6 years agoFix errors (7 tests failed) with 'make check' tcpdump-4.3
Francois-Xavier Le Bail [Mon, 25 May 2015 19:48:34 +0000 (21:48 +0200)] 
Fix errors (7 tests failed) with 'make check'

Simplify the detection of OpenSSL libcrypto, based on Marc Abramowitz
commit c4b7e5f2b287ee3d1de8f706b809a8e217720c4e

6 years agoTravis: Add .travis.yml (same as in version 4.4)
Francois-Xavier Le Bail [Mon, 25 May 2015 16:54:36 +0000 (18:54 +0200)] 
Travis: Add .travis.yml (same as in version 4.4)

6 years agoSFLOW: Fix bounds checking
Francois-Xavier Le Bail [Thu, 7 May 2015 15:54:32 +0000 (17:54 +0200)] 
SFLOW: Fix bounds checking

6 years agoFix the pointer tests in the non-ndoified TTEST2() macro as well.
Guy Harris [Mon, 2 Mar 2015 21:46:29 +0000 (13:46 -0800)] 
Fix the pointer tests in the non-ndoified TTEST2() macro as well.

6 years agoAC_TYPE_UINTPTR_T requires a newer autoconf.
Guy Harris [Mon, 2 Mar 2015 21:37:18 +0000 (13:37 -0800)] 
AC_TYPE_UINTPTR_T requires a newer autoconf.

6 years agoC compilers can, and some do, optimize away pointer underflow checks.
Guy Harris [Mon, 2 Mar 2015 21:25:12 +0000 (13:25 -0800)] 
C compilers can, and some do, optimize away pointer underflow checks.

Cast the pointers to uintptr_t; use AC_TYPE_UINTPTR_T to get uintptr_t
defined on older platforms that don't define it themselves.

6 years agoDon't run past the snaplength when printing a packet with a too-short LI.
Guy Harris [Sun, 1 Mar 2015 19:00:21 +0000 (11:00 -0800)] 
Don't run past the snaplength when printing a packet with a too-short LI.

Fixes GitHub issue #437.

7 years agoCheck not just the capture length but the on-the-network length.
Guy Harris [Tue, 6 Jan 2015 08:44:11 +0000 (00:44 -0800)] 
Check not just the capture length but the on-the-network length.

7 years agoDon't run past the snapshot length when doing hex/ASCII dumps.
Guy Harris [Thu, 23 Oct 2014 07:06:32 +0000 (00:06 -0700)] 
Don't run past the snapshot length when doing hex/ASCII dumps.

7 years agoDo bounds checking when unescaping PPP.
Guy Harris [Wed, 22 Oct 2014 19:31:21 +0000 (12:31 -0700)] 
Do bounds checking when unescaping PPP.

Clean up a const issue while we're at it.

7 years agoThe interval in an AODV HELLO extension is not aligned on a 4-byte boundary.
Guy Harris [Mon, 20 Jan 2014 03:19:22 +0000 (19:19 -0800)] 
The interval in an AODV HELLO extension is not aligned on a 4-byte boundary.

7 years agoDon't subtract the UDP header size from the length twice.
Guy Harris [Mon, 20 Oct 2014 18:34:24 +0000 (11:34 -0700)] 
Don't subtract the UDP header size from the length twice.

7 years agoUse the length field in the UDP header.
Guy Harris [Sun, 19 Oct 2014 20:42:00 +0000 (13:42 -0700)] 
Use the length field in the UDP header.

If it's less than the length of the IP payload, use it as the size of
the UDP packet.  If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.

7 years agoReport a too-long unreachable destination list.
Guy Harris [Wed, 12 Nov 2014 09:09:27 +0000 (01:09 -0800)] 
Report a too-long unreachable destination list.

Running out of packet length before running out of unreachable
destinations is an error; report it as such.

Don't worry about leftover data past the end of the list of unreachable

7 years agoNot using offsetof() any more, so no need for <stddef.h>.
Guy Harris [Wed, 12 Nov 2014 03:18:12 +0000 (19:18 -0800)] 
Not using offsetof() any more, so no need for <stddef.h>.

7 years agoFurther cleanups.
Guy Harris [Wed, 12 Nov 2014 03:05:48 +0000 (19:05 -0800)] 
Further cleanups.

Use ND_TCHECK() rather than home-brew bounds checks.  Do simpler length

Let i be the length of the actual remaining packet data; use ND_TCHECK()
inside loops that iterate over the remaining data.

Let the printers for particular message types cast the raw data pointer
to a pointer of the appropriate type, rather than passing two pointers,
with different types, to the same data.

7 years agoClean up error message printing.
Guy Harris [Wed, 12 Nov 2014 02:37:35 +0000 (18:37 -0800)] 
Clean up error message printing.

Have "struct aodv_rerr" just be the header, not including the actual

Simplify the logic somewhat, and make it similar in the print routines
for the three types of error messages.

7 years agoAdd initial bounds check, get rid of union aodv.
Guy Harris [Wed, 12 Nov 2014 01:24:12 +0000 (17:24 -0800)] 
Add initial bounds check, get rid of union aodv.

Fetch the type field without using a structure, and check to make sure
it's not past the end of the packet.

Pass to each dissection routine a pointer to the appropriate message
type structure, rather than a pointer to a union of all the message type

7 years agoDo more bounds checking and length checking.
Guy Harris [Wed, 12 Nov 2014 00:49:39 +0000 (16:49 -0800)] 
Do more bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

Also, stop dissecting if the message length isn't valid.

9 years agoIf we don't have IPv6 address support, don't try to print IPv6 addresses.
Guy Harris [Mon, 24 Dec 2012 11:13:23 +0000 (03:13 -0800)] 
If we don't have IPv6 address support, don't try to print IPv6 addresses.

9 years agoLBL moved the old NRG stuff to an "old" directory. Update the URL.
Guy Harris [Tue, 11 Dec 2012 23:36:40 +0000 (15:36 -0800)] 
LBL moved the old NRG stuff to an "old" directory.  Update the URL.

9 years agoGet rid of unnecessary assignment.
Guy Harris [Fri, 30 Nov 2012 20:49:51 +0000 (12:49 -0800)] 
Get rid of unnecessary assignment.

checksum isn't used until it's set later.

9 years agoGet rid of unnecessary initialization.
Guy Harris [Fri, 30 Nov 2012 20:47:33 +0000 (12:47 -0800)] 
Get rid of unnecessary initialization.

v is set to p later in a loop, and isn't used until then.

9 years agoFix typo.
Guy Harris [Thu, 29 Nov 2012 01:08:24 +0000 (17:08 -0800)] 
Fix typo.

9 years agoAdd some additional changes.
Guy Harris [Thu, 29 Nov 2012 01:06:24 +0000 (17:06 -0800)] 
Add some additional changes.

9 years agoNote that "-e" can be used to get MAC addresses printed.
Guy Harris [Tue, 13 Nov 2012 09:08:04 +0000 (01:08 -0800)] 
Note that "-e" can be used to get MAC addresses printed.

Also give more details on shell metacharacters in filter expressions -
in particular, note that a common use of a shell metacharacter is a
backslash used to escape protocol names, e.g. "ether proto \ip", and
that the alternative to quoting the entire expression is to escapet he
shell metacharacters, e.g.

tcpdump ether proto \\ip

9 years agoThe peer polling interval is an exponent; treat it as such.
peppe [Tue, 13 Nov 2012 05:59:56 +0000 (21:59 -0800)] 
The peer polling interval is an exponent; treat it as such.

RFC 1119 says

Peer Poll Interval (peer.ppoll, pkt.ppoll): This is a signed
    integer indicating the minimum interval between messages
    sent by the peer, in seconds as a power of two.  For
    instance, a alue of six indicates a minimum interval of 64

so print both the raw value and 2^{raw value}, showing the latter.

Patch from Debian bug 686276.

Reviewed-By: Guy Harris <>
9 years ago"the the" -> "the".
Xin LI [Sat, 6 Oct 2012 19:04:31 +0000 (12:04 -0700)] 
"the the" -> "the".

9 years agoMore strictly check for numbers as arguments to -i.
Guy Harris [Fri, 28 Sep 2012 04:12:00 +0000 (21:12 -0700)] 
More strictly check for numbers as arguments to -i.

Use strtol() and only treat the argument as a number if it's *all*
number, so that interface names such as 192_1_2 aren't treated as
"interface number 192".

9 years agoUse PATH_MAX, not NAME_MAX.
Guy Harris [Fri, 28 Sep 2012 03:44:34 +0000 (20:44 -0700)] 

NAME_MAX is the maximum length of a file pathname *component*; PATH_MAX
is the maximum length of a file pathname.  We're dealing with pathnames,
so use PATH_MAX.  (On some systems, NAME_MAX can be as low as 14,
presumably for binary compatibility with V7-era data structures
containing file names, as there are probably few if any non-historic
UN*Xes around with 14-character file name limitations.)

Boost the default PATH_MAX to 1024 while we're at it.

9 years agoAs we're always printing "LLDP, length XXX", don't do it for the system name.
Guy Harris [Sat, 30 Jun 2012 23:10:40 +0000 (16:10 -0700)] 
As we're always printing "LLDP, length XXX", don't do it for the system name.

9 years agoNote that we now document "-T carp".
Guy Harris [Sat, 30 Jun 2012 22:51:04 +0000 (15:51 -0700)] 
Note that we now document "-T carp".

9 years agoDocument "-T carp".
Guy Harris [Sat, 30 Jun 2012 22:50:11 +0000 (15:50 -0700)] 
Document "-T carp".

9 years agoUpdate for changes in the 4.3 branch.
Guy Harris [Sat, 30 Jun 2012 19:46:15 +0000 (12:46 -0700)] 
Update for changes in the 4.3 branch.

9 years agoLLDP: print packet protocol at all verbosity levels
Romain Francoise [Sat, 30 Jun 2012 19:42:41 +0000 (12:42 -0700)] 
LLDP: print packet protocol at all verbosity levels

The LLDP printer doesn't show the packet protocol unless -v is used,
which results in pretty useless output lines where only the timestamp is
present. Make sure we include the default protocol+length output even in
default mode.

9 years agoNo declarations in the middle of a block - not all C compilers support that. tcpdump-4.3.0
Guy Harris [Sun, 10 Jun 2012 20:31:14 +0000 (13:31 -0700)] 
No declarations in the middle of a block - not all C compilers support that.

9 years agoFix "no IPv6" code path.
Guy Harris [Sat, 9 Jun 2012 19:16:41 +0000 (12:16 -0700)] 
Fix "no IPv6" code path.

9 years agoGet rid of unused (but set) variable.
Guy Harris [Sat, 9 Jun 2012 02:15:28 +0000 (19:15 -0700)] 
Get rid of unused (but set) variable.

9 years agoCheck the return value of some print routines.
Guy Harris [Sat, 9 Jun 2012 02:14:06 +0000 (19:14 -0700)] 
Check the return value of some print routines.

Some routines return -1 on error; bail and return -1 if they do.

9 years agoAdd some attribute/TLV length checks.
Guy Harris [Sat, 9 Jun 2012 02:07:20 +0000 (19:07 -0700)] 
Add some attribute/TLV length checks.

Make sure we don't run past the end of a BGP attribute or LDP TLV when
dissecting the attribute/TLV.

Make some of the code do a bit more of a "step the pointer through the
data"-style dissection; that was done while debugging the changes in
question.  It also fixes up some code to not check for more data than
should actually be there.

Update references to RFC 4906 from the draft, and note that RFC 4447
replaces it.

9 years agominor manpage fix
yekm [Mon, 16 Apr 2012 11:24:47 +0000 (15:24 +0400)] 
minor manpage fix

9 years agospelling fixes
Romain Francoise [Mon, 28 May 2012 18:33:07 +0000 (14:33 -0400)] 
spelling fixes

9 years agoupdated platforms
Michael Richardson [Sun, 8 Apr 2012 00:28:19 +0000 (20:28 -0400)] 
updated platforms

9 years ago0x%02d is silly - 0x means "hex", so it should be 0x%02x.
Guy Harris [Fri, 8 Jun 2012 17:14:14 +0000 (10:14 -0700)] 
0x%02d is silly - 0x means "hex", so it should be 0x%02x.

Found by Xavier Heiny.

9 years ago"" isn't a checked-in file; don't make it part of the distribution.
Guy Harris [Fri, 8 Jun 2012 07:41:09 +0000 (00:41 -0700)] 
"" isn't a checked-in file; don't make it part of the distribution.

9 years agoFix printing of 64-bit quantities.
Guy Harris [Fri, 8 Jun 2012 05:12:28 +0000 (22:12 -0700)] 
Fix printing of 64-bit quantities.

Do *NOT* assume that "%l[doxu]x" - or "%ll[doxu]" - is the way to print
a 64-bit quantity; on UN*X, it might be a "long" or a "long long",
depending on whether you're on a 32-bit or 64-bit platform and, on
Windows with MSVC++, it's not a long (even in 64-bit mode) and doesn't
use "%ll[doxu]", either.  Instead, use PRI[doxu]64; that's what C99
defines, and what we define ourselves if the C environment doesn't
define it.

9 years agoadded missing test files to releasetar
Michael Richardson [Sun, 8 Apr 2012 01:18:44 +0000 (21:18 -0400)] 
added missing test files to releasetar

9 years agodo not ship bittypes.h
Michael Richardson [Sun, 8 Apr 2012 00:47:44 +0000 (20:47 -0400)] 
do not ship bittypes.h

9 years agodo not convert protocol to names if -n flag
Michael Richardson [Sun, 8 Apr 2012 00:32:04 +0000 (20:32 -0400)] 
do not convert protocol to names if -n flag

9 years agoupdated test case outputs
Michael Richardson [Tue, 3 Apr 2012 19:57:13 +0000 (15:57 -0400)] 
updated test case outputs

9 years agoprep for 4.3.0 release
Michael Richardson [Tue, 3 Apr 2012 17:28:00 +0000 (13:28 -0400)] 
prep for 4.3.0 release

9 years agofixes from Jamal Hadi Salim <> for forces: SPARSE data (per RFC...
Michael Richardson [Thu, 29 Mar 2012 14:08:35 +0000 (16:08 +0200)] 
fixes from Jamal Hadi Salim <> for forces: SPARSE data (per RFC 5810)

9 years agowhitespace changes in print-ip.c
Michael Richardson [Thu, 29 Mar 2012 14:05:15 +0000 (16:05 +0200)] 
whitespace changes in print-ip.c

9 years agoadded icmpv6 test case
Michael Richardson [Thu, 29 Mar 2012 14:04:51 +0000 (16:04 +0200)] 
added icmpv6 test case

9 years agoerror in passed calculation
Michael Richardson [Thu, 29 Mar 2012 14:04:02 +0000 (16:04 +0200)] 
error in passed calculation

9 years agoGive more information on -l, and note that -U works without -w.
Guy Harris [Sat, 10 Mar 2012 23:23:50 +0000 (15:23 -0800)] 
Give more information on -l, and note that -U works without -w.

Note that -l, on Windows (i.e., in WinDump), is unbuffered, not
line-buffered, and describe -U as an alternative (that doesn't have that
problem on Windows).

Note that -U does packet-buffering without -w.

Fix up the formatting of the example command lines with -l.

9 years agoDiscuss buffering when describing the -w flag.
Guy Harris [Sat, 10 Mar 2012 22:57:00 +0000 (14:57 -0800)] 
Discuss buffering when describing the -w flag.

Mention that the output of tcpdump -w is buffered, and note that this
means packets won't necessarily show up in the output as soon as they're
received, so programs reading that output won't see them immediately,
and note that the -U flag forces "packet buffering" so that a reader
will see the packets as soon as they're received.

9 years agoFix the other typo, so setting CPPFLAGS in the environment works correctly.
Guy Harris [Mon, 5 Mar 2012 16:12:32 +0000 (08:12 -0800)] 
Fix the other typo, so setting CPPFLAGS in the environment works correctly.

Based-On-Patch-From: Simon Ruderich <>

9 years agoAsk for the libpcap Makefile while we're at it.
Guy Harris [Sun, 4 Mar 2012 00:10:42 +0000 (16:10 -0800)] 
Ask for the libpcap Makefile while we're at it. that we can see what's being used to turn grammar.y into

While we're at it, say "config.log file from the libpcap source
directory", in the hopes of making it more likely that we'll get it in
addition to the tcpdump config.log.

9 years agoFix typo, so setting CPPFLAGS in the environment works correctly.
Guy Harris [Sat, 3 Mar 2012 21:36:17 +0000 (13:36 -0800)] 
Fix typo, so setting CPPFLAGS in the environment works correctly.

Based-On-Patch-From: Simon Ruderich <>

9 years agoAsk for more information if we don't find pcap_loop.
Guy Harris [Sat, 3 Mar 2012 21:32:11 +0000 (13:32 -0800)] 
Ask for more information if we don't find pcap_loop.

I give up.

People keep reporting that the configure process for tcpdump fails to
find pcap_loop, and the config.log file they send us says there's no
pcap_parse in libpcap, which suggests that something went wrong in the
build process for libpcap; perhaps they don't have Bison and the
configure script got confused and failed to cause the parser to be named
"pcap_parse", or something such as that, or perhaps Bison was recently
"improved" in a fashion that breaks that, but I've never been able to
reproduce this on any of the Linux distribution installations to which
*I* have access.

I therefore ask them to send the config.log output and make output for
libpcap; *not one of the reporters of this problem* has bothered to send
that information, so we're stuck.  Perhaps they don't care enough (in
which case, why did they bother asking us about it?), or perhaps they're
annoyed that we asked them a further question rather than Just Fixing
The Problem(TM) (in which case, all I have to say is "welcome to the
Wonderful World Of Computer Software(TM) - get used to it").

So let's just ask for all that information.  (I would not be surprised
if this doesn't suffice and that they *still* just send us the tcpdump
config.log output, but at least I'll be able to tell them that they
should have Read The Fine Error Message(TM).)

9 years agoFix printing of BGP optional headers.
Guy Harris [Sat, 3 Mar 2012 01:30:32 +0000 (17:30 -0800)] 
Fix printing of BGP optional headers.

Anonymously contributed patch; tested with Cisco and Arista routers by
the patch contributor.

9 years agoBack out DLT_PFSYNC support.
Guy Harris [Thu, 1 Mar 2012 05:14:50 +0000 (21:14 -0800)] 
Back out DLT_PFSYNC support.

Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.

9 years agoAdd DLT_PFSYNC support.
Guy Harris [Wed, 29 Feb 2012 09:51:27 +0000 (01:51 -0800)] 
Add DLT_PFSYNC support.

From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD.  We already have CARP
support, so we did not port that part over.

9 years agoPut the addresses early in the message format, and handle short messages.
Guy Harris [Wed, 29 Feb 2012 09:09:40 +0000 (01:09 -0800)] 
Put the addresses early in the message format, and handle short messages.

Putting the addresses after "TIPC vX.Y" matches other protocols, such as

Not all messages have full headers.

Also, constify some parameters and variables.

9 years agoPrint only one line in non-verbose mode.
Guy Harris [Wed, 29 Feb 2012 05:12:26 +0000 (21:12 -0800)] 
Print only one line in non-verbose mode.

Also, don't print extra blank lines in verbose mode.

9 years agoTIPC support.
ABHIMANYU [Wed, 29 Feb 2012 04:36:55 +0000 (20:36 -0800)] 
TIPC support.

Reviewed-and-much-modified-by: Guy Harris <>
9 years agoPrint a space after the options if there are any options.
Guy Harris [Tue, 28 Feb 2012 23:45:48 +0000 (15:45 -0800)] 
Print a space after the options if there are any options.

9 years agoGet rid of extra blank after unknown options.
Matthew Luckie [Tue, 28 Feb 2012 23:41:12 +0000 (15:41 -0800)] 
Get rid of extra blank after unknown options.

Reviewed-By: Guy Harris <>
9 years agoUse expr instead of bashisms.
Dagobert Michelsen [Tue, 28 Feb 2012 23:31:38 +0000 (15:31 -0800)] 
Use expr instead of bashisms.

Reviewed-By: Guy Harris <>
9 years agoMerge remote branch 'github/master'
Michael Richardson [Fri, 24 Feb 2012 01:15:15 +0000 (20:15 -0500)] 
Merge remote branch 'github/master'

9 years agoMerge pull request #7 from clifffrey/fix-lldp-network-policy
Michael Richardson [Fri, 24 Feb 2012 01:14:29 +0000 (17:14 -0800)] 
Merge pull request #7 from clifffrey/fix-lldp-network-policy

Fix LLDP Network Policy bit definitions.

9 years agoMerge pull request #6 from fenner/master
Michael Richardson [Fri, 24 Feb 2012 01:13:35 +0000 (17:13 -0800)] 
Merge pull request #6 from fenner/master

IGMPv3 Max Response Time is in units of 0.1 second.

9 years agoMerge pull request #5 from kmaehashi/feature-SIGUSR1
Michael Richardson [Fri, 24 Feb 2012 01:12:26 +0000 (17:12 -0800)] 
Merge pull request #5 from kmaehashi/feature-SIGUSR1

Use SIGUSR1 to request info when SIGINFO is not defined

9 years agoadded test packet for icmpv6 advertisement interval fix
Michael Richardson [Fri, 24 Feb 2012 01:11:32 +0000 (20:11 -0500)] 
added test packet for icmpv6 advertisement interval fix

9 years agoFix LLDP Network Policy bit definitions.
Cliff Frey [Thu, 23 Feb 2012 19:19:48 +0000 (11:19 -0800)] 
Fix LLDP Network Policy bit definitions.

9 years agoPrevious commit accidentally used 6 seconds cutoff.
Bill Fenner [Mon, 13 Feb 2012 16:32:14 +0000 (08:32 -0800)] 
Previous commit accidentally used 6 seconds cutoff.

60 seconds == 600 in units of 0.1, oops.

9 years agoIGMPv3's Max Response Time is in units of 0.1 second.
Bill Fenner [Mon, 13 Feb 2012 16:27:08 +0000 (08:27 -0800)] 
IGMPv3's Max Response Time is in units of 0.1 second.

If it's less than 60 seconds, print it as %.1fs, to be able to
accurately represent small values including the tenths-of-a-second.
Only use relts_print() when it is 60 seconds or more.

9 years agotcpdump now accepts SIGUSR1 as a signal to print the statistics on systems that does...
Kenichi Maehashi [Tue, 7 Feb 2012 13:16:19 +0000 (22:16 +0900)] 
tcpdump now accepts SIGUSR1 as a signal to print the statistics on systems that does not support SIGINFO

10 years agoMerge remote branch 'github/master'
Michael Richardson [Mon, 23 Jan 2012 19:10:51 +0000 (14:10 -0500)] 
Merge remote branch 'github/master'

10 years agoMerge branch 'master' of git+ssh://
Michael Richardson [Mon, 23 Jan 2012 19:10:40 +0000 (14:10 -0500)] 
Merge branch 'master' of git+ssh://

10 years agopermit -n flag to affect print-ip for protocol numbers
Michael Richardson [Mon, 23 Jan 2012 19:10:16 +0000 (14:10 -0500)] 
permit -n flag to affect print-ip for protocol numbers

10 years agoMerge pull request #4 from infrastation/master
Michael Richardson [Mon, 23 Jan 2012 19:02:41 +0000 (11:02 -0800)] 
Merge pull request #4 from infrastation/master

ND_OPT_ADVINTERVAL is in milliseconds, not seconds

10 years agoND_OPT_ADVINTERVAL is in milliseconds, not seconds
Denis Ovsienko [Thu, 29 Dec 2011 16:46:02 +0000 (20:46 +0400)] 
ND_OPT_ADVINTERVAL is in milliseconds, not seconds

RFC 6275 7.3. New Advertisement Interval Option Format

   Advertisement Interval

      32-bit unsigned integer.  The maximum time, in milliseconds,
      between successive unsolicited Router Advertisement messages sent
      by this router on this network interface.

10 years agoNote the length checks in the Babel printer.
Guy Harris [Mon, 19 Dec 2011 00:06:05 +0000 (16:06 -0800)] 
Note the length checks in the Babel printer.

10 years agoAdd length checks, use EXTRACT_16BITS().
Guy Harris [Mon, 19 Dec 2011 00:05:05 +0000 (16:05 -0800)] 
Add length checks, use EXTRACT_16BITS().

Use EXTRACT_16BITS() rather than a hand-rolled macro to extract
big-endian 16-bit quantities from the packet.

When processing the message, check against the body length *and* the UDP
payload length, as well as against the raw frame length.

10 years agoAdd the new PPPoE test files.
Guy Harris [Sat, 17 Dec 2011 19:41:33 +0000 (11:41 -0800)] 
Add the new PPPoE test files.

10 years agoMerge branch 'master' of git+ssh://
Guy Harris [Sat, 17 Dec 2011 19:38:33 +0000 (11:38 -0800)] 
Merge branch 'master' of git+ssh://

10 years agoMerge pull request #3 from bodgit/master
Michael Richardson [Mon, 12 Dec 2011 13:44:40 +0000 (05:44 -0800)] 
Merge pull request #3 from bodgit/master

Test case for PPPoE & RFC 4638 Payload Tag

10 years agoAdd simple PPPoE test case
Matt Dainty [Sun, 11 Dec 2011 01:57:56 +0000 (01:57 +0000)] 
Add simple PPPoE test case

10 years agoAdd changes in 4.2.1.
Guy Harris [Sat, 10 Dec 2011 01:31:08 +0000 (17:31 -0800)] 
Add changes in 4.2.1.

10 years agoMerge remote branch 'github/master'
Michael Richardson [Sat, 10 Dec 2011 01:04:11 +0000 (20:04 -0500)] 
Merge remote branch 'github/master'

10 years agoMerge pull request #2 from bodgit/master
Michael Richardson [Sat, 10 Dec 2011 01:01:15 +0000 (17:01 -0800)] 
Merge pull request #2 from bodgit/master

Teach PPPoE parser about RFC 4638

10 years agoTeach PPPoE parser about RFC 4638
Matt Dainty [Fri, 9 Dec 2011 20:46:27 +0000 (20:46 +0000)] 
Teach PPPoE parser about RFC 4638

10 years agoFix a typo (from the Red Hat tcpdump package) and use .LP.
Guy Harris [Fri, 9 Dec 2011 09:35:55 +0000 (01:35 -0800)] 
Fix a typo (from the Red Hat tcpdump package) and use .LP.

10 years agoGet rid of an unused variable.
Guy Harris [Fri, 9 Dec 2011 07:06:00 +0000 (23:06 -0800)] 
Get rid of an unused variable.

10 years agoFix a bunch of "sizeof(sizeof(XXX))".
Sascha Wildner [Wed, 7 Dec 2011 18:42:12 +0000 (10:42 -0800)] 
Fix a bunch of "sizeof(sizeof(XXX))".

In some places, there was one too many levels of sizeof() -
sizeof(sizeof(XXX)) is sizeof(size_t), but we wanted the size of type

Reviewed-By: Guy Harris <>
10 years agoAdd a CARP dissector and a command-line option to dissect proto 112 as CARP.
George Neville-Neil [Wed, 23 Nov 2011 19:53:13 +0000 (11:53 -0800)] 
Add a CARP dissector and a command-line option to dissect proto 112 as CARP.

CARP and VRRP both use IP protocol number 112, so there needs to be a -T
flag to specify that protocol 112 be dissected as CARP rather than VRRP.

Also update the man page.

10 years agoRedo length checks in ospf6_print_lsa().
Guy Harris [Fri, 14 Oct 2011 04:59:57 +0000 (21:59 -0700)] 
Redo length checks in ospf6_print_lsa().

Check to make sure we haven't run past the end of the LSA by doing
length checks - and be a bit fussier about length checks.  Do more
end-of-packet checks as well.

10 years agoConstify some arguments.
Guy Harris [Fri, 14 Oct 2011 04:49:18 +0000 (21:49 -0700)] 
Constify some arguments.