more ansi function decls
ok deraadt@

ANSI functions; ok tb

add "sample NUM" so you can ask to capture 1/NUM packets from a filter.

the use of the sample keyword matches similar config in other
products.

NUM can be a number between 2 and 1048576, and is used to divide
0x100000000 into a threshold that is then compared against a randomly
generated number produced by a load of BPF_RND.

having sampling as part of the grammar means you can write things
like "icmp or sample 128". this lets you capture all icmp traffic
and a sample of the rest of the traffic.

ok jmatthew@ kn@ tb@

add support for handling loads from BPF_RND.

this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can print it as 'ld #random'. most of the handling is
copied from the "len"/"length" keywoard handling that generates and
decodes a load of the actual wire length of the packet.

ok jmatthew@ tb@ kn@

add basic MPLS filtering support

OK claudio@ jca@

Change some libpcap functions which use pointers as arguments and
returns to const pointers:

- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().

Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision

ANSI functions; ok tb

add "sample NUM" so you can ask to capture 1/NUM packets from a filter.

the use of the sample keyword matches similar config in other
products.

NUM can be a number between 2 and 1048576, and is used to divide
0x100000000 into a threshold that is then compared against a randomly
generated number produced by a load of BPF_RND.

having sampling as part of the grammar means you can write things
like "icmp or sample 128". this lets you capture all icmp traffic
and a sample of the rest of the traffic.

ok jmatthew@ kn@ tb@

add support for handling loads from BPF_RND.

this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can print it as 'ld #random'. most of the handling is
copied from the "len"/"length" keywoard handling that generates and
decodes a load of the actual wire length of the packet.

ok jmatthew@ tb@ kn@

add basic MPLS filtering support

OK claudio@ jca@

Change some libpcap functions which use pointers as arguments and
returns to const pointers:

- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().

Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision

add "sample NUM" so you can ask to capture 1/NUM packets from a filter.

the use of the sample keyword matches similar config in other
products.

NUM can be a number between 2 and 1048576, and is used to divide
0x100000000 into a threshold that is then compared against a randomly
generated number produced by a load of BPF_RND.

having sampling as part of the grammar means you can write things
like "icmp or sample 128". this lets you capture all icmp traffic
and a sample of the rest of the traffic.

ok jmatthew@ kn@ tb@

add support for handling loads from BPF_RND.

this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can print it as 'ld #random'. most of the handling is
copied from the "len"/"length" keywoard handling that generates and
decodes a load of the actual wire length of the packet.

ok jmatthew@ tb@ kn@

add basic MPLS filtering support

OK claudio@ jca@

Change some libpcap functions which use pointers as arguments and
returns to const pointers:

- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().

Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision

add basic MPLS filtering support

OK claudio@ jca@

Change some libpcap functions which use pointers as arguments and
returns to const pointers:

- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().

Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision

Change some libpcap functions which use pointers as arguments and
returns to const pointers:

- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().

Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision

use working boilerplate for yacc/lex instead of homemade rules.
okay millert@
(forgot the obvious scanner.l tweak in my diff)

Remove register keyword.

ok deraadt@

Add icmptype and tcpflags support to the grammar
ok claudio@ jsing@

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"
to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@

define bpf filters to match address and header fields in IEEE 802.11
wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see
tcpdump(8) for details.

"Works for me" claudio@
ok jmc@ deraadt@

strnvis illegal tokens as well and remove a spurious "i" that crept in
the pattern long ago; ok deraadt@ and markus@ for the "i" removal

vis() illegal characters; ok otto

Add Spanning Tree Protocol support.
Bump version to 3.1.
OK brad@

accept hostnames 1 char long; spotted by otto, ok otto

libpcap and tcpdump now understand the new pflog datalink type.
old datalink type is still recognized.

ok henning@ dhartmei@ frantzen@

must yyrestart after longjmp; moritz@jodeit.org

language extensions for PF logs. can specify direction, interface, rule
number, reason and action. fix the ipv4/ipv6 distinction while I'm here.

#include string.h to get memset() prototype

remove legacy over-general :{B} match for MAC addresses, fixing filters like 'arp[6:2] = 2'. ok angelos@

sync with libpcap v0.5
add support for INET6 (kame)

changes brought in from v0.4; started by brad, more by me, being tested by mts

handle single char hostnames; jch@honig.net

permit numbers at start of hostname; leres@ee.lbl.gov

bring it to the latest 0.2 LBL release.

libpcap used yyparse(), which is bad; netbsd pr#2031; lukem@supp.cpr.itg.telecom.com.au

merge to latest libpcap

Update to the latest LBL release.

branches: 1.1.1;
Initial revision