summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* | | bumped TCPDUMP versionMichael Richardson2014-11-131-1/+1
|/ /
* | Report a too-long unreachable destination list.tcpdump-4.7.0-bpGuy Harris2014-11-121-12/+15
| | | | | | | | | | | | | | | | Running out of packet length before running out of unreachable destinations is an error; report it as such. Don't worry about leftover data past the end of the list of unreachable destinations.
* | Not using offsetof() any more, so no need for <stddef.h>.Guy Harris2014-11-111-3/+0
| |
* | Further cleanups.Guy Harris2014-11-111-151/+126
| | | | | | | | | | | | | | | | | | | | | | | | Use ND_TCHECK() rather than home-brew bounds checks. Do simpler length checks. Let i be the length of the actual remaining packet data; use ND_TCHECK() inside loops that iterate over the remaining data. Let the printers for particular message types cast the raw data pointer to a pointer of the appropriate type, rather than passing two pointers, with different types, to the same data.
* | Clean up error message printing.Guy Harris2014-11-111-42/+46
| | | | | | | | | | | | | | | | Have "struct aodv_rerr" just be the header, not including the actual destinations. Simplify the logic somewhat, and make it similar in the print routines for the three types of error messages.
* | Add initial bounds check, get rid of union aodv.Guy Harris2014-11-111-144/+130
| | | | | | | | | | | | | | | | | | Fetch the type field without using a structure, and check to make sure it's not past the end of the packet. Pass to each dissection routine a pointer to the appropriate message type structure, rather than a pointer to a union of all the message type structures.
* | Do more bounds checking and length checking.Guy Harris2014-11-111-13/+43
| | | | | | | | | | | | | | Don't run past the end of the captured data, and don't run past the end of the packet (i.e., don't make the length variable go negative). Also, stop dissecting if the message length isn't valid.
* | Do bounds checking and length checking.Guy Harris2014-11-111-119/+151
| | | | | | | | | | Don't run past the end of the captured data, and don't run past the end of the packet (i.e., don't make the length variable go negative).
* | Merge git://github.com/the-tcpdump-group/tcpdumpGuy Harris2014-11-109-0/+272
|\ \ | |/
| * Merge pull request #411 from jessegross/geneveGuy Harris2014-11-109-0/+272
| |\ | | | | | | Add support for Generic Network Virtualization Encapsulation (Geneve).
| | * Add support for Generic Network Virtualization Encapsulation (Geneve).Jesse Gross2014-11-059-0/+272
| | | | | | | | | | | | Defined in http://tools.ietf.org/html/draft-gross-geneve-02
* | | Dissect NetFlow 1, 5, and 6 in separate loops.Guy Harris2014-11-101-55/+337
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Define separate structures for v1, v5, adn v6; extract the version number first, and then switch to routines for each of those structures. This simplifies the processing of each version, and means no greasy tricks for different-sized structures. Use ND_TCHECK() for all bounds checks. Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them explicit fields and process them appropriately.
* | | Use ND_TCHECK() to do bounds checking.Guy Harris2014-11-093-12/+19
|/ / | | | | | | | | | | | | | | While we're at it, just use the record count to when iterating over records; the ND_TCHECK()s will make sure we don't run past the end of the captured data. Also get rid of an unused argument to cnfp_print().
* | Add the Radius updateFrancois-Xavier Le Bail2014-11-071-1/+2
| |
* | Fix indentationFrancois-Xavier Le Bail2014-11-071-1/+1
| |
* | Merge remote-tracking branch 'bpf/master'Denis Ovsienko2014-11-062-25/+40
|\ \
| * | Undefine HAVE_PCAP_FINDALLDEVS, if appropriate, before it's used.Guy Harris2014-11-051-6/+11
| | |
| * | Regenerate configure script.Guy Harris2014-11-051-19/+29
| |/
* | Radius: update Packet Type Codes and Attribute Types with RFC/IANA namesFrancois-Xavier Le Bail2014-11-064-179/+179
|/
* Merge remote-tracking branch 'bpf/master'Denis Ovsienko2014-11-051-3/+7
|\
| * Give more details about the printed time stamps.Guy Harris2014-11-051-3/+7
| |
* | Merge pull request #408 from baruchsiach/system-libpcapMichael Richardson2014-10-291-21/+25
|\ \ | |/ |/| Use system libpcap when configured with --with-system-pcap
| * Use system libpcap when configured with --with-system-pcapBaruch Siach2014-10-291-21/+25
|/ | | | | | | | | | Don't force the local libpcap build when the system provides one. When --with-system-pcap is given to configure, don't try to locate a local libpcap build. This help build systems like Buildroot that store build trees in the same directory, but still prefer dynamically linking against system wide libpcap.so to save space. Signed-off-by: Baruch Siach <baruch@tkos.co.il>
* Don't run past the snapshot length when doing hex/ASCII dumps.Guy Harris2014-10-232-1/+19
|
* Strengthen various bounds etc. checks.Guy Harris2014-10-221-17/+42
| | | | | | | | Add more checks, make some checks do a better job of handling too-short lengths, Also, rename ldp_msg_print() to ldp_pdu_print(), as it prints a single PDU, not a single message within a PDU.
* Do bounds checking when unescaping PPP.Guy Harris2014-10-221-8/+8
| | | | Clean up a const issue while we're at it.
* Fix length fields in UDP headers to be what they should be.Guy Harris2014-10-201-0/+0
| | | | | | | | The value of the length field in a UDP header includes the length of the header itself; the values in this capture didn't. The length fields in the IP headers and the RADIUS headers were correct and consistent with each other, and the length fields in the UDP headers are now correct and consistent with both of them.
* Don't subtract the UDP header size from the length twice.Guy Harris2014-10-201-4/+2
|
* Update to reflect that BGP no longer prints a redundant length value.Guy Harris2014-10-203-7/+7
|
* Update tests to reflect the new HTTP dissector.Guy Harris2014-10-206-12/+12
|
* Add additional bounds checks, ND_TTESTize existing ones.Guy Harris2014-10-191-19/+23
| | | | | | | | Use ND_TTEST() and ND_TTEST2() for bounds checks. Pass a pointer to the struct pkt_top to wb_dops, and calculate the address of the first struct dophdr there. Check each struct dophdr before printing it. Hopefully this will quiet a Coverity complaint.
* Separate SMB-over-TCP output from TCP output with a space.Guy Harris2014-10-191-4/+5
|
* If we don't find a CR-LF or LF, print up to the end of the packet.Guy Harris2014-10-191-0/+1
|
* More comments.Guy Harris2014-10-191-1/+4
|
* Use the length field in the UDP header.Guy Harris2014-10-191-10/+24
| | | | | | If it's less than the length of the IP payload, use it as the size of the UDP packet. If it's greater than the length of the IP payload, and we're not dissecting the payload, report the length as bad.
* The TCP dissector already prints the length; we don't have to.Guy Harris2014-10-191-1/+1
|
* Add a comment explaining what the first telnet_parse() call does.Guy Harris2014-10-191-0/+4
|
* No need to check for -q in the Telnet dissector.Guy Harris2014-10-191-5/+0
| | | | | If -q is used, the TCP dissector won't call subdissectors, so the Telnet dissector won't even get called.
* Print *something* for Telnet regardless of the -q/-v flags.Guy Harris2014-10-192-2/+6
| | | | | For -q, just print "[telnet]". Without -v, at least print the negotiation.
* Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.Guy Harris2014-10-1910-29/+524
| | | | | | | | | | "Text protocols" are protocols that have the general feel of FTP, with command lines with a command name and space-separated arguments and response lines beginning with a 3-digit reply code. They can also include HTTP-style headers and an entity body. We add support for the FTP control channel, HTTP, SMTP, and RTSP. We also change the SIP printer to use it.
* ts_format only uses ndo if HAVE_PCAP_SET_TSTAMP_PRECISION is defined.Guy Harris2014-10-181-1/+5
|
* Merge pull request #406 from qnet-herwin/radius_coaDenis Ovsienko2014-10-106-1/+43
|\
| * Added support for RADIUS Change of Authorization messagesHerwin Weststrate2014-10-106-1/+43
| | | | | | | | Defined in RFC 5176
* | update creditsDenis Ovsienko2014-10-101-0/+1
|/
* Added RFC4675 attributes to RADIUS dissectorHerwin Weststrate2014-10-094-4/+84
|
* Fix indentation.Guy Harris2014-10-011-1/+1
|
* Leave it up to ip6_print() to handle non-IPv6-capable systems.Guy Harris2014-10-0122-62/+29
| | | | | | | | | | | | Always define and declare ip6_print(), always compile print-ip6.c, and always call it if we recognize a payload as IPv6. If INET6 isn't defined, ip6_print() will just print the length and note that printing isn't supported. That way, we don't do weird dissection of IPv6 packets on systems without IPv6 support, due to, for example, ethertype_print() returning 0 ("not dissected") for IPv6 packets on those systems (IPv6-over-Frame Relay was dissected weirdly due to this).
* Add some more parentheses, Just In Case.Guy Harris2014-10-011-52/+52
| | | | | | | | | | | | | | | | I'm not sure whether Performing a byte swapping operation on "p" implies that it came from an external source, and is therefore tainted. from Coverity means that it thinks we're byte-swapping the pointer *itself*, or that we're byte-swapping what it points to, but, just in case it's the former, let's try throwing some more parentheses in. (If it's the latter, well, yes, it's packet data, so it comes from an external source, but Coverity didn't seem to point out any place where we were using the data it points to without checking its value in cases where we have to.)
* Add PPI printing fixes.Guy Harris2014-09-231-0/+4
|
* Fix PPI header and payload printing.Guy Harris2014-09-231-8/+18
| | | | | | | Header printing (-e) had a stray ", " before the header; remove it. Payload printing was skipping only the fixed portion of the PPI header, not the entire header.
View Lorry Controller Status