| Age | Commit message (Collapse) | Author |
|---|
|
Fixing filters on DLT_LOOP revealed that we treat DLT_NULL, DLT_ENC and
DLT_LOOP the same way even though DLT_LOOP stores the AF value in network
not byte order like the rest.
This amends the missing conversion which ought to land with the recent
commit exposing the byte order mismatch:
revision 1.53
date: 2020/07/21 22:44:55; author: dlg; state: Exp; lines: +2 -2;
DLT_LOOP does have a link header, so tell pcap-filter so it can use it.
...
debugged with and ok kn@
Discussed with bluhm who reported src/regress/sys/netinet6/rip6cksum/
failing on i386 after above commit.
The comment in this commit is taken from libpcap upstream as is modulo
additional file-save related byte-order handling which we don't seem to do.
OK bluhm
|
|
pointed out by tb@, who also provided the diff.
maybe someone should/could add a Symbols.list here?
ok tb@ deraadt@
|
|
the use of the sample keyword matches similar config in other
products.
NUM can be a number between 2 and 1048576, and is used to divide
0x100000000 into a threshold that is then compared against a randomly
generated number produced by a load of BPF_RND.
having sampling as part of the grammar means you can write things
like "icmp or sample 128". this lets you capture all icmp traffic
and a sample of the rest of the traffic.
ok jmatthew@ kn@ tb@
|
|
this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can print it as 'ld #random'. most of the handling is
copied from the "len"/"length" keywoard handling that generates and
decodes a load of the actual wire length of the packet.
ok jmatthew@ tb@ kn@
|
|
matthieu@ reported that asking tcpdump to look at ip or ip6 traffic
on a wg(4) interface caused all packets to be captured. this is
because pcap assumes that if your link type doesn't have a link
header then it is always ip or ip6 (which is weird anyway) and
captures everything.
there was already code to generate a filter for the DLT_LOOP link
header, it was just bypassed cos earlier code said that there wasn't
one.
debugged with and ok kn@
|
|
ok djm
|
|
djm pulled support in for pcap_breakloop on the bpf side of things,
this makes it work when reading files too.
from Caspar Schutijser
lteo@ seems keen
ok djm@
|
|
|
|
|
|
ok jmc
|
|
|
|
conversion suggested by deraadt, as well as renaming
from section 7 to section 5;
ok deraadt
|
|
mostly cobbled together from a pre-mandoc tcpdump manual page, and desperately
needs some loving. First step is to name it right.
Discussed with jmc
|
|
this page should be called by one of the functions, so i chose the first
one: pcap_open_live(3)
|
|
this allows "tcpdump ether proto slow", which makes looking at lacp
frames a bit easier.
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
text tweaked and ok djm
|
|
ok djm
|
|
OK claudio@ jca@
|
|
OK dlg@
|
|
OK jca@ (from a long time ago...)
|
|
|
|
returns to const pointers:
- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().
Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.
|
|
ok tb@ millert@ krw@
|
|
libpcap-based program to process packets as soon as they arrive.
feedback from jasper@
ok jca@
(a long time ago)
|
|
shlib version doesnt need a bump before no new symbols were added
or removed.
part of a larger diff that was ok sthen@
|
|
in wireshark.
ok deraadt@, dlg@
|
|
OK jca@ kettenis@ job@
|
|
okay millert@
(forgot the obvious scanner.l tweak in my diff)
|
|
attribute is an obsolete way of saying "noreturn". clang doesn't
recognize it and the function is already marked __dead so it is
superfluous anyway.
|
|
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
|
this lets me go "tcpdump ether proto lldp" to easily read lldp packets
off the wire without other noise getting in the way.
ok deraadt@ jca@ sthen@
|
|
tcpdump directly uses eproto_db even though it is not part of the
libpcap API. This means that we can't freely add members to this array,
else ld.so complains about size mismatches. Keep the data in a static
array instead and make it usable by tcpdump through a pointer whose size
won't change in the future. A minor bump is enough here for ld.so to
stop complaining.
While here, mark _eproto_db and llc_db as const, as they are meant to
be.
Suggested by and ok deraadt@
|
|
OK rzalamena@
|
|
eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
|
|
|
sthen@. to make remote upgrades without media less painful.
ok tb@
|
|
|
|
|
|
ok lteo@ "go for it" dlg@
|
|
No functional change.
ok guenther@
|
|
the code was confusing around how it dealt with packets in mbufs
vs plain memory buffers with a lenght.
this renames bpf_filter to _bpf_filter, and changes it so the packet
memory is referred to by an opaque pointer, and callers have to
provide a set of operations to extra values from that opaque pointer.
bpf_filter is now provided as a wrapper around _bpf_filter. it
provides a set of operators that work on a straight buffer with a
lenght.
this also adds a bpf_mfilter function which takes an mbuf instead
of a buffer, and it provides explicit operations for extracting
values from mbufs.
if we want to use bpf filters against other data structures (usb
or scsi packets maybe?) we are able to provide functions for
extracting payloads from them and use _bpf_filter as is.
ok canacar@
|
|
correctly - logically complete that now by removing MLINKS from base;
authors need only to ensure there is an entry in NAME for any function/
util being added. MLINKS will still work, and remain for perl to ease
upgrades;
ok nicm (curses) bcook (ssl)
ok schwarze, who provided a lot of feedback and assistance
ok tb natano jung
|
|
ok tb@ millert@
|
|
|
|
ok deraadt@
|
|
ok deraadt@
|
|
|
|
ok guenther@
|
|
ok guenther@
|
