summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump/tcpdump.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Don't link tcpdump(8) with libl and remove reference to `yydebug'.mvs2020-12-041-11/+3
| | | | From Martin Vahlensieck.
* add initial support for handling geneve packets.dlg2020-08-171-1/+3
| | | | | | | it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
* wire the wireguard packet printer into tcpdump.dlg2020-06-211-1/+3
| | | | from Matt Dunwoodie and Jason A. Donenfeld
* - (void)printf() -> printf(); the cast adds clutter for little value.procter2020-01-241-9/+9
| | | | | | | | | | - fprintf(stdout, ...) -> printf() - fputs(x, stdout) -> printf(); for consistency. fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump to /dev/null across a 20MB/~170k packet pcap file. ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-2/+2
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* support -T erspan so arbitrary gre protocols can be seen as erspandlg2019-05-261-1/+3
| | | | | | | this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box. ok lteo@
* support configuring BIOCSFILDROP with tcpdump.dlg2019-03-181-4/+18
| | | | | | | | | | this allows tcpdump to be used a quick and dirty firewall. it also looks like an amazing foot-gun, so be careful. for example `tcpdump -B drop -i ix1 udp and port 7` lets you completely drop discard packets in the hardware interrupt handler. ok sthen@ mikeb@ claudio@ visa@
* Hoist opening pf.os(5) fingerprints '-o' earlier so that it doesn'tbrynet2018-11-081-3/+3
| | | | | | | | | need to be unveiled at runtime in the monitor process. Cleanup the unused internal privsep "getlines" code, we now explictly fdpass the OS fingerprints file instead. ok mestre@ kn@
* add support for vxlan packets.dlg2018-07-061-1/+3
| | | | | I personally think vxlan looks suspiciously like gre, so I put the parser in print-gre.c
* add "tftp" as a type to use with -Tdlg2018-07-061-1/+3
| | | | | | | This forces UDP packets to be parsed as tftp messages, which is useful to see the DATA and ACK packets. They're usually on high ports which don't get matched by udp_print, which by default only handled tftp packets on port 69.
* Add "mpls" as a type to use with -Tdlg2018-07-061-1/+3
| | | | This allows arbitrary UDP packets to be parsed as MPLS.
* Add "gre" as a type to use with -Tdlg2018-07-061-1/+3
| | | | This allows arbitrary UDP packets to be parsed as GRE packets.
* rework ppp, pptp, and gre parsing.dlg2018-02-061-1/+2
| | | | | | | | | | | | | | | | | | | | | | this started cos i was looking at pptp, which came out like this: 23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap) 23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap) now it looks like this: 23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request 23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply the big improvement in ppp parsing is it stops parsing based on what the ppp headers say, rather than what bytes have been captured. this also adds parsing of EAP packets. DLT_PPP_SERIAL is now recognised and printed. gre now prints the outer addresses always, not just when it's encapsulated by ipv6 or -v is passed to tcpdump. ok sthen@
* Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysedmpi2018-02-031-1/+2
| | | | | | in wireshark. ok deraadt@, dlg@
* Convert snprintf+write into dprintf. It is simply easier to read, andderaadt2017-12-081-9/+5
| | | | | provides retry on short-write file descriptors. ok florian, previous versions seen by millert
* fork+exec model for tcpdump(8); re-exec the privileged child after forkbrynet2017-09-081-1/+5
| | | | | | | | | While tcpdump isn't a daemon in the traditional sense, it's not uncommon for people to have long running sessions. At least on OpenBSD, this is even safe thanks to the existing privsep design by otto@, canacar@ and pledge(2) work done by deraadt. ok deraadt@
* Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),reyk2016-11-161-1/+2
| | | | | | | | eg. tcpdump -y openflow -i switch0 Includes a minor bump for libpcap. Feedback and OK rzalamena@
* assign pointers to NULL rather than 0mmcc2015-12-221-2/+2
|
* Remove remaining instances of the register keyword.mmcc2015-11-161-8/+8
| | | | ok deraadt@
* pcap_stat fields are unsigned, print them as suchjca2015-10-281-3/+3
| | | | Patch from Kevin Reay.
* Remove conditional compilation and #defines around signal handlingguenther2015-10-141-12/+6
| | | | | | | Don't catch signals that were ignored on entry Suppress SIGCHLD if our kid is stopped: we don't care and it's not an error ok millert@
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-3/+3
|
* tcpdump is two-process privsep.deraadt2015-10-031-1/+3
| | | | | | | | | | | | | | | the packet processor pid is initialized on a socketpair, and then only does byte analysis. it can be protected using a "stdio" tame request. an successfull attack against it will find it cannot open files nor sockets, and faces various other limitations described in the tame(2) manual page. the monitor process can be restricted to "malloc cmsg inet ioctl dns rpath". that sounds like a large subset, but notice it cannot create or write files. maybe this set can be wittled down by hoisting more initialization code upwards? with help from canacar a while back.
* Move the BIOCGSTATS ioctl operation done by the tcpdump processderaadt2015-07-141-2/+2
| | | | | (at ^C time) into a services provided by the privsep monitor. ok canacar
* For ASCII dumps, tighten printable characters. \v and \f aren't.naddy2015-07-121-3/+5
| | | | ok semarie@ sthen@
* Convert many atoi() calls to strtonum(), adding range checks and failurederaadt2015-04-181-7/+10
| | | | | handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
* opt{ind,err,arg} are already knownderaadt2015-04-151-5/+1
|
* clean up flags++ instances around getopt()deraadt2015-02-091-16/+16
| | | | ok florian
* Prefer setvbuf() to setlinebuf() for portability; ok deraadt@millert2014-11-261-5/+1
|
* remove backwards compat layer for alpha osf1. back then compilers andderaadt2014-06-301-4/+1
| | | | | | the parsers sucked, so byte misalignment repair was requested. These days it means the parsers should improve. ok lteo
* cleanup offset argument in default_print_* functions, pointed out by Mike Smallsthen2012-07-111-9/+8
| | | | ok theo
* support -A to print the ascii text of captured packets. ok deraadt@sthen2012-07-101-3/+29
|
* remove support for the old pflog format, replaced in 2003henning2010-06-261-2/+1
| | | | ok ryan theo & herr reyksminister
* rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andderaadt2009-10-271-9/+1
| | | | | | | unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
* increase the default snaplen to 116, allows capture of pflog+ipv6+tcpsthen2009-02-141-3/+7
| | | | without knobs. ok djm, deraadt.
* add filtering on direction; ok mpf@ deraadt@ feedback jmc@djm2008-04-181-8/+18
|
* trash $Header goo which is just annoying; 5595deraadt2007-10-071-2/+2
|
* add -I option for printing the interfaces;markus2007-08-281-5/+11
| | | | ok hshoexer, henning, mcbridge (some time ago)
* No need to #include <netinet/in.h> twice. Noticed by Diego Casati.krw2007-08-131-3/+2
| | | | ok stevesk@
* Move a useless warning to the only case that uses it (-f) from canacar@todd2007-06-011-3/+4
| | | | ok beck@
* printing these version numbers in usage is ugly and uselessderaadt2006-06-161-9/+4
|
* Set signal handlers directly after the fork(2), so that we avoidmoritz2006-04-221-10/+15
| | | | | | | situations, where the privileged child dies before the unprivileged parent has set a signal handler for SIGCHLD. ok deraadt@ canacar@
* Remove remaining stuff from state QUIT, adjust some commentsmoritz2006-04-221-3/+3
| | | | and close a fd leak in read_infile(). ok deraadt@
* Add comments to please lint. No code changes. OK deraadtcloder2006-04-211-2/+4
|
* initialize program_name before we privsep, otherwise the child does notderaadt2006-04-171-14/+8
| | | | know our name
* Simplify error() and warning() a bit. From Alexey Dobriyan.moritz2006-03-131-3/+3
| | | | ok jaredy@ otto@
* Initialize snaplen also when reading a dump file. Fixes problemsotto2006-02-151-8/+7
| | | | | on 64bit archs when processing files with large snaplens, as seen by Alf Schlichting. ok moritz@ canacar@
* use new libpcap-provided datalink_x_to_y functions instead of local copiesdjm2005-11-181-61/+4
| | | | (with different prototypes); ok mpf@
* KNFmpf2005-10-071-3/+3
|
* support decapsulation of 802.11 data framesreyk2005-05-281-3/+6
| | | | ok canacar@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.