summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump/interface.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add initial support for handling geneve packets.dlg2020-08-171-2/+4
| | | | | | | it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
* wire the wireguard packet printer into tcpdump.dlg2020-06-211-2/+6
| | | | from Matt Dunwoodie and Jason A. Donenfeld
* add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)remi2020-04-151-2/+3
| | | | ok dlg@
* add support for printing RFC 8300 Network Service Header (NSH)dlg2019-12-031-2/+3
| | | | ok deraadt@
* rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.dlg2019-12-021-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced. the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields. this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced. if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing. ok deraadt@
* support -T erspan so arbitrary gre protocols can be seen as erspandlg2019-05-261-2/+3
| | | | | | | this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box. ok lteo@
* support printing cdp over gre and pppdlg2019-04-051-4/+3
| | | | ok deraadt@ mpi@ sthen@
* Remove #ifdef INET6kn2018-10-221-4/+2
| | | | | | | | | | | | There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway. Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here. No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same. OK denis deraadt
* add support for vxlan packets.dlg2018-07-061-2/+4
| | | | | I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
* add "tftp" as a type to use with -Tdlg2018-07-061-2/+3
| | | | | | | This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
* Add "mpls" as a type to use with -Tdlg2018-07-061-2/+3
| | | | This allows arbitrary UDP packets to be parsed as MPLS.
* Add "gre" as a type to use with -Tdlg2018-07-061-2/+3
| | | | This allows arbitrary UDP packets to be parsed as GRE packets.
* Rework UDP parsing, particularly around IP addresses.dlg2018-07-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling. Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs. This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct. This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload. Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform. help and ok sthen@
* move the ip checksumming code into in_cksum.cdlg2018-07-061-3/+5
| | | | | | | | this is part of a bigger change that refactors udp handling, but works on hosts of both endians. discussed at length with proctor@ ok sthen@
* print etherip on ipv6.dlg2018-02-101-3/+3
|
* rework ppp, pptp, and gre parsing.dlg2018-02-061-3/+6
| | | | | | | | | | | | | | | | | | | | | | this started cos i was looking at pptp, which came out like this: 23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap) now it looks like this: 23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets. DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump. ok sthen@
* Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysedmpi2018-02-031-2/+4
| | | | | | in wireshark. ok deraadt@, dlg@
* Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),reyk2016-11-161-3/+4
| | | | | | | | eg. tcpdump -y openflow -i switch0 Includes a minor bump for libpcap. Feedback and OK rzalamena@
* Teach tcpdump(8) how to read OpenFlow packets. This initial implementationrzalamena2016-10-221-2/+3
| | | | | | | | | | | supports the following message types: hello, error, echo request/reply, feature request/reply, set config, packet-in, packet-out, flow removed and flow mod. We currently only support printing this messages for OpenFlow 1.3.5, however it is possible to reuse some functions and get other versions working too. ok deraadt@
* Teach tcpdump to recognize MPLS pseudowire with control words. Addedrzalamena2016-07-111-2/+3
| | | | | | support to print encapsulated ethernet packets as well. "Looks good" deraadt@
* Remove more register keywords.mmcc2015-11-151-3/+3
| | | | ok daniel@, discussed on hackers@
* Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.xguenther2015-04-051-3/+2
| | | | | | reference. ok sthen@ jca@ deraadt@
* Make ip6_print() take an unsigned length matchingjsg2014-11-201-3/+3
| | | | | | | | | | | ip_print() and others. Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well. ok deraadt@ djm@
* Import in_cksum_shouldbe() from mainline tcpdump; this is needed by mylteo2014-06-201-2/+3
| | | | | | | upcoming commit which will fix and improve the display of bad checksums for the major protocols. ok henning@
* Make icmp_print() accept the length variable, which is the length of thelteo2014-01-111-3/+3
| | | | | | | | | | | | | packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums. Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well. This commit makes no functional change to tcpdump itself. OK florian@
* Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD,jsg2010-04-061-3/+3
| | | | | | cleaned up to be less gross after some suggestions from stsp. ok stsp@
* Add TCP/UDP checksum display for v6 and clean up the checksumnaddy2010-01-121-3/+3
| | | | calculation. Mostly from tcpdump.org; ok jsing@
* Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP),jsing2009-11-041-2/+3
| | | | | | | | | | used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded. This work has been kindly sponsored by SystemNet AS (www.systemnet.no). "commit" deraadt@
* increase the default snaplen to 116, allows capture of pflog+ipv6+tcpsthen2009-02-141-10/+5
| | | | without knobs. ok djm, deraadt.
* Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad.mpf2008-10-161-2/+3
| | | | | | Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
* trash $Header goo which is just annoying; 5595deraadt2007-10-071-2/+2
|
* add -I option for printing the interfaces;markus2007-08-281-2/+4
| | | | ok hshoexer, henning, mcbridge (some time ago)
* Pass the captured packet length in addition to the real packet lengthmoritz2006-06-011-3/+3
| | | | | | | to etherip_print() and do all the bounds checking with it. Also add bounds checks to ether_print(). This fixes even more crashes. ok canacar@
* add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@stevesk2006-05-231-2/+3
|
* Add a simple printer for IEEE 802.1AB LLDP, the Link Layer Discoveryreyk2006-03-281-2/+3
| | | | | | | | | Protocol. LLDP is used by some switch vendors as a replacement for the non-free Cizzco Discovery Protocol (CDP) due to some Cisco patentry... ok brad@
* add printer for IAPP and hostapd(8) messagesreyk2005-11-221-2/+3
| | | | ok canacar@, tested by aanriot@ and others
* Add a best effort mpls decoder. From Jason L. Wright.canacar2005-10-081-2/+3
| | | | | | | Since the encapsulated protocol information is not always available in the MPLS tag stack. The decoder attempts to guess the protocol. ok brad@
* support decapsulation of 802.11 data framesreyk2005-05-281-3/+4
| | | | ok canacar@
* add a printer for 802.11 and for additional radiotap headers,reyk2005-03-071-2/+8
| | | | | | use -y IEEE802_11 or IEEE802_11_RADIO if supported by the driver. ok canacar@
* add -T tcp to enforce interpretation as TCPmarkus2004-09-161-2/+3
|
* - do not use __attribute__((volatile)) as its a synonym for __dead nowadaysavsm2004-06-201-4/+5
| | | | | - bad format string "\%s" -> "%s" in print-ike.c fixes parsing using CIL, discussed with millert@ niklas@
* add DLT_PPP_ETHER support plus some fixes for pppoe_if_print().brad2004-05-211-2/+4
| | | | | | ok canacar@ From: Marc Huber <pppoe at pro-bono-publico dot de>
* Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.mcbride2004-04-281-2/+4
| | | | ok markus@ pb@
* privilege separated tcpdump, joint work with otto@canacar2004-01-281-3/+3
| | | | | tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
* Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogusotto2004-01-181-3/+3
| | | | | | DNS traffic. ok canacar@ jakob@
* Add initial support for pf state synchronization over the network.mcbride2003-12-151-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@
* print the operating system of TCP SYN packets with the -o optionfrantzen2003-08-211-2/+3
|
* ansi and protosderaadt2003-06-261-2/+3
|
* support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@markus2003-06-111-2/+3
|
* libpcap and tcpdump now understand the new pflog datalink type.canacar2003-05-141-2/+4
| | | | | | old datalink type is still recognized. ok henning@ dhartmei@ frantzen@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.