| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
That should prevent optimizing the memcpy into code that assumes
alignment.
Add unaligned_memcmp(), and use it, as well.
|
| |
|
|
|
|
|
|
|
|
|
| |
It appears that some C compilers will inline safememcpy() *and* will, as
a result, optimize to assume alignment it if it's passed a
putatively-aligned pointer. As the pointers in question are not
guaranteed to be aligned, that can cause crashes on, for example, SPARC.
Also, rename the function to unaligned_memcpy(), to clarify what's
"safe" about it, and change some direct memcpy() calls to use it as
well.
|
| | |
|
| |
|
|
|
|
| |
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Add new decoder for UDP port 5359 and a sample packet capture produced
on a couple of Linux hosts (a server and a client). Besides that, an
existing Babel capture contained AHCP packets and the current AHCP tests
cover 0, 1 and 2 "-v" flags.
|
| |
|
|
| |
dst/src addresses
|
| |
|
|
|
|
|
|
|
|
|
| |
The Link Management Protocol version 1 sample capture added to the tests
directory in commit 212eef2 was produced using non-standard UDP port
49998. Later assignment of port 701 reflected in commit 960aee5 made it
impossible to decode the capture.
This change adds a -T override for LMP, uses it to replace the broken
test with two working tests and dismisses the custom test script,
lmp.sh.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't assume we have <stdint.h>. Instead, use the AC_TYPE_ macros to
ensure we have the C99 intN_t and uintN_t types; we already include
<inttypes.h> in tcpdump-stdinc.h iff we have it.
Get rid of the structure declarations in openflow-1.0.h, as they have
zero-length arrays (not supported by all the compilers people might be
using) and as
1) they're only used in sizeof()
and
2) after each one there's an assertion to check that sizeof()
returns a specific numerical value
so, instead, just #define various _LEN items to those numerical values
and use them.
Add an openflow.h header with a #define for the length of the basic
header, and move the declaration of of10_header_body_print() there.
|
| |\
| |
| |
| | |
Pull changes from the GitHub repository.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new file openflow-1.0.h is a verbatim copy of the file openflow.h
from the openflow-1.0.0.tar.gz distribution. The new file
print-openflow-1.0.c contains a set of functions for OpenFlow 1.0 (wire
protocol 0x01) decoding. Of these functions only
of10_header_body_print() is exported and used by the minimal OpenFlow
decoder.
It is intended that future (1.1, 1.2, 1.3.0) OpenFlow version decoders
are implemented the same way (in modules of their own), since different
versions of OpenFlow specification reuse the same symbols for different
numeric values. This way, print-openflow-1.1.c would include
openflow-1.1.h and so on.
The new test case "of10_p3295-vv" was produced using a Pica8 P-3295
switch and Trema controller running a purpose-built sample application.
|
| | |
| |
| |
| |
| |
| |
| | |
This change registers OpenFlow TCP port number and adds processing of
respective packets with openflow_print(), a new function that
understands the minimal OpenFlow header format and can iterate over
messages within a snapshot that starts with the header.
|
| |/
|
|
|
|
|
|
|
|
| |
Some versions of Sun C support __attribute__ but don't support the
"unused" or "format" attributes - they don't fail, but they whine a lot.
They also support the "noreturn" attribute, but don't allow it to be
applied to function pointers, only to functions.
Check whether they can be used without warnings, and use them only if
they can.
|
| |
|
|
|
|
|
|
|
| |
Added:
* option length check
* option type and TCP flags check
* more information printed
Signed-off-by: Gregory Detal <gregory.detal@uclouvain.be>
|
| |
|
|
|
|
|
|
|
| |
This commit adds the support of Multipath TCP (MPTCP). MPTCP is a new
extension to TCP standardized at the IETF. MPTCP allows to use several IP
addresses at the same time by distributing data across several subflows (TCP
connections) while still presenting the standard TCP socket API to the
application. Its benefits are better resource utilization, better throughput
and smoother reaction to failures.
|
| |
|
|
|
|
|
|
|
|
|
| |
This change adds new code to decode ZeroMQ datagrams, couples it with
the PGM decoder and extends the -T option to make all this work.
There are two new test cases based on existing captures of ZMTP/1.0
inside [E]PGM to decode the ZMTP/1.0 part of these.
This functionality enables decoding of the traffic zeromq library
produces for "pgm://" and "epgm://" protocol schemas.
|
| |
|
|
|
|
|
|
|
| |
The original PGM uses its own IP protocol number. "EPGM" or "PGM/UDP"
stands for UDP-encapsulated PGM, which has no assigned UDP port number
and can be decoded only by means of -T option, which now accepts "pgm"
protocol type for this purpose. There is also a sample capture of EPGM
now (similar to the one of native PGM, but produced using the "epgm://"
protocol schema) and a respective test case.
|
| |
|
|
|
| |
They doesn't use their third argument, and they aren't being passed a
third argument, so get rid of that argument.
|
| |
|
|
| |
- Use the packettype infrastructure (-T vxlan) for VXLAN parsing (waiting for a well known dest port)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol
1.0) framing in TCP packets, as defined in http://rfc.zeromq.org/spec:13
and implemented in zeromq library.
Since there is no assigned port number for ZeroMQ, the user is left
responsible for making only the related TCP packets captured and
enforcing ZMTP/1.0 decoding through the "-T zmtp1" option.
Each ZMTP/1.0 frame of a packet will produce a single additional line of
output. The "-v" flag will add up to 8 lines (128 bytes) worth of
hex+ASCII dump of the frame body, and "-vv" and higher will dump the
full frame body, however long.
Beware that this code handles neither IP fragmentation nor TCP
segmentation and will incorrectly decode segments not starting at a
frame boundary.
The included sample capture stands for a short ZeroMQ session between a
REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced
using version 2.1.9 of zeromq library patched to fix its bug #293, so
that all MBZ bits of the flags field are set to 0.
|
| | |
|
| |
|
|
|
|
|
|
| |
This allows tcpdump to handle RADIUS running on non-standard ports.
Submitted-By: ssb@sourceforge.net
Man page also updated by me.
|
| |
|
|
|
|
|
| |
The most notable difference between RFC5006 and RFC6106 is the addition
of DNSSL RA option. This commit adds DNSSL handling code to make tcpdump
fully RFC6106-aware. This code has been tested against RA packets
generated by Quagga and radvd.
|
| |
|
|
|
|
| |
Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.
|
| |
|
|
|
|
| |
From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD. We already have CARP
support, so we did not port that part over.
|
| |
|
|
|
|
|
| |
CARP and VRRP both use IP protocol number 112, so there needs to be a -T
flag to specify that protocol 112 be dissected as CARP rather than VRRP.
Also update the man page.
|
| |
|
|
|
|
|
|
| |
I was rudely surprised to find that "tcpdump -h" wasn't printing a usage
message, and I'm the person who *added* the "-h" option. Make it "-H",
and add an explicit "-h" option to print a usage message, so nobody else
makes the same mistake. Also, don't clear opterr, so that if you give
an illegal command-line option, you get an explanatory error message.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The Wireshark routine is based on the BSD in-kernel portable checksum
routine (thus BSD-licensed); it takes a vector of pointers and lengths
and checksums the concatenation of the buffers in question (just as the
BSD in-kernel routine checksums a chain of mbufs).
This simplifies the "with a pseudo-header" checksums; hopefully it'll
fix up the problems being seen on some big-endian platforms, which might
be due to hand-calculating some or all of the checksum and doing so
incorrectly. It also gets rid of some code that might be dereferencing
unaligned pointers.
|
| |
|
|
|
|
| |
Use it in netdissect.h, where it's defined; otherwise, we get a bunch of
warnings when compiling modules that include interface.h but don't yet
include netdissect.h.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To: tcpdump-workers@lists.tcpdump.org
Date: Sat, 09 Apr 2011 12:51:14 +1000
Subject: [tcpdump-workers] Printing PPI packets
Printing PPI packets with tcpdump does not turn out
to be that hard.
My simple tests have produced the output as below.
It would be worthwhile having some changes made into
the tcpdump code base that were similar to the attached
that print them out.
|
| |
|
|
| |
This version includes a couple of fixes from Wireshark.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents GCC on SPARC from generating code that assumes those
structures are aligned naturally, which they are not guaranteed to be.
Move some #defines from interface.h to tcpdump-stdinc.h to make them
available to code that doesn't include interface.h.
Move the declaration of nextproto6_cksum() to ip6.h, so that only files
that use it get it declared, and thus so that you don't need to define
"struct ip6_hdr" in everything that includes interface.h. Don't include
ip6.h in tcpdump-stdinc.h.
|
| |
|
|
|
|
| |
Based on a patch from Scott Mcmillan <scott.a.mcmillan@intel.com>.
While we're at it, make some error messages a bit less geeky.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least some versions of GCC will, on SPARC, generate code for
if (bp->bp_htype == 1 && bp->bp_hlen == 6 && bp->bp_op == BOOTPREQUEST) {
where bp is a pointer to a struct bootp, that loads the first 4-byte
word in that structure, masks out the field in that structure that's not
being compared, and compares against a word with the appropriate values
in the other fields. That won't work, because there's no guarantee that
bp points to a value aligned on a 4-byte boundary.
Declaring "struct bootp" to be packed appears to keep at least GCC 4.2.4
from performing that optimization; we define an "UNALIGNED" tag to apply
to structures to prevent that optimization, and apply that tag to the
structures in bootp.h. (We'll apply it to other structures as we
discover the need for it.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I give up. I have no access to the 802.11s drafts, I can't find
anything that suggests whether a heuristic check for an 802.11s header
should check for To DS and From DS both being set or either being set or
unset, or whether it should check for a QoS frame type (the examples in
all the documentation I can find have To DS and From DS set, and have a
QoS field, in the 802.11 header, but that might just be an example
802.11 header showing all the fields), so I'm just adding a -h
command-line flag; you need to specify it to get tcpdump to try to guess
whether a frame has a mesh header or not. I'll leave it up to somebody
else to figure out what the best heuristic for detecting the presence of
mesh headers is (note that tcpdump and Wireshark have different
heuristics, both of which can probably get false positives, especially
with encrypted frames where the first payload byte just *happens* not to
have any of the reserved bits in the mesh header flags set).
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of having the Ethernet-type handler process the VLAN and Alteon
jumbo frame Ethernet type values, process them in the Ethernet (and
Linux cooked-mode) dissectors. This makes it easier for the right MAC
addresses to be printed for those packets.
As part of that, rename ether_encap_print() to ethertype_print() - it
doesn't print encapsulated Ethernet frames, it prints payloads whose
packet type is indicated by an Ethernet type field value - and remove
the no-longer-needed "extracted Ethernet type" argument. That also lets
us eliminate it from the SNAP print routine.
Make ether_print() take a function, and an argument to pass to that
function, as parameters, so that, for example, the ATM LANE printer can
use it and put the LEC ID into the link-layer headeer printout.
|
| | |
| |
| |
| | |
the difference isn't major, but it might be more important later.
|
| | |
| |
| |
| |
| |
| | |
The configure script doesn't define BYTE_ORDER, so they can't validly be
compared against BYTE_ORDER; don't leave them around for people to think
they can.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
so ipnet_if_print() can't expect one.
ipnet_print() isn't called from outside print-ipnet.c, so make it static.
|
| | | |
|
