13 years agotcpdump.1 is generated from tcpdump-4.0
guy [Mon, 15 Dec 2008 00:10:56 +0000 (00:10 +0000)] 
tcpdump.1 is generated from

13 years agoBring the version number up to date.
guy [Sun, 14 Dec 2008 19:56:26 +0000 (19:56 +0000)] 
Bring the version number up to date.

13 years agoPrep for 4.0.1 - update CHANGES + VERSION
ken [Tue, 2 Dec 2008 18:39:51 +0000 (18:39 +0000)] 
Prep for 4.0.1 - update CHANGES + VERSION

13 years agoFixes for building in a directory other than the source directory.
guy [Fri, 21 Nov 2008 23:19:51 +0000 (23:19 +0000)] 
Fixes for building in a directory other than the source directory.

13 years agoMake the version 4.0.1-PRE-CVS, so something built from the 4.0 branch
guy [Tue, 18 Nov 2008 08:52:42 +0000 (08:52 +0000)] 
Make the version 4.0.1-PRE-CVS, so something built from the 4.0 branch
looks different from the 4.0.0 release and from any future 4.0.1

13 years agoGive Peter Volkov credit for various patches.
guy [Tue, 18 Nov 2008 07:55:25 +0000 (07:55 +0000)] 
Give Peter Volkov credit for various patches.

13 years agoPropagate from the git tree:
guy [Tue, 18 Nov 2008 07:40:52 +0000 (07:40 +0000)] 
Propagate from the git tree:

Author: Peter Volkov <>
Date:   Sun Nov 9 20:33:27 2008 -0500

    Currently it's impossible to build tcpdump without libsmi on system with
    libsmi installed. The patch in attachment adds --with{,out}-smi
    configure switch which allows to disable it.

13 years agoPropagate from the git tree:
guy [Tue, 18 Nov 2008 07:35:54 +0000 (07:35 +0000)] 
Propagate from the git tree:

Author: Peter Volkov <>
Date:   Fri Nov 7 13:23:26 2008 -0500

    tcpdump-4.0.0 fails to build with --disable-ipv6. Patch to fix the issue
    is in attachment.

13 years agoRun the tcpdump man page through config, so that it refers to the right tcpdump-4.0.0
guy [Mon, 27 Oct 2008 21:16:37 +0000 (21:16 +0000)] 
Run the tcpdump man page through config, so that it refers to the right
man page sections.  Have it refer to the new pcap-savefile man page for
a description of the savefile format.

13 years agofile was added on branch tcpdump_4_0 on 2008-10-27 21:16:37 +0000
guy [Mon, 27 Oct 2008 21:12:49 +0000 (21:12 +0000)] 
file was added on branch tcpdump_4_0 on 2008-10-27 21:16:37 +0000

13 years ago4.0.0 Final
ken [Mon, 27 Oct 2008 12:36:47 +0000 (12:36 +0000)] 
4.0.0 Final

13 years ago4.0.0rc2 - Release Candidate 2
ken [Wed, 15 Oct 2008 23:53:58 +0000 (23:53 +0000)] 
4.0.0rc2 - Release Candidate 2

13 years agoUpdate for 4.0.0 final release
ken [Wed, 15 Oct 2008 23:26:30 +0000 (23:26 +0000)] 
Update for 4.0.0 final release

13 years agoPull in 3.9.8 CHANGES before adding 4.0 CHANGES in
ken [Wed, 15 Oct 2008 22:22:57 +0000 (22:22 +0000)] 
Pull in 3.9.8 CHANGES before adding 4.0 CHANGES in

13 years agoWe support building tcpdump with versions of libpcap other than the one
guy [Thu, 25 Sep 2008 21:50:04 +0000 (21:50 +0000)] 
We support building tcpdump with versions of libpcap other than the one
with which it was released, and DLT_BLUETOOTH_HCI_H4_WITH_PHDR might be
defined by pcap-bpf.h without pcap/bluetooth.h being present (as appears
to be the case on Fedora 9, for example), so check whether
<pcap/bluetooth.h> is usable.

Update a comment - F9 appears to have a "/usr/include/pcap.h" if you
install the libpcap headers.

When adding -I flags when running a compiler-based test, add them to
CPPFLAGS, not CFLAGS - the latter doesn't work right with
AC_CHECK_HEADERS, as the "gcc -E" run doesn't have the -I flags added.

13 years agoFix use of PRIu64.
guy [Tue, 1 Jul 2008 07:45:09 +0000 (07:45 +0000)] 
Fix use of PRIu64.

13 years agoUse PRIu64 rather than %llu - %llu might be wrong, if u_int64_t is just
guy [Tue, 1 Jul 2008 07:41:29 +0000 (07:41 +0000)] 
Use PRIu64 rather than %llu - %llu might be wrong, if u_int64_t is just
"unsigned long int", or if this is Windows with Microsoft's C compiler.

13 years agoFix a bunch of references to to refer to the
guy [Fri, 30 May 2008 01:38:20 +0000 (01:38 +0000)] 
Fix a bunch of references to to refer to the
new address,

Note that patches should be submitted on the SourceForge site, not sent
to the spam-trap list.

13 years agoFILES isn't used to make the tarball any more; get rid of it.
guy [Tue, 27 May 2008 07:14:26 +0000 (07:14 +0000)] 
FILES isn't used to make the tarball any more; get rid of it.

Update HDR in to include all headers.

Add an EXTRA_DIST variable to include all the files that should go into
the tarball and that aren't in CSRC or HDR, other than tcpdump.1.

Use CSRC, HDR, and EXTRA_DIST to determine what goes into the tarball,
along with tcpdump.1, rather than doing a "make distclean" and putting
everything into the tarball; that way, you can do "make releasetar"
without cleaning out the current directory.

Given that we're not just tarring up the entire source directory, we can
make the tarball directory as a subdirectory of the current directory and
put the tarball into the current directory, rather than putting it into
a (not-entirely-obvious) ../n directory.  Clean out the tarball
directory when we're done.

13 years agoFrom Michael A. Meffie III:
guy [Mon, 12 May 2008 18:17:45 +0000 (18:17 +0000)] 
From Michael A. Meffie III:

Update decoding of rx packets used by AFS.  Add missing RPC
opcodes for fileserver, cache manager, volume server, and ubik
(database elections).  Add missing decoding of volume server
RPC arguments and reply data.

13 years agoUse u_intXX_t instead of uintXX_t, because the fomer ones are the ones that
gianluca [Fri, 11 Apr 2008 17:00:00 +0000 (17:00 +0000)] 
Use u_intXX_t instead of uintXX_t, because the fomer ones are the ones that
we check in the configure script and *nix and the ones we define under Windows

13 years agoRedefined ERROR into TFTP_ERROR, as ERROR is already defined in the
gianluca [Fri, 11 Apr 2008 16:44:17 +0000 (16:44 +0000)] 
Redefined ERROR into TFTP_ERROR, as ERROR is already defined in the
Microsoft header files.

13 years agoThe detailed information on privileges need to capture was copied to the
guy [Thu, 10 Apr 2008 02:00:57 +0000 (02:00 +0000)] 
The detailed information on privileges need to capture was copied to the
pcap(3CAP) man page; just refer people to that page.

13 years agopcap_errtostr() was renamed pcap_statustostr().
guy [Wed, 9 Apr 2008 21:45:21 +0000 (21:45 +0000)] 
pcap_errtostr() was renamed pcap_statustostr().

pcap_activate() can return positive values as warnings, not just 0, on
success; log warnings in those cases.

guy [Wed, 9 Apr 2008 20:01:26 +0000 (20:01 +0000)] 
pcap_activate(), and there's a non-null error string returned by
pcap_geterr(), print it as part of the error message, as it might
contain information useful when debugging the problem.

If we get PCAP_ERROR, just print the error string from pcap_geterr(),
not the device name, as the error string will contain the device name.

13 years agoUse the new pcap_errtostr() routine, rather than pcap_strerror(), to map
guy [Sun, 6 Apr 2008 20:12:35 +0000 (20:12 +0000)] 
Use the new pcap_errtostr() routine, rather than pcap_strerror(), to map
PCAP_ERROR_ statuses to strings, as pcap_strerror() no longer does that.
Also, fix up one error message to include the capture device name.

13 years agoDocument the new -B and -I options, and update the reference to the
guy [Sun, 6 Apr 2008 17:41:59 +0000 (17:41 +0000)] 
Document the new -B and -I options, and update the reference to the
libpcap manual to give the section name as 3PCAP.

13 years agoGet rid of some debugging code.
guy [Fri, 4 Apr 2008 20:25:05 +0000 (20:25 +0000)] 
Get rid of some debugging code.

13 years agoUse the new libpcap API's if available; that means we can support "-B"
guy [Fri, 4 Apr 2008 19:42:51 +0000 (19:42 +0000)] 
Use the new libpcap API's if available; that means we can support "-B"
on all platforms in that case.  Also, add a "-I" flag to turn on monitor

13 years agobugfix in the lldp printer, when referencing the key for printing aggregation values
hannes [Thu, 20 Mar 2008 09:33:52 +0000 (09:33 +0000)] 
bugfix in the lldp printer, when referencing the key for printing aggregation values

13 years agoFrom Sagun Shakya: check whether we need libdlpi.
guy [Thu, 13 Mar 2008 18:40:01 +0000 (18:40 +0000)] 
From Sagun Shakya: check whether we need libdlpi.

13 years agoHave --with-crypto take an optional argument, specifying where libcrypto
guy [Tue, 26 Feb 2008 20:48:10 +0000 (20:48 +0000)] 
Have --with-crypto take an optional argument, specifying where libcrypto
can be found.  If --with-crypto is specified, and libcrypto isn't found,
fail, as presumably the user expected libcrypto to be available.

13 years agoFrom Mike Frysinger: have the "install" target depend on "all" so you
guy [Tue, 26 Feb 2008 19:24:27 +0000 (19:24 +0000)] 
From Mike Frysinger: have the "install" target depend on "all" so you
can do "make install" without having to do "make" first.

13 years agoFrom Mike Frysinger: include the Blackfin processor as one of the
guy [Tue, 26 Feb 2008 19:21:25 +0000 (19:21 +0000)] 
From Mike Frysinger: include the Blackfin processor as one of the
processors that don't support unaligned accesses.

13 years agoFix signature of bpf_dump() to match that of libpcap's version.
guy [Thu, 14 Feb 2008 20:54:53 +0000 (20:54 +0000)] 
Fix signature of bpf_dump() to match that of libpcap's version.

13 years agoFix Andrew Silent's e-mail address.
guy [Wed, 6 Feb 2008 10:50:47 +0000 (10:50 +0000)] 
Fix Andrew Silent's e-mail address.

13 years agoFrom Andrew Silent: Realtek Remote Control Protocol support (see
guy [Wed, 6 Feb 2008 10:49:22 +0000 (10:49 +0000)] 
From Andrew Silent: Realtek Remote Control Protocol support (see for details).

13 years agoAdd Ananth Suryanarayana, for his print-bgp.c changes.
guy [Wed, 6 Feb 2008 10:34:48 +0000 (10:34 +0000)] 
Add Ananth Suryanarayana, for his print-bgp.c changes.

13 years agoFrom Bjoern A. Zeeb: add IPv6 support.
guy [Wed, 6 Feb 2008 10:34:15 +0000 (10:34 +0000)] 
From Bjoern A. Zeeb: add IPv6 support.

13 years agoFrom Francis Dupont: update the DHCPv6 printer to handle newer features.
guy [Wed, 6 Feb 2008 10:26:27 +0000 (10:26 +0000)] 
From Francis Dupont: update the DHCPv6 printer to handle newer features.

13 years ago"struct timeval" isn't guaranteed to be two 32-bit values (consider a
guy [Tue, 5 Feb 2008 19:46:58 +0000 (19:46 +0000)] 
"struct timeval" isn't guaranteed to be two 32-bit values (consider a
64-bit time_t); create a structure that is guaranteed to be two 32-bit

13 years ago"rr_maxdelay" is a 16-bit field, and "rr_reserved" is a 32-bit field, in
guy [Tue, 5 Feb 2008 19:36:58 +0000 (19:36 +0000)] 
"rr_maxdelay" is a 16-bit field, and "rr_reserved" is a 32-bit field, in
a router renumbering message; process them correctly.

13 years agoThe string-comparison operator in the "test" command is "=", not "==".
guy [Tue, 5 Feb 2008 18:59:56 +0000 (18:59 +0000)] 
The string-comparison operator in the "test" command is "=", not "==".

13 years agoRun ranlib on libnetdissect.a if necessary. Remove it before building
guy [Mon, 4 Feb 2008 20:43:34 +0000 (20:43 +0000)] 
Run ranlib on libnetdissect.a if necessary.  Remove it before building
it, so we discard any stuff already in the archive.

13 years agoRun ranlib on libnetdissect.a if necessary. Remove it before building
guy [Mon, 4 Feb 2008 20:33:49 +0000 (20:33 +0000)] 
Run ranlib on libnetdissect.a if necessary.  Remove it before building
it, so we discard any stuff already in the archive.

13 years agoSay "printing not supported", not just "not supported", for DLT_ values
guy [Tue, 29 Jan 2008 10:50:28 +0000 (10:50 +0000)] 
Say "printing not supported", not just "not supported", for DLT_ values
for which we don't have a print routine; you *can* use tcpdump to
capture traffic with those DLT_ values, as long as you use "-w" so that
we don't interpret the contents of the packet, we just blindly write the
raw packet data to the capture file.

13 years agobugfix: do proper padding calculation for LSPING
hannes [Mon, 28 Jan 2008 13:48:16 +0000 (13:48 +0000)] 
bugfix: do proper padding calculation for LSPING

14 years agoFrom Carles Kishimoto <>:
hannes [Wed, 9 Jan 2008 09:44:39 +0000 (09:44 +0000)] 
From Carles Kishimoto <>:
  add support for the IEEE 802.1 private extensions to the lldp printer

14 years agoFrom Joerg Mayer:
guy [Mon, 7 Jan 2008 00:16:39 +0000 (00:16 +0000)] 
From Joerg Mayer:

- Remove the capture syntax from the tcpdump manpage, as it has
  its own manpage now inside the libpcap package.
- Reference the new pcap-filter(4) manpage to explain the expression
- Fix one tpyo.
- Remove reference to and request that patches be
  sent to the standard mailing list instead.

14 years agoHandle version 2 of the AVS header.
guy [Sat, 29 Dec 2007 23:25:28 +0000 (23:25 +0000)] 
Handle version 2 of the AVS header.

14 years agoAdd more bounds checks to the NFS dissector - check before references to
guy [Sat, 22 Dec 2007 03:08:45 +0000 (03:08 +0000)] 
Add more bounds checks to the NFS dissector - check before references to
items in the RPC header.

When dissecting NFS over TCP, fetch the fragment header length, use it
to limit the dissection of the request or reply (in case there's more
than one request or reply in the packet), and do the same
direction-plus-port checks that are done for NFS over UDP.  Also
eliminate the bounds check for the RPC header in the TCP dissector code,
and do checks for the fields it looks at (other checks are done by the
NFS dissector).

14 years agoSupport DLT_IEEE802_11_RADIO_AVS.
guy [Thu, 20 Dec 2007 08:14:18 +0000 (08:14 +0000)] 
Support DLT_IEEE802_11_RADIO_AVS.

Update a comment (we now parse the radiotap header).

14 years agoFrom Greg Minshall:
guy [Sun, 9 Dec 2007 01:51:12 +0000 (01:51 +0000)] 
From Greg Minshall:

print the TTL for DNS entries with 3 or more "-v" flags;

print the addresses in A, AAAA, and A6 entries numerically (the
point of A, AAAA, and A6 entries being to give the address
corresponding to a name).

Better late than never - do at least a little de-spamification of
addresses in the CREDITS file.  (Greg's address was despammed in his submission for this.)

Move the late Jun-ichiro itojun Hagino to a "Past maintainers" section.

14 years agoSMB-over-TCP (port 445) support.
guy [Sun, 9 Dec 2007 00:31:35 +0000 (00:31 +0000)] 
SMB-over-TCP (port 445) support.

14 years agofrom Ananth Suryanarayana <>:
hannes [Sat, 8 Dec 2007 10:08:07 +0000 (10:08 +0000)] 
from Ananth Suryanarayana <>:
  add full support for 4-byte AS parsing to the bgp printer

14 years agoFrom Carles Kishimoto <>:
hannes [Sat, 8 Dec 2007 10:05:07 +0000 (10:05 +0000)] 
From Carles Kishimoto <>:
  bugfix: macphy codepoints in the lldp printer
  misc typos

14 years ago..and don't bother trying to get statistics if we're reading from a
guy [Wed, 21 Nov 2007 20:39:43 +0000 (20:39 +0000)] 
..and don't bother trying to get statistics if we're reading from a
capture file rather than capturing (statistics aren't supported by
libpcap when reading from a capture file).

14 years agoFrom Max Laier (via Giorgos Keramidas?): clear "infoprint" if
guy [Wed, 21 Nov 2007 20:31:55 +0000 (20:31 +0000)] 
From Max Laier (via Giorgos Keramidas?): clear "infoprint" if
pcap_stats() fails, so we don't keep attempting to get statistics and

14 years agoGet rid of unused and "#if 0"ed-out definitions.
guy [Sun, 18 Nov 2007 03:24:55 +0000 (03:24 +0000)] 
Get rid of unused and "#if 0"ed-out definitions.

14 years agoUpdate the documentation for the PF(4) filters.
guy [Sun, 18 Nov 2007 02:47:45 +0000 (02:47 +0000)] 
Update the documentation for the PF(4) filters.

14 years agoPick up the documentation for new OpenBSD capture filter items from the
guy [Sun, 18 Nov 2007 02:32:58 +0000 (02:32 +0000)] 
Pick up the documentation for new OpenBSD capture filter items from the
OpenBSD documentation.

14 years agoFrom Gerrit Renker:
guy [Fri, 9 Nov 2007 00:45:16 +0000 (00:45 +0000)] 
From Gerrit Renker:

don't compute checksums when the snapshot length is less than
the packet length;

combine duplicate code;

eliminate unnecessary test.

14 years agoFix typo in "incorrect checksum" message for IPv6.
guy [Fri, 9 Nov 2007 00:38:52 +0000 (00:38 +0000)] 
Fix typo in "incorrect checksum" message for IPv6.

14 years agoPrecede the VCI values with VCI_, to avoid collisions (such as with
guy [Mon, 22 Oct 2007 19:39:12 +0000 (19:39 +0000)] 
Precede the VCI values with VCI_, to avoid collisions (such as with
"PPC" as a definition on PowerPC machines).

14 years agoRemove - it collides with print-xx.out on systems with case-insensitive
guy [Tue, 16 Oct 2007 01:24:10 +0000 (01:24 +0000)] 
Remove - it collides with print-xx.out on systems with case-insensitive
file systems, such as most file systems on Windows and several file
systems on OS X.  We've propagated the changes to print-capXX.out.

14 years agoRemove - it collides with print-x.out on systems with case-insensitive
guy [Tue, 16 Oct 2007 01:23:51 +0000 (01:23 +0000)] 
Remove - it collides with print-x.out on systems with case-insensitive
file systems, such as most file systems on Windows and several file
systems on OS X.  We've propagated the changes to print-capX.out.

14 years agoPropagate this change:
guy [Tue, 16 Oct 2007 01:23:23 +0000 (01:23 +0000)] 
Propagate this change:

revision 1.5
date: 2007-08-29 12:04:17 +0000;  author: mcr;  state: Exp;  lines: +10 -10
test cases and output for IKEv2 and -X options.

from print-XX.out, prior to removal of print-XX.out (having both
print-xx.out and print-XX.out doesn't work on OSes with case-insensitive
file systems, such as most file systems on Windows and several file
systems on OS X).

14 years agoPropagate this change:
guy [Tue, 16 Oct 2007 01:22:53 +0000 (01:22 +0000)] 
Propagate this change:

revision 1.5
date: 2007-08-29 12:04:17 +0000;  author: mcr;  state: Exp;  lines: +7 -91
test cases and output for IKEv2 and -X options.

from print-X.out, prior to removal of print-X.out (having both
print-x.out and print-X.out doesn't work on OSes with case-insensitive
file systems, such as most file systems on Windows and several file
systems on OS X).

14 years agoAdded a temporary "not implemented" version of compress_savefile for
gianluca [Sat, 13 Oct 2007 00:47:54 +0000 (00:47 +0000)] 
Added a temporary "not implemented" version of compress_savefile for

14 years agoAdded a missing file (print-bt.c) to the project.
gianluca [Sat, 13 Oct 2007 00:44:24 +0000 (00:44 +0000)] 
Added a missing file (print-bt.c) to the project.

14 years agoAdded a missing file (print-bt.c) to the project.
gianluca [Sat, 13 Oct 2007 00:43:37 +0000 (00:43 +0000)] 
Added a missing file (print-bt.c) to the project.

14 years agoclean up some code-cosmetics that came up during code-review
hannes [Mon, 8 Oct 2007 07:53:21 +0000 (07:53 +0000)] 
clean up some code-cosmetics that came up during code-review

14 years agoFrom Marc Binderberger:
guy [Fri, 5 Oct 2007 02:00:11 +0000 (02:00 +0000)] 
From Marc Binderberger:

Certain BGP implementations support 4-byte ASN (see
draft-ietf-idr-as4bytes-13.txt) in the AS_PATH attribute.
Unfortunately there is nothing indicating if 2- or 4-byte ASN
are in use when capturing BGP update packets only; this is
agreed on during the BGP session setup between the peers.

Have modified print-bgp.c in the 3.9.5 tcpdump to use a simple

First check the AS_PATH segments assuming 2-byte ASN.
The check looks at the segment type - which must be a
known one - and uses the segment length to skip to the
next segment.  If the overall AS_PATH attribute length
is exactly reached after skipping over all path segments
then the check is passed.  In case the 2-byte check
fails we repeat the check assuming a 4-byte ASN.  When
this check passes We use 4-byte ASN for the decoding of
the AS_PATH.  In all other cases, even a failed/failed
for 2-/4-byte checks, we assume 2-byte ASN for the

The procedure for this heuristic check is "check_asnbytes".

In case of 4-byte ASN the ASN is printed in the form
<16-bit>.<16-bit> to provide a clear indication that 4-byte ASN
are in use.

(The draft in question was published as RFC 4893.)

14 years agoRename INSTALL to INSTALL.txt, as was done for libpcap; this means that,
guy [Fri, 5 Oct 2007 01:47:40 +0000 (01:47 +0000)] 
Rename INSTALL to INSTALL.txt, as was done for libpcap; this means that,
if you have a case-insensitive file system, "make install" doesn't get

14 years agoFrom Luis Martin Garcia: update the "last modified" date of the man page.
guy [Thu, 4 Oct 2007 23:17:16 +0000 (23:17 +0000)] 
From Luis Martin Garcia: update the "last modified" date of the man page.

14 years agofrom Carles Kishimoto <>: make the EAP printer more verbose
hannes [Thu, 4 Oct 2007 16:41:33 +0000 (16:41 +0000)] 
from Carles Kishimoto <>: make the EAP printer more verbose

14 years agofrom Carles Kishimoto <>: make the EAP printer more verbose
hannes [Thu, 4 Oct 2007 08:34:28 +0000 (08:34 +0000)] 
from Carles Kishimoto <>: make the EAP printer more verbose

14 years agounclutter the options field value definitions
hannes [Thu, 27 Sep 2007 10:29:18 +0000 (10:29 +0000)] 
unclutter the options field value definitions

14 years agofix illustration
hannes [Thu, 27 Sep 2007 10:24:21 +0000 (10:24 +0000)] 
fix illustration

14 years agoadd support for multi-topology ospf as per draft-ietf-ospf-mt-09
hannes [Thu, 27 Sep 2007 10:20:26 +0000 (10:20 +0000)] 
add support for multi-topology ospf as per draft-ietf-ospf-mt-09

14 years agoFrom Paolo Abeni: print some basic Bluetooth information.
guy [Mon, 24 Sep 2007 23:46:26 +0000 (23:46 +0000)] 
From Paolo Abeni: print some basic Bluetooth information.

Update CREDITS, FILES, and INSTALL appropriately; clean up changes to to keep the file names in order.

14 years agoFrom Marc Binderberger:
guy [Sun, 23 Sep 2007 23:01:33 +0000 (23:01 +0000)] 
From Marc Binderberger:

add support for OSPF Link-Local Signaling (RFC 4811/4812/4813);

when printing the Database Description, show the MTU and
sequence number;

fix "bogus length" messages when printing LSA headers.

14 years agoin tcpdump a length field has the semantics of a 'total length field'
hannes [Fri, 21 Sep 2007 07:05:33 +0000 (07:05 +0000)] 
in tcpdump a length field has the semantics of a 'total length field'
i.e. including the header - the IP6 payload length field differs
from that ...
highlight the difference by printing 'payload length' rather than 'length'

14 years agofrom Carles Kishimoto <>: add support for two more bootp...
hannes [Thu, 20 Sep 2007 15:04:45 +0000 (15:04 +0000)] 
from Carles Kishimoto <>: add support for two more bootp tag options

14 years agoFrom Victor Oppleman: add support for RFC 1393 traceroute.
guy [Fri, 14 Sep 2007 01:29:28 +0000 (01:29 +0000)] 
From Victor Oppleman: add support for RFC 1393 traceroute.

14 years agoFrom Christian Sievers: add support for TFTP option acknowledgements
guy [Fri, 14 Sep 2007 01:02:07 +0000 (01:02 +0000)] 
From Christian Sievers: add support for TFTP option acknowledgements
(RFC 2347), and add an opening quotation mark to the error message

Don't use the system's <arpa/tftp.h>, use our own.

Update the README to reflect the current practice for submitting
patches, and fix a spelling error.

14 years agoFrom pfhunt on SourceForge:
guy [Fri, 14 Sep 2007 00:38:41 +0000 (00:38 +0000)] 
From pfhunt on SourceForge:

When a packet contains an IPv6 options header followed by an unknown IPv6
protocol payload, tcpdump displays the proto ID for the known option
header, not for the unknown payload.

For example, this is the output for an IPv6 packet containing a destination
options header, followed by a payload of (unknown) protocol 138:

# tcpdump -s 128 -i eth1
tcpdump: WARNING: addresses not searched
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 128 bytes
11:44:40.862572 I IP6 2007::10:5:2:163 > 2007::10:5:2:164: DSTOPT ip-proto-60 16

The ip-proto-60 refers to the destination option header (DSTOPT), rather
than displaying the unknown option 138, which I think would be more

The attached patch fixes this problem. With the patch applied, the output
for the packet is:

# tcpdump -s 128 -i eth1
tcpdump: WARNING: addresses not searched
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 128 bytes
11:48:26.160462 I IP6 2007::10:5:2:163 > 2007::10:5:2:164: DSTOPT ip-proto-138 16

14 years agoFixed a typo (print-udlp.o instead of print-udld.o).
gianluca [Thu, 13 Sep 2007 18:53:07 +0000 (18:53 +0000)] 
Fixed a typo (print-udlp.o instead of print-udld.o).

14 years agoFixed a compilation problem: getnameinfo() was not linked.
gianluca [Thu, 13 Sep 2007 18:49:47 +0000 (18:49 +0000)] 
Fixed a compilation problem: getnameinfo() was not linked.

14 years agoFrom Chris Larson: don't cut off the last byte of the chunk payload.
guy [Thu, 13 Sep 2007 18:03:49 +0000 (18:03 +0000)] 
From Chris Larson: don't cut off the last byte of the chunk payload.

14 years agoRemoved print-pflog.c from the sources.
gianluca [Thu, 13 Sep 2007 18:01:36 +0000 (18:01 +0000)] 
Removed print-pflog.c from the sources.

14 years agoPropagate from the x.9 branch:
guy [Thu, 13 Sep 2007 17:42:31 +0000 (17:42 +0000)] 
Propagate from the x.9 branch:

date: 2007-09-13 17:40:18 +0000;  author: guy;  state: Exp;  lines: +1 -6
Completely remove that unused "structure".
date: 2007-09-13 17:34:20 +0000;  author: gianluca;  state: Exp;  lines: +3 -1
Commented out a 0-length structure that is not used.

14 years agoDon't declare variables in the middle of a block of code; in C89, that's
guy [Thu, 13 Sep 2007 17:29:50 +0000 (17:29 +0000)] 
Don't declare variables in the middle of a block of code; in C89, that's
not valid.

14 years agoFrom Max Laier: check whether the system has <net/pfvar.h> and:
guy [Wed, 12 Sep 2007 19:36:18 +0000 (19:36 +0000)] 
From Max Laier: check whether the system has <net/pfvar.h> and:

if it does, use that for the pf definitions;

if it doesn't, don't compile in pf support;

as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.

14 years agosplit sources into regular tcpdump sources, and libnetdissect sources, move print...
mcr [Wed, 29 Aug 2007 12:31:27 +0000 (12:31 +0000)] 
split sources into regular tcpdump sources, and libnetdissect sources, move print-isakmp.c
to netdissect.

14 years agofully convert print-isakmp.c to NETDISSECT.
mcr [Wed, 29 Aug 2007 12:31:00 +0000 (12:31 +0000)] 
fully convert print-isakmp.c to NETDISSECT.

14 years agotest cases and output for IKEv2 and -X options.
mcr [Wed, 29 Aug 2007 12:04:17 +0000 (12:04 +0000)] 
test cases and output for IKEv2 and -X options.

14 years agofixes for -Wall.
mcr [Wed, 29 Aug 2007 02:58:43 +0000 (02:58 +0000)] 
fixes for -Wall.

14 years ago preliminary patch to support decoding IKEv2 packets.
mcr [Wed, 29 Aug 2007 02:38:14 +0000 (02:38 +0000)] 
preliminary patch to support decoding IKEv2 packets.
Only payloads commonly seen in PARENT_SAs are presently decoded.
Encrypted payload support will come later, aka print-esp.c

14 years agoignore git and cvs things.
mcr [Wed, 29 Aug 2007 02:36:37 +0000 (02:36 +0000)] 
ignore git and cvs things.