Age | Commit message (Collapse) | Author |
|
requested by bluhm@ as it broke some regress tests for no good
reason.
|
|
|
|
I personally think vxlan looks suspiciously like gre, so I put the
parser in print-gre.c
|
|
|
|
previously they all had (const u_char *)(up + 1), which was messy.
|
|
This forces UDP packets to be parsed as tftp messages, which is useful
to see the DATA and ACK packets. They're usually on high ports which don't
get matched by udp_print, which by default only handled tftp packets on
port 69.
|
|
This allows arbitrary UDP packets to be parsed as MPLS.
|
|
|
|
This allows arbitrary UDP packets to be parsed as GRE packets.
|
|
This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I noticed inconsistent IPv4 vs IPv6 handling.
Apart from the default "srcip.srcport > dstip.dstpor" output, all
the other places that IP addresses were printed assumed IPv4. It
looks like it is possible that udp_print() can be called without
an IP header, which made these blind IPv4 prints turn into NULL
derefs.
This fixes the problem above by only having a single place that
prints the addresses out, and makes sure to get the difference
between IPv4, IPv6 and no IP correct.
This changes how the checksum is calculated. It incrementally builds
the UDP checksum by feeding the IPv4 and v6 addresses in separately,
then using common code for the rest of the pseudo header and actual
payload.
Lastly, this does make printing the space between the UDP header
and its payload consistent. The UDP code is now responsible for
adding a space after itself so the payload parsers don't have to.
They got it wrong in some cases anyway, so this should be a lot
more uniform.
help and ok sthen@
|
|
this is part of a bigger change that refactors udp handling, but
works on hosts of both endians.
discussed at length with proctor@
ok sthen@
|
|
ok claudio@ mpi@ benno@ bluhm@ deraadt@
|
|
ok deraadt@
|
|
eoip is a twisted gre based protocol using version 1 like pptp, but
a different protocol id. this splits the gre 1 protocol handling
up so it doesn't assume that all packets are pptp, but decides
between eoip and pptp based on the protocol field. unknown protocols
are unknown rather that assumed to be pptp.
ok sthen@
|
|
While here, also delete the obsolete .Tn macros.
|
|
the vlan specs have the priority of 0 and 1 swapped on the wire,
which is how the kernel handles them. eg, if you use pf to set prio
1, it will end up being 0 on the wire. this makes 0 on the wire
come out as 1 in tcpdump so it is consistent with the rest of the
tooling.
ok henning@
|
|
|
|
|
|
ether_print just prints the ether header.
|
|
peek inside the payload to see if the first nibble looks like ipv4.
if it isnt ipv4 assume it is the wccp header.
|
|
|
|
|
|
|
|
|
|
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap)
23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request
23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on
what the ppp headers say, rather than what bytes have been captured.
this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the
outer addresses always, not just when it's encapsulated by ipv6 or
-v is passed to tcpdump.
ok sthen@
|
|
in wireshark.
ok deraadt@, dlg@
|
|
provides retry on short-write file descriptors.
ok florian, previous versions seen by millert
|
|
The ioctl(2) it defines is not supported since a long time and most of
its defines are already present in tcpdump(8).
ok jca@
|
|
|
|
While tcpdump isn't a daemon in the traditional sense, it's not uncommon
for people to have long running sessions. At least on OpenBSD, this is
even safe thanks to the existing privsep design by otto@, canacar@ and
pledge(2) work done by deraadt.
ok deraadt@
|
|
instead of lazily dumping them in hex.
ok mpi@
|
|
|
|
annotate the ones which are needed.
|
|
ok benno@
|
|
okay deraadt@
|
|
OK deraadt@
|
|
OK claudio@
jmc@ doesn't object
|
|
|
|
code 7 is for enhanced route refresh.
OK claudio@ phessler@
|
|
never enabled. Also add error codes for FSM.
With input from Job Snijders.
OK phessler@ (previous version), claudio@, deraadt@
|
|
Apply three commits from pfctl/pfctl_osfp.c
OK bluhm@
|
|
OK deraadt@
|
|
#ifdef _KERNEL, so it does not work automatically. This prevents
some bogus uid and pid print when dumping from pflog interface.
from Matthias Pitzl; OK deraadt@
|
|
From Job Snijders <job -AT instituut -DOT- net>, thanks!
ok canacar@, deraadt@
|
|
around for two releases, it should be safe to do so.
ok bluhm deraadt sthen tb yasuoka
|
|
|
|
was displayed if HT protection was disabled. Now it displays as "htprot none".
ok sthen@
|
|
ok florian@
|
|
These values are in microseconds, not milliseconds.
ok sthen@
|
|
|