#
1.88 |
|
21-May-2024 |
jsg |
remove prototypes with no matching function and externs with no var partly checked by millert@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.87 |
|
28-Feb-2023 |
claudio |
Adjust default_print() to not run over snapend.
Kill default_print_unaligned() and adjust default_print() to also work with unaligned buffers. There is no need for two functions doing the same thing.
Pass the right length in nsh_print to default_print(). Fixes on place that makes tcpdump crash. Reported by Peter J. Philipp (pjp at delphinusdns dot org) OK mbuhl@
|
Revision tags: OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.86 |
|
17-Aug-2020 |
dlg |
add initial support for handling geneve packets.
it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
|
#
1.85 |
|
21-Jun-2020 |
dlg |
wire the wireguard packet printer into tcpdump.
from Matt Dunwoodie and Jason A. Donenfeld
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.84 |
|
15-Apr-2020 |
remi |
add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)
ok dlg@
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.87 |
|
28-Feb-2023 |
claudio |
Adjust default_print() to not run over snapend.
Kill default_print_unaligned() and adjust default_print() to also work with unaligned buffers. There is no need for two functions doing the same thing.
Pass the right length in nsh_print to default_print(). Fixes on place that makes tcpdump crash. Reported by Peter J. Philipp (pjp at delphinusdns dot org) OK mbuhl@
|
Revision tags: OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE
|
#
1.86 |
|
17-Aug-2020 |
dlg |
add initial support for handling geneve packets.
it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
|
#
1.85 |
|
21-Jun-2020 |
dlg |
wire the wireguard packet printer into tcpdump.
from Matt Dunwoodie and Jason A. Donenfeld
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.84 |
|
15-Apr-2020 |
remi |
add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)
ok dlg@
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.86 |
|
17-Aug-2020 |
dlg |
add initial support for handling geneve packets.
it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
|
#
1.85 |
|
21-Jun-2020 |
dlg |
wire the wireguard packet printer into tcpdump.
from Matt Dunwoodie and Jason A. Donenfeld
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.84 |
|
15-Apr-2020 |
remi |
add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)
ok dlg@
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.85 |
|
21-Jun-2020 |
dlg |
wire the wireguard packet printer into tcpdump.
from Matt Dunwoodie and Jason A. Donenfeld
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.84 |
|
15-Apr-2020 |
remi |
add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)
ok dlg@
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.84 |
|
15-Apr-2020 |
remi |
add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)
ok dlg@
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.83 |
|
03-Dec-2019 |
dlg |
add support for printing RFC 8300 Network Service Header (NSH)
ok deraadt@
|
#
1.82 |
|
02-Dec-2019 |
dlg |
rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.
it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced.
the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields.
this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced.
if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing.
ok deraadt@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.81 |
|
26-May-2019 |
dlg |
support -T erspan so arbitrary gre protocols can be seen as erspan
this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box.
ok lteo@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.80 |
|
05-Apr-2019 |
dlg |
support printing cdp over gre and ppp
ok deraadt@ mpi@ sthen@
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.79 |
|
22-Oct-2018 |
kn |
Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same.
OK denis deraadt
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.78 |
|
06-Jul-2018 |
dlg |
add support for vxlan packets.
I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
|
#
1.77 |
|
06-Jul-2018 |
dlg |
add "tftp" as a type to use with -T
This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
|
#
1.76 |
|
06-Jul-2018 |
dlg |
Add "mpls" as a type to use with -T
This allows arbitrary UDP packets to be parsed as MPLS.
|
#
1.75 |
|
06-Jul-2018 |
dlg |
Add "gre" as a type to use with -T
This allows arbitrary UDP packets to be parsed as GRE packets.
|
#
1.74 |
|
06-Jul-2018 |
dlg |
Rework UDP parsing, particularly around IP addresses.
This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs.
This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload.
Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform.
help and ok sthen@
|
#
1.73 |
|
06-Jul-2018 |
dlg |
move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but works on hosts of both endians.
discussed at length with proctor@ ok sthen@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.72 |
|
10-Feb-2018 |
dlg |
print etherip on ipv6.
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.71 |
|
06-Feb-2018 |
dlg |
rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump.
ok sthen@
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
#
1.70 |
|
03-Feb-2018 |
mpi |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed in wireshark.
ok deraadt@, dlg@
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|
Revision tags: OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
#
1.69 |
|
16-Nov-2016 |
reyk |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4), eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
#
1.68 |
|
22-Oct-2016 |
rzalamena |
Teach tcpdump(8) how to read OpenFlow packets. This initial implementation supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod.
We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too.
ok deraadt@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
11-Jul-2016 |
rzalamena |
Teach tcpdump to recognize MPLS pseudowire with control words. Added support to print encapsulated ethernet packets as well.
"Looks good" deraadt@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
15-Nov-2015 |
mmcc |
Remove more register keywords.
ok daniel@, discussed on hackers@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.65 |
|
05-Apr-2015 |
guenther |
Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x reference.
ok sthen@ jca@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.64 |
|
20-Nov-2014 |
jsg |
Make ip6_print() take an unsigned length matching ip_print() and others.
Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well.
ok deraadt@ djm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.63 |
|
20-Jun-2014 |
lteo |
Import in_cksum_shouldbe() from mainline tcpdump; this is needed by my upcoming commit which will fix and improve the display of bad checksums for the major protocols.
ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.62 |
|
11-Jan-2014 |
lteo |
Make icmp_print() accept the length variable, which is the length of the packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.61 |
|
06-Apr-2010 |
jsg |
Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD, cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.60 |
|
12-Jan-2010 |
naddy |
Add TCP/UDP checksum display for v6 and clean up the checksum calculation. Mostly from tcpdump.org; ok jsing@
|
#
1.59 |
|
04-Nov-2009 |
jsing |
Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP), used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.58 |
|
14-Feb-2009 |
sthen |
increase the default snaplen to 116, allows capture of pflog+ipv6+tcp without knobs. ok djm, deraadt.
|
#
1.57 |
|
16-Oct-2008 |
mpf |
Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad. Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
|
Revision tags: OPENBSD_4_3_BASE OPENBSD_4_4_BASE
|
#
1.56 |
|
07-Oct-2007 |
deraadt |
trash $Header goo which is just annoying; 5595
|
#
1.55 |
|
28-Aug-2007 |
markus |
add -I option for printing the interfaces; ok hshoexer, henning, mcbridge (some time ago)
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE
|
#
1.54 |
|
01-Jun-2006 |
moritz |
Pass the captured packet length in addition to the real packet length to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes.
ok canacar@
|
#
1.53 |
|
23-May-2006 |
stevesk |
add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@
|
#
1.52 |
|
28-Mar-2006 |
reyk |
Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discovery Protocol.
LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry...
ok brad@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.51 |
|
22-Nov-2005 |
reyk |
add printer for IAPP and hostapd(8) messages
ok canacar@, tested by aanriot@ and others
|
#
1.50 |
|
08-Oct-2005 |
canacar |
Add a best effort mpls decoder. From Jason L. Wright. Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
|
Revision tags: OPENBSD_3_8_BASE
|
#
1.49 |
|
28-May-2005 |
reyk |
support decapsulation of 802.11 data frames
ok canacar@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.48 |
|
07-Mar-2005 |
reyk |
add a printer for 802.11 and for additional radiotap headers, use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver.
ok canacar@
|
#
1.47 |
|
16-Sep-2004 |
markus |
add -T tcp to enforce interpretation as TCP
|
Revision tags: OPENBSD_3_6_BASE
|
#
1.46 |
|
20-Jun-2004 |
avsm |
- do not use __attribute__((volatile)) as its a synonym for __dead nowadays - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
|
#
1.45 |
|
21-May-2004 |
brad |
add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().
ok canacar@
From: Marc Huber <pppoe at pro-bono-publico dot de>
|
#
1.44 |
|
28-Apr-2004 |
mcbride |
Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
|
Revision tags: OPENBSD_3_5_BASE
|
#
1.43 |
|
28-Jan-2004 |
canacar |
privilege separated tcpdump, joint work with otto@
tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
|
#
1.42 |
|
18-Jan-2004 |
otto |
Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus DNS traffic.
ok canacar@ jakob@
|
#
1.41 |
|
15-Dec-2003 |
mcbride |
Add initial support for pf state synchronization over the network. Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls.
NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.40 |
|
21-Aug-2003 |
frantzen |
print the operating system of TCP SYN packets with the -o option
|
#
1.39 |
|
26-Jun-2003 |
deraadt |
ansi and protos
|
#
1.38 |
|
11-Jun-2003 |
markus |
support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@
|
#
1.37 |
|
14-May-2003 |
canacar |
libpcap and tcpdump now understand the new pflog datalink type. old datalink type is still recognized.
ok henning@ dhartmei@ frantzen@
|
Revision tags: OPENBSD_3_3_BASE
|
#
1.36 |
|
20-Feb-2003 |
jason |
add printing of ipcomp, and while in the neighborhood, make ah/esp actually check the length of the data
|
#
1.35 |
|
30-Nov-2002 |
mickey |
pfsync support; deraadt@ ok
|
#
1.34 |
|
30-Nov-2002 |
deraadt |
stop breaking the damn tree mickey
|
#
1.33 |
|
29-Nov-2002 |
mickey |
tcpdump support for pfsync; henning@ ok
|
Revision tags: OPENBSD_3_2_BASE
|
#
1.32 |
|
12-Jul-2002 |
pvalchev |
In TTEST2(), check to make sure the "l" argument isn't so large that "snapend - l" underflows; this fixes a buffer overflow with malformed NFS packets, and may fix other buffer overflows with malformed packets. From tcpdump CVS via fenner@FreeBSD
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.31 |
|
19-Feb-2002 |
millert |
branches: 1.31.2; We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
|
#
1.30 |
|
23-Jan-2002 |
mickey |
proper handling for DLT_NULL and DLT_LOOP (header byte swapping); pointed out and tested by Alexander Yurchenko <grange@rt.mipt.ru>
|
#
1.29 |
|
22-Jan-2002 |
mickey |
HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.org
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.28 |
|
02-Oct-2001 |
deraadt |
branches: 1.28.2; change timeval to bpf_timeval; 32 bit in size, permitting much greater portability
|
#
1.27 |
|
25-Jun-2001 |
provos |
interpret DLT_PFLOG
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.26 |
|
09-Apr-2001 |
ho |
Extend IKE knowledge so we can parse the rest (normally encrypted parts) of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
|
#
1.25 |
|
08-Apr-2001 |
jakob |
add support for printing cdp (Cisco Discovery Protocol), from tcpdump.org
|
#
1.24 |
|
06-Mar-2001 |
jakob |
add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@
|
#
1.23 |
|
05-Mar-2001 |
jakob |
add relts_print, safeputs and safeputchar
|
#
1.22 |
|
05-Feb-2001 |
jason |
etherip printing code... handles draft (v2) and current (v3)
|
#
1.21 |
|
07-Dec-2000 |
mickey |
timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.org
|
#
1.20 |
|
07-Dec-2000 |
mickey |
smb printing; from Andrew Tridgell; via tcpdump.org
|
#
1.19 |
|
07-Dec-2000 |
mickey |
add vrrp printing; from tcpdump.org
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
19-Oct-2000 |
jason |
code for printing bridge spanning tree packets also fix a bug where llc encoded frames are hex dumped twice when -x is used
|
#
1.17 |
|
03-Oct-2000 |
ho |
Compile with -Wall. Add $OpenBSD$. (jakob@ ok)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.16 |
|
26-Apr-2000 |
jakob |
INET6 DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
|
#
1.15 |
|
16-Jan-2000 |
jakob |
BGP support (from KAME/WIDE). INET6 parts not done yet.
|
#
1.14 |
|
16-Jan-2000 |
jakob |
Mobile IP support (from KAME/NetBSD)
|
#
1.13 |
|
16-Jan-2000 |
jakob |
L2TP support (from KAME)
|
Revision tags: OPENBSD_2_6_BASE
|
#
1.12 |
|
16-Sep-1999 |
brad |
delcare esp_print and radius_print
|
#
1.11 |
|
28-Jul-1999 |
jakob |
- Merge some changes from tcpdump 3.4 -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@
|
Revision tags: OPENBSD_2_4_BASE OPENBSD_2_5_BASE
|
#
1.10 |
|
22-Sep-1998 |
provos |
make tcpdump aware of SACK (RFC 2018), loosely based on a patch from hari@cs.berkeley.edu.
|
#
1.9 |
|
25-Jun-1998 |
mickey |
add cisco netflow proto printing; not tested w/ version 5, but should work anyways
|
#
1.8 |
|
11-Jun-1998 |
provos |
handle IPSec processed packets (DLT_ENC) in libpcap, display them with tcpdump + additional info (SPI + which type of transforms where passed).
|
Revision tags: OPENBSD_2_2_BASE OPENBSD_2_3_BASE
|
#
1.7 |
|
25-Jul-1997 |
mickey |
#if __STDC__ --> #ifdef __STDC__
|
#
1.6 |
|
23-Jul-1997 |
denny |
Better handling for AppleTalk, and netatalk in particular. Handle native Ethertalk phase 1 & 2 as well as the localtalk encapsulation a la Kinetics FastPath previously handled.
|
Revision tags: OPENBSD_2_1_BASE
|
#
1.5 |
|
12-Dec-1996 |
bitblt |
*** empty log message ***
|
Revision tags: OPENBSD_2_0_BASE
|
#
1.4 |
|
13-Jul-1996 |
mickey |
it is 3.2 now.
|
#
1.3 |
|
10-Jun-1996 |
deraadt |
sync to latest
|
#
1.2 |
|
04-Mar-1996 |
mickey |
Updating to the latest LBL release. Sun's SKIP support added.
|
#
1.1 |
|
18-Oct-1995 |
deraadt |
branches: 1.1.1; Initial revision
|