Skip to content

Basic compartmentalization for tcpdump #2447

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: dev
Choose a base branch
from
Open

Basic compartmentalization for tcpdump #2447

wants to merge 10 commits into from

Conversation

@brooksdavis
Copy link
Member

@brooksdavis brooksdavis commented Aug 28, 2025

I took the libnetdissect used internally in tcpdump's build and inspired by our early compartmentalization work and then added sub-library compartments. We'll need to audit the result to see what linkage surprises there are, but it's a start.

@brooksdavis
tcpdump: get BINDIR from usr.sbin/Makefile.inc [NFC]
84f9601
@brooksdavis
tcpdump: don't create unused version.c
28cf147 
The version now comes from the PACKAGE_VERSION macro.

Fixes:		0a7e5f1 ("tcpdump: Update to 4.99.5")
@brooksdavis
tcpdump: drop no-op LBL_ALIGN macro
88200a7 
This macro was replaced by a collection of architecture ifdefs in
tcpdump 4.99.4 (commit 51a1830) so defining it does nothing.
@brooksdavis
tcpdump: improve bounds on per-dissection allocations
5122aae 
Due to the use of a linked list pointer at the beginning of the object,
the bounds won't be exact in some cases without a refactor to separate
the linked list from the allocation, but this is quick and easy.
@brooksdavis
tcpdump: visually group tcpdump dissectors [NFC]
7a66289 
Split SRCS entries into core bits of tcpdump, core bits of the
dissection framework, and individual dissectors.
@brooksdavis
tcpdump: move dissectors to linnetdissect
3632311 
This mirrors an internal split in upstream to enable
compartmentlization.  We differ slightly from upstream in that we
keep addrtoname.c in tcpdump due to its use of casper for DNS lookups.
Likewise machdep.c is only used by tcpdump.
@brooksdavis
tcpdump: move config to common directory
a5ae469
@brooksdavis
tcpdump: reduce Makefile duplication
12083b3
@brooksdavis
libnetdissect: add an initial compartment policy
37d8d0e 
Each set of dissectors (as indicated by a separate print-*.c file) goes
in its own compartment (with utilities added manually in a few cases).
Most of the rest go an the default compartment except for a manual
compartment for MD5 signature verification.
@brooksdavis brooksdavis changed the base branch from main to dev August 28, 2025 12:51
@brooksdavis
Copy link
Member Author

brooksdavis commented Aug 28, 2025

Having done the compartmentalization via a library, I'm not sure it was the right approach. It's a mess in the build system and while the split needs to be there, it could just be in the policy file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brooksdavis