summaryrefslogtreecommitdiff
path: root/tcpdump.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't run past the snapshot length when doing hex/ASCII dumps.Guy Harris2015-01-061-0/+5
|
* improve ZeroMQ support (ZMTP/1.0 inside PGM/EPGM)Denis Ovsienko2013-04-141-0/+2
| | | | | | | | | | | This change adds new code to decode ZeroMQ datagrams, couples it with the PGM decoder and extends the -T option to make all this work. There are two new test cases based on existing captures of ZMTP/1.0 inside [E]PGM to decode the ZMTP/1.0 part of these. This functionality enables decoding of the traffic zeromq library produces for "pgm://" and "epgm://" protocol schemas.
* use existing PGM decoder for UDP-encapsulated PGMDenis Ovsienko2013-04-141-0/+2
| | | | | | | | | The original PGM uses its own IP protocol number. "EPGM" or "PGM/UDP" stands for UDP-encapsulated PGM, which has no assigned UDP port number and can be decoded only by means of -T option, which now accepts "pgm" protocol type for this purpose. There is also a sample capture of EPGM now (similar to the one of native PGM, but produced using the "epgm://" protocol schema) and a respective test case.
* Change C++ style comments to C style commentsfxlb2013-04-141-2/+2
|
* Stop reading multiple files properly on cleanup.Wesley Shields2013-03-291-0/+8
| | | | | | | Prior to this if pcap_breakloop() is called in cleanup() while reading multiple files (via -V) the code would fall through and open the next file in the list. With this change the list is cut short and the program exits normally.
* - Add support for OTV (draft-hasmit-otv-04).Francesco Fondelli2013-02-261-0/+2
| | | | - Use the packettype infrastructure (-T vxlan) for VXLAN parsing (waiting for a well known dest port)
* ZeroMQ initial support (ZMTP/1.0 framing)Denis Ovsienko2013-02-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol 1.0) framing in TCP packets, as defined in http://rfc.zeromq.org/spec:13 and implemented in zeromq library. Since there is no assigned port number for ZeroMQ, the user is left responsible for making only the related TCP packets captured and enforcing ZMTP/1.0 decoding through the "-T zmtp1" option. Each ZMTP/1.0 frame of a packet will produce a single additional line of output. The "-v" flag will add up to 8 lines (128 bytes) worth of hex+ASCII dump of the frame body, and "-vv" and higher will dump the full frame body, however long. Beware that this code handles neither IP fragmentation nor TCP segmentation and will incorrectly decode segments not starting at a frame boundary. The included sample capture stands for a short ZeroMQ session between a REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced using version 2.1.9 of zeromq library patched to fix its bug #293, so that all MBZ bits of the flags field are set to 0.
* Squelch some warnings, and add some comments to clarify the code path.Guy Harris2012-11-301-0/+23
|
* Fix some more NAME_MAX->PATH_MAX and make some routines static.Guy Harris2012-11-291-4/+8
|
* Merge branch 'master' of https://github.com/mcr/tcpdumpWesley Shields2012-10-011-18/+17
|\ | | | | | | | | Conflicts: tcpdump.c
| * More strictly check for numbers as arguments to -i.Guy Harris2012-09-271-5/+4
| | | | | | | | | | | | Use strtol() and only treat the argument as a number if it's *all* number, so that interface names such as 192_1_2 aren't treated as "interface number 192".
| * Use PATH_MAX, not NAME_MAX.Guy Harris2012-09-271-12/+12
| | | | | | | | | | | | | | | | | | | | | | NAME_MAX is the maximum length of a file pathname *component*; PATH_MAX is the maximum length of a file pathname. We're dealing with pathnames, so use PATH_MAX. (On some systems, NAME_MAX can be as low as 14, presumably for binary compatibility with V7-era data structures containing file names, as there are probably few if any non-historic UN*Xes around with 14-character file name limitations.) Boost the default PATH_MAX to 1024 while we're at it.
| * add missing double quote to fix compilingDenis Ovsienko2012-09-101-1/+1
| |
* | Merge remote-tracking branch 'upstream/master'Wesley Shields2012-09-101-0/+2
|\ \ | |/
| * Indention should match nowBill Parker2012-09-041-2/+2
| | | | | | | | The indentation should match on this file now
| * Sanity Checking for mallocBill Parker2012-09-041-0/+2
| | | | | | | | Added sanity checking for return value to filename being equal to NULL
* | Address Michael's comments.Wesley Shields2012-09-061-9/+17
| | | | | | | | | | | | Be more portable when opening stdin. Refactor reading from VFile into a function.
* | Properly print when dlt changes.Wesley Shields2012-08-111-15/+23
| | | | | | | | When we open a new file we need to get new printinfo.
* | DLT change detection.Wesley Shields2012-08-111-4/+7
| | | | | | | | | | If when writing an output file, error if the DLT of subsequent files is not the same as the original.
* | Add multi-file support.Wesley Shields2012-08-101-40/+97
|/
* Add "radius" as an option for -T.Guy Harris2012-06-301-0/+4
| | | | | | | | This allows tcpdump to handle RADIUS running on non-standard ports. Submitted-By: ssb@sourceforge.net Man page also updated by me.
* Dropping root priviledges using Linux CapabilitiesMichal Sekletar2012-05-251-0/+52
|
* Back out DLT_PFSYNC support.Guy Harris2012-02-291-3/+0
| | | | | | Unfortunately, the DLT_PFSYNC support depends on header files included from the pfctl command's source tree, and trying to arrange to find that would be too much trouble.
* Add DLT_PFSYNC support.Guy Harris2012-02-291-0/+3
| | | | | | From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data, which in turn was ported over from OpenBSD. We already have CARP support, so we did not port that part over.
* tcpdump now accepts SIGUSR1 as a signal to print the statistics on systems ↵Kenichi Maehashi2012-02-071-4/+10
| | | | that does not support SIGINFO
* Add a CARP dissector and a command-line option to dissect proto 112 as CARP.George Neville-Neil2011-11-231-0/+2
| | | | | | | CARP and VRRP both use IP protocol number 112, so there needs to be a -T flag to specify that protocol 112 be dissected as CARP rather than VRRP. Also update the man page.
* Change name of Hilscher link types to say NETANALYER.Guy Harris2011-09-151-4/+4
| | | | | That makes the names a bit shorter, and mentions the specific Hilscher product to which they apply.
* Add printers for the Hilscher Ethernet link-layer types.Guy Harris2011-09-151-0/+6
|
* Note that ndo_error doesn't, and *ndo_error shouldn't, return.Guy Harris2011-06-241-1/+2
| | | | | Tcpdump's ndo_error() doesn't return. Any other ndo_error routine supplied to netdissect shouldn't, either, as printers expect it not to.
* Use "-H", not "-h", for the 802.11s option, and improve error reporting.Guy Harris2011-06-211-4/+7
| | | | | | | | I was rudely surprised to find that "tcpdump -h" wasn't printing a usage message, and I'm the person who *added* the "-h" option. Make it "-H", and add an explicit "-h" option to print a usage message, so nobody else makes the same mistake. Also, don't clear opterr, so that if you give an illegal command-line option, you get an explanatory error message.
* From: Darren Reed <darren.reed@oracle.com>Michael Richardson2011-05-031-6/+5
| | | | | | | | | | | | | | | To: tcpdump-workers@lists.tcpdump.org Date: Sat, 09 Apr 2011 12:51:14 +1000 Subject: [tcpdump-workers] Printing PPI packets Printing PPI packets with tcpdump does not turn out to be that hard. My simple tests have produced the output as below. It would be worthwhile having some changes made into the tcpdump code base that were similar to the attached that print them out.
* Fix plurals in packet count messages.Guy Harris2011-03-081-5/+8
| | | | | | | | Based on a patch from cr4ckn@sourceforge.net, but with a macro PLURAL_SUFFIX() defined to return either "s" or "" (rather than possibly printing a NUL character with %c), and with that macro used in a couple of cases where the equivalent had been done by hand, and with one case the patch missed fixed as well.
* Add support for nommu systems.Guy Harris2010-11-301-7/+18
| | | | | | | | | | | | | Rather than hardcode the WIN32 define, add proper fork checks to the configure script and check those. This fixes building for nommu systems which lack the fork function. While we're here though, add support for this functionality via vfork so that it does work on nommu systems. And fix an old bug where we exit properly in the forked child when the exec failed instead of just returning to the calling code (which isn't expecting it). Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Switch user ID/root directory with -Z before opening savefiles for output.Paul Ferrell2010-11-061-10/+25
| | | | | | | | | | In addition to Paul's change, I added a comment explaining why we do this, and explaining that doing so after opening the first savefile doesn't help with subsequent savefiles, so you'll have to come up with a better fix if you want the savefiles opened by the original UID or outside the chroot. Reviewed-By: Guy Harris <guy@alum.mit.edu>
* reworked print-ether to use netdissectMichael Richardson2010-10-071-1/+1
|
* Document -j and -J. List -h in the usage message.Guy Harris2010-08-231-1/+1
|
* Handle DLT_IEEE802_15_4_NOFCS like DLT_IEEE802_15_4.Guy Harris2010-08-221-0/+3
|
* Print a -L-like header for -J.Guy Harris2010-08-221-0/+7
|
* Add support for setting the time stamp type for a capture.Guy Harris2010-08-221-11/+76
| | | | | | Based on a patch from Scott Mcmillan <scott.a.mcmillan@intel.com>. While we're at it, make some error messages a bit less geeky.
* If -U is specified, flush the file after creating it, so it's not zero-length.Romain Francoise2010-06-051-0/+4
| | | | | | | | | | Reading from a capture file that has not yet received any packets fails with "truncated dump file"; to avoid this, flush the file (forcing the pcap header out) immediately after opening it. (Added Romain to the credits.) Reviewed-By: Guy Harris <guy@alum.mit.edu>
* Add a -h flag, and only attempt to recognize 802.11s mesh headers if it's set.Guy Harris2010-05-271-1/+5
| | | | | | | | | | | | | | | | | I give up. I have no access to the 802.11s drafts, I can't find anything that suggests whether a heuristic check for an 802.11s header should check for To DS and From DS both being set or either being set or unset, or whether it should check for a QoS frame type (the examples in all the documentation I can find have To DS and From DS set, and have a QoS field, in the 802.11 header, but that might just be an example 802.11 header showing all the fields), so I'm just adding a -h command-line flag; you need to specify it to get tcpdump to try to guess whether a frame has a mesh header or not. I'll leave it up to somebody else to figure out what the best heuristic for detecting the presence of mesh headers is (note that tcpdump and Wireshark have different heuristics, both of which can probably get false positives, especially with encrypted frames where the first payload byte just *happens* not to have any of the reserved bits in the mesh header flags set).
* Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdumpMichael Richardson2010-05-131-1/+1
|\
| * When printing the link-layer type list, send *all* output to stderr.Guy Harris2010-05-071-1/+1
| |
* | moved ieee802.15.4 to NDO systemMichael Richardson2010-05-131-3/+3
| |
* | tcpdump.c: fix merge error: ieee802_15_4_if_print isn't a new style printerDmitry Eremin-Solenikov2010-03-091-3/+3
| | | | | | | | Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* | Merge remote branch 'origin/master'Dmitry Eremin-Solenikov2010-03-091-39/+131
|\ \ | |/
| * tcpdump.c: mark several variables as staticKovarththanan Rajaratnam2010-02-201-3/+3
| |
| * Recognize -b as a flag.Guy Harris2010-02-081-1/+2
| |
| * Mention the b flag in the usage message.Guy Harris2010-02-081-1/+1
| |
| * Handle the 48-byte and 64-byte Linux USB headers differently; for now,Guy Harris2010-01-251-6/+8
| | | | | | | | the difference isn't major, but it might be more important later.
View Lorry Controller Status