summaryrefslogtreecommitdiff
path: root/tcpdump.c
Commit message (Collapse)AuthorAgeFilesLines
...
* Check whether we have "pcap_breakloop()", and use it if we do - it's aguy2003-11-041-14/+54
| | | | | | | | | | | safer way to terminate "pcap_loop()" in a signal handler (it just sets a flag, it doesn't muck with data structures that might have been in the middle of being updated). Have "setsignal()" not request SA_RESTART, so that if we call "pcap_breakloop()" in a signal handler and then return, we don't restart a call that was waiting for captured packets, we just make that call EINTR out.
* Add to the packet counts a count of packets that tcpdump has seen andguy2003-09-161-1/+13
| | | | | | | | | | | | | | | | | | processed - people often get confused by the "received by filter" count, as they might not realize that, in some systems, it counts packets that were handed to the filter mechanism regardless of whether they pass or, if they pass, they have yet been read by the application and, on some other systems, it counts packets that passed the filter but still counts them in the kernel before they're read by the application. They're probably mostly interested in the count of packets processed by tcpdump; the "received by filter" count is probably of interest only if you want to know how effective your filter is (and even then it's of interest only if it counts packets handed to the filter rather than packets that passed the filter). Give more details on why the "received by filter" count doesn't necessarily mean what you think it means.
* Cleanup of the Windows portion. The result of the GetVersion() function, ↵risso2003-08-081-11/+16
| | | | | | that obtains the Windows OS version, was never used: avoid to call it. Removed the call to PrinCapBegins in w32_fzs.c.
* From Bruce M. Simpson <bms@spc.org>: RFC 3561 AODV support.guy2003-08-061-1/+3
|
* Print the link-type name along with the link-type when starting up.fenner2003-08-011-6/+19
|
* Remove the -a flag. It's nonsensical to apply the local netmask to allfenner2003-07-311-6/+2
| | | | addresses, and has been for a lot of years.
* From Jesper Peterson <jesper@endace.com>: catch SIGPIPE and clean up, soguy2003-07-301-1/+4
| | | | | | that if tcpdump is being piped to some other program, and that program exits before tcpdump does, tcpdump will cleanly exit, so that libpcap can cleanly close devices (such as Endace's DAG cards).
* Improve the comment for the code to relinquish set-UID privileges.guy2003-06-031-8/+11
| | | | | Check whether we succeeded in opening a capture file before we report the link-layer type of the capture file.
* squelch compiler warninghannes2003-05-251-2/+2
|
* print the link-type when reading or capturing packetshannes2003-05-221-3/+6
|
* From Motonori Shindo: allow "-T" to take "tftp" as an argument to forceguy2003-05-111-1/+3
| | | | decoding as TFTP.
* Digital UNIX 4.0's <net/bpf.h> doesn't define DLT_SLIP_BSDOS orguy2003-05-021-1/+5
| | | | | DLT_PPP_BSDOS - don't assume they're defined, check whether they're defined before using them.
* Add support for OpenBSD DLT_ENC.guy2003-03-081-1/+4
|
* The string returned by "pcap_lib_version()" isn't just a version number;guy2003-02-111-2/+2
| | | | just print it as is, don't prefix it with "libpcap version".
* Use "pcap_lib_version()" to get the libpcap version number if it'sguy2003-02-111-4/+11
| | | | available in the libpcap we're using.
* From Peter Fales <peter@fales-lorenz.net>: add support forguy2003-01-231-1/+4
| | | | | | DLT_ARCNET_LINUX. Also handle IPX-over-ARCNET.
* Fix the usage message - don't mention "-y" twice.guy2003-01-161-2/+2
|
* Don't print the "verbose output suppressed" message if "-w" wasguy2003-01-081-7/+10
| | | | specified, as, in that case, there's no output to make more verbose.
* don't forget to display the program namehannes2003-01-071-1/+3
|
* check vflag before displaying the little help stringhannes2003-01-071-6/+5
|
* be a bit more verbose what we are doing:hannes2003-01-071-3/+5
| | | | | | | | - display snaplen - indicate that detailed decodes are hidden under the -v and -vv hood this should adress some of the first problems that are frequently encountered by people that start to learn and play with tcpdump;
* From Gisle Vanem: use the right #define when checking whether libpcapguy2002-12-221-10/+4
| | | | | | | | | | has "pcap_dump_flush()". The WinDump makefiles define HAVE_PCAP_FINDALLDEVS, and will be changed to define HAVE_PCAP_DUMP_FLUSH, so use thos, rather than Win32, to check whether WinPcap has "pcap_findalldevs()" or "pcap_dump_flush()", so people can tweak the appropriate makefile if building WinDump with an older version of WinPcap lacking one or both of those routines.
* From Andrew Brown <atatat@atatdot.net>: add a "-U" flag, which causesguy2002-12-221-19/+48
| | | | | | | | | | | | the output stream for "-w" to be flushed after each packet is dumped. Add checks for "pcap_dump_flush()", and only enable the "-U" flag if it's present. Clean up the handling of the "getopt()" argument and the usage message to get rid of the pile of #ifdefs. Add documentation for the "-L" and "-y" flags. Tweak the description of "-r" to properly format "-w" in the text.
* Hoist a bunch of stuff that should be done by all if_print routines intoguy2002-12-191-38/+71
| | | | | | tcpdump.c. Have if_print routines return the length of the link-layer header, so that the common code knows how to skip the link-layer header when printing the packet in hex/ASCII.
* NetBSD support for multiple data link types on an interface, from Davidguy2002-12-191-17/+100
| | | | | | | | | | | | | | | Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe <thorpej@netbsd.org>, and further changes by me to: use "-y" rather than "-D" to set the link type ("-D" was already taken); use libpcap APIs to map between data link type names and values; supply stub versions of missing-but-needed libpcap APIs. Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't done so already).
* Properly document "-X" - it turns on "-x" for you.guy2002-12-191-2/+2
| | | | | | | | Have "-xx" and "-XX" cause the link-level header to be dumped; don't make "-e" affect that at all, as the fact that "-x" doesn't dump the link-level header was documented, with no mention of "-e", at least as far back as tcpdump 3.4, and scripts might depend on that working even with "-e".
* Add a new routine "default_print_packet()", which takes a pointer to theguy2002-12-181-2/+27
| | | | | | | | | | | | | | | | | | | | | | | beginning of the raw packet data, the captured length of the raw packet data, and the length of the link-layer header, and: if "-e" was specified, prints all the raw packet data; if "-e" was not specified, prints all the raw packet data past the link-layer header, if there is any. Use that routine in all the "xxx_if_print()" routines if "-x" was specified. Make "arcnet_encap_print()" static - it's not used outside "print-arcnet.c". Add missing info printing code to "atm_if_print()". Print the packet data in "lane_if_print()", not in "lane_print()", as "lane_print()" can be called from other "xxx_if_print()" routines, and those routines will also print the packet data if "-x" was specified - no need to print it twice.
* Add support for DLT_PRISM and DLT_IEEE802_11_RADIO.guy2002-12-121-1/+7
|
* On systems with SIGINFO support, make it work when you're saving packetsguy2002-11-111-18/+37
| | | | to a file, not just when you're printing dissected packets.
* Add support for RFC 2625 IP-over-Fibre Channel.guy2002-10-181-1/+4
|
* Get rid of the "-Wno-unused" flag, and fix up most of theguy2002-09-051-2/+2
| | | | | | | | | | | | | | | unused-parameter problems reported by GCC. Add an _U_ tag to label parameters as unused if the function is called through a pointer (so that you can't change its signature by removing parameters) or if there are unused parameters only because the function isn't complete. Add some additional bounds checks the necessity for which was revealed while cleaning up unused-parameter problems. Make some routines static. "lcp_print()", defined in "print-lcp.c", isn't called anywhere - "print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
* Check for "pcap_version" in libpcap in the configure scripts; apparentlyguy2002-09-051-2/+11
| | | | | | | | | | the libpcap that comes with some platforms doesn't define it. Check for "pcap_debug" and "yydebug" in libpcap in the configure scripts, so that whichever one is present (which might depend on whether libpcap was built with standard YACC or Berkeley YACC/Bison), if any is present, will be used by the "-Y" flag (if none is present, "-Y" won't be supported).
* Removed from the Win32 code a conversion from ASCII to unicode that is not ↵risso2002-08-091-17/+2
| | | | needed with recent versions of WinPcap.
* Put support for "-A" back into the getopt argument string, and put "-A"guy2002-08-061-10/+26
| | | | | | | | | | and "-R" back into the usage strings. We might as well do the "pcap_close()" call before exiting when "-d" is used on UNIX as well as Windows. Put in a comment about an official API for getting a libpcap version string.
* Don't mention "-D" in the help message, or support it in "getopt()", ifguy2002-08-031-3/+11
| | | | we don't have "pcap_findalldevs()".
* Check for "pcap_findalldevs()" in libpcap in the configuration script;guy2002-08-031-1/+7
| | | | | | | only use it if we find it. Define DHAVE_PCAP_FINDALLDEVS in the Windows GNU Makefile and project file, as WinPcap has "pcap_findalldevs()".
* Added support for Win32, based on WinPcap.risso2002-08-011-8/+135
|
* Add SunATM support, based on code from Yen Yen Lim at North Dakota Stateguy2002-07-111-1/+4
| | | | University.
* From Paul S. Traina: FreeBSD's Frame Relay printer.guy2002-07-111-1/+7
| | | | | Make the code to print a SNAP-encapsulated packet a separate routine, for use by the Frame Relay code.
* whitespace cleanupitojun2002-06-111-8/+8
|
* From Phil Wood <cpw@lanl.gov>: if we're exiting due to a "pcap_loop()"guy2002-05-161-2/+5
| | | | error, report statistics and clean up first.
* "-A" flag to print packet data in ASCII, from Jørgen Thomsenguy2002-04-241-3/+10
| | | | <jth@jth.net>.
* Include code to handle OpenBSD DLT_PFLOG files, based on the OpenBSDguy2002-02-051-1/+4
| | | | | "print-pflog.c", originally written by Niels Provos <provos@openbsd.org>.
* If a capture to a file, with the "-c" flag specified, stops because theguy2001-12-221-6/+8
| | | | | specified number of packets has been captured, report the statistics of packets "received by filter" and "dropped by kernel".
* die if malloc failsitojun2001-11-151-1/+3
|
* Add the "-C" and "-E" flags to the usage message.guy2001-10-271-4/+4
|
* When rotating to a new capture file, check to make sure that the newguy2001-10-031-1/+3
| | | | capture file was successfully created/opened, and fail if it wasn't.
* Use "dump_and_trunc()" only if the "-C" flag was specified, otherwiseguy2001-10-031-7/+12
| | | | | just directly call "pcap_dump()". This means "dump_and_trunc()" no longer needs to check whether the "-C" flag was specified.
* Move the code to handle the "-C" flag into "tcpdump.c" fromguy2001-10-031-8/+75
| | | | | | | | | | | | | | | | | | "pcap-dump-trunc.c". Don't make the variables "dump_and_trunc()" manipulates external or even static; fill in a structure with their values and pass a pointer to that structure to "dump_and_trunc()". "dump_and_trunc()" will update the "pcap_dumper_t" pointer in that structure if it rotates capture files, so that the next call to "dump_and_trunc()" will supply the updated pointer (the previous code was just opening a new capture, but not updating the variable passed to "dump_and_trunc()"). Instead of duplicating an old version of the "pcap_dump()" code (a version that didn't write out time stamps as 32-bit seconds and microsecond values on platforms where the fields in a "struct timeval" are 64-bit) in "dump_and_trunc()", just call "pcap_dump()" from "dump_and_trunc()".
* added -C option to rotate save file every optarg * 1,000,000 bytes.mcr2001-10-011-5/+18
|
View Lorry Controller Status