summaryrefslogtreecommitdiffstats
path: root/usr.sbin/tcpdump (follow)
Commit message (Collapse)AuthorAgeFilesLines
* off by one in bounds testjsg2021-03-021-5/+2
| | | | ok sthen@ millert@
* Print rewritten addresses in tcpdump(8) logged with pflog(4) forbluhm2021-01-201-13/+18
| | | | | | | | rdr-to, nat-to, af-to rules. The kernel uses the information from the packet description and fills it into the fields in the pflog header. While doing this, it is trival to figure out whether the packet has been rewritten. OK sashan@
* Don't link tcpdump(8) with libl and remove reference to `yydebug'.mvs2020-12-043-16/+8
| | | | From Martin Vahlensieck.
* Kill unused `ch' variable within safeputs routine. Also use putchar(3)mvs2020-12-031-6/+4
| | | | | | | | instead of printf(3) to output printable characters. Pointed by Martin Vahlensieck. ok gnezdo@
* Send print-skip.c to the attictb2020-11-052-915/+1
| | | | | | | | | | This was unhooked from the build in a code sync in 1996 and didn't make it into the upstream revision history. Prompted by a diff from Neeraj Pal that showed that this file wasn't compiled. ok jca kn
* Fix parsing GTP packets with invalid extended headers.jca2020-10-261-1/+6
| | | | | | | In GTP a zero extended header length is invalid, deal with this instead of looping forever. Report and fix by Peter J. Philipp, tweaked by me, ok kn@
* add geneve option printing.dlg2020-08-171-3/+63
| | | | mostly modelled on the nsh md2 printing.
* don't need to shift the vxlan vni twice.dlg2020-08-171-2/+2
|
* add initial support for handling geneve packets.dlg2020-08-175-7/+116
| | | | | | | it's like vxlan, but different. the most interesting difference to vxlan is that the protocol adds support for adding optional metadata to packets (like nsh). this diff currently just skips that stuff and just handles the payload. for now.
* Avoid integer underflow due to tiny snaplenkn2020-07-211-1/+6
| | | | | | | | | | | | For DLT_NULL and DLT_LOOP interfaces, print-null.c passes `caplen - NULL_HDRLEN' as length to default_print() which takes an unsigned integer, hence if caplen is smaller than the header itself (four octets), this difference wraps around. Exit early in such cases and print the expected truncation marker "[|null]" instead. Feedback OK dlg
* Remove unused variable "caplen"kn2020-07-201-2/+1
| | | | No object change.
* Add RCS markertb2020-06-211-0/+2
|
* wire the wireguard packet printer into tcpdump.dlg2020-06-215-8/+21
| | | | from Matt Dunwoodie and Jason A. Donenfeld
* don't claim packets as wg if there's not enough captured bytes to read.dlg2020-06-211-1/+11
|
* cope with a truncated capture of a packet. this avoids reading invalid mem.dlg2020-06-211-11/+27
|
* add a printer for wireguard messages, but not hooked up just yet.dlg2020-06-211-0/+126
| | | | from Matt Dunwoodie and Jason A. Donenfeld
* properly pass the number of strings in an array to gtp_print_str.dlg2020-05-201-10/+17
| | | | from miod
* add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)remi2020-04-155-6/+307
| | | | ok dlg@
* Spell "status" correctly.patrick2020-03-231-2/+2
| | | | ok jasper@ mpi@
* extend decoding of control transfers:jasper2020-02-241-1/+198
| | | | | | | | - print the stage name - print additional information about the request for Setup packets - GET_DESCRIPTOR requests are further decoded tweaks and ok mpi@
* fix a crash when printing the contents of a malformed packet where the packetjasper2020-02-221-2/+2
| | | | | | | | length was smaller than the sizeof the usbpcap header. we'd end up passing a negative value as the length to default_print(). found with afl-fuzz ok mpi@
* - print 'dlen=' to make it more clear what that number indicatesjasper2020-02-121-9/+11
| | | | | | | - add missing rcs id - use 'goto trunc' as is common with other printers ok mpi@
* - (void)printf() -> printf(); the cast adds clutter for little value.procter2020-01-2440-727/+721
| | | | | | | | | | - fprintf(stdout, ...) -> printf() - fputs(x, stdout) -> printf(); for consistency. fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump to /dev/null across a 20MB/~170k packet pcap file. ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest
* add support for printing RFC 8300 Network Service Header (NSH)dlg2019-12-035-7/+329
| | | | ok deraadt@
* add support for VXLAN-GPE as per draft-ietf-nvo3-vxlan-gpe-08.dlg2019-12-022-34/+82
| | | | | it's nicely backwards compatible, so we can use the same code for both vxlan and vxlan-gpe.
* the dhcp6 printing doesn't need these files anymore.dlg2019-12-022-275/+0
| | | | | | | | they were based on draft-ietf-dhc-dhcpv6-14, which was not what ended up in the dhcpv6 rfc(s). the current printing code is a lot smaller and self contained. ok deraadt@
* rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.dlg2019-12-023-280/+159
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it looks like this code was using draft-ietf-dhc-dhcpv6-14 from 1999. there were 27 drafts, and by the time it got to draft 23 and the rfc it was significantly different. this code for draft 14 cannot handle actual dhcpv6 messages. im kind of surprised (disappointed?) that noone noticed before. i only noticed cos the code was segfaulting on sparc64, and when i tried to fix it the resulting messages looked nothing like what stock tcpdump produced. the main difference between the early drafts and what ended up in the rfc is that the base dhcpv6 messages in early drafts were large structure with a lot of fixed fields, while the rfc settled on a 4 byte header that contains a 1 byte message type and a 3 byte transaction id. the rest of the messages are built from dhcp options fields. this cuts all the old handling out, and fixes the fault in the options handling by using EXTRACT_16BITS to get at the code and length fields instead of using ntohs. dhcpv6 explicitly states that it does not align options, so this is necessary to avoid faults on strict alignment archs anyway. no options are pretty printed at the moment, you just get a numeric type, a length, and a hexdump of the value. this is still better than the garbage that the draft parsing produced. if someone is interested in making this easier to read, it would be a straightforward and well contained project to better handle option printing. ok deraadt@
* OpenFlow 1.3 defines packet header patterns of interest using TLVs (OXMs)akoshibe2019-11-271-88/+38
| | | | | | | | | | | | | that represent various header fields. One place where OXMs are used is in the sef_field action, which contains one OXM representing the header field to set, followed by padding to align the action in the OpenFlow message to 64 bits. Currently, we assume that a set_field action can contain multiple OXMs and that they do not need to be padded. This matches the way we handle OpenFlow messages that contain set_field actions so that we follow the specs. OK ori claudio
* mention in tcpdump(8) description of -i that one can use either a networksthen2019-11-061-2/+5
| | | | or a USB device. ok mpi
* fix inconsistency; from tim kuijstenjmc2019-10-311-3/+3
| | | | agreed by deraadt
* pcap-filter now section 5: adjust Xrjmc2019-09-251-4/+4
|
* print the IPs on ESP packets.dlg2019-09-192-3/+6
| | | | | | this was lost when tcpdump learnt to look inside udpencap. found by, and ok markus@
* CDP's Native-VLAN-ID does not need a substraction.martijn2019-09-111-5/+6
| | | | | | While here add a link to the documentation. OK sthen@
* pcap-filter is now section 7;jmc2019-09-031-4/+4
|
* one more ethers.3 -> ether_aton.3;jmc2019-08-301-2/+2
|
* catch up to ethers(3)->ether_aton(3) renamingderaadt2019-08-301-2/+2
|
* mop up for the pcap.3 rename;jmc2019-08-301-3/+3
| | | | help/ok deraadt
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-3/+3
|
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-285-25/+25
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* support -T erspan so arbitrary gre protocols can be seen as erspandlg2019-05-264-7/+20
| | | | | | | this lets me configure a custom gre protocol on a dell s4810 or s5048 and see what's inside it when it lands on an openbsd box. ok lteo@
* handle ERSPAN type Idlg2019-05-171-4/+10
| | | | | | | | | | type I and II share their GRE protocol, but you tell them apart by checking if a sequence number is used. type I does not use a sequence number and contains a bare ethernet frame. type II contains a sequence number and a shim header that is already handled by the code. tested with a Dell S5048F-ON and an encapsulated remote port mirror setup.
* Support extended shutdown communications in tcpdump as well.claudio2019-05-111-10/+11
| | | | OK sthen@ deraadt@
* md5 auth has useful information on the wire that helps when fixing issuesdlg2019-04-142-4/+23
| | | | | | | print at least the key-id, and seq when -v is set, and the offset and len when -vv is set. ok sthen@ bluhm@
* print the gre protocol number as hex when vflag is enableddlg2019-04-051-1/+4
| | | | | this is useful for telling the MPLSes apart, and generally understanding what you're seeing.
* support printing cdp over gre and pppdlg2019-04-055-14/+16
| | | | ok deraadt@ mpi@ sthen@
* print MPLS_MCAST as mpls, rather than unknowndlg2019-04-021-1/+2
| | | | | | | | | | | | The caveat with this is that MPLS and MPLS_MCAST look exactly the same. I could prefix the MCAST line with "multicast" or something, but like everything else in MPLS the meaning of that protocol type is supposed to have changed. It's no longer meant to indicate multicast mpls, but mpls with a label selected by an upstream. So what's the right thing to do? noticed by Mitchell Krome, who used this breakage to identify another problem, which won't happen anymore.
* tweak previous;jmc2019-03-181-4/+4
|
* support configuring BIOCSFILDROP with tcpdump.dlg2019-03-185-15/+52
| | | | | | | | | | this allows tcpdump to be used a quick and dirty firewall. it also looks like an amazing foot-gun, so be careful. for example `tcpdump -B drop -i ix1 udp and port 7` lets you completely drop discard packets in the hardware interrupt handler. ok sthen@ mikeb@ claudio@ visa@
* handle Cisco's Encapsulated Remote Switch Port Analyzer (ERSPAN) protocoldlg2019-02-051-1/+104
| | | | | | | | | ERSPAN II is an 8 byte header before an ethernet payload. the switch at work doesnt produce erspan III, so I haven't handled that yet. this at least let's me see what's on the wire so i can contemplate how i want to deal with the payload. based on draft-foschiano-erspan-03
* fix microsecond output of timestamp deltas (-tttt)procter2019-01-261-17/+15
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.