6 years agoSFLOW: Fix bounds checking tcpdump-4.4
Francois-Xavier Le Bail [Thu, 7 May 2015 15:54:32 +0000 (17:54 +0200)] 
SFLOW: Fix bounds checking

6 years agoFix the pointer tests in the non-ndoified TTEST2() macro as well.
Guy Harris [Mon, 2 Mar 2015 21:46:29 +0000 (13:46 -0800)] 
Fix the pointer tests in the non-ndoified TTEST2() macro as well.

6 years agoAC_TYPE_UINTPTR_T requires a newer autoconf.
Guy Harris [Mon, 2 Mar 2015 21:37:18 +0000 (13:37 -0800)] 
AC_TYPE_UINTPTR_T requires a newer autoconf.

6 years agoC compilers can, and some do, optimize away pointer underflow checks.
Guy Harris [Mon, 2 Mar 2015 21:25:12 +0000 (13:25 -0800)] 
C compilers can, and some do, optimize away pointer underflow checks.

Cast the pointers to uintptr_t; use AC_TYPE_UINTPTR_T to get uintptr_t
defined on older platforms that don't define it themselves.

6 years agoDon't run past the snaplength when printing a packet with a too-short LI.
Guy Harris [Sun, 1 Mar 2015 19:00:21 +0000 (11:00 -0800)] 
Don't run past the snaplength when printing a packet with a too-short LI.

Fixes GitHub issue #437.

7 years agoCheck not just the capture length but the on-the-network length.
Guy Harris [Tue, 6 Jan 2015 08:44:11 +0000 (00:44 -0800)] 
Check not just the capture length but the on-the-network length.

7 years agoDon't run past the snapshot length when doing hex/ASCII dumps.
Guy Harris [Thu, 23 Oct 2014 07:06:32 +0000 (00:06 -0700)] 
Don't run past the snapshot length when doing hex/ASCII dumps.

7 years agoDo bounds checking when unescaping PPP.
Guy Harris [Wed, 22 Oct 2014 19:31:21 +0000 (12:31 -0700)] 
Do bounds checking when unescaping PPP.

Clean up a const issue while we're at it.

7 years agoThe interval in an AODV HELLO extension is not aligned on a 4-byte boundary.
Guy Harris [Mon, 20 Jan 2014 03:19:22 +0000 (19:19 -0800)] 
The interval in an AODV HELLO extension is not aligned on a 4-byte boundary.

7 years agoDon't subtract the UDP header size from the length twice.
Guy Harris [Mon, 20 Oct 2014 18:34:24 +0000 (11:34 -0700)] 
Don't subtract the UDP header size from the length twice.

7 years agoUse the length field in the UDP header.
Guy Harris [Sun, 19 Oct 2014 20:42:00 +0000 (13:42 -0700)] 
Use the length field in the UDP header.

If it's less than the length of the IP payload, use it as the size of
the UDP packet.  If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.

7 years agoReport a too-long unreachable destination list.
Guy Harris [Wed, 12 Nov 2014 09:09:27 +0000 (01:09 -0800)] 
Report a too-long unreachable destination list.

Running out of packet length before running out of unreachable
destinations is an error; report it as such.

Don't worry about leftover data past the end of the list of unreachable

7 years agoNot using offsetof() any more, so no need for <stddef.h>.
Guy Harris [Wed, 12 Nov 2014 03:18:12 +0000 (19:18 -0800)] 
Not using offsetof() any more, so no need for <stddef.h>.

7 years agoFurther cleanups.
Guy Harris [Wed, 12 Nov 2014 03:05:48 +0000 (19:05 -0800)] 
Further cleanups.

Use ND_TCHECK() rather than home-brew bounds checks.  Do simpler length

Let i be the length of the actual remaining packet data; use ND_TCHECK()
inside loops that iterate over the remaining data.

Let the printers for particular message types cast the raw data pointer
to a pointer of the appropriate type, rather than passing two pointers,
with different types, to the same data.

7 years agoClean up error message printing.
Guy Harris [Wed, 12 Nov 2014 02:37:35 +0000 (18:37 -0800)] 
Clean up error message printing.

Have "struct aodv_rerr" just be the header, not including the actual

Simplify the logic somewhat, and make it similar in the print routines
for the three types of error messages.

7 years agoAdd initial bounds check, get rid of union aodv.
Guy Harris [Wed, 12 Nov 2014 01:24:12 +0000 (17:24 -0800)] 
Add initial bounds check, get rid of union aodv.

Fetch the type field without using a structure, and check to make sure
it's not past the end of the packet.

Pass to each dissection routine a pointer to the appropriate message
type structure, rather than a pointer to a union of all the message type

7 years agoDo more bounds checking and length checking.
Guy Harris [Wed, 12 Nov 2014 00:49:39 +0000 (16:49 -0800)] 
Do more bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

Also, stop dissecting if the message length isn't valid.

8 years agoFix potential (but not actual) buffer overflow risk.
Guy Harris [Wed, 31 Jul 2013 18:33:15 +0000 (11:33 -0700)] 
Fix potential (but not actual) buffer overflow risk.

The line buffer is 256 bytes long, so the name subfield in the line
can't be bigger than 256 bytes, but

1) somebody could make the line buffer bigger


2) this way the format item and buffer size match

so we'll do it anyway.

8 years agoFix possible buffer overflow while doing sscanf()
Jakub Zawadzki [Tue, 30 Jul 2013 21:18:55 +0000 (23:18 +0200)] 
Fix possible buffer overflow while doing sscanf()

MAXHOSTNAMELEN + 100 is only 164 which is less than 256 sscanf() buffer.
Fix it by increasing size of nambuf buffer.

8 years agoSome changes didn't make it into 4.4.0.
Guy Harris [Sun, 23 Jun 2013 01:02:43 +0000 (18:02 -0700)] 
Some changes didn't make it into 4.4.0.

Fix the CHANGES list by moving some changes that got in after the 4.4.0
release was made into a list for 4.4.1, and add some additional fixes to
that list.

8 years agonew test for DLT_IEEE802_11_RADIO w/ext. bitmap
Wim Torfs [Sun, 28 Apr 2013 13:11:38 +0000 (17:11 +0400)] 
new test for DLT_IEEE802_11_RADIO w/ext. bitmap

I modified the mac80211 and ath9k kernel module such that extra
information regarding rssi, etc are available, which is why I needed the
extra bitmap. Capturing the packets is simply a matter of using tcpdump
-i wlan0 -w dumpfile.

Test-file-not-changed-due-to-doing-pulls-in-the-wrong-order-by: Guy Harris <>
8 years agofix bug #303 (DLT_IEEE802_11_RADIO ext. bitmaps)
Denis Ovsienko [Sun, 28 Apr 2013 13:20:28 +0000 (17:20 +0400)] 
fix bug #303 (DLT_IEEE802_11_RADIO ext. bitmaps)

This bug was discovered and pinned down by Wim Torfs.

The code in question handles DLT_IEEE802_11_RADIO datalink type, which
consists of a variable-sized header, a variable number of fields and the
actual 802.11 frame. The integers contained in the fields are aligned,
properly extracting them is exactly the purpose of the existing "cpack"
module. The issue with the current code is that it sets alignment base
for cpack at the end of the variable-sized header, in other words,
64-bit integers would be properly extracted only so long as the header
is 64-bit long, which only happens when the total number of bitmaps in
it is odd (the minimum number of bitmaps is one). Once this condition
isn't met, as is with two bitmaps, decoding becomes incorrect. The
reporter's point that the alignment base must be the beginning of the
variable-sized header is accurate.

This commit adds a new cpack_advance() function to fast-forward the
"c_next" pointer of a cpack_state context by an arbitrary number of
octets. The ieee802_11_radio_print() function now uses it to skip the
header and all its bitmaps, and the alignment base is now the header

8 years agoFix error in my previous commit.
Guy Harris [Mon, 6 May 2013 22:53:35 +0000 (15:53 -0700)] 
Fix error in my previous commit.

8 years agoRename a variable to attempt to fix an AIX compile error.
Guy Harris [Mon, 6 May 2013 02:52:14 +0000 (19:52 -0700)] 
Rename a variable to attempt to fix an AIX compile error.

On AIX 5.1, at least when compiling with xlc, the statement

       struct mp_remove_addr *rem_addr = (struct mp_remove_addr *) opt;

gets a complaint "Syntax error: possible missing '{'?"

"/usr/include/sys/xmem.h" #defines rem_addr; I've no idea whether we're
indirectly including that, but maybe we are and maybe that's causing the

8 years agoNot all platforms on which we compile define PRI[doux]16.
Guy Harris [Mon, 6 May 2013 02:47:48 +0000 (19:47 -0700)] 
Not all platforms on which we compile define PRI[doux]16.

So don't use it; it's not necessary on any of the platforms on which we
work.  (The *only* ones that are needed are PRI[doux]64, because
sometimes you need %ll[doux], sometimes you need %l[doux], and with MSVC
you need whatever its run-time library requires.)

8 years ago.gitignore: add autom4te.cache/
fxlb [Fri, 26 Apr 2013 07:58:21 +0000 (09:58 +0200)] 
.gitignore: add autom4te.cache/

8 years agounset executable bit on a few .h and .c files
Denis Ovsienko [Sat, 20 Apr 2013 05:46:43 +0000 (09:46 +0400)] 
unset executable bit on a few .h and .c files

8 years agofix year for 4.3.0 in CHANGES
Denis Ovsienko [Sat, 20 Apr 2013 05:40:48 +0000 (09:40 +0400)] 
fix year for 4.3.0 in CHANGES

8 years agoFix off-by-one error in print-rx.c
Denis Ovsienko [Fri, 19 Apr 2013 17:38:11 +0000 (21:38 +0400)] 
Fix off-by-one error in print-rx.c

Avoid dereferencing rx_cache[RX_CACHE_SIZE], which is one past the last
valid element.

(This fixes SF bug 3599633 / GH bug 287. I could not identify the name
or email address of the original contributor. -- Denis)

8 years agoAvoid bitfields, unaligned accesses, packed structures, and PRI[ux]{16,32}.
Guy Harris [Mon, 6 May 2013 01:52:54 +0000 (18:52 -0700)] 
Avoid bitfields, unaligned accesses, packed structures, and PRI[ux]{16,32}.

Bitfields are not one of C's shining points.  There is *NO* guarantee in
what order bitfields are put within a structure - it's *NOT* necessarily
the same as the byte order of the machine, and it's *ESPECIALLY* not
guaranteed to be correlated with the value of the LBL_ALIGN definition
(that definition has to do with whether unaligned accesses are supported
by the hardware).  In addition, even if they're declared as unsigned,
that doesn't mean they're guaranteed to *be* unsigned.  Don't use them.

Unaligned accesses are not guaranteed to work, and fields in packets are
not guaranteed to be naturally aligned.  Use the EXTRACT_nBITS() macros.

__attribute((packed))__ is a GCCism, and is not guaranteed to be
supported by all compilers with which tcpdump can be compiled.  Make
integral fields > 1 byte arrays of u_int8_t's (which also lets us avoid
the & in the EXTRACT_nBITS() macros).

Some systems don't define the PRI[doux]16 and PRI[doux]32 macros, and
others define them infelicitously (i.e., for PRI[doux]32, with an "l";
our 32-bit integer types are *not* longs, as we don't care about
16-bit-"int" platforms).

8 years agoFix some compiler warnings from the previous checkin.
Guy Harris [Mon, 6 May 2013 01:31:48 +0000 (18:31 -0700)] 
Fix some compiler warnings from the previous checkin.

8 years agoFix MPTCP support
Gregory Detal [Wed, 17 Apr 2013 14:05:21 +0000 (16:05 +0200)] 
Fix MPTCP support

 * option length check
 * option type and TCP flags check
 * more information printed

Signed-off-by: Gregory Detal <>
8 years agoPut mptcp.h into the release tarball.
Guy Harris [Sun, 5 May 2013 22:51:57 +0000 (15:51 -0700)] 
Put mptcp.h into the release tarball.

8 years agoPoint people to the the-tcpdump-group repositories, not the mcr repositories.
Guy Harris [Tue, 16 Apr 2013 04:09:24 +0000 (21:09 -0700)] 
Point people to the the-tcpdump-group repositories, not the mcr repositories.

We've created a the-tcpdump-group organization on GitHub, and created
repositories for libpcap and tcpdump, owned by them.  Those are now the
"official" GitHub locations for repositories from which to clone or
against which to file issues/pull requests.

8 years agoFix some compiler warnings.
Guy Harris [Mon, 15 Apr 2013 00:21:19 +0000 (17:21 -0700)] 
Fix some compiler warnings.

Some of those warnings are real bugs - some routines whose callers
expected them to return values weren't returning values.

8 years agoadded Ruben
Michael Richardson [Sun, 14 Apr 2013 22:13:17 +0000 (18:13 -0400)] 
added Ruben

8 years agoimprove ZeroMQ support (ZMTP/1.0 inside PGM/EPGM)
Denis Ovsienko [Thu, 14 Mar 2013 17:59:38 +0000 (21:59 +0400)] 
improve ZeroMQ support (ZMTP/1.0 inside PGM/EPGM)

This change adds new code to decode ZeroMQ datagrams, couples it with
the PGM decoder and extends the -T option to make all this work.

There are two new test cases based on existing captures of ZMTP/1.0
inside [E]PGM to decode the ZMTP/1.0 part of these.

This functionality enables decoding of the traffic zeromq library
produces for "pgm://" and "epgm://" protocol schemas.

8 years agouse existing PGM decoder for UDP-encapsulated PGM
Denis Ovsienko [Thu, 14 Mar 2013 17:17:53 +0000 (21:17 +0400)] 
use existing PGM decoder for UDP-encapsulated PGM

The original PGM uses its own IP protocol number. "EPGM" or "PGM/UDP"
stands for UDP-encapsulated PGM, which has no assigned UDP port number
and can be decoded only by means of -T option, which now accepts "pgm"
protocol type for this purpose. There is also a sample capture of EPGM
now (similar to the one of native PGM, but produced using the "epgm://"
protocol schema) and a respective test case.

8 years agoadd a test case for native PGM
Denis Ovsienko [Thu, 14 Mar 2013 16:24:22 +0000 (20:24 +0400)] 
add a test case for native PGM

This commit adds a capture of a few PGM (IP protocol 113) packets
produced with version 2.2.0 of zeromq library built with PGM support
(using the "pgm://" protocol schema). Each of the three ODATA packets in
the capture contains a ZeroMQ datagram in the "Data" (application data)
field. There is a new test case covering the PGM part of the capture.

8 years agofix two issues with PGM length handling
Denis Ovsienko [Thu, 14 Mar 2013 15:58:51 +0000 (19:58 +0400)] 
fix two issues with PGM length handling

1. "TSDU Length" comes in network byte order on wire, add missing macro.

2. The (unused) justification of the number of bytes on wire wasn't
correct because one side of the comparison included header size and
another didn't (note the byte order as well). Besides that, the value of
TSDU Length was already output thus far. Don't justify the number of
bytes on wire and change the final printf() to make a use of it.

8 years agofix two printf format strings
Denis Ovsienko [Thu, 14 Mar 2013 15:57:59 +0000 (19:57 +0400)] 
fix two printf format strings

8 years agoChange C++ style comments to C style comments
fxlb [Fri, 12 Apr 2013 16:07:50 +0000 (18:07 +0200)] 
Change C++ style comments to C style comments

8 years agouse macros for VAT and WB port numbers
Denis Ovsienko [Wed, 3 Apr 2013 11:08:17 +0000 (15:08 +0400)] 
use macros for VAT and WB port numbers

8 years agoMultipath TCP (RFC 6824) support
Gregory Detal [Mon, 25 Feb 2013 16:00:02 +0000 (17:00 +0100)] 
Multipath TCP (RFC 6824) support

This commit adds the support of Multipath TCP (MPTCP). MPTCP is a new
extension to TCP standardized at the IETF. MPTCP allows to use several IP
addresses at the same time by distributing data across several subflows (TCP
connections) while still presenting the standard TCP socket API to the
application. Its benefits are better resource utilization, better throughput
and smoother reaction to failures.

8 years agoIf we get SIGCHLD, restart whatever system call it interrupted.
Alexandra Kossovsky [Sun, 14 Apr 2013 18:57:56 +0000 (11:57 -0700)] 
If we get SIGCHLD, restart whatever system call it interrupted.

When compressing output with -z, we do so by creating a child process to
run gzip and pipe to it, and we catch SIGCHLD to clean up after the
child process.  We don't want the SIGCHLD to show up as an "Interrupted
system call" error, so we specify that SIGCHLD should restart, rather
than interrupting, system calls.

8 years agoThere's another Cisco-private encapsulation of BPDUs.
Guy Harris [Sun, 14 Apr 2013 01:45:19 +0000 (18:45 -0700)] 
There's another Cisco-private encapsulation of BPDUs.

At least according to the Wireshark STP dissector, SNAP frames with the
Cisco OUI and a PID of 0x010c contain BPDUs, for "VLAN Bridge".

8 years agoNote that we fixed the IPv6 check for Solaris.
Guy Harris [Sat, 6 Apr 2013 21:11:29 +0000 (14:11 -0700)] 
Note that we fixed the IPv6 check for Solaris.

8 years agoCheck for extra networking libraries before checking for IPv6.
Guy Harris [Sat, 6 Apr 2013 20:03:58 +0000 (13:03 -0700)] 
Check for extra networking libraries before checking for IPv6.

On some platforms, such as SunOS 5.x, building the "do we have IPv6
support?" test program requires the extra networking libraries, so we
need to know what extra networking libraries are required before doing
that test.

8 years agoAdd tests for wrong agent-id
Ruben Kerkhof [Fri, 22 Mar 2013 13:15:35 +0000 (14:15 +0100)] 
Add tests for wrong agent-id

8 years agofix function 'msnlb_print', unused parameter 'length'
fxlb [Fri, 15 Mar 2013 16:19:26 +0000 (17:19 +0100)] 
fix function 'msnlb_print', unused parameter 'length'

8 years agoprint-sflow.c: print agent_id instead of samples
Ruben Kerkhof [Mon, 18 Mar 2013 18:10:35 +0000 (19:10 +0100)] 
print-sflow.c: print agent_id instead of samples

8 years agoStop reading multiple files properly on cleanup.
Wesley Shields [Thu, 28 Mar 2013 02:28:11 +0000 (22:28 -0400)] 
Stop reading multiple files properly on cleanup.

Prior to this if pcap_breakloop() is called in cleanup() while reading
multiple files (via -V) the code would fall through and open the next
file in the list. With this change the list is cut short and the program
exits normally.

8 years agoDon't print the SPB stuff in non-verbose mode.
Guy Harris [Wed, 27 Mar 2013 08:18:58 +0000 (01:18 -0700)] 
Don't print the SPB stuff in non-verbose mode.

Before the previous change, we didn't print it; restore that behavior.

Also update a comment - DEFAULT_SNAPLEN is now pretty large, so we
should capture the entire packet by default.

8 years agoGet rid of declarations in the middle of code; they're not valid C.
Gisle Vanem [Tue, 26 Mar 2013 17:34:33 +0000 (10:34 -0700)] 
Get rid of declarations in the middle of code; they're not valid C.

Reviewed-By: Guy Harris <>
8 years agoFix handling of V3 and V4 BPDUs.
Guy Harris [Tue, 26 Mar 2013 09:35:14 +0000 (02:35 -0700)] 
Fix handling of V3 and V4 BPDUs.

Make the offsets and lengths 32-bit, so that they don't overflow.

Pull the handling of V4 fields into its own routine.  Call it only if
the packet's been identified as a V4 packet and the length is sane; call
the routine to handle V3 fields before we do any V4 work.

8 years agoDeclare vxlan_print() and otv_print() in interface.h, and fix its definition.
Guy Harris [Tue, 26 Mar 2013 09:03:32 +0000 (02:03 -0700)] 
Declare vxlan_print() and otv_print() in interface.h, and fix its definition.

They doesn't use their third argument, and they aren't being passed a
third argument, so get rid of that argument.

8 years agoWe don't define PRIu8 or PRIx8 if the C environment doesn't; don't use it.
Guy Harris [Tue, 26 Mar 2013 09:01:31 +0000 (02:01 -0700)] 
We don't define PRIu8 or PRIx8 if the C environment doesn't; don't use it.

The right format to use to print 8-bit quantities isn't
implementation-dependent, so no need to use the PRIu8 and PRIx8 macros.

There's also no need for an empty string after PRIu64.  Separate it with
space from the strings with which it's being concatenated, however; we
do that elsewhere.

8 years agoAdd some additional changes.
Guy Harris [Tue, 26 Mar 2013 08:21:46 +0000 (01:21 -0700)] 
Add some additional changes.

8 years agoupdated for version 4.4
Michael Richardson [Thu, 21 Feb 2013 03:56:42 +0000 (22:56 -0500)] 
updated for version 4.4

8 years agoPoint people to GitHub rather than Sourceforge for bug reports/patches/etc.
Guy Harris [Fri, 15 Mar 2013 19:27:28 +0000 (12:27 -0700)] 
Point people to GitHub rather than Sourceforge for bug reports/patches/etc.

8 years agoMerge pull request #54 from ffatghub/master
Michael Richardson [Tue, 26 Feb 2013 17:49:25 +0000 (09:49 -0800)] 
Merge pull request #54 from ffatghub/master

Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03)

8 years ago- Add support for OTV (draft-hasmit-otv-04).
Francesco Fondelli [Tue, 26 Feb 2013 12:44:11 +0000 (13:44 +0100)] 
- Add support for OTV (draft-hasmit-otv-04).
- Use the packettype infrastructure (-T vxlan) for VXLAN parsing (waiting for a well known dest port)

8 years agoMerge remote-tracking branch 'upstream/master'
Francesco Fondelli [Mon, 25 Feb 2013 17:12:33 +0000 (18:12 +0100)] 
Merge remote-tracking branch 'upstream/master'

8 years agoAdd support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03)
Francesco Fondelli [Mon, 25 Feb 2013 16:56:44 +0000 (17:56 +0100)] 
Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03)

8 years agoMerge pull request #51 from orebokech/msnlb-printer
Michael Richardson [Mon, 25 Feb 2013 15:26:26 +0000 (07:26 -0800)] 
Merge pull request #51 from orebokech/msnlb-printer

Add MS NLB heartbeat ethertype, a basic printer, and 2 test files

8 years agoMerge pull request #52 from fenner/master
Michael Richardson [Mon, 25 Feb 2013 15:25:33 +0000 (07:25 -0800)] 
Merge pull request #52 from fenner/master

An IGMPv3 test case, and an MP-BGP nexthop fix

8 years agoAdd two MS NLB test captures
Romain Francoise [Sat, 23 Feb 2013 17:50:06 +0000 (18:50 +0100)] 
Add two MS NLB test captures

msnlb1.pcap contains two heartbeat packets from a single cluster (two
nodes). msnlb2.pcap is the same capture with a lower snaplen to exercice
the truncation code path.

8 years agoAdd MS NLB heartbeat ethertype, as well as a basic printer
Romain Francoise [Sat, 23 Feb 2013 17:48:52 +0000 (18:48 +0100)] 
Add MS NLB heartbeat ethertype, as well as a basic printer

The protocol is undocumented but Wireshark extracts some useful bits of
info from the packet, so it was used as a reference.

8 years agoMerge branch 'master' of git://
Bill Fenner [Fri, 22 Feb 2013 19:51:33 +0000 (11:51 -0800)] 
Merge branch 'master' of git://


8 years agomake list of all relevant files in tests/ rather than explicitly list them
Michael Richardson [Fri, 22 Feb 2013 16:29:16 +0000 (11:29 -0500)] 
make list of all relevant files in tests/ rather than explicitly list them

8 years agorename file to single case version
Michael Richardson [Fri, 22 Feb 2013 16:05:19 +0000 (11:05 -0500)] 
rename file to single case version

8 years agoMerge pull request #48 from alagoutte/master
Michael Richardson [Wed, 13 Feb 2013 00:26:02 +0000 (16:26 -0800)] 
Merge pull request #48 from alagoutte/master

Update to final draft : RFC6810

8 years agoMerge pull request #49 from ajithadapa/master
Michael Richardson [Wed, 13 Feb 2013 00:25:18 +0000 (16:25 -0800)] 
Merge pull request #49 from ajithadapa/master

Support SPB BPDUv4 version

8 years agoMerge pull request #50 from infrastation/master
Michael Richardson [Wed, 13 Feb 2013 00:23:40 +0000 (16:23 -0800)] 
Merge pull request #50 from infrastation/master

8 years agoZeroMQ initial support (ZMTP/1.0 framing)
Denis Ovsienko [Sat, 9 Feb 2013 13:36:24 +0000 (17:36 +0400)] 
ZeroMQ initial support (ZMTP/1.0 framing)

This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol
1.0) framing in TCP packets, as defined in
and implemented in zeromq library.

Since there is no assigned port number for ZeroMQ, the user is left
responsible for making only the related TCP packets captured and
enforcing ZMTP/1.0 decoding through the "-T zmtp1" option.

Each ZMTP/1.0 frame of a packet will produce a single additional line of
output. The "-v" flag will add up to 8 lines (128 bytes) worth of
hex+ASCII dump of the frame body, and "-vv" and higher will dump the
full frame body, however long.

Beware that this code handles neither IP fragmentation nor TCP
segmentation and will incorrectly decode segments not starting at a
frame boundary.

The included sample capture stands for a short ZeroMQ session between a
REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced
using version 2.1.9 of zeromq library patched to fix its bug #293, so
that all MBZ bits of the flags field are set to 0.

8 years agofix some PT_* macros indentation with tabs
Denis Ovsienko [Sat, 9 Feb 2013 08:08:34 +0000 (12:08 +0400)] 
fix some PT_* macros indentation with tabs

8 years agoFixes-for-test-results
Ajith Adapa [Thu, 7 Feb 2013 05:37:29 +0000 (11:07 +0530)] 

8 years agoMerge remote branch 'upstream/master'
Ajith Adapa [Thu, 7 Feb 2013 05:24:02 +0000 (10:54 +0530)] 
Merge remote branch 'upstream/master'

8 years agoUpdate to the final draft of RPKI-Router Protocol (RFC6810)
Alexis La Goutte [Mon, 4 Feb 2013 17:02:46 +0000 (18:02 +0100)] 
Update to the final draft of RPKI-Router Protocol (RFC6810)
* Cache_nonce => session_id

Remove some whitespaces

8 years agoThe port for RPKI-RTR (RFC6810) is now official (TCP Port 323)
Alexis La Goutte [Mon, 4 Feb 2013 13:41:52 +0000 (14:41 +0100)] 
The port for RPKI-RTR (RFC6810) is now official (TCP Port 323)

8 years agoMerge pull request #47 from Tilka/master
Michael Richardson [Thu, 24 Jan 2013 20:02:10 +0000 (12:02 -0800)] 
Merge pull request #47 from Tilka/master

Nit-picky whitespace fix

9 years agoAdd some MLDv2 test packets
Tillmann Karras [Sat, 19 Jan 2013 07:53:37 +0000 (08:53 +0100)] 
Add some MLDv2 test packets

The added packets are: a join, a regular query and reply, and a leave.

9 years agoFix display of MLDv2 queries
Tillmann Karras [Fri, 18 Jan 2013 01:23:33 +0000 (02:23 +0100)] 
Fix display of MLDv2 queries

9 years agoIf we don't have IPv6 address support, don't try to print IPv6 addresses.
Guy Harris [Mon, 24 Dec 2012 11:13:23 +0000 (03:13 -0800)] 
If we don't have IPv6 address support, don't try to print IPv6 addresses.

9 years agoMerge branch 'master' of git+ssh://
Guy Harris [Tue, 11 Dec 2012 23:38:29 +0000 (15:38 -0800)] 
Merge branch 'master' of git+ssh://

9 years agoLBL moved the old NRG stuff to an "old" directory. Update the URL.
Guy Harris [Tue, 11 Dec 2012 23:36:40 +0000 (15:36 -0800)] 
LBL moved the old NRG stuff to an "old" directory.  Update the URL.

9 years agoMerge pull request #46 from fxlb/master
Michael Richardson [Thu, 6 Dec 2012 13:43:26 +0000 (05:43 -0800)] 
Merge pull request #46 from fxlb/master

print-dhcp6.c: update of the references RFC with their titles

9 years agoprint-dhcp6.c: update of the references RFC with their titles
fxlb [Wed, 5 Dec 2012 14:46:29 +0000 (15:46 +0100)] 
print-dhcp6.c: update of the references RFC with their titles

9 years agoMerge pull request #45 from fxlb/master
Michael Richardson [Tue, 4 Dec 2012 15:22:30 +0000 (07:22 -0800)] 
Merge pull request #45 from fxlb/master

.gitignore: add failure-outputs.txt

9 years ago.gitignore: add failure-outputs.txt
fxlb [Mon, 3 Dec 2012 10:43:03 +0000 (11:43 +0100)] 
.gitignore: add failure-outputs.txt

9 years agoMerge pull request #39 from wxsBSD/master
Michael Richardson [Mon, 3 Dec 2012 00:59:39 +0000 (16:59 -0800)] 
Merge pull request #39 from wxsBSD/master

Document -V flag.

9 years agoMerge pull request #42 from fxlb/master
Michael Richardson [Mon, 3 Dec 2012 00:59:24 +0000 (16:59 -0800)] 
Merge pull request #42 from fxlb/master

print-dhcp6.c: Fix bugs in IA_NA, IA_PD, IA_TA, IA_ADDR and IA_PD_PREFIX option cases; Add TCHECK(*dh6o) in dhcp6opt_print()

9 years agoMerge pull request #44 from msabramo/travis_build_libpcap
Michael Richardson [Mon, 3 Dec 2012 00:58:50 +0000 (16:58 -0800)] 
Merge pull request #44 from msabramo/travis_build_libpcap

.travis.yml: Do 2 Travis CI builds; one with building our own libpcap and one with just using libpcap-dev from apt-get.

9 years ago.travis.yml: Do 2 Travis CI builds; one with building our own libpcap
Marc Abramowitz [Sun, 2 Dec 2012 01:14:43 +0000 (17:14 -0800)] 
.travis.yml: Do 2 Travis CI builds; one with building our own libpcap
and one with just using libpcap-dev from apt-get.

9 years agoMerge pull request #43 from msabramo/travis_build_libpcap
Michael Richardson [Sat, 1 Dec 2012 21:01:49 +0000 (13:01 -0800)] 
Merge pull request #43 from msabramo/travis_build_libpcap

.travis.yml: Build a fresh version of libpcap from

9 years agoGet rid of unnecessary assignment.
Guy Harris [Fri, 30 Nov 2012 20:49:51 +0000 (12:49 -0800)] 
Get rid of unnecessary assignment.

checksum isn't used until it's set later.

9 years agoGet rid of unnecessary initialization.
Guy Harris [Fri, 30 Nov 2012 20:47:33 +0000 (12:47 -0800)] 
Get rid of unnecessary initialization.

v is set to p later in a loop, and isn't used until then.

9 years ago.travis.yml: Build a fresh version of libpcap from
Marc Abramowitz [Fri, 30 Nov 2012 18:45:44 +0000 (10:45 -0800)] 
.travis.yml: Build a fresh version of libpcap from

9 years agoSquelch some warnings, and add some comments to clarify the code path.
Guy Harris [Fri, 30 Nov 2012 09:16:53 +0000 (01:16 -0800)] 
Squelch some warnings, and add some comments to clarify the code path.

9 years agoFix some more NAME_MAX->PATH_MAX and make some routines static.
Guy Harris [Fri, 30 Nov 2012 07:39:43 +0000 (23:39 -0800)] 
Fix some more NAME_MAX->PATH_MAX and make some routines static.