summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump/print-udp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* add initial support for handling geneve packets.dlg2020-08-171-1/+7
| | | | | | | it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
* wire the wireguard packet printer into tcpdump.dlg2020-06-211-1/+6
| | | | from Matt Dunwoodie and Jason A. Donenfeld
* - (void)printf() -> printf(); the cast adds clutter for little value.procter2020-01-241-19/+14
| | | | | | | | | | - fprintf(stdout, ...) -> printf() - fputs(x, stdout) -> printf(); for consistency. fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump to /dev/null across a 20MB/~170k packet pcap file. ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest
* add support for VXLAN-GPE as per draft-ietf-nvo3-vxlan-gpe-08.dlg2019-12-021-2/+3
| | | | | it's nicely backwards compatible, so we can use the same code for both vxlan and vxlan-gpe.
* rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.dlg2019-12-021-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced. the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields. this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced. if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing. ok deraadt@
* Remove #ifdef INET6kn2018-10-221-11/+2
| | | | | | | | | | | | There's not reason to build without IPv6 support, `-U INET6' builds were broken anyway. Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here. No object change on amd64 and sparc64 with clang, gcc compiles differently but behaviour stays the same. OK denis deraadt
* move the verbose checksum info back after the colon.dlg2018-07-101-7/+7
| | | | | requested by bluhm@ as it broke some regress tests for no good reason.
* add support for vxlan packets.dlg2018-07-061-1/+7
| | | | | I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
* pass the payload to parsers via cp, which is a pointer to the payload.dlg2018-07-061-38/+35
| | | | previously they all had (const u_char *)(up + 1), which was messy.
* add "tftp" as a type to use with -Tdlg2018-07-061-1/+4
| | | | | | | This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
* Add "mpls" as a type to use with -Tdlg2018-07-061-1/+4
| | | | This allows arbitrary UDP packets to be parsed as MPLS.
* According to RFC7510, IANA allocated port 6635 for MPLS over UDPdlg2018-07-061-1/+4
|
* Add "gre" as a type to use with -Tdlg2018-07-061-1/+4
| | | | This allows arbitrary UDP packets to be parsed as GRE packets.
* Rework UDP parsing, particularly around IP addresses.dlg2018-07-061-199/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This originally started as trying to put a consistent space between the UDP header information and the payload parsing, but while doing that I noticed inconsistent IPv4 vs IPv6 handling. Apart from the default "srcip.srcport > dstip.dstpor" output, all the other places that IP addresses were printed assumed IPv4. It looks like it is possible that udp_print() can be called without an IP header, which made these blind IPv4 prints turn into NULL derefs. This fixes the problem above by only having a single place that prints the addresses out, and makes sure to get the difference between IPv4, IPv6 and no IP correct. This changes how the checksum is calculated. It incrementally builds the UDP checksum by feeding the IPv4 and v6 addresses in separately, then using common code for the rest of the pseudo header and actual payload. Lastly, this does make printing the space between the UDP header and its payload consistent. The UDP code is now responsible for adding a space after itself so the payload parsers don't have to. They got it wrong in some cases anyway, so this should be a lot more uniform. help and ok sthen@
* some style fixes, no functional change.dlg2018-07-031-6/+5
| | | | ok claudio@ mpi@ benno@ bluhm@ deraadt@
* handle gre-in-udp trafficdlg2018-07-031-1/+6
| | | | ok deraadt@
* assign pointers to NULL rather than 0mmcc2015-12-221-2/+2
|
* Remove remaining instances of the register keyword.mmcc2015-11-161-11/+11
| | | | ok deraadt@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-2/+1
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* No use for <netinet/in_systm.h> nor <netinet/tcpip.h>.mpi2014-08-141-2/+1
|
* Instead of showing the difference between a bad checksum and a goodlteo2014-06-201-9/+12
| | | | | | | | | | | | | | checksum, make tcpdump (with the -v flag) show the actual bad checksum within the IP/protocol header itself and what the good checksum should be, e.g. "[bad tcp cksum abcd! -> d1e6]" This change applies to IP, TCP (over IPv4 and IPv6), UDP (over IPv4 and IPv6), ICMP, and ICMPv6. This commit also fixes several inconsistencies in the way bad checksums were displayed for these protocols. Tested on amd64, i386, and macppc. ok henning@
* show that zero checksums are invalid for UDP over IPv6; input & ok bluhm@naddy2014-01-261-2/+4
|
* Add TCP/UDP checksum display for v6 and clean up the checksumnaddy2010-01-121-20/+47
| | | | calculation. Mostly from tcpdump.org; ok jsing@
* Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP),jsing2009-11-041-1/+8
| | | | | | | | | | used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded. This work has been kindly sponsored by SystemNet AS (www.systemnet.no). "commit" deraadt@
* Sort port numbers and fix indentation.jsing2009-11-041-26/+26
|
* rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andderaadt2009-10-271-6/+1
| | | | | | | unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
* trash $Header goo which is just annoying; 5595deraadt2007-10-071-2/+2
|
* try udpencap before ike; ok hshoexermarkus2006-11-211-4/+4
|
* remove extra space in output; ok markus@ moritz@stevesk2006-05-311-5/+5
|
* add VLAN Query Protocol (VQP) dissector; ok canacar@ markus@stevesk2006-05-231-2/+5
|
* print IAPP messages for the old IAPP port 2313.reyk2006-03-101-3/+3
|
* add printer for IAPP and hostapd(8) messagesreyk2005-11-221-2/+7
| | | | ok canacar@, tested by aanriot@ and others
* privilege separated tcpdump, joint work with otto@canacar2004-01-281-2/+2
| | | | | tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
* Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogusotto2004-01-181-3/+6
| | | | | | DNS traffic. ok canacar@ jakob@
* support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@markus2003-06-111-2/+5
|
* HSRP dissector, from Julian Cowley <julian@lava.net> via tcpdump.orgmickey2002-01-221-2/+5
|
* disable smb decoder, as there seems to be fewer bound checks than neededitojun2001-06-251-2/+4
|
* Extend IKE knowledge so we can parse the rest (normally encrypted parts)ho2001-04-091-3/+3
| | | | | of the IKE negotiation. Useful for isakmpd's new -L and -l options. Also some cleanup. (angelos@, niklas@ ok)
* add lwres (BINDv9 resolver) printing. from tcpdump.org and modified by ho@jakob2001-03-061-2/+5
|
* timed printing; from Ben Smithurst <ben@scientia.demon.co.uk>; via tcpdump.orgmickey2000-12-071-2/+5
|
* smb printing; from Andrew Tridgell; via tcpdump.orgmickey2000-12-071-2/+6
|
* tcpdump incorrectly print port numbers when parsing NFS (PR#1540)jakob2000-12-051-2/+22
| | | | fix submitted by Grigoriy Orlov <gluk@ptci.ru>
* Compile with -Wall. Add $OpenBSD$. (jakob@ ok)ho2000-10-031-2/+4
|
* #include <string.h>; <goeran@cdg.chalmers.se>jakob2000-05-051-1/+2
|
* INET6jakob2000-04-261-8/+119
| | | | | | DHCP/BOOTP tcp & udp checksum detection numerous bugfixes
* L2TP support (from KAME)jakob2000-01-161-1/+4
|
* bring more inline with tcpdump 3.4brad1999-09-161-1/+8
|
* - Merge some changes from tcpdump 3.4jakob1999-07-281-1/+10
| | | | | | | | | | | | | | | -a flag; attempt to convert network and broadcast addresses to names Improved signal handling Miscellaneous fixes and typos OSPF MD5 authentication support - -X flag; emacs-hexl print (including ascii) - Add ECN bits to TCP and IP headers - IKE & IPsec (ESP & AH) support OK deraadt@
* add cisco netflow proto printing; not tested w/ version 5, but should work anywaysmickey1998-06-251-1/+4
|
* Add RADIUS printing support. Blech.tqbf1997-07-311-1/+11
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.