_time, struct timeval *stop_time, @@ -474,7 +475,9 @@ { *first_time = first_packet_time( filename, p ); - if ( ! sf_find_end( *p, first_time, last_time ) ) + *last_time = *first_time; + + if ( first_time->tv_sec && ! sf_find_end( *p, first_time, last_time ) ) error( "couldn't find final packet in file %s", filename ); } @@ -494,8 +497,7 @@ if (! p) error( "bad tcpdump file %s: %s", filename, errbuf ); - if (pcap_next(p, &hdr) == 0) - error( "bad status reading first packet in %s", filename ); + get_first_packet(filename, p, &hdr); return hdr.ts; } @@ -528,6 +530,27 @@ } } +/* Get the first record in a file. Deal with empty captures. */ +void +get_first_packet(const char *filename, pcap_t *p, struct pcap_pkthdr *hdr) +{ + struct pcap_pkthdr *next_hdr = 0; + const u_char *next_data = 0; + switch (pcap_next_ex(p, &next_hdr, &next_data)) + { + case 1: /* success */ + *hdr = *next_hdr; + break; + case -2: /* no more packets to read from the save-file */ + /* valid but empty pcap, start and end time will be zero */ + memset(hdr, 0, sizeof(*hdr)); + break; + default: + error( "bad status reading first packet in %s: %s", + filename, pcap_geterr( p ) ); + } +} + struct state * open_files(char *filenames[], int numfiles) { @@ -559,16 +582,20 @@ s->start_pos = FTELL( pcap_file( s->p ) ); - if (pcap_next(s->p, &s->hdr) == 0) - error( "error reading packet in %s: ", - s->filename, pcap_geterr( s->p ) ); + get_first_packet(s->filename, s->p, &s->hdr); s->file_start_time = s->hdr.ts; - if ( ! sf_find_end( s->p, &s->file_start_time, - &s->file_stop_time ) ) - error( "problems finding end packet of file %s", - s->filename ); + /* For 0-packet captures the start time is 0, don't search for an + * end time. + */ + if ( s->file_start_time.tv_sec ) + { + if ( ! sf_find_end( s->p, &s->file_start_time, + &s->file_stop_time ) ) + error( "problems finding end packet of file %s", + s->filename ); + } s->stop_pos = FTELL( pcap_file( s->p ) ); } debian/clean0000644000000000000000000000004211267562071010176 0ustar configure config.sub config.guess debian/changelog0000644000000000000000000000645611374540767011071 0ustar tcpslice (1.2a3-4) unstable; urgency=low * Bump standards version to 3.8.4 * Switch to dpkg-source 3.0 (quilt) format -- Jochen Friedrich Tue, 18 May 2010 18:36:02 +0200 tcpslice (1.2a3-3) unstable; urgency=low * Convert to debhelper 7. * Add README.source. * Bump standards version to 3.8.3. * Add patch to accept captures with zero or one packet. (Closes: #521068) Thanks to Sam Roberts for the patch. * Add patch to avoid using freed memory in extract_slice. (Closes: #449591) Thanks to Ted Deppner for the patch. -- Jochen Friedrich Wed, 21 Oct 2009 12:21:01 +0200 tcpslice (1.2a3-2.1) unstable; urgency=low * Non-maintainer upload to fix Failure To Build From Source. * Added debian/patches/03_bpf_h.patch, to take into account the new include files in libpcap-0.8, thanks to Romain Francoise for the help. (Closes: #439458) -- Margarita Manterola Tue, 11 Sep 2007 11:18:04 -0300 tcpslice (1.2a3-2) unstable; urgency=low * Convert build system to cdbs. * Add AC_SYS_LARGEFILE to configure.in (Closes: #323368) -- Jochen Friedrich Fri, 28 Jul 2006 15:31:24 +0200 tcpslice (1.2a3-1) unstable; urgency=low * New upstream release * Bumped policy version to 3.7.2 (no changes) -- Jochen Friedrich Fri, 26 May 2006 18:32:29 +0200 tcpslice (1.2a2-4) unstable; urgency=low * Merge changes from 1.1a3-2. + Removed INSTALL file from /usr/share/doc/tcpslice + Removed dh_suidregister in debian/rules + Policy updated to 3.6.1 Thanks to Emanuele Rocca * Update config.sub/guess -- Jochen Friedrich Wed, 28 Jan 2004 08:06:43 +0100 tcpslice (1.2a2-3) unstable; urgency=low * Fix broken upload again. (One day, i'll learn it...) -- Jochen Friedrich Wed, 28 Jan 2004 00:24:56 +0100 tcpslice (1.2a2-2) unstable; urgency=low * Fix broken upload. * Really ACK NMUs (Closes: #106208, #113259, #156215, #202688, #225295) -- Jochen Friedrich Wed, 28 Jan 2004 00:09:16 +0100 tcpslice (1.2a2-1) unstable; urgency=low * New upstream release + Fixes format parsing (Closes: #202688) * Bumped policy version to 2.6.1 (no changes) * New maintainer (Closes: #225295) * ACK NMUs (Closes: #106208, #113259, #156215) * Fix search.c for 64bit architectures -- Jochen Friedrich Wed, 28 Jan 2004 00:04:07 +0100 tcpslice (1.1a3-1.2) unstable; urgency=low * Non maintainer upload * Rebuilt with new libpcap to remove dependency on libpcap0, which I got removed from unstable by accident. Sorry about this... -- Torsten Landschoff Sat, 10 Aug 2002 11:37:42 +0200 tcpslice (1.1a3-1.1) unstable; urgency=low * NMU * Update config.sub/guess so that tcpslice can build on ia64. (closes: Bug#106208) * Include in tcpslice.h so that it will build from source with newer versions of glibc. (closes: Bug#113259) * Add a build-depends field in debian/control. -- Doug Porter Mon, 29 Oct 2001 11:24:41 -0500 tcpslice (1.1a3-1) unstable; urgency=low * Initial Release. -- Philip Hands Sun, 29 Aug 1999 12:04:05 +0100 Local variables: mode: debian-changelog End: debian/watch0000644000000000000000000000010511267544570010226 0ustar version=3 ftp://ftp.ee.lbl.gov/tcpslice-(.+)\.tar\.gz debian uupdate debian/source/0000755000000000000000000000000011370572304010470 5ustar debian/source/format0000644000000000000000000000001411370572304011676 0ustar 3.0 (quilt) debian/dirs0000644000000000000000000000003411267544570010062 0ustar usr/sbin usr/share/man/man1 debian/rules0000755000000000000000000000055311370572261010255 0ustar #!/usr/bin/make -f %: dh $@ .PHONY: override_dh_auto_configure override_dh_auto_configure: ln -s /usr/share/misc/config.guess . ln -s /usr/share/misc/config.sub . autoconf dh_auto_configure .PHONY: override_dh_auto_install override_dh_auto_install: dh_auto_install -- DESTDIR=$(CURDIR)/debian/tcpslice make install-man DESTDIR=$(CURDIR)/debian/tcpslice debian/compat0000644000000000000000000000000211267544655010403 0ustar 7 debian/control0000644000000000000000000000101511370572322010570 0ustar Source: tcpslice Section: net Priority: optional Maintainer: Jochen Friedrich Build-Depends: debhelper (>= 7.0.50~), libpcap-dev, autoconf, bash (>=2.05), autotools-dev Standards-Version: 3.8.4 Package: tcpslice Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: extract pieces of and/or glue together tcpdump files Tcpslice is a program for extracting portions of packet-trace files generated using tcpdump(l)'s -w flag. It can also be used to glue together several such files. debian/docs0000644000000000000000000000000711267544570010051 0ustar README debian/copyright0000644000000000000000000000245011267544570011135 0ustar This package was debianized by Philip Hands on Sun, 29 Aug 1999 12:04:05 +0100. It is currently maintained by Jochen Friedrich on Tue, 27 Jan 2004 22:08:12 +0100. It was downloaded from: ftp://ftp.ee.lbl.gov/tcpslice.tar.Z Upstream Author: Vern Paxson of Lawrence Berkeley Laboratory, University of California, Berkeley, CA. Copyright: Copyright (c) 1991, 1996 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the distribution, and (3) all advertising materials mentioning features or use of this software display the following acknowledgement: ``This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its contributors.'' Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.