Bug 243522 - net/tcpslice needs updating
Summary: net/tcpslice needs updating
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Sofian Brabez
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-22 16:51 UTC by David Gilbert
Modified: 2021-03-29 07:56 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (sbz)

Attachments
patch (1.46 KB, patch)
2020-05-15 03:29 UTC, Craig Leres 		no flags Details | Diff
revised patch (1.07 KB, patch)
2020-05-15 19:36 UTC, Craig Leres 		leres: maintainer-approval?
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Gilbert 2020-01-22 16:51:57 UTC 
I have tcpslice from ports.  I have two files of 95 megabytes in size created by FreeBSD's own tcpdump.  I try to "tcpslice -w file3.pcap 9h25m 10h10m file1.pcap file2.pcap" ... and tcpslice just says it can't find the final packet.

I git clone from https://github.com/the-tcpdump-group/tcpslice and ./configure + make + make install ... and tcpslice works.
Comment 1 Craig Leres freebsd_committer freebsd_triage 2020-05-15 03:29:17 UTC 
Created attachment 214510 [details]
patch

My cybersecurity guys complained about this issue; here's my fix. The symptom is:

    tcpslice: problems finding end packet of file ...

This is because pcap-int.h is not found while building. This comment from search.c explains the complication:

    /* If we're building without pcap's internal headers, we have to just
     * assume that the public pcap_pkthdr is the same as is written to
     * the file.  This can cause problems on systems with 64-bit longs;
     * the symptom is that tcpslice can't find any packets to read.
     * The solution is to build with the pcap-int.h from the installed
     * version of libpcap.
     */

So adding -I${SRC_BASE}/contrib/libpcap to CPPFLAGS allows usage of pcap-int.h. But a patch to search.c is also needed due to the unfortunately ordering of includes (libpcap has some portability that pcap-int.h invokes that doesn't work if its invoked before string.h is included).

Here's the upstream pull request: https://github.com/the-tcpdump-group/tcpslice/pull/6

Happy to commit with maintainer approval.
Comment 2 Craig Leres freebsd_committer freebsd_triage 2020-05-15 19:36:37 UTC 
Created attachment 214535 [details]
revised patch

My pull request prompted a rewrite of some parts of tcpslice; the new version does not depend on pcap-int.h.

Here's a revised patch to just update to the version committed yesterday.
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-07-22 00:24:29 UTC 
A commit references this bug:

Author: leres
Date: Wed Jul 22 00:23:27 UTC 2020
New revision: 542820
URL: https://svnweb.freebsd.org/changeset/ports/542820

Log:
  net/tcpslice: Update to solve "problems finding end packet of file" error

  tcpslice was a 2014 version that required an internal header file
  (pcap-int.h) to fully support systems with 64-bit longs. After I
  filed an issue with upstream the code was rewritten to eliminate
  this dependency; update to this version.

  PR:		243522
  Approved by:	sbz (maintainer timeout, 9 weeks)

Changes:
  head/net/tcpslice/Makefile
  head/net/tcpslice/distinfo
Comment 4 Sofian Brabez freebsd_committer freebsd_triage 2021-03-29 07:56:19 UTC 
It should have been closed after r542820. Also I landed a update to latest version in r569431. Thanks!