| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Guy Harris points that -P is already taken by MacOS derived work and
that the only remaining single-letter option is -Q (see GH #252). Fix
some formatting while at it.
|
| |
|
|
| |
Also, *do* use it, if supported, for ndo_warning().
|
| |
|
|
| |
For consistency - V came before v, unlike all other options.
|
| |
|
|
|
|
|
|
|
|
| |
pcap_setdirection() succeeds only for particular combination of
platform, interface type and direction. Calling it on each invocation
(with PCAP_D_INOUT by default) was wrong: some interfaces are two-way,
others are one-way, and pcap_setdirection() has its own idea what it
supports and what doesn't. In particular, it was impossible to do any
capture on nflog interface in Linux since commit df7d24f. Now the
function is only called on -P flag.
|
| |
|
|
|
| |
Adds -P in|out|inout option, includes man page and command line help
updates.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This change removes detection of linux/netfilter/nfnetlink_log.h, which
was only used to provide two constants. The constants are now defined in
print-nflog.c, making it possible to compile (and test) the NFLOG
decoder on all systems, not only Linux.
There is now a test case for the decoder, it was produced on a Linux
host with:
iptables -A INPUT -p udp --source 74.82.42.42 -j NFLOG --nflog-group 20
dig @74.82.42.42 ...
|
| |
|
|
|
|
|
|
| |
DLT_EN10MB, the most commonly seen datalink type, used to be the first
element of ndo_printers[], which lookup_ndo_printer() iterates over, but
commit 20ad836 made DLT_NFLOG the first. Move DLT_NFLOG to the last
position to make the function spend the same time processing the
previously recognized datalink types as before.
|
| |
|
|
|
|
|
|
|
|
|
| |
The Link Management Protocol version 1 sample capture added to the tests
directory in commit 212eef2 was produced using non-standard UDP port
49998. Later assignment of port 701 reflected in commit 960aee5 made it
impossible to decode the capture.
This change adds a -T override for LMP, uses it to replace the broken
test with two working tests and dismisses the custom test script,
lmp.sh.
|
| |
|
|
|
|
| |
Added nflog.h to Makefile.in
Alphabetical order in Makefile.in
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This change adds new code to decode ZeroMQ datagrams, couples it with
the PGM decoder and extends the -T option to make all this work.
There are two new test cases based on existing captures of ZMTP/1.0
inside [E]PGM to decode the ZMTP/1.0 part of these.
This functionality enables decoding of the traffic zeromq library
produces for "pgm://" and "epgm://" protocol schemas.
|
| |
|
|
|
|
|
|
|
| |
The original PGM uses its own IP protocol number. "EPGM" or "PGM/UDP"
stands for UDP-encapsulated PGM, which has no assigned UDP port number
and can be decoded only by means of -T option, which now accepts "pgm"
protocol type for this purpose. There is also a sample capture of EPGM
now (similar to the one of native PGM, but produced using the "epgm://"
protocol schema) and a respective test case.
|
| | |
|
| |
|
|
|
|
|
| |
Prior to this if pcap_breakloop() is called in cleanup() while reading
multiple files (via -V) the code would fall through and open the next
file in the list. With this change the list is cut short and the program
exits normally.
|
| |
|
|
| |
- Use the packettype infrastructure (-T vxlan) for VXLAN parsing (waiting for a well known dest port)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol
1.0) framing in TCP packets, as defined in http://rfc.zeromq.org/spec:13
and implemented in zeromq library.
Since there is no assigned port number for ZeroMQ, the user is left
responsible for making only the related TCP packets captured and
enforcing ZMTP/1.0 decoding through the "-T zmtp1" option.
Each ZMTP/1.0 frame of a packet will produce a single additional line of
output. The "-v" flag will add up to 8 lines (128 bytes) worth of
hex+ASCII dump of the frame body, and "-vv" and higher will dump the
full frame body, however long.
Beware that this code handles neither IP fragmentation nor TCP
segmentation and will incorrectly decode segments not starting at a
frame boundary.
The included sample capture stands for a short ZeroMQ session between a
REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced
using version 2.1.9 of zeromq library patched to fix its bug #293, so
that all MBZ bits of the flags field are set to 0.
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
tcpdump.c
|
| | |
| |
| |
| |
| |
| | |
Use strtol() and only treat the argument as a number if it's *all*
number, so that interface names such as 192_1_2 aren't treated as
"interface number 192".
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
NAME_MAX is the maximum length of a file pathname *component*; PATH_MAX
is the maximum length of a file pathname. We're dealing with pathnames,
so use PATH_MAX. (On some systems, NAME_MAX can be as low as 14,
presumably for binary compatibility with V7-era data structures
containing file names, as there are probably few if any non-historic
UN*Xes around with 14-character file name limitations.)
Boost the default PATH_MAX to 1024 while we're at it.
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
The indentation should match on this file now
|
| | |
| |
| |
| | |
Added sanity checking for return value to filename being equal to NULL
|
| | |
| |
| |
| |
| |
| | |
Be more portable when opening stdin.
Refactor reading from VFile into a function.
|
| | |
| |
| |
| | |
When we open a new file we need to get new printinfo.
|
| | |
| |
| |
| |
| | |
If when writing an output file, error if the DLT of subsequent files is not
the same as the original.
|
| |/ |
|
| |
|
|
|
|
|
|
| |
This allows tcpdump to handle RADIUS running on non-standard ports.
Submitted-By: ssb@sourceforge.net
Man page also updated by me.
|
| | |
|
| |
|
|
|
|
| |
Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.
|
| |
|
|
|
|
| |
From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD. We already have CARP
support, so we did not port that part over.
|
| |
|
|
| |
that does not support SIGINFO
|
| |
|
|
|
|
|
| |
CARP and VRRP both use IP protocol number 112, so there needs to be a -T
flag to specify that protocol 112 be dissected as CARP rather than VRRP.
Also update the man page.
|
| |
|
|
|
| |
That makes the names a bit shorter, and mentions the specific Hilscher
product to which they apply.
|
| | |
|
| |
|
|
|
| |
Tcpdump's ndo_error() doesn't return. Any other ndo_error routine
supplied to netdissect shouldn't, either, as printers expect it not to.
|
| |
|
|
|
|
|
|
| |
I was rudely surprised to find that "tcpdump -h" wasn't printing a usage
message, and I'm the person who *added* the "-h" option. Make it "-H",
and add an explicit "-h" option to print a usage message, so nobody else
makes the same mistake. Also, don't clear opterr, so that if you give
an illegal command-line option, you get an explanatory error message.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To: tcpdump-workers@lists.tcpdump.org
Date: Sat, 09 Apr 2011 12:51:14 +1000
Subject: [tcpdump-workers] Printing PPI packets
Printing PPI packets with tcpdump does not turn out
to be that hard.
My simple tests have produced the output as below.
It would be worthwhile having some changes made into
the tcpdump code base that were similar to the attached
that print them out.
|
| |
|
|
|
|
|
|
| |
Based on a patch from cr4ckn@sourceforge.net, but with a macro
PLURAL_SUFFIX() defined to return either "s" or "" (rather than possibly
printing a NUL character with %c), and with that macro used in a couple
of cases where the equivalent had been done by hand, and with one case
the patch missed fixed as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than hardcode the WIN32 define, add proper fork checks to the
configure script and check those. This fixes building for nommu systems
which lack the fork function.
While we're here though, add support for this functionality via vfork
so that it does work on nommu systems. And fix an old bug where we
exit properly in the forked child when the exec failed instead of just
returning to the calling code (which isn't expecting it).
Reviewed-By: Guy Harris <guy@alum.mit.edu>
|
| |
|
|
|
|
|
|
|
|
| |
In addition to Paul's change, I added a comment explaining why we do
this, and explaining that doing so after opening the first savefile
doesn't help with subsequent savefiles, so you'll have to come up with a
better fix if you want the savefiles opened by the original UID or
outside the chroot.
Reviewed-By: Guy Harris <guy@alum.mit.edu>
|
| | |
|
| | |
|
| | |
|
