summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Restore packetp and snapend pointers once we're done with an incorrectlymikeb2014-12-032-11/+22
| | | | | | | | aligned IP/IPv6 packet so that tcpdump can print hexdump of the whole packet including the Ethernet header (if requested) and not only the IP/IPv6 part of it. ok jsg
* Fixup a crash found by jsg using the AFL fuzzer. IP and IPv6 printingmikeb2014-12-032-7/+12
| | | | | | | routines should check that there's at least a complete IP/IPv6 header available in the buffer before trying to do anything else. ok jsg
* Prefer setvbuf() to setlinebuf() for portability; ok deraadt@millert2014-11-261-5/+1
|
* better length handling. Fixes a crash found with the afl fuzzer.jsg2014-11-201-1/+6
| | | | slightly tweaked version of an earlier diff ok'd by djm@ and miod@
* sanity check the length of the packet in the pcap headerjsg2014-11-201-2/+2
| | | | | | fixes a crash found by the afl fuzzer ok djm@ miod@
* Make ip6_print() take an unsigned length matchingjsg2014-11-202-5/+5
| | | | | | | | | | | ip_print() and others. Allows code deciding on a minimum length to memmove() to work as intended, preventing various crashes found with the afl fuzzer. Callers of ip6_print() should of course be fixed to provide sane lengths as well. ok deraadt@ djm@
* obvious malloc() -> reallocarray() oflow check; ok dougderaadt2014-10-081-2/+2
|
* No use for <netinet/in_systm.h> nor <netinet/tcpip.h>.mpi2014-08-1444-96/+44
|
* Fix tcpdump(8) display of logical link control data in IEEE802 frames.stsp2014-07-201-2/+2
| | | | | | The frame subtype field is in the first byte of frame control but tcpdump(8) was looking at the second byte to determine if this is a data frame. Patch by Nathanael Rensen, thanks!
* Tcpdump did not show the OSPF router id of hello packets if it wasbluhm2014-07-042-6/+3
| | | | | | equal to the source ip address. This is confusing and inconsistent with IPv6. So always print the rtrid. OK stsp@
* remove backwards compat layer for alpha osf1. back then compilers andderaadt2014-06-304-79/+3
| | | | | | the parsers sucked, so byte misalignment repair was requested. These days it means the parsers should improve. ok lteo
* Instead of showing the difference between a bad checksum and a goodlteo2014-06-205-34/+46
| | | | | | | | | | | | | | checksum, make tcpdump (with the -v flag) show the actual bad checksum within the IP/protocol header itself and what the good checksum should be, e.g. "[bad tcp cksum abcd! -> d1e6]" This change applies to IP, TCP (over IPv4 and IPv6), UDP (over IPv4 and IPv6), ICMP, and ICMPv6. This commit also fixes several inconsistencies in the way bad checksums were displayed for these protocols. Tested on amd64, i386, and macppc. ok henning@
* Import in_cksum_shouldbe() from mainline tcpdump; this is needed by mylteo2014-06-203-4/+93
| | | | | | | upcoming commit which will fix and improve the display of bad checksums for the major protocols. ok henning@
* Expand the IP checksum offload subsection to mention the same issue withlteo2014-06-031-4/+4
| | | | | | | protocol checksum offload, where tcpdump might see bad checksums on valid packets. ok henning@ jmc@
* Don't print a "weird flag" type warning "[b2&3=0x2400]" for DNS NOTIFYsthen2014-05-232-4/+7
| | | | | | messages which should be sent with AA set. Adapted from a patch at http://marc.info/?l=tcpdump-patches&m=98115734907026&w=2 pointed out by Peter J. Philipp, ok henning@
* Add pcap-filter(3) to the SEE ALSO section.lteo2014-02-191-2/+3
| | | | ok jmc@
* Don't segfault on IPv6 NFS traffic; found the hard why by matthieu@.florian2014-02-052-9/+46
| | | | | | Fix inspired by what upstream is doing. Tested by me and matthieu@. Input^WHand holding and OK guenther@
* show that zero checksums are invalid for UDP over IPv6; input & ok bluhm@naddy2014-01-261-2/+4
|
* plen is unsignedderaadt2014-01-121-3/+3
|
* Let tcpdump detect bad ICMPv6 checksums with the -v flag.lteo2014-01-111-1/+42
| | | | | | Tested on amd64, i386, loongson, and macppc. OK florian@
* Let tcpdump detect bad ICMP checksums with the -v flag.lteo2014-01-111-2/+12
| | | | | | Tested on amd64, i386, loongson, and macppc. OK florian@
* Make icmp_print() accept the length variable, which is the length of thelteo2014-01-114-10/+11
| | | | | | | | | | | | | packet without the IP header. This is needed by the next commit that will allow tcpdump to detect bad ICMP checksums. Related functions like {tcp,udp,icmp6}_print() already accept this length variable, so this change makes icmp_print() consistent with them as well. This commit makes no functional change to tcpdump itself. OK florian@
* ctype cleanups, now that the kernel has u_char strings (that is thederaadt2013-12-221-15/+15
| | | | | easy road, otherwise this would be a righteous mess) ok florian
* no need for timeb.hderaadt2013-12-031-2/+1
|
* If a constant string needs a name, use a static const array instead of aguenther2013-10-271-2/+2
| | | | | | | | pointer or non-const array, as that minimizes the symbols, maximizes the placement into read-only memory, and avoids warnings from gcc -Wformat=2 when they're used as format strings. ok deraadt@
* These two programs got fooled by the KAME/NRL split and need type repair.deraadt2013-10-241-4/+4
| | | | | | They do not indicate a problem with the reduction of namespace export, but got suckered into the 1999 plan. ok benno
* use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@schwarze2013-07-161-5/+5
|
* In the EXAMPLES section, it is not very obvious that "localnet" is not alteo2013-07-101-9/+10
| | | | | | | | | | literal argument name due to lack of formatting, so replace it with an example network to make it clearer (discussed with and suggested by jmc@). While here, fix some style nits in a sentence to make it consistent with the other examples. ok jmc
* Do not install pcap-int.h to /usr/include as it is an internal librarylteo2013-06-191-1/+4
| | | | | | | | header (pointed out by matthew@). Let only pflogd and tcpdump include pcap-int.h directly since they need it for privilege separation. "looks good" sthen feedback/ok deraadt matthew millert
* fix glitches in unused source file; ok millertderaadt2013-04-161-2/+2
|
* Dump some more flags and subtypes in tcpdump. Especially flags used inclaudio2013-01-171-11/+43
| | | | power saving mode. OK giovanni@
* In the unlikely event that a NULL device is passed to priv_pcap_live(),lteo2012-11-141-2/+4
| | | | | | | ensure that the function will stop and return NULL instead of continuing (which could lead to a segfault). ok benno deraadt otto
* last stage of rfc changes, using consistent Rs/Re blocks, and moving thejmc2012-09-261-2/+9
| | | | references into a STANDARDS section;
* replay counter was bumped a while ago, update byte order conversion;mikeb2012-09-191-5/+6
| | | | | while here, improve the way information is printed out a bit. with input and ok camield, mpf
* - rfc 4835 obsoletes rfc 2406jmc2012-08-291-15/+23
| | | | | | - flesh out SEE ALSO ok sthen
* We maintain our own tcpdump, so remove the sentence in the BUGS sectionlteo2012-08-241-9/+2
| | | | | | | | | that asks users to send bug reports to mainline tcpdump. While here, fix two mandoc -Tlint warnings by removing unnecessary .Pp instances. ok deraadt jmc naddy
* Recognize additional DH groups; ok sthen naddymikeb2012-07-131-2/+4
|
* cleanup offset argument in default_print_* functions, pointed out by Mike Smallsthen2012-07-111-9/+8
| | | | ok theo
* support -A to print the ascii text of captured packets. ok deraadt@sthen2012-07-102-6/+40
|
* New attempt to make the -P flag work with -ss, so that states can belteo2012-07-081-8/+15
| | | | | | | | | | printed with port names if desired. tcpdump's pf_print_state.c has diverged significantly from pfctl's, so the change to tcpdump's pf_print_state.c is not exactly the same as pfctl's. ok henning sthen
* esp/ah sequence number is unsigned and should be printed as such;mikeb2012-05-031-3/+3
| | | | ok haesbaert, sthen, yasuoka, mpf
* Return an error much earlier if recvmsg failsderaadt2012-04-041-2/+4
|
* Fix a classical bug (= vs ==). OK stsp@ miod@claudio2012-02-191-2/+2
|
* Use safeputs() for radius, some decodes are likely to have unprintablesthen2012-01-281-2/+3
| | | | characters. ok mikeb@
* Print names rather than numbers for the old draft nat-t attributes,sthen2012-01-282-9/+15
| | | | cisco use these at least as recently as ASAs running 8.4(1)
* Print PPP-Max-Payload headers (for RFC 4638 PPPoe), part of a larger diffsthen2011-12-281-1/+5
| | | | from Matt Dainty. ok haesbaert@
* Teach some userland tools about NAT64. I think this is mostly from mikeb@claudio2011-10-132-10/+17
| | | | OK mcbride@
* Let tcpdump use the same format for printing IPv6 fragments as forbluhm2011-09-221-15/+8
| | | | | IPv4. Now it is id:len@off+more for both. ok jsing
* Revert r1.29. Now that the "C" locale is ASCII-only, this workaroundstsp2011-09-221-5/+1
| | | | is no longer needed. ok naddy
* extract 8 octets (as per RFC 2661) rather than a long; with jsing@naddy2011-09-181-2/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.