summaryrefslogtreecommitdiffstats
path: root/lib/libpcap/gencode.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* support PCAP_NETMASK_UNKNOWN, adapted from an old commit in upstreamsthen2021-01-181-1/+8
| | | | | | | libpcap, ok dlg@ https://github.com/the-tcpdump-group/libpcap/commit/74b2de364f3443fc2414d0160b0b942f347c6fd4 https://github.com/the-tcpdump-group/libpcap/commit/117cb5eb2eb4fe212d3851f1205bb0b8f57873c6
* Fix byte order handling for DLT_LOOP linkskn2020-09-121-4/+21
| | | | | | | | | | | | | | | | | | | | | | | Fixing filters on DLT_LOOP revealed that we treat DLT_NULL, DLT_ENC and DLT_LOOP the same way even though DLT_LOOP stores the AF value in network not byte order like the rest. This amends the missing conversion which ought to land with the recent commit exposing the byte order mismatch: revision 1.53 date: 2020/07/21 22:44:55; author: dlg; state: Exp; lines: +2 -2; DLT_LOOP does have a link header, so tell pcap-filter so it can use it. ... debugged with and ok kn@ Discussed with bluhm who reported src/regress/sys/netinet6/rip6cksum/ failing on i386 after above commit. The comment in this commit is taken from libpcap upstream as is modulo additional file-save related byte-order handling which we don't seem to do. OK bluhm
* add "sample NUM" so you can ask to capture 1/NUM packets from a filter.dlg2020-08-031-1/+22
| | | | | | | | | | | | | | | the use of the sample keyword matches similar config in other products. NUM can be a number between 2 and 1048576, and is used to divide 0x100000000 into a threshold that is then compared against a randomly generated number produced by a load of BPF_RND. having sampling as part of the grammar means you can write things like "icmp or sample 128". this lets you capture all icmp traffic and a sample of the rest of the traffic. ok jmatthew@ kn@ tb@
* add support for handling loads from BPF_RND.dlg2020-08-031-1/+17
| | | | | | | | | | this adds "rnd" and "random" as keywords in the grammar, and handles them as an arithmetic operator. the decoder recognises the load, so tcpdump can print it as 'ld #random'. most of the handling is copied from the "len"/"length" keywoard handling that generates and decodes a load of the actual wire length of the packet. ok jmatthew@ tb@ kn@
* DLT_LOOP does have a link header, so tell pcap-filter so it can use it.dlg2020-07-211-2/+2
| | | | | | | | | | | | | | matthieu@ reported that asking tcpdump to look at ip or ip6 traffic on a wg(4) interface caused all packets to be captured. this is because pcap assumes that if your link type doesn't have a link header then it is always ip or ip6 (which is weird anyway) and captures everything. there was already code to generate a filter for the DLT_LOOP link header, it was just bypassed cos earlier code said that there wasn't one. debugged with and ok kn@
* add basic MPLS filtering supportdenis2018-12-091-3/+34
| | | | OK claudio@ jca@
* unbreak VLAN filteringdenis2018-11-101-2/+7
| | | | OK dlg@
* fix a typodenis2018-11-091-2/+2
| | | | OK jca@ (from a long time ago...)
* Change some libpcap functions which use pointers as arguments andsthen2018-06-031-3/+3
| | | | | | | | | | | | returns to const pointers: - the prefix argument to pcap_perror(); - the return value of pcap_strerror(); - the filter expression argument to pcap_compile() and pcap_compile_nopcap(); - the BPF filter program argument to bpf_image(). Matches changes made earlier in tcpdump.org's version of libpcap. From Guy Harris, ok tb@, been through a bulk ports build.
* recognise DLT_PPP_SERIAL.dlg2018-02-061-1/+6
| | | | | | | shlib version doesnt need a bump before no new symbols were added or removed. part of a larger diff that was ok sthen@
* Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysedmpi2018-02-031-1/+3
| | | | | | in wireshark. ok deraadt@, dlg@
* Extend the DLT_OPENFLOW header to include the switch datapath id.reyk2016-11-201-2/+2
| | | | OK rzalamena@
* Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),reyk2016-11-161-1/+6
| | | | | | | | eg. tcpdump -y openflow -i switch0 Includes a minor bump for libpcap. Feedback and OK rzalamena@
* remove NULL-checks before free()mmcc2015-12-221-6/+5
|
* Remove register keyword.mmcc2015-11-171-32/+32
| | | | ok deraadt@
* memory.h -> string.hmmcc2015-11-171-2/+2
| | | | ok deraadt@
* lint is dead: delete the trivial uses of /* VARARGS[0-9]+ */guenther2015-09-271-2/+1
| | | | (others require more care)
* Move to the <limits.h> universe.deraadt2015-01-161-1/+2
| | | | review by millert, binary checking process with doug, concept with guenther
* Yet more #include de-duplication.krw2014-11-201-2/+1
| | | | ok deraadt@ tedu@
* Remove pointless casts. No binary change.lteo2014-03-141-2/+2
| | | | suggested by krw@
* Change a few malloc+memset calls to calloc.lteo2014-03-141-4/+3
| | | | ok deraadt@ florian@
* Fix typo in pflog header size computation. Fixes filtering with the newcanacar2010-10-091-2/+2
| | | | pflog headers. reported by jmc@, tested by jmc@ and sthen@, ok sthen@
* Make tcpdump of pflog interfaces work with 'net <net>' expression.krw2010-09-081-3/+3
| | | | | | My problem, canacar@'s fix. ok sthen@ canacar@
* Properly handle the size field in pflog link headercanacar2010-07-271-45/+236
| | | | | | | | | when generating the filter. This will allow the pflog header to be extended without adding a new link type. No change to generated code for other link types. ok henning@
* remove support for the old pflog format, replaced in 2003henning2010-06-261-34/+1
| | | | ok ryan theo & herr reyksminister
* Zero out IPv6 mask before using it. This fixes expressions likebluhm2009-09-181-1/+2
| | | | | | 'net 2002::/16', which were previously non-deterministic based on the previous contents of memory. from upstream; ok claudio@
* Swap the code for a calling function and what it calls, so that the calledderaadt2008-06-151-14/+14
| | | | | function is in scope and a pointer is not returned via an int ok dtucker
* Import vlan support from upstream libpcap. This allows, eg, "tcpdump vla 3"dtucker2008-06-111-1/+99
| | | | to work on a vlan parent interface. ok mcbride@, "commit it" deraadt@
* fix format stringchl2007-11-061-2/+2
| | | | ok ray@ gilles@
* remove extra \n in bpf_error() calls.reyk2007-01-021-10/+10
| | | | figured out by claudio@
* define bpf filters to match address and header fields in IEEE 802.11reyk2007-01-021-10/+194
| | | | | | | | wlan frames (DLT_IEEE802_11 and DLT_IEEE802_11_RADIO linktypes). see tcpdump(8) for details. "Works for me" claudio@ ok jmc@ deraadt@
* get rid of arc network support. we have no users of it so this is deaddlg2006-07-181-93/+1
| | | | | | | code. however, it is still cluttering up the kernel namespace a bit. it is better gone. ok claudio@
* Add Spanning Tree Protocol support.mpf2005-10-071-3/+54
| | | | | Bump version to 3.1. OK brad@
* Fix description in a comment.joel2005-06-041-2/+2
|
* add DLT_IEEE802_11_RADIO (802.11 + radiotap header)reyk2005-02-281-1/+6
| | | | ok jsg@ deraadt@
* add DLT_PPP_ETHER supportbrad2004-05-211-1/+11
| | | | | | ok canacar@ From: Marc Huber <pppoe at pro-bono-publico dot de>
* remove $Header, it was messing up cvs for me. ok deraadt@tedu2004-01-271-5/+1
|
* add DLT_IEEE802_11 support; from NetBSD. bump minor.fgsch2004-01-261-2/+7
| | | | deraadt@ ok.
* libpcap and tcpdump now understand the new pflog datalink type.canacar2003-05-141-19/+100
| | | | | | old datalink type is still recognized. ok henning@ dhartmei@ frantzen@
* tcpdump support for pfsync; henning@ okmickey2002-11-291-2/+7
|
* more error checking of memory allocation, from clodder@acm.org. okay deraadt@provos2002-07-091-2/+5
|
* language extensions for PF logs. can specify direction, interface, rulefrantzen2002-03-231-9/+96
| | | | number, reason and action. fix the ipv4/ipv6 distinction while I'm here.
* We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.millert2002-02-191-18/+2
|
* fix memory leak associated with compiled BPF program, sync'd from tcpdump.org. ok itojun@dugsong2001-12-171-2/+16
|
* DLT_PFLOGprovos2001-06-251-2/+8
|
* sync with libpcap v0.5jakob2000-04-261-23/+998
| | | | add support for INET6 (kame)
* changes brought in from v0.4; started by brad, more by me, being tested by mtsderaadt1999-07-201-96/+219
|
* DLT_LOOP has network byte order headerderaadt1998-08-311-2/+8
|
* buf oflowsderaadt1998-07-141-2/+3
|
* handle IPSec processed packets (DLT_ENC) in libpcap, display them withprovos1998-06-111-1/+7
| | | | tcpdump + additional info (SPI + which type of transforms where passed).
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.