6 years agoSFLOW: Fix bounds checking tcpdump-4.5
Francois-Xavier Le Bail [Thu, 7 May 2015 15:54:32 +0000 (17:54 +0200)] 
SFLOW: Fix bounds checking

6 years agoFix the pointer tests in the non-ndoified TTEST2() macro as well.
Guy Harris [Mon, 2 Mar 2015 21:46:29 +0000 (13:46 -0800)] 
Fix the pointer tests in the non-ndoified TTEST2() macro as well.

6 years agoC compilers can, and some do, optimize away pointer underflow checks.
Guy Harris [Mon, 2 Mar 2015 21:25:12 +0000 (13:25 -0800)] 
C compilers can, and some do, optimize away pointer underflow checks.

Cast the pointers to uintptr_t; use AC_TYPE_UINTPTR_T to get uintptr_t
defined on older platforms that don't define it themselves.

6 years agoDon't run past the snaplength when printing a packet with a too-short LI.
Guy Harris [Sun, 1 Mar 2015 19:00:21 +0000 (11:00 -0800)] 
Don't run past the snaplength when printing a packet with a too-short LI.

Fixes GitHub issue #437.

7 years agoCheck not just the capture length but the on-the-network length.
Guy Harris [Tue, 6 Jan 2015 08:44:11 +0000 (00:44 -0800)] 
Check not just the capture length but the on-the-network length.

7 years agoDon't run past the snapshot length when doing hex/ASCII dumps.
Guy Harris [Thu, 23 Oct 2014 07:06:32 +0000 (00:06 -0700)] 
Don't run past the snapshot length when doing hex/ASCII dumps.

7 years agoDon't run past the snapshot length when doing hex/ASCII dumps.
Guy Harris [Thu, 23 Oct 2014 07:06:32 +0000 (00:06 -0700)] 
Don't run past the snapshot length when doing hex/ASCII dumps.

7 years agoDo bounds checking when unescaping PPP.
Guy Harris [Wed, 22 Oct 2014 19:31:21 +0000 (12:31 -0700)] 
Do bounds checking when unescaping PPP.

Clean up a const issue while we're at it.

7 years agoDon't subtract the UDP header size from the length twice.
Guy Harris [Mon, 20 Oct 2014 18:34:24 +0000 (11:34 -0700)] 
Don't subtract the UDP header size from the length twice.

7 years agoUse the length field in the UDP header.
Guy Harris [Sun, 19 Oct 2014 20:42:00 +0000 (13:42 -0700)] 
Use the length field in the UDP header.

If it's less than the length of the IP payload, use it as the size of
the UDP packet.  If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.

7 years agoReport a too-long unreachable destination list.
Guy Harris [Wed, 12 Nov 2014 09:09:27 +0000 (01:09 -0800)] 
Report a too-long unreachable destination list.

Running out of packet length before running out of unreachable
destinations is an error; report it as such.

Don't worry about leftover data past the end of the list of unreachable

7 years agoNot using offsetof() any more, so no need for <stddef.h>.
Guy Harris [Wed, 12 Nov 2014 03:18:12 +0000 (19:18 -0800)] 
Not using offsetof() any more, so no need for <stddef.h>.

7 years agoFurther cleanups.
Guy Harris [Wed, 12 Nov 2014 03:05:48 +0000 (19:05 -0800)] 
Further cleanups.

Use ND_TCHECK() rather than home-brew bounds checks.  Do simpler length

Let i be the length of the actual remaining packet data; use ND_TCHECK()
inside loops that iterate over the remaining data.

Let the printers for particular message types cast the raw data pointer
to a pointer of the appropriate type, rather than passing two pointers,
with different types, to the same data.

7 years agoClean up error message printing.
Guy Harris [Wed, 12 Nov 2014 02:37:35 +0000 (18:37 -0800)] 
Clean up error message printing.

Have "struct aodv_rerr" just be the header, not including the actual

Simplify the logic somewhat, and make it similar in the print routines
for the three types of error messages.

7 years agoAdd initial bounds check, get rid of union aodv.
Guy Harris [Wed, 12 Nov 2014 01:24:12 +0000 (17:24 -0800)] 
Add initial bounds check, get rid of union aodv.

Fetch the type field without using a structure, and check to make sure
it's not past the end of the packet.

Pass to each dissection routine a pointer to the appropriate message
type structure, rather than a pointer to a union of all the message type

7 years agoDo more bounds checking and length checking.
Guy Harris [Wed, 12 Nov 2014 00:49:39 +0000 (16:49 -0800)] 
Do more bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

Also, stop dissecting if the message length isn't valid.

7 years agoDo bounds checking and length checking.
Guy Harris [Tue, 11 Nov 2014 23:51:54 +0000 (15:51 -0800)] 
Do bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

7 years agoDo a bunch more length checking.
Guy Harris [Sun, 16 Feb 2014 22:39:57 +0000 (14:39 -0800)] 
Do a bunch more length checking.

Make sure we don't run past the end of the packet or, when processing
the packet header, run past the end of the header.

7 years agofix partial checksum errors in DCCP decoder, IPv6 case
Francois-Xavier Le Bail [Sun, 16 Feb 2014 17:29:37 +0000 (18:29 +0100)] 
fix partial checksum errors in DCCP decoder, IPv6 case

7 years agoMerge pull request #364 from fxlb/dccp
Guy Harris [Sun, 16 Feb 2014 10:31:38 +0000 (02:31 -0800)] 
Merge pull request #364 from fxlb/dccp

DCCP tests: more verbosity (from -v to -vv)

7 years agoFetch the sequence number the way we fetch the acknowledgment number.
Guy Harris [Sun, 16 Feb 2014 10:21:28 +0000 (02:21 -0800)] 
Fetch the sequence number the way we fetch the acknowledgment number.

Fetch 24 bits if the X bit isn't set, 48 bits if it is, using the
appropriate EXTRACT_ macros.

We do this with "struct dccp_hdr" being a header structure with a 24-bit
sequence number and "struct dccp_hdr_ext" being a header structure with
a 48-bit sequence number.

7 years agoUse an 8-octet array when the ACK field is always 8 octets.
Guy Harris [Sun, 16 Feb 2014 09:42:30 +0000 (01:42 -0800)] 
Use an 8-octet array when the ACK field is always 8 octets.

Get rid of "struct dccp_hdr_ack_bits" while we're at it.

7 years agoGet rid of unused function.
Guy Harris [Sun, 16 Feb 2014 09:20:48 +0000 (01:20 -0800)] 
Get rid of unused function.

7 years agoAdd {40,48,56}-bit big-endian extract macros and use them for DCCP ACKs.
Guy Harris [Sun, 16 Feb 2014 04:37:28 +0000 (20:37 -0800)] 
Add {40,48,56}-bit big-endian extract macros and use them for DCCP ACKs.

Add macros to, given an octet pointer, extract 40-bit, 48-bit, and
56-bit big-endian numbers from the location pointed to by that pointer,
and use them when extracting ACK numbers from DCCP packets.  This fixes
problems on big-endian(!) machines.

7 years agoMark structures with UNALIGNED.
Guy Harris [Sun, 16 Feb 2014 04:01:06 +0000 (20:01 -0800)] 
Mark structures with UNALIGNED.

Maybe this will fix the crashes that appear to be occurring on the buildbot; it's building with Sun/Oracle C, not GCC, but it's
at least worth a try.

7 years agofix partial checksum errors in DCCP decoder, IPv4 case
Francois-Xavier Le Bail [Sat, 15 Feb 2014 11:32:44 +0000 (12:32 +0100)] 
fix partial checksum errors in DCCP decoder, IPv4 case

7 years agoprint-pptp: add a missing break
Denis Ovsienko [Mon, 10 Feb 2014 13:23:58 +0000 (17:23 +0400)] 
print-pptp: add a missing break

7 years agoprint-pptp: pptp_result_code_print(): badly placed break
Francois-Xavier Le Bail [Mon, 10 Feb 2014 12:43:14 +0000 (13:43 +0100)] 
print-pptp: pptp_result_code_print(): badly placed break

7 years agoSupport -Q for setting the capture direction.
Guy Harris [Mon, 3 Feb 2014 10:20:44 +0000 (02:20 -0800)] 
Support -Q for setting the capture direction.

Also warn with -P that -Q should be used instead, as -P will be used in
the future for writing pcap-ng files (that's what the OS X tcpdump uses,
starting in Mountain Lion).

7 years agoClean up the TLV processing loop.
Guy Harris [Mon, 3 Feb 2014 10:14:24 +0000 (02:14 -0800)] 
Clean up the TLV processing loop.

We want to process TLVs until we run out of data, so make the main loop
condition "length > 0".  Break out of the loop if we see an

Add in a bunch of length checks, and make those and existing length
checks report "[|nflog]".

7 years agoWith -A and -AA, don't send CRs to the standard output.
Guy Harris [Mon, 3 Feb 2014 08:01:56 +0000 (00:01 -0800)] 
With -A and -AA, don't send CRs to the standard output.

They don't belong on the ends of lines on UN*X, and the standard I/O
library will give us one at the end of the line on Windows so they're
not needed there.  In the middle of a line, just print a ".".

7 years agoUse the new libpcap <pcap/nflog.h> for NFLOG definitions and declarations.
Guy Harris [Mon, 3 Feb 2014 04:14:26 +0000 (20:14 -0800)] 
Use the new libpcap <pcap/nflog.h> for NFLOG definitions and declarations.

Use the header file for information about LINKTYPE_NFLOG files.

Don't build the NFLOG printer if we don't have that header file.

Fix some checks for pcap/XXX.h header files to look for
"tcpdump-stdinc.h" rather than <tcpdump-stdinc.h>, so that we don't fail
to find that header.

7 years agoDo our own isascii(), isprint(), isgraph(), and toascii().
Guy Harris [Sun, 2 Feb 2014 23:17:06 +0000 (15:17 -0800)] 
Do our own isascii(), isprint(), isgraph(), and toascii().

We do *not* want the behavior of isprint() and isgraph() to be
locale-dependent - we want both of them to return "true" only for ASCII

We have to do our own isascii() and toascii() on non-UN*X systems
anyway, so let's just do all of them ourselves.

7 years agoFix a compiler warning.
Guy Harris [Sat, 1 Feb 2014 22:08:25 +0000 (14:08 -0800)] 
Fix a compiler warning.

It's not necessarily safe to do pre-increment or post-increment in an
argument to an EXTRACT_ macro.

7 years agoDon't use the __attribute__((packed)) on most platforms.
Guy Harris [Sat, 1 Feb 2014 22:02:17 +0000 (14:02 -0800)] 
Don't use the __attribute__((packed)) on most platforms.

It won't necessarily work with non-GCC-compatible compilers, so use it
only on GCC-compatible compilers.

Even with some GCC-compatible compilers (such as, err, umm, GCC), it
doesn't do the right thing on some platforms, e.g. 64-bit SPARC, where
the compiler generates code that assumes alignment even when using it.
The only platforms I know of where an unaligned big-endian load can be
done better than by loading bytes and shifting-and-ORing them together
are MIPS and possibly Alpha, so only do it there.

8 years agoThe interval in an AODV HELLO extension is not aligned on a 4-byte boundary.
Guy Harris [Mon, 20 Jan 2014 03:19:22 +0000 (19:19 -0800)] 
The interval in an AODV HELLO extension is not aligned on a 4-byte boundary.

8 years agoAs with memcpy, so with memcmp.
Guy Harris [Sat, 18 Jan 2014 20:42:15 +0000 (12:42 -0800)] 
As with memcpy, so with memcmp.

8 years agoMore UNALIGNED_MEM{CPY,CMP} on IP addresses.
Guy Harris [Sat, 18 Jan 2014 20:13:57 +0000 (12:13 -0800)] 
More UNALIGNED_MEM{CPY,CMP} on IP addresses.

8 years agoAnother case where UNALIGNED_MEMCPY() is probably necessary.
Guy Harris [Sat, 18 Jan 2014 20:09:45 +0000 (12:09 -0800)] 
Another case where UNALIGNED_MEMCPY() is probably necessary.

It was necessary in other cases where we copied IP addresses from the IP
header, so it's probably necessary here as well.

8 years agoNo need for casting back and forth.
Guy Harris [Sat, 18 Jan 2014 20:06:36 +0000 (12:06 -0800)] 
No need for casting back and forth.

That might also convince the compiler that it can "helpfully" optimize
the copy into something that assumes 4-byte alignment, which we don't
want it to do on platforms where the optimized code will trap if the IP
header *isn't* aligned on a 4-byte boundary, given that there's no
guarantee that it *is* aligned on a 4-byte boundary.

8 years agoOnly do the unaligned_mem{cpy,cmp} hack if necessary.
Guy Harris [Sat, 18 Jan 2014 01:51:04 +0000 (17:51 -0800)] 
Only do the unaligned_mem{cpy,cmp} hack if necessary.

If the processor does unaligned accesses, it's not necessary.

8 years agoNo need to declare unaligned_mem{cpy,cmp} in netdissect.h *and* interface.h.
Guy Harris [Sat, 18 Jan 2014 01:37:24 +0000 (17:37 -0800)] 
No need to declare unaligned_mem{cpy,cmp} in netdissect.h *and* interface.h.

8 years agoMore possibly-unaligned memcpy()s and assignments - use unaligned_memcpy().
Guy Harris [Sat, 18 Jan 2014 01:24:23 +0000 (17:24 -0800)] 
More possibly-unaligned memcpy()s and assignments - use unaligned_memcpy().

8 years agoCheck for compiling for IPv6; don't check whether we can create an IPv6 socket.
Guy Harris [Fri, 17 Jan 2014 22:08:39 +0000 (14:08 -0800)] 
Check for compiling for IPv6; don't check whether we can create an IPv6 socket.

Don't check whether we can create a TCP-over-IPv6 socket; that appears
to fail in some cases where tcpdump can be built with IPv6 support.
Instead, just check whether AF_INET6 and struct in6_addr are defined.

8 years agoUse unaligned_memcmp() to compare with IPv{4,6} addresses in a packet.
Guy Harris [Fri, 17 Jan 2014 01:25:05 +0000 (17:25 -0800)] 
Use unaligned_memcmp() to compare with IPv{4,6} addresses in a packet.

They are, after all, not guaranteed to be aligned.

8 years agoUse EXTRACT_nBITS even when just testing against zero.
Guy Harris [Fri, 17 Jan 2014 00:48:46 +0000 (16:48 -0800)] 
Use EXTRACT_nBITS even when just testing against zero.

*All* references to possibly-unaligned multi-byte fields have to be done
in an unaligned-safe fashion.

8 years agoFix some more unaligned accesses.
Guy Harris [Thu, 16 Jan 2014 20:09:51 +0000 (12:09 -0800)] 
Fix some more unaligned accesses.

8 years agomemcmp() doesn't modify either of its arguments.
Guy Harris [Thu, 16 Jan 2014 07:03:31 +0000 (23:03 -0800)] 
memcmp() doesn't modify either of its arguments.

8 years agoRevert print-tcp memcpy() changes, and use unaligned_memcpy() instead.
Guy Harris [Thu, 16 Jan 2014 03:08:07 +0000 (19:08 -0800)] 
Revert print-tcp memcpy() changes, and use unaligned_memcpy() instead.

That should prevent optimizing the memcpy into code that assumes

Add unaligned_memcmp(), and use it, as well.

8 years agoFix compilation warnings: set but unused variables.
Gleb Smirnoff [Mon, 25 Nov 2013 20:16:47 +0000 (00:16 +0400)] 
Fix compilation warnings: set but unused variables.

8 years agoFix compilation warnings:
Gleb Smirnoff [Mon, 25 Nov 2013 20:16:27 +0000 (00:16 +0400)] 
Fix compilation warnings:
- set but unused variables
- type punned casts

8 years agoMove safememcpy() to util.c so it doesn't get inlined.
Guy Harris [Thu, 16 Jan 2014 02:12:06 +0000 (18:12 -0800)] 
Move safememcpy() to util.c so it doesn't get inlined.

It appears that some C compilers will inline safememcpy() *and* will, as
a result, optimize to assume alignment it if it's passed a
putatively-aligned pointer. As the pointers in question are not
guaranteed to be aligned, that can cause crashes on, for example, SPARC.

Also, rename the function to unaligned_memcpy(), to clarify what's
"safe" about it, and change some direct memcpy() calls to use it as

8 years agoFix a bug the previous change made a bit more obvious.
Guy Harris [Thu, 16 Jan 2014 01:45:19 +0000 (17:45 -0800)] 
Fix a bug the previous change made a bit more obvious.

8 years agoDon't use a u_int16_t * to extract data from packets.
Guy Harris [Thu, 16 Jan 2014 01:44:02 +0000 (17:44 -0800)] 
Don't use a u_int16_t * to extract data from packets.

That convinces some compilers that the data is 16-bit aligned, but
there's no such guarantee of alignment.

8 years agoAdd changes for 4.5.1 and post-4.5.1 changes.
Guy Harris [Wed, 15 Jan 2014 22:46:17 +0000 (14:46 -0800)] 
Add changes for 4.5.1 and post-4.5.1 changes.

8 years agoPoint to IP addresses with "void *"s.
Guy Harris [Wed, 15 Jan 2014 22:40:52 +0000 (14:40 -0800)] 
Point to IP addresses with "void *"s.

This keeps GCC from assuming the IP addresses are aligned and generating
32-bit load/store pairs on SPARC; those require alignment and cause
tcpdump to crash.

8 years agoMark the TCP header structure as unaligned.
Guy Harris [Wed, 15 Jan 2014 22:32:39 +0000 (14:32 -0800)] 
Mark the TCP header structure as unaligned.

8 years agofix reference in tcpdump.1
Denis Ovsienko [Tue, 10 Dec 2013 11:45:04 +0000 (15:45 +0400)] 
fix reference in tcpdump.1

pcap-tstamp-type does not exist, the right man page is pcap-tstamp.

8 years agobumped VERSION to 4.5.1 tcpdump-4.5.1
Michael Richardson [Wed, 20 Nov 2013 14:53:35 +0000 (09:53 -0500)] 
bumped VERSION to 4.5.1

8 years agofixup credits
Denis Ovsienko [Mon, 11 Nov 2013 07:54:45 +0000 (11:54 +0400)] 
fixup credits

A recent commit replaced tcpdump contributors list  with libpcap
contributors list and added to the replaced list new libpcap
contributors. Restore the original list and add new tcpdump

* Bram
* Dmitrij Tejblum
* fra
* Gregory Detal
* Jorge Boncompte [DTI2]
* Longinus00
* Marc Abramowitz
* Ola Martin Lykkja
* Oleksij Rempel
* Petar Alilovic
* Stephane Bortzmeyer
* Thomas Jacob
* Udayakumar
* Wim Torfs

Fix some sorting and formatting while at it.

8 years agoset VERSION
Michael Richardson [Thu, 7 Nov 2013 23:30:57 +0000 (15:30 -0800)] 

8 years agoset version
Michael Richardson [Thu, 7 Nov 2013 23:29:01 +0000 (15:29 -0800)] 
set version

8 years agobumped version
Michael Richardson [Thu, 7 Nov 2013 23:27:50 +0000 (15:27 -0800)] 
bumped version

8 years agoupdated changes and credits tcpdump-4.5.0
Michael Richardson [Thu, 7 Nov 2013 22:24:32 +0000 (14:24 -0800)] 
updated changes and credits

8 years agoprint-tcp: add some NFS printing finish
Denis Ovsienko [Thu, 7 Nov 2013 07:07:13 +0000 (11:07 +0400)] 
print-tcp: add some NFS printing finish

Add printing of direction and restore printing of the transaction ID,
which print_nfsaddr() used to output in a way.

8 years agoprint-tcp: move nfs specific dispacting to after the tcp header decoding
Longinus00 [Thu, 17 Oct 2013 23:56:18 +0000 (16:56 -0700)] 
print-tcp: move nfs specific dispacting to after the tcp header decoding

8 years agoprint-nfs: add versions of nfsreq_print and nfsreply_print that do not print dst...
Longinus00 [Mon, 28 Oct 2013 22:52:51 +0000 (15:52 -0700)] 
print-nfs: add versions of nfsreq_print and nfsreply_print that do not print dst/src addresses

8 years agoNFLOG: fix error message
Denis Ovsienko [Thu, 31 Oct 2013 15:16:05 +0000 (19:16 +0400)] 
NFLOG: fix error message

8 years agoNFLOG: more minor improvements
Denis Ovsienko [Thu, 31 Oct 2013 14:58:42 +0000 (18:58 +0400)] 
NFLOG: more minor improvements

Reduce pointer conversion and do version check before header decoding.

8 years agonflog - minor changes 337/head
Petar [Tue, 29 Oct 2013 16:37:21 +0000 (17:37 +0100)] 
nflog - minor changes

8 years agoupdate URLs in the README
Denis Ovsienko [Tue, 29 Oct 2013 09:35:49 +0000 (13:35 +0400)] 
update URLs in the README

The anonymous CVS server isn't functional any more. The LBL URL has
changed. Current version of tcpslice is now on GitHub.

8 years agoremove some stray files
Denis Ovsienko [Tue, 29 Oct 2013 09:12:10 +0000 (13:12 +0400)] 
remove some stray files

.gitignore supercedes .cvsignore. The uuencoded test file is of no use
since commit acd66de.

8 years agofix printing of unknown TCP options
Denis Ovsienko [Sat, 26 Oct 2013 08:21:04 +0000 (12:21 +0400)] 
fix printing of unknown TCP options

TCP options decoder would mix decimal and hexadecimal digits when
printing an unknown option. For example, the pre-TFO revision would
print TFO as follows:
[Unknown Option 254f989090909090000]

Refine output format to print the same data as follows:
[unknown-254 0xf989090909090000]

8 years agofix flags printing tests
Denis Ovsienko [Sat, 26 Oct 2013 07:23:10 +0000 (11:23 +0400)] 
fix flags printing tests

The test cases included the timestamp (due to missing -t) and failed
unless run in the same timezone as produced. The failures printed by did not make it into the final report because the script
always returned 0.

Strip the timestamps and replace with some contents in

8 years agoAdd -g3 on some platforms even if .devel isn't present.
Guy Harris [Mon, 21 Oct 2013 17:56:33 +0000 (10:56 -0700)] 
Add -g3 on some platforms even if .devel isn't present.

Now that we're requiring autoconf 2.61 or later, AC_PROG_CC sets -g
along with -O2 for GCC-like compilers regardless of whether .devel is
present.  Add "include debugging symbols" options for MIPS C/DEC C
regardless of whether .devel is present; that's -g3, which is the
version that doesn't turn optimization off (we also turn on -O).

Also, don't change the ABI on IRIX depending on .devel.

I'm not sure why we were doing that; if somebody has a good reason to
continue doing it, please let us know what it is.

Expand some comments while we're at it.

8 years agoMerge branch 'master' of git+ssh://
Guy Harris [Fri, 18 Oct 2013 22:45:49 +0000 (15:45 -0700)] 
Merge branch 'master' of git+ssh://

8 years agoPut lower-case letters before their upper-case equivalents in getopt().
Guy Harris [Fri, 18 Oct 2013 22:45:37 +0000 (15:45 -0700)] 
Put lower-case letters before their upper-case equivalents in getopt().

For consistency - V came before v, unlike all other options.

8 years agoprint-tcp: separate tcp_seq_hash into ipv4 and ipv6 versions
Longinus00 [Sat, 5 Oct 2013 23:56:02 +0000 (16:56 -0700)] 
print-tcp: separate tcp_seq_hash into ipv4 and ipv6 versions

This cleans up and removes some duplicate code. The ipv4 and ipv6 versions of
the codepath are virtually identical now save for the variable types.

8 years agoadopt MacOS deprecation workaround from FreeRADIUS
Denis Ovsienko [Wed, 16 Oct 2013 13:59:13 +0000 (17:59 +0400)] 
adopt MacOS deprecation workaround from FreeRADIUS

A MacOS build of tcpdump used to produce deprecation warnings on OpenSSL
function calls. Alan DeKok explained that this is the effect of Apple's
modifications to OpenSSL and that the very same problem has already been
solved in FreeRADIUS server source code with pre-processor macros.

Copy the macros into tcpdump header file and make use of them around the
functions that call OpenSSL functions.

8 years agoBabel: improve printing of time intervals
Denis Ovsienko [Wed, 16 Oct 2013 13:02:35 +0000 (17:02 +0400)] 
Babel: improve printing of time intervals

All Babel intervals are encoded in centiseconds and must not be 0. In an
Update TLV the interval value 0xFFFF means infinity (RFC6126 Section
4.4.9). Update the test cases.

8 years agoExplain why we set -xansi -signed for MIPS C.
Guy Harris [Fri, 18 Oct 2013 05:14:53 +0000 (22:14 -0700)] 
Explain why we set -xansi -signed for MIPS C.

8 years agoUpdate a comment for the previous commit.
Guy Harris [Fri, 18 Oct 2013 02:35:32 +0000 (19:35 -0700)] 
Update a comment for the previous commit.

8 years agoWe no longer use the GCC version, so don't fetch it.
Guy Harris [Fri, 18 Oct 2013 02:33:18 +0000 (19:33 -0700)] 
We no longer use the GCC version, so don't fetch it.

Fix some indentation while we're at it.

8 years agoWith .devel, add -g3 for MIPS C and DEC C.
Guy Harris [Fri, 18 Oct 2013 00:20:49 +0000 (17:20 -0700)] 
With .devel, add -g3 for MIPS C and DEC C.

Lifted from the libpcap configure script, which adds -g even without
.devel, presumably so that programs linked with libpcap can get
debugging symbols.

Those compilers are for dead OSes (IRIX, Tru64 UNIX); we should probably
do whatever voodoo is needed to get Sun^WOracle C, IBM's C compiler for
AIX, and HP C to build optimized with debug symbols.

8 years agoWe require autoconf 2.61 in; that suffices.
Guy Harris [Fri, 18 Oct 2013 00:00:38 +0000 (17:00 -0700)] 
We require autoconf 2.61 in; that suffices.

Don't say "we require 2.50" in various macros.

8 years agoNote that clang, for example, is considered "gcc" by autoconf.
Guy Harris [Thu, 17 Oct 2013 23:57:49 +0000 (16:57 -0700)] 
Note that clang, for example, is considered "gcc" by autoconf.

8 years agoClean up handling of -g and -O flags.
Guy Harris [Thu, 17 Oct 2013 23:50:43 +0000 (16:50 -0700)] 
Clean up handling of -g and -O flags.

AC_PROG_CC adds -g and -O2 to CFLAGS if you're using GCC; don't bother
adding either of them, or -O, ourselves if we're using GCC.

Add -O for all non-GCC compilers.

8 years agoNo C++/C99-style comments; not all C compilers necessarily support them.
Guy Harris [Thu, 17 Oct 2013 20:12:42 +0000 (13:12 -0700)] 
No C++/C99-style comments; not all C compilers necessarily support them.

8 years agoNot all compilers that can be used support C++/C99-style comments.
Guy Harris [Wed, 16 Oct 2013 19:54:06 +0000 (12:54 -0700)] 
Not all compilers that can be used support C++/C99-style comments.

Use #if 0/#endif, rather than a // comment, to keep a line of code from
being compiled.

8 years agoThat's, not
Guy Harris [Wed, 16 Oct 2013 19:13:32 +0000 (12:13 -0700)] 
That's, not

8 years agoREADME got renamed to
Guy Harris [Wed, 16 Oct 2013 19:12:54 +0000 (12:12 -0700)] 
README got renamed to

8 years agomake pcap_setdirection() call conditional, GH #252
Denis Ovsienko [Tue, 15 Oct 2013 11:01:28 +0000 (15:01 +0400)] 
make pcap_setdirection() call conditional, GH #252

pcap_setdirection() succeeds only for particular combination of
platform, interface type and direction. Calling it on each invocation
(with PCAP_D_INOUT by default) was wrong: some interfaces are two-way,
others are one-way, and pcap_setdirection() has its own idea what it
supports and what doesn't. In particular, it was impossible to do any
capture on nflog interface in Linux since commit df7d24f. Now the
function is only called on -P flag.

8 years agomind MSVC's UNALIGNED macro (GH #335 pt.2)
Denis Ovsienko [Mon, 14 Oct 2013 12:34:21 +0000 (16:34 +0400)] 
mind MSVC's UNALIGNED macro (GH #335 pt.2)

This change addresses a compile warning that Gisle Vanem troubleshooted
in MSVC build (<winnt.h> defines UNALIGNED).

8 years agoNFS: replace ino_t with u_int32_t (GH #335 pt. 1)
Denis Ovsienko [Sat, 12 Oct 2013 09:36:02 +0000 (13:36 +0400)] 
NFS: replace ino_t with u_int32_t (GH #335 pt. 1)

NFS file handle is an opaque server-issued sequence of bytes. Parse_fh()
function implements heuristics to decode file handles generated by some
NFS servers, among other information extracting the node (inode) number.
It decodes only 32-bit node numbers.

NFS implementations use ino_t C type to represent the node number. The
type size may vary across implementations/encodings and may be missing
during compile time.

Tcpdump used to have its own typedef for ino_t. Gisle Vanem points that
it caused a problem with MSVC v.16.00.40219.01 for 80x86, which defines
the same type in <sys/types.h>. This change fixes tcpdump code to use
u_int32_t and removes the typedef.

8 years agoMerge pull request #334 from tejblum/float-store-2
Denis Ovsienko [Fri, 11 Oct 2013 11:10:43 +0000 (04:10 -0700)] 
Merge pull request #334 from tejblum/float-store-2

As far as I can tell, these changes are correct and they fix GH #333.

8 years agoUse -ffloat-store while compiling if possible. 334/head
Dmitrij Tejblum [Mon, 7 Oct 2013 12:02:16 +0000 (16:02 +0400)] 
Use -ffloat-store while compiling if possible.

It makes life better w.r.t. GitHub bug #333. (Although the problem may persist
for unusual architectures.)

8 years agoSimplify AC_LBL_CHECK_COMPILER_OPT a bit.
Dmitrij Tejblum [Mon, 7 Oct 2013 13:02:29 +0000 (17:02 +0400)] 

Rather than use -Werror=unknown-warning-option for clang, just use
-Werror. It allows to check options which are not warning options.

8 years agomerge 'threv' and 'rev' variables in print-tcp into just 'rev'
Longinus00 [Sat, 5 Oct 2013 23:37:15 +0000 (16:37 -0700)] 
merge 'threv' and 'rev' variables in print-tcp into just 'rev'

8 years agoadd a TCP Fast Open test case
Denis Ovsienko [Thu, 3 Oct 2013 07:28:57 +0000 (11:28 +0400)] 
add a TCP Fast Open test case

The sample capture is a subset of the capture downloaded from

8 years agoadd a acomment to tcp_print()
Denis Ovsienko [Thu, 3 Oct 2013 07:10:26 +0000 (11:10 +0400)] 
add a acomment to tcp_print()