summaryrefslogtreecommitdiff
path: root/usr.sbin/tcpdump
AgeCommit message (Collapse)Author
2010-06-07minimal decode support for IKEv2 exchange types and payloads.Jonathan Gray
ok deraadt@ sthen@
2010-04-06Add support for decoding MLDv2 initially from tcpdump.org via FreeBSD,Jonathan Gray
cleaned up to be less gross after some suggestions from stsp. ok stsp@
2010-01-20Print RFC3947 NAT Original Address (NAT-OA) payloads, they're a subsetStuart Henderson
of the id payload, so using the existing id printer. ok dlg@
2010-01-17add a printer for IPV6CP (IPv6 Control Protocol); ok sthen@Christian Weisgerber
2010-01-17* remove a nonsensical print statement left over since antiquityChristian Weisgerber
ok yasuoka@ * add many missing truncation checks and don't output control characters to the terminal ok sthen@
2010-01-14Include the link-level header in the hex output if both the -x and -eJoel Sing
options are specified. ok claudio@ sthen@ deraadt@ jmc@
2010-01-13revert previous and allow reading the last element of the array; ok deraadt@Christian Weisgerber
2010-01-12Add TCP/UDP checksum display for v6 and clean up the checksumChristian Weisgerber
calculation. Mostly from tcpdump.org; ok jsing@
2010-01-03blank lines not allowed outside literal context;Ingo Schwarze
syntax errors found by mandoc(1), also required to fix the mandoc build; ok jmc@
2009-12-03Adjust pflog BPF descriptions, problem pointed out by jmc@Stuart Henderson
- sync actions with PF changes (pass/block/match not just pass/block, and remove some binat/nat/rdr entries) - list all reason codes in tcpdump(8) ok henning jmc
2009-11-27Print outer ipv6 addresses for encapsulated packets only if tcpdumpAlexander Bluhm
is run with -v. This behavior is analog to ipv4. ok mpf@ todd@
2009-11-12for packets with unknown payloads (outside the range of our knowledge) simplyTheo de Raadt
treat them the same as truncated packets ok sthen
2009-11-12fix read-one-beyond-of-array errors; ok sthen jsgTheo de Raadt
2009-11-11Don't leak memory in error case.Jonathan Gray
Found by parfait.
2009-11-09the new protocol moved insert and update.David Gwynne
2009-11-04Add support to tcpdump for decoding the GPRS Tunnelling Protocol (GTP),Joel Sing
used to carry GPRS data over IP for GSM and UMTS networks. The decoder understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however at this stage not all TLV fields are fully decoded. This work has been kindly sponsored by SystemNet AS (www.systemnet.no). "commit" deraadt@
2009-11-04Sort port numbers and fix indentation.Joel Sing
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
2009-10-28a few leftovers from yesterday's SCCS/RCS-ID removal;Ingo Schwarze
survived a full make build on i386; "sure" deraadt@
2009-10-28rcsid[] and sccsid[] and copyright[] are essentially unmaintained (andTheo de Raadt
unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
2009-09-08Make the BGP OPEN capability parser RFC 5492 compliant. While there addClaudio Jeker
additional checks to make sure the known capabilities are correctly encoded and not truncated. Help and OK sthen@
2009-09-07Teach the printer about capabilities, new cease codes, end-of-rib marker,Stuart Henderson
and handle 32-bit ASN. ok claudio@
2009-08-25djm accidentally changed the type of dirfilt in the prototypesJonathan Gray
of pcap_live and priv_pcap_live in rev 1.6 to differ from the implementations, change the type back to what it was. ok djm@
2009-07-30add missing " when printing an error string. ok henning@Stuart Henderson
2009-07-12don't cast lvalue, no binary change.Jonathan Gray
2009-05-25add a missing check for truncated dport in the returned UDP header forStuart Henderson
ICMP_UNREACH_PORT. from Peter J. Philipp, ok jsing@. Closes system/6149.
2009-04-17correcto in comment; from Amarendra GodboleJason McIntyre
2009-04-06teach tcpdump about match rulesHenning Brauer
2009-03-31do not include space in the end of the from for a hmac. after discussionDavid Gwynne
with deraadt@, mcbride@, and mpf@ it is obvious that a hmac doesnt make sense for pfsync. this also firms up some of the input parsing so it handles short frames a bit better.
2009-03-04print alarm condition from leap indicator; ok henning@ otto@Kevin Steves
2009-02-23better detect short frames. always print the version and length of theDavid Gwynne
frame according to the pfsync header. dont try to parse an unsupported version of the protocol.
2009-02-18Print spi in lowercase hex for consistency with print-enc.c and ipsecctl.Ryan Thomas McBride
ok hshoexer msf
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC this is a new variant of the protocol and a large reworking of the pfsync code to address some performance issues. the single largest benefit comes from having multiple pfsync messages of different types handled in a single packet. pfsyncs handling of pf states is highly optimised now, along with packet parsing and construction. huggz for beck@ for testing. huge thanks to mcbride@ for his help during development and for finding all the bugs during the initial tests. thanks to peter sutton for letting me get credit for this work. ok beck@ mcbride@ "good." deraadt@
2009-02-14document increased default snaplen; pointed out by dhillStuart Henderson
2009-02-14increase the default snaplen to 116, allows capture of pflog+ipv6+tcpStuart Henderson
without knobs. ok djm, deraadt.
2009-01-29In tcpdump some printf() had an additional \n at the end. RemovingAlexander Bluhm
that new line restores the one-line -> one-packet semantics. ok hshoexer@, henning@, markus@
2008-12-29Recognize MPLS packets over loopback interfaces.Michele Marchetto
OK canacar@
2008-12-18Instead of directly applying ntoh*() to fields of the capturedHans-Joerg Hoexer
packet and thus modifying it use local varialbes instead. Otherwise, hexdumping packets shows corrupted data. ok markus@ some time ago
2008-12-05add ethertype and tcpdump support for VLAN stacking (QinQ) withStuart Henderson
type number 0x88a8 specified by 802.1ad. from reyk on misc@. "ok, go for it" dlg
2008-11-29revert my last change -Reyk Floeter
the xauth vendor id is a hash of "draft-ietf-ipsra-isakmp-xauth-06.txt" and defined in the document "draft-ietf-ipsec-isakmp-xauth-06.txt".
2008-11-29fix typo in 'draft-ietf-ipsec-isakmp-xauth-06.txt'Reyk Floeter
ok hshoexer@
2008-10-22fix format of AS number outputJoerg Goltermann
ok henning@
2008-10-16Add support for IEEE "slow protocols" LACP, MARKER as per 802.3ad.Marco Pfatschbacher
Code from tcpdump.org with cleanup and shrinkage by me. Help and ideas for extra sanity checks from canacar@ OK canacar@
2008-10-10Fix -X output of ppp packets. Inspired by PR4624 and especially the patchClaudio Jeker
provided by canacar@. I just modified it a bit to skip the data link proto number as well. OK deraadt@
2008-09-19Merge printb() fix from ifconfig.c -r 1.157:Marco Pfatschbacher
Don't increment a pointer *before* testing it for NULL. OK canacar@
2008-06-27More removal of clauses 3 and 4 from NetBSD licenses.Ray Lai
OK deraadt@ and millert@
2008-06-16use correct struct when checking DF or INET6, ok frantzen@ months agoDavid Krause
forgotten in one of my trees
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
- Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs.
2008-05-09Don't just ntohl() the hours, but everything of the stateMarco Pfatschbacher
creation time. OK mcbride@, henning@.
2008-04-21add a short section on checksum offloading, based on a diffJason McIntyre
from Alf Schlichting; help/ok henning