summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump (follow)
Commit message (Collapse)AuthorAgeFilesLines
* general cleanup and better SIGCHLD handling from millert@otto2004-01-314-23/+21
| | | | ok canacar@
* privilege separated tcpdump, joint work with otto@canacar2004-01-2817-158/+3207
| | | | | tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@
* 802.3X pretty printer (dead simple)jason2004-01-221-2/+36
| | | | jakob@: "seems reasonable"
* Increment the right pointers, so we don't print the same entries repeatedly.mcbride2004-01-211-4/+4
|
* Clean up pfsync output: print source address by default, pass -vv correctlymcbride2004-01-212-11/+17
| | | | to pf_print_state(), and other minor cleanup.
* If you go through the trouble of caching the name of the last printedotto2004-01-201-2/+3
| | | | rpc num, you might as well use it later too. ok canacar@
* Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogusotto2004-01-184-113/+153
| | | | | | DNS traffic. ok canacar@ jakob@
* Input should be atleast an isakmp_header long. otto@, markus@ ok.ho2004-01-151-5/+4
|
* print tcpmd5 signature options; with/ok itojunmarkus2004-01-151-2/+11
|
* Avoid duplication of code; handle truncated packets properly; useotto2004-01-101-32/+15
| | | | fn_print to print strings. Joint work with & ok canacar@.
* Avoid messing up the screen by non-printable chars in hostname +otto2004-01-091-8/+10
| | | | sync with tcpdump.org. ok canacar@
* zap unused variable; ok mcbridepvalchev2004-01-041-3/+2
|
* Many improvements to the handling of interfaces in PF.cedric2003-12-311-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
* Unbreak tree by using correct PFSYNC_ACT_UREQ #define.mcbride2003-12-281-4/+3
| | | | Also remove unused hlen variable.
* Add a new PFSYNC_ACT_UREQ message type.mcbride2003-12-281-2/+16
| | | | | | | A pfsync system which recieves a partial update for a state it cannot find can now request a full version of the update, and insert it. pfsync'd firewalls now converge more gracefully if one is missing some states (due to reset, lost insert packets, etc).
* Zero out the pf_state struct before filling it with data from themcbride2003-12-271-2/+3
| | | | pfsync_state struct.
* Fix unbounded recursion and an unsigned/signed mixup. Resolves PR 3610.otto2003-12-221-6/+8
| | | | ok deraadt@ millert@
* Argh. Calculate the length really, really correctly.mcbride2003-12-191-3/+3
|
* Calculate the length of the captured pfsync payload correctly when printingmcbride2003-12-191-3/+3
| | | | | | pfsync packets recieved on the wire. Prevents printing of giberish states with snaplen smaller than the mtu of syncif on the sender, and probably other ungoodness.
* Recognize NAT-D and NAT-OA payloads. markus@ ok.ho2003-12-182-3/+11
|
* Change pfsync IP protocol and multicast group numbers.mcbride2003-12-171-3/+3
| | | | | | | IPPROTO_PFSYNC -> 240 INADDR_PFSYNC_GROUP -> 224.0.0.240 ok deraadt@
* Add initial support for pf state synchronization over the network.mcbride2003-12-153-43/+100
| | | | | | | | | | | | | | | | | | | | | | | | | Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@
* Return proper anchor rule number in correct byte order.dhartmei2003-11-081-2/+3
| | | | From Pyun YongHyeon. ok henning@, canacar@
* typos from Jonathon Gray;jmc2003-11-081-2/+2
|
* Print "|pfsync" if the packet is truncated, not "|pflog".mcbride2003-11-081-3/+3
|
* Make tcpdump -x work with pfsync.mcbride2003-11-051-2/+4
| | | | ok dhartmei@
* - newline before printing first state (so they all line up and the firstmcbride2003-11-021-6/+4
| | | | | | | state doesn't wrap) - No need to print the rule number, that's included in the -v output. ok dhartmei@ canacar@
* Default snaplen is 96 not 68, from Pyun YongHyeon, ok deraadt@dhartmei2003-10-121-4/+4
|
* Make it compile without INET6, from Max Laier, ok deraadt@dhartmei2003-10-121-3/+7
|
* - simplify macrosjmc2003-09-252-739/+477
| | | | | | - sort options - typos and formatting improvements - sync usage() and SYNOPSIS
* Fix 'tcpdump -v icmp' endianess buglet, print ID in hex.cedric2003-09-081-4/+5
| | | | Found by ho@, help/test pb@, hex suggestion/ok deraadt@
* put escapes in the right place;jmc2003-09-041-2/+2
| | | | | | (i.e. stuff I got wrong the first time, or missed) this includes some .Cd's with missing quotes and .Nm abuse in man4;
* escape punctuation; (and a nit in openssl.1)jmc2003-09-021-3/+3
| | | | ok deraadt@
* tweak;jmc2003-08-281-4/+5
| | | | ok frantzen@
* print the operating system of TCP SYN packets with the -o optionfrantzen2003-08-215-11/+81
|
* add support for ESP decryption; ok deraadt@; feedback mickey@;markus2003-07-174-29/+211
| | | | many manpage fixes from jmc@
* macro fixes;jmc2003-07-141-5/+4
|
* print ip_{src,dst} again; ok henning@markus2003-07-081-4/+2
|
* ansi and protosderaadt2003-06-261-2/+3
|
* #ifdef INET6dhartmei2003-06-211-2/+10
|
* count packets and bidirectionally on state entries, allowing for fine-graineddjm2003-06-211-4/+6
| | | | | | | traffic reporting w/ pfsync; ok dhartmei@ Note: ABI change (new fields in struct pf_state), requires a rebuild of pfctl and tcpdump.
* - section reorderjmc2003-06-121-17/+19
| | | | | | - macro fixes - kill whitespace at EOL - new sentence, new line
* support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@markus2003-06-114-5/+64
|
* last bit of clause 3 & 4 nuking for me.jason2003-06-033-19/+4
|
* Remove the advertising clause in the UCB license which Berkeleymillert2003-06-023-18/+6
| | | | rescinded 22 July 1999. Proofed by myself and Theo.
* three four kill ...mickey2003-06-021-6/+1
|
* remove -Werror; ok millertpvalchev2003-05-221-2/+2
|
* libpcap and tcpdump now understand the new pflog datalink type.canacar2003-05-144-15/+139
| | | | | | old datalink type is still recognized. ok henning@ dhartmei@ frantzen@
* %d is 12 chars, not 10; ok deraadtpvalchev2003-04-141-3/+3
|
* invalid mdoc macrosdavid2003-04-081-2/+2
| | | | | caused words to disappear from the output ok jmc@ a while ago
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.