tcpdump
7 years agoReport a too-long unreachable destination list. tcpdump-4.7.0-bp
Guy Harris [Wed, 12 Nov 2014 09:09:27 +0000 (01:09 -0800)] 
Report a too-long unreachable destination list.

Running out of packet length before running out of unreachable
destinations is an error; report it as such.

Don't worry about leftover data past the end of the list of unreachable
destinations.

7 years agoNot using offsetof() any more, so no need for <stddef.h>.
Guy Harris [Wed, 12 Nov 2014 03:18:12 +0000 (19:18 -0800)] 
Not using offsetof() any more, so no need for <stddef.h>.

7 years agoFurther cleanups.
Guy Harris [Wed, 12 Nov 2014 03:05:48 +0000 (19:05 -0800)] 
Further cleanups.

Use ND_TCHECK() rather than home-brew bounds checks.  Do simpler length
checks.

Let i be the length of the actual remaining packet data; use ND_TCHECK()
inside loops that iterate over the remaining data.

Let the printers for particular message types cast the raw data pointer
to a pointer of the appropriate type, rather than passing two pointers,
with different types, to the same data.

7 years agoClean up error message printing.
Guy Harris [Wed, 12 Nov 2014 02:37:35 +0000 (18:37 -0800)] 
Clean up error message printing.

Have "struct aodv_rerr" just be the header, not including the actual
destinations.

Simplify the logic somewhat, and make it similar in the print routines
for the three types of error messages.

7 years agoAdd initial bounds check, get rid of union aodv.
Guy Harris [Wed, 12 Nov 2014 01:24:12 +0000 (17:24 -0800)] 
Add initial bounds check, get rid of union aodv.

Fetch the type field without using a structure, and check to make sure
it's not past the end of the packet.

Pass to each dissection routine a pointer to the appropriate message
type structure, rather than a pointer to a union of all the message type
structures.

7 years agoDo more bounds checking and length checking.
Guy Harris [Wed, 12 Nov 2014 00:49:39 +0000 (16:49 -0800)] 
Do more bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

Also, stop dissecting if the message length isn't valid.

7 years agoDo bounds checking and length checking.
Guy Harris [Tue, 11 Nov 2014 23:51:54 +0000 (15:51 -0800)] 
Do bounds checking and length checking.

Don't run past the end of the captured data, and don't run past the end
of the packet (i.e., don't make the length variable go negative).

7 years agoMerge git://github.com/the-tcpdump-group/tcpdump
Guy Harris [Tue, 11 Nov 2014 04:49:32 +0000 (20:49 -0800)] 
Merge git://github.com/the-tcpdump-group/tcpdump

7 years agoMerge pull request #411 from jessegross/geneve
Guy Harris [Tue, 11 Nov 2014 04:49:04 +0000 (20:49 -0800)] 
Merge pull request #411 from jessegross/geneve

Add support for Generic Network Virtualization Encapsulation (Geneve).

7 years agoDissect NetFlow 1, 5, and 6 in separate loops.
Guy Harris [Mon, 10 Nov 2014 09:54:29 +0000 (01:54 -0800)] 
Dissect NetFlow 1, 5, and 6 in separate loops.

Define separate structures for v1, v5, adn v6; extract the version
number first, and then switch to routines for each of those structures.

This simplifies the processing of each version, and means no greasy
tricks for different-sized structures.

Use ND_TCHECK() for all bounds checks.

Also, don't pack 8-bit or 16-bit fields inside 32-bit words; make them
explicit fields and process them appropriately.

7 years agoUse ND_TCHECK() to do bounds checking.
Guy Harris [Mon, 10 Nov 2014 07:24:53 +0000 (23:24 -0800)] 
Use ND_TCHECK() to do bounds checking.

While we're at it, just use the record count to when iterating over
records; the ND_TCHECK()s will make sure we don't run past the end of
the captured data.

Also get rid of an unused argument to cnfp_print().

7 years agoAdd the Radius update
Francois-Xavier Le Bail [Fri, 7 Nov 2014 07:36:27 +0000 (08:36 +0100)] 
Add the Radius update

7 years agoFix indentation
Francois-Xavier Le Bail [Fri, 7 Nov 2014 06:50:20 +0000 (07:50 +0100)] 
Fix indentation

7 years agoMerge remote-tracking branch 'bpf/master'
Denis Ovsienko [Thu, 6 Nov 2014 22:54:29 +0000 (22:54 +0000)] 
Merge remote-tracking branch 'bpf/master'

7 years agoRadius: update Packet Type Codes and Attribute Types with RFC/IANA names
Francois-Xavier Le Bail [Thu, 6 Nov 2014 13:40:56 +0000 (14:40 +0100)] 
Radius: update Packet Type Codes and Attribute Types with RFC/IANA names

7 years agoUndefine HAVE_PCAP_FINDALLDEVS, if appropriate, before it's used.
Guy Harris [Thu, 6 Nov 2014 07:38:09 +0000 (23:38 -0800)] 
Undefine HAVE_PCAP_FINDALLDEVS, if appropriate, before it's used.

7 years agoRegenerate configure script.
Guy Harris [Thu, 6 Nov 2014 06:21:33 +0000 (22:21 -0800)] 
Regenerate configure script.

7 years agoAdd support for Generic Network Virtualization Encapsulation (Geneve). 411/head
Jesse Gross [Wed, 5 Nov 2014 02:47:24 +0000 (18:47 -0800)] 
Add support for Generic Network Virtualization Encapsulation (Geneve).

Defined in http://tools.ietf.org/html/draft-gross-geneve-02

7 years agoMerge remote-tracking branch 'bpf/master'
Denis Ovsienko [Wed, 5 Nov 2014 17:48:32 +0000 (17:48 +0000)] 
Merge remote-tracking branch 'bpf/master'

7 years agoGive more details about the printed time stamps.
Guy Harris [Wed, 5 Nov 2014 17:16:45 +0000 (09:16 -0800)] 
Give more details about the printed time stamps.

7 years agoMerge pull request #408 from baruchsiach/system-libpcap
Michael Richardson [Wed, 29 Oct 2014 17:45:12 +0000 (13:45 -0400)] 
Merge pull request #408 from baruchsiach/system-libpcap

Use system libpcap when configured with --with-system-pcap

7 years agoUse system libpcap when configured with --with-system-pcap 408/head
Baruch Siach [Wed, 29 Oct 2014 11:21:05 +0000 (13:21 +0200)] 
Use system libpcap when configured with --with-system-pcap

Don't force the local libpcap build when the system provides one. When
--with-system-pcap is given to configure, don't try to locate a local libpcap
build. This help build systems like Buildroot that store build trees in the
same directory, but still prefer dynamically linking against system wide
libpcap.so to save space.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
7 years agoDon't run past the snapshot length when doing hex/ASCII dumps.
Guy Harris [Thu, 23 Oct 2014 07:06:32 +0000 (00:06 -0700)] 
Don't run past the snapshot length when doing hex/ASCII dumps.

7 years agoStrengthen various bounds etc. checks.
Guy Harris [Wed, 22 Oct 2014 23:41:03 +0000 (16:41 -0700)] 
Strengthen various bounds etc. checks.

Add more checks, make some checks do a better job of handling too-short
lengths,

Also, rename ldp_msg_print() to ldp_pdu_print(), as it prints a single
PDU, not a single message within a PDU.

7 years agoDo bounds checking when unescaping PPP.
Guy Harris [Wed, 22 Oct 2014 19:31:21 +0000 (12:31 -0700)] 
Do bounds checking when unescaping PPP.

Clean up a const issue while we're at it.

7 years agoFix length fields in UDP headers to be what they should be.
Guy Harris [Mon, 20 Oct 2014 21:44:47 +0000 (14:44 -0700)] 
Fix length fields in UDP headers to be what they should be.

The value of the length field in a UDP header includes the length of the
header itself; the values in this capture didn't.  The length fields in
the IP headers and the RADIUS headers were correct and consistent with
each other, and the length fields in the UDP headers are now correct and
consistent with both of them.

7 years agoDon't subtract the UDP header size from the length twice.
Guy Harris [Mon, 20 Oct 2014 18:34:24 +0000 (11:34 -0700)] 
Don't subtract the UDP header size from the length twice.

7 years agoUpdate to reflect that BGP no longer prints a redundant length value.
Guy Harris [Mon, 20 Oct 2014 09:45:06 +0000 (02:45 -0700)] 
Update to reflect that BGP no longer prints a redundant length value.

7 years agoUpdate tests to reflect the new HTTP dissector.
Guy Harris [Mon, 20 Oct 2014 09:43:58 +0000 (02:43 -0700)] 
Update tests to reflect the new HTTP dissector.

7 years agoAdd additional bounds checks, ND_TTESTize existing ones.
Guy Harris [Sun, 19 Oct 2014 21:45:20 +0000 (14:45 -0700)] 
Add additional bounds checks, ND_TTESTize existing ones.

Use ND_TTEST() and ND_TTEST2() for bounds checks.

Pass a pointer to the struct pkt_top to wb_dops, and calculate the
address of the first struct dophdr there.  Check each struct dophdr
before printing it.  Hopefully this will quiet a Coverity complaint.

7 years agoSeparate SMB-over-TCP output from TCP output with a space.
Guy Harris [Sun, 19 Oct 2014 20:58:20 +0000 (13:58 -0700)] 
Separate SMB-over-TCP output from TCP output with a space.

7 years agoIf we don't find a CR-LF or LF, print up to the end of the packet.
Guy Harris [Sun, 19 Oct 2014 20:48:04 +0000 (13:48 -0700)] 
If we don't find a CR-LF or LF, print up to the end of the packet.

7 years agoMore comments.
Guy Harris [Sun, 19 Oct 2014 20:46:22 +0000 (13:46 -0700)] 
More comments.

7 years agoUse the length field in the UDP header.
Guy Harris [Sun, 19 Oct 2014 20:42:00 +0000 (13:42 -0700)] 
Use the length field in the UDP header.

If it's less than the length of the IP payload, use it as the size of
the UDP packet.  If it's greater than the length of the IP payload,
and we're not dissecting the payload, report the length as bad.

7 years agoThe TCP dissector already prints the length; we don't have to.
Guy Harris [Sun, 19 Oct 2014 20:27:09 +0000 (13:27 -0700)] 
The TCP dissector already prints the length; we don't have to.

7 years agoAdd a comment explaining what the first telnet_parse() call does.
Guy Harris [Sun, 19 Oct 2014 20:13:16 +0000 (13:13 -0700)] 
Add a comment explaining what the first telnet_parse() call does.

7 years agoNo need to check for -q in the Telnet dissector.
Guy Harris [Sun, 19 Oct 2014 20:07:33 +0000 (13:07 -0700)] 
No need to check for -q in the Telnet dissector.

If -q is used, the TCP dissector won't call subdissectors, so the Telnet
dissector won't even get called.

7 years agoPrint *something* for Telnet regardless of the -q/-v flags.
Guy Harris [Sun, 19 Oct 2014 20:01:59 +0000 (13:01 -0700)] 
Print *something* for Telnet regardless of the -q/-v flags.

For -q, just print "[telnet]".  Without -v, at least print the
negotiation.

7 years agoAdd a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
Guy Harris [Sun, 19 Oct 2014 18:21:44 +0000 (11:21 -0700)] 
Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.

"Text protocols" are protocols that have the general feel of FTP, with
command lines with a command name and space-separated arguments and
response lines beginning with a 3-digit reply code.  They can also
include HTTP-style headers and an entity body.

We add support for the FTP control channel, HTTP, SMTP, and RTSP.  We
also change the SIP printer to use it.

7 years agots_format only uses ndo if HAVE_PCAP_SET_TSTAMP_PRECISION is defined.
Guy Harris [Sun, 19 Oct 2014 05:41:55 +0000 (22:41 -0700)] 
ts_format only uses ndo if HAVE_PCAP_SET_TSTAMP_PRECISION is defined.

7 years agoMerge pull request #406 from qnet-herwin/radius_coa
Denis Ovsienko [Fri, 10 Oct 2014 17:19:09 +0000 (18:19 +0100)] 
Merge pull request #406 from qnet-herwin/radius_coa

7 years agoAdded support for RADIUS Change of Authorization messages 406/head
Herwin Weststrate [Mon, 6 Oct 2014 12:06:18 +0000 (14:06 +0200)] 
Added support for RADIUS Change of Authorization messages

Defined in RFC 5176

7 years agoupdate credits
Denis Ovsienko [Fri, 10 Oct 2014 08:50:14 +0000 (09:50 +0100)] 
update credits

7 years agoAdded RFC4675 attributes to RADIUS dissector 405/head
Herwin Weststrate [Mon, 6 Oct 2014 11:54:23 +0000 (13:54 +0200)] 
Added RFC4675 attributes to RADIUS dissector

7 years agoFix indentation.
Guy Harris [Thu, 2 Oct 2014 00:55:59 +0000 (17:55 -0700)] 
Fix indentation.

7 years agoLeave it up to ip6_print() to handle non-IPv6-capable systems.
Guy Harris [Wed, 1 Oct 2014 22:32:11 +0000 (15:32 -0700)] 
Leave it up to ip6_print() to handle non-IPv6-capable systems.

Always define and declare ip6_print(), always compile print-ip6.c, and
always call it if we recognize a payload as IPv6.  If INET6 isn't
defined, ip6_print() will just print the length and note that printing
isn't supported.

That way, we don't do weird dissection of IPv6 packets on systems
without IPv6 support, due to, for example, ethertype_print() returning 0
("not dissected") for IPv6 packets on those systems (IPv6-over-Frame
Relay was dissected weirdly due to this).

7 years agoAdd some more parentheses, Just In Case.
Guy Harris [Wed, 1 Oct 2014 20:12:13 +0000 (13:12 -0700)] 
Add some more parentheses, Just In Case.

I'm not sure whether

Performing a byte swapping operation on "p" implies that it came
from an external source, and is therefore tainted.

from Coverity means that it thinks we're byte-swapping the pointer
*itself*, or that we're byte-swapping what it points to, but, just in
case it's the former, let's try throwing some more parentheses in.

(If it's the latter, well, yes, it's packet data, so it comes from an
external source, but Coverity didn't seem to point out any place where
we were using the data it points to without checking its value in cases
where we have to.)

7 years agoAdd PPI printing fixes.
Guy Harris [Tue, 23 Sep 2014 23:19:14 +0000 (16:19 -0700)] 
Add PPI printing fixes.

7 years agoFix PPI header and payload printing.
Guy Harris [Tue, 23 Sep 2014 23:08:42 +0000 (16:08 -0700)] 
Fix PPI header and payload printing.

Header printing (-e) had a stray ", " before the header; remove it.

Payload printing was skipping only the fixed portion of the PPI header,
not the entire header.

7 years agoClean up tag printing.
Guy Harris [Mon, 8 Sep 2014 18:50:57 +0000 (11:50 -0700)] 
Clean up tag printing.

Always show the tag as "Tag[XXX]" and always put a space between that
and the rest of the value, with no comma.

If the tag is present but unused, always show it as "Tag[Unused]".

7 years agoMerge git://github.com/the-tcpdump-group/tcpdump
Guy Harris [Mon, 8 Sep 2014 18:48:37 +0000 (11:48 -0700)] 
Merge git://github.com/the-tcpdump-group/tcpdump

7 years agoMerge pull request #404 from qnet-herwin/print_radius_tag
Denis Ovsienko [Sat, 6 Sep 2014 19:26:04 +0000 (20:26 +0100)] 
Merge pull request #404 from qnet-herwin/print_radius_tag

7 years agoAdd in the 4.6.2 changes.
Guy Harris [Fri, 5 Sep 2014 10:42:43 +0000 (03:42 -0700)] 
Add in the 4.6.2 changes.

7 years agoClarify what abort_on_misalignment() does.
Guy Harris [Wed, 3 Sep 2014 21:03:53 +0000 (14:03 -0700)] 
Clarify what abort_on_misalignment() does.

It doesn't request byte misalignment repair, it requests that byte
misalignment kill the program with SIGBUS; on platforms that don't
support aligned loads, we should be fetching possibly-misaligned data
using some safe instruction sequence, not by doing misaligned loads and
relying on them to trap to the kernel and be (slowly) emulated.

7 years agoMerge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump
Michael Richardson [Wed, 3 Sep 2014 01:16:41 +0000 (21:16 -0400)] 
Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump

7 years agothese changes to aclocal let tcpdump, when build out of source tree,
Michael Richardson [Wed, 3 Sep 2014 01:16:24 +0000 (21:16 -0400)] 
these changes to aclocal let tcpdump, when build out of source tree,
to find a libpcap that is adjacent to it, also built out of source tree

7 years agocomma in AC_MSG_ERROR confuses configure
Michael Richardson [Wed, 3 Sep 2014 01:05:21 +0000 (21:05 -0400)] 
comma in AC_MSG_ERROR confuses configure

7 years agoPrint square brackets around the tag value in RADIUS strings 404/head
Herwin Weststrate [Mon, 1 Sep 2014 14:25:04 +0000 (16:25 +0200)] 
Print square brackets around the tag value in RADIUS strings

Before, VLAN attributes that had a tag 1 looked like this:

  Tunnel Medium Attribute (65), length: 6, Value: Tag[1]802
  Tunnel Private Group Attribute (81), length: 4, Value: Tag 14

With the Tunnel-Medium-Type attribute (65), it is clear where the tag ends and the value begins. With this patch, the value for a string type (like Tunnel-Private-Group-Id) looks similar:

  Tunnel Private Group Attribute (81), length: 4, Value: Tag[1]4

7 years agoDocument --with-sandbox-capsicum.
Guy Harris [Sun, 31 Aug 2014 20:37:10 +0000 (13:37 -0700)] 
Document --with-sandbox-capsicum.

7 years agoClean up configure check for libsmi.
Guy Harris [Sun, 31 Aug 2014 18:57:04 +0000 (11:57 -0700)] 
Clean up configure check for libsmi.

First, check for smi.h.  If we don't have it, don't check for anything
else.

If we do have it, check for libsmi containing smiInit.  If we don't have
it, don't check for anything else.

If we do have it, check, with our test program, whether we can use it.

If that succeeds, prepend -lsmi to LIBS, and set USE_LIBSMI.  Otherwise,
don't do either of those.

Check, in source, *only* for USE_LIBSMI.  If it's set, use libsmi,
otherwise don't - don't even include smi.h, even if we happened to have
found it, and don't print the libsmi version string.

7 years agoUpdate a URL.
Guy Harris [Sat, 16 Aug 2014 06:03:20 +0000 (23:03 -0700)] 
Update a URL.

7 years agoMore #defines for CDP lengths and offsets.
Guy Harris [Fri, 15 Aug 2014 22:38:31 +0000 (15:38 -0700)] 
More #defines for CDP lengths and offsets.

7 years agoAdd TLV length checks, fix another length check.
Guy Harris [Fri, 15 Aug 2014 22:13:15 +0000 (15:13 -0700)] 
Add TLV length checks, fix another length check.

7 years agoUse tabs consistently.
Guy Harris [Fri, 15 Aug 2014 22:03:46 +0000 (15:03 -0700)] 
Use tabs consistently.

7 years agoUpdate to reflect the output format changes and bug fixes for CDP.
Guy Harris [Fri, 15 Aug 2014 01:21:23 +0000 (18:21 -0700)] 
Update to reflect the output format changes and bug fixes for CDP.

7 years agoQualify "length" when printing it.
Guy Harris [Fri, 15 Aug 2014 01:19:00 +0000 (18:19 -0700)] 
Qualify "length" when printing it.

In the "the TLV length is too short" message, we're printing the length
of the entire TLV; report it as "TLV length".  If we pass that test,
we've subtracted out the lengths of the T and the L, leaving only the
length of the V, so report it as "value length".

7 years agoMerge git://github.com/the-tcpdump-group/tcpdump
Guy Harris [Fri, 15 Aug 2014 00:21:09 +0000 (17:21 -0700)] 
Merge git://github.com/the-tcpdump-group/tcpdump

7 years agoMerge pull request #403 from superjamie/cdp-checksum-and-cleanup
Guy Harris [Fri, 15 Aug 2014 00:19:17 +0000 (17:19 -0700)] 
Merge pull request #403 from superjamie/cdp-checksum-and-cleanup

Print CDP checksum in hex, print the actual checksum, cleanup

7 years agoCheck for TLV length too small.
Guy Harris [Fri, 15 Aug 2014 00:14:32 +0000 (17:14 -0700)] 
Check for TLV length too small.

The TLV length includes the T and the L, so it must be at least 4.

This means we don't need the "avoid infinite loop" check later; that
check was wrong, as per GitHub issue #401 and #402; this fixes #402,
which has a different patch for that bug.

7 years agoPrint checksum in hex, and print the actual checksum, plus cleanup 403/head
Jamie Bainbridge [Thu, 14 Aug 2014 10:47:57 +0000 (20:47 +1000)] 
Print checksum in hex, and print the actual checksum, plus cleanup

7 years agomerge bootp.h into print-bootp.c
Denis Ovsienko [Wed, 13 Aug 2014 18:06:25 +0000 (19:06 +0100)] 
merge bootp.h into print-bootp.c

7 years agoMerge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump
Michael Richardson [Sat, 19 Jul 2014 17:50:32 +0000 (13:50 -0400)] 
Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump

7 years agonote changes
Michael Richardson [Sat, 19 Jul 2014 13:28:50 +0000 (09:28 -0400)] 
note changes

7 years agoupdate tcpdump.1.in for missing line
Francois-Xavier Le Bail [Fri, 11 Jul 2014 09:03:57 +0000 (11:03 +0200)] 
update tcpdump.1.in for missing line

7 years agoupdate tcpdump.1.in for good aligment in tcpdump.1.txt
Francois-Xavier Le Bail [Fri, 11 Jul 2014 08:45:05 +0000 (10:45 +0200)] 
update tcpdump.1.in for good aligment in tcpdump.1.txt

7 years agoMerge git://github.com/the-tcpdump-group/tcpdump
Guy Harris [Thu, 10 Jul 2014 20:04:00 +0000 (13:04 -0700)] 
Merge git://github.com/the-tcpdump-group/tcpdump

7 years agoAdd support for FreeBSD capsicum sandboxing.
Loganaden Velvindron [Thu, 10 Jul 2014 19:19:39 +0000 (12:19 -0700)] 
Add support for FreeBSD capsicum sandboxing.

7 years agoadd a short option '#', same as long option '--number' (print a packet number)
Francois-Xavier Le Bail [Thu, 10 Jul 2014 12:47:11 +0000 (14:47 +0200)] 
add a short option '#', same as long option '--number' (print a packet number)

7 years agoClean up the first-item handling a bit.
Guy Harris [Tue, 8 Jul 2014 10:26:18 +0000 (03:26 -0700)] 
Clean up the first-item handling a bit.

This makes it look a bit more like the handling of other items.

7 years agoSquelch a Coverity warning.
Guy Harris [Tue, 8 Jul 2014 10:23:09 +0000 (03:23 -0700)] 
Squelch a Coverity warning.

If you pass in a value of oidlen and oidsize such that we can't store
*anything* into OID, this would be a problem; that *shouldn't* ever
happen, but this makes the code a bit more obviously correct.

7 years agoMerge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump
Michael Richardson [Tue, 8 Jul 2014 02:05:39 +0000 (22:05 -0400)] 
Merge branch 'master' of git+ssh://bpf.tcpdump.org/tcpdump/master/git/tcpdump

7 years agoadded some comments about ndo functions
Michael Richardson [Tue, 8 Jul 2014 02:05:14 +0000 (22:05 -0400)] 
added some comments about ndo functions

7 years agomake sure to include tcpdump-stdinc.h; it is required
Michael Richardson [Tue, 8 Jul 2014 02:04:30 +0000 (22:04 -0400)] 
make sure to include tcpdump-stdinc.h; it is required

7 years agoGet rid of fetch whose result isn't used.
Guy Harris [Mon, 7 Jul 2014 21:22:08 +0000 (14:22 -0700)] 
Get rid of fetch whose result isn't used.

Put in a comment to indicate what we're processing (and that we fetch
the entire array as a 32-bit number and extract the nibbles from it).

7 years agoShorten a status text description.
Guy Harris [Mon, 7 Jul 2014 20:44:12 +0000 (13:44 -0700)] 
Shorten a status text description.

Instead of just copying-and-pasting from 802.11, edit the description a
bit; this squelches a Coverity warning (it thought we might have
forgotten a comma in the list), and also means we don't quite print out
as much.

(If Table 8-37 "Status codes" in 802.11-2012 had names for *all* the
status codes, we could use the names instead of the explanatory text,
but, for some unknown reason, it doesn't.)

7 years agoupdated VERSION file for trunk
Michael Richardson [Wed, 2 Jul 2014 22:10:32 +0000 (18:10 -0400)] 
updated VERSION file for trunk

7 years agoupdated VERSION file for branch tcpdump-4.6.0 tcpdump-4.6.0-bp
Michael Richardson [Wed, 2 Jul 2014 22:09:51 +0000 (18:09 -0400)] 
updated VERSION file for branch

7 years agoupdated CREDITS and CHANGES file for 4.6.0 release
Michael Richardson [Wed, 2 Jul 2014 21:31:14 +0000 (17:31 -0400)] 
updated CREDITS and CHANGES file for 4.6.0 release

7 years agoRPL: print DAO flags (acK, DagID)
Michael Richardson [Sun, 5 Jan 2014 16:59:29 +0000 (11:59 -0500)] 
RPL: print DAO flags (acK, DagID)
remove DAO messages from DIO test data

7 years agoBoost the maximum snapshot length to 262144, for USBPcap.
Guy Harris [Wed, 25 Jun 2014 20:41:22 +0000 (13:41 -0700)] 
Boost the maximum snapshot length to 262144, for USBPcap.

7 years agoDon't treat 65535 as the maximum snapshot length.
Guy Harris [Wed, 25 Jun 2014 20:18:18 +0000 (13:18 -0700)] 
Don't treat 65535 as the maximum snapshot length.

Make it 131072, instead; the MTU on the Linux loopback interface, in at
least some versions of the kernel, is 65536, and that doesn't count the
fake Ethernet header, so we need a value bigger than 65536.  We don't
want a value that's *too* large, so that it causes attempts to allocate
huge amounts of memory, however.

This (plus the corresponding change to libpcap) should fix GitHub issue

7 years agoDon't assume the NFS request is aligned on a 4-byte boundary.
Guy Harris [Wed, 25 Jun 2014 19:55:25 +0000 (12:55 -0700)] 
Don't assume the NFS request is aligned on a 4-byte boundary.

The XID is a multi-byte field, and, if it's not aligned, it must be
copied with UNALIGNED_MEMCPY().

This should fix GitHub issue #395.

7 years agoAllow builds if libpcap doesn't have pcap_set_tstamp_precision().
Guy Harris [Wed, 25 Jun 2014 19:06:35 +0000 (12:06 -0700)] 
Allow builds if libpcap doesn't have pcap_set_tstamp_precision().

Check for pcap_set_tstamp_precision() in the configure script and, if
it's not there, don't include the code that allows time stamp precisions
to be set.

7 years agoGive more details for --time-stamp-precision.
Guy Harris [Wed, 25 Jun 2014 18:45:29 +0000 (11:45 -0700)] 
Give more details for --time-stamp-precision.

7 years agoMerge pull request #377 from msekletar/master
Guy Harris [Wed, 25 Jun 2014 18:23:54 +0000 (11:23 -0700)] 
Merge pull request #377 from msekletar/master

timestamps: make possible to request high precision timestamps

7 years agoMerge pull request #396 from zorun/master
Denis Ovsienko [Sat, 21 Jun 2014 06:20:43 +0000 (10:20 +0400)] 
Merge pull request #396 from zorun/master

Babel: parse sub-TLVs even when they are larger than expected.

7 years agoMake the table of long options const.
Guy Harris [Fri, 20 Jun 2014 19:01:13 +0000 (12:01 -0700)] 
Make the table of long options const.

7 years agoBabel: parse sub-TLVs even when they are larger than expected. 396/head
Baptiste Jonglez [Fri, 20 Jun 2014 00:46:00 +0000 (09:46 +0900)] 
Babel: parse sub-TLVs even when they are larger than expected.

We can imagine appending additional data to sub-TLVs in the future: be
more forgiving when parsing them.

7 years agoPrint priv drop msg here too.
Wesley Shields [Fri, 13 Jun 2014 18:27:44 +0000 (14:27 -0400)] 
Print priv drop msg here too.

7 years agoMake droproot say something when successful.
Wesley Shields [Fri, 16 May 2014 14:32:55 +0000 (10:32 -0400)] 
Make droproot say something when successful.

I've seen people run into situations where they were using a command like this:

tcpdump -i eth0 -G 500 -w /root/%H%M%S.pcap

The first file would be created successfully but the second file would not
because their version of tcpdump was dropping privs. It was unclear to them
that this was going on and was causing confusion.

At least with this message in there it should become more evident that
privs are being altered and aid in debugging these kinds of problems.