Add new decoder for UDP port 5359 and a sample packet capture produced
on a couple of Linux hosts (a server and a client). Besides that, an
existing Babel capture contained AHCP packets and the current AHCP tests
cover 0, 1 and 2 "-v" flags.
The first revision of the header file was copied from the original
distribution tarball intact to use sizeof() instead of adding new
constants on one hand and provide structure definitions for a reference
on the other. But as soon as the structures had a portability issue and
were removed in commit a6c16ed, the remaining fragments of the header
don't justify for a file of its own.
This commit maps all relevant bits of the remaining contents of
openflow-1.0.h to constants in print-openflow-1.0.c (all being specific
to version 1.0 of OpenFlow) and removes the file.
Don't assume we have <stdint.h>. Instead, use the AC_TYPE_ macros to
ensure we have the C99 intN_t and uintN_t types; we already include
<inttypes.h> in tcpdump-stdinc.h iff we have it.
Get rid of the structure declarations in openflow-1.0.h, as they have
zero-length arrays (not supported by all the compilers people might be
using) and as
1) they're only used in sizeof()
and
2) after each one there's an assertion to check that sizeof()
returns a specific numerical value
so, instead, just #define various _LEN items to those numerical values
and use them.
Add an openflow.h header with a #define for the length of the basic
header, and move the declaration of of10_header_body_print() there.
The new file openflow-1.0.h is a verbatim copy of the file openflow.h
from the openflow-1.0.0.tar.gz distribution. The new file
print-openflow-1.0.c contains a set of functions for OpenFlow 1.0 (wire
protocol 0x01) decoding. Of these functions only
of10_header_body_print() is exported and used by the minimal OpenFlow
decoder.
It is intended that future (1.1, 1.2, 1.3.0) OpenFlow version decoders
are implemented the same way (in modules of their own), since different
versions of OpenFlow specification reuse the same symbols for different
numeric values. This way, print-openflow-1.1.c would include
openflow-1.1.h and so on.
The new test case "of10_p3295-vv" was produced using a Pica8 P-3295
switch and Trema controller running a purpose-built sample application.
This change registers OpenFlow TCP port number and adds processing of
respective packets with openflow_print(), a new function that
understands the minimal OpenFlow header format and can iterate over
messages within a snapshot that starts with the header.
This commit adds the support of Multipath TCP (MPTCP). MPTCP is a new
extension to TCP standardized at the IETF. MPTCP allows to use several IP
addresses at the same time by distributing data across several subflows (TCP
connections) while still presenting the standard TCP socket API to the
application. Its benefits are better resource utilization, better throughput
and smoother reaction to failures.
This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol
1.0) framing in TCP packets, as defined in http://rfc.zeromq.org/spec:13
and implemented in zeromq library.
Since there is no assigned port number for ZeroMQ, the user is left
responsible for making only the related TCP packets captured and
enforcing ZMTP/1.0 decoding through the "-T zmtp1" option.
Each ZMTP/1.0 frame of a packet will produce a single additional line of
output. The "-v" flag will add up to 8 lines (128 bytes) worth of
hex+ASCII dump of the frame body, and "-vv" and higher will dump the
full frame body, however long.
Beware that this code handles neither IP fragmentation nor TCP
segmentation and will incorrectly decode segments not starting at a
frame boundary.
The included sample capture stands for a short ZeroMQ session between a
REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced
using version 2.1.9 of zeromq library patched to fix its bug #293, so
that all MBZ bits of the flags field are set to 0.
Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.
From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD. We already have CARP
support, so we did not port that part over.
CARP and VRRP both use IP protocol number 112, so there needs to be a -T
flag to specify that protocol 112 be dissected as CARP rather than VRRP.
Also update the man page.
The Wireshark routine is based on the BSD in-kernel portable checksum
routine (thus BSD-licensed); it takes a vector of pointers and lengths
and checksums the concatenation of the buffers in question (just as the
BSD in-kernel routine checksums a chain of mbufs).
This simplifies the "with a pseudo-header" checksums; hopefully it'll
fix up the problems being seen on some big-endian platforms, which might
be due to hand-calculating some or all of the checksum and doing so
incorrectly. It also gets rid of some code that might be dereferencing
unaligned pointers.
To: tcpdump-workers@lists.tcpdump.org
Date: Sat, 09 Apr 2011 12:51:14 +1000
Subject: [tcpdump-workers] Printing PPI packets
Printing PPI packets with tcpdump does not turn out
to be that hard.
My simple tests have produced the output as below.
It would be worthwhile having some changes made into
the tcpdump code base that were similar to the attached
that print them out.
That way, uudecode will write the decoded output there, rather than to a
file named "empty" that gets left around. That also means we don't need
to redirect the output of uudecode to /dev/null, so don't do that.
Doing it at make time means you don't have to re-run the configure
script if you add uudecode to your system, and doing it by uudecoding a
uuencoded empty file means we don't depend on uudecode supporting
"--help".
Instead, check for uudecode in the configure script, and set the
CHECK_UUDECODE configuration variable to "true" if we find it and to a
command that prints an error message and exits with 1 if we don't find
it, and substitute that variable into the Makefile as the first command
for "make check".
This also fixes configure-script problems on OSes that have IPv6 support
but don't have <netinet6/in6.h> - no standard I could find requires that
header for IPv6 support (the Single UNIX Specification speaks of
<netinet/in.h> for both IPv4 and IPv6, and RFCs 2292 and 3542 don't
mention <netinet6/in6.h>, just <netinet/in.h> and <netinet6/ip6.h>).
We have our own copies of those include files, which we use; we haven't
used the system versions for a long time, so we don't need to drag them
along for compiling WinDump.
Don't include the win32/Include/Arpa copy in print-udp.c; don't put that
copy into the release tarball; and don't talk about <arpa/tftp.h>, or
work around its deficiencies in some OSes, as we no longer include it,
we include our own tftp.h, which has a th_stuff array in its structure
definition.
Instead of requiring the user to specify -arch options on OS X to build
a universal version of tcpdump, just default to universal on OS X by
default. Pick the particular targets to match the way tcpdump is built
for the OS for which we're building.
They allow the user to specify flags to indicate the target
architecture(s) (yes, possibly plural - think, for example, Mac OS X)
for which we're building. Those might need to be used not only when
compiling, but also when linking and when building a shared library.
This is not for general cross-compiling, it's for use on platforms where
versions of the native OS support more than one instruction set and
where you want to build for the OS on which you're running but not for
the default build architecture on the machine on which you're running.
This may currently be less useful for tcpdump, as tcpdump currently
builds no libraries, but it's there for compatibility with libpcap.
on OpenSolaris, or Solaris Express Community Edition, build 125 and later.
The attached patch introduces support for printing out the IPNET headers used
for packet capture inside of zones that share their networking with the global
zone and for packets "transmitted" between zones.
tcpdump 4.0.0 will ship with builds 129 and later of OpenSolaris/SXCE and
when run as root with the '-L' option, should behave as below to indicate that
the system is fully functional:
Data link types (use option -y to set):
DOCSIS (DOCSIS) (printing not supported)
IPNET (Solaris IPNET)
EN10MB (Ethernet)
Cheers,
Darren
printed when trying to print packets for a DLT_ for which we don't have
a printer to indicate that you can still save to a capture file in that
case. (Slightly changed not to require DLT_USB_LINUX_MMAPPED to be
defined, for older libpcaps that only define DLT_USB_LINUX.)
The shared secret is passed using the already existing -M option which is
used for TCP-MD5 checking.
add initial supoort for RSVP Integrity object verification.
Update HDR in Makefile.in to include all headers.
Add an EXTRA_DIST variable to include all the files that should go into
the tarball and that aren't in CSRC or HDR, other than tcpdump.1.
Use CSRC, HDR, and EXTRA_DIST to determine what goes into the tarball,
along with tcpdump.1, rather than doing a "make distclean" and putting
everything into the tarball; that way, you can do "make releasetar"
without cleaning out the current directory.
Given that we're not just tarring up the entire source directory, we can
make the tarball directory as a subdirectory of the current directory and
put the tarball into the current directory, rather than putting it into
a (not-entirely-obvious) ../n directory. Clean out the tarball
directory when we're done.
when optimization is not on, glibc6 doesn't define ntohs(), and our attempt
to optimize it for x86 doesn't work --- the functions need to be static, not
extern.
added decryption of IKE v2 payloads, when keys are provided by -E.
if it does, use that for the pf definitions;
if it doesn't, don't compile in pf support;
as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.
and put it to its new home l2vpn.{c|h}
rework bgp, ldp, lsp-ping to use the common l2vpn_encaps tokenlist
update FILES list to acommodate the recent file additions
propagate CPPFLAGS to Makefile.in;
move the CPPFLAGS and V_INCLS change to the end of the configure
run so users don't see "-I$(srcdir)/missing" in their config.log
output.
-add print_vendor_attr() for dissecting vendor proprietary attributes
-add global oui.h oui.c files containing vendor IDs/Name tok2str() table
developers should use this file for resolving OUIs
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
into a new gmpls.c file; have gmpls.h contain only external declarations
of those structures. That removes compiler warnings about static
structures being defined but not used, and also lets more than one file
share structures used in both of those files, rather than having private
definitions of them.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to:
use "-y" rather than "-D" to set the link type ("-D" was already
taken);
use libpcap APIs to map between data link type names and values;
supply stub versions of missing-but-needed libpcap APIs.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
unused-parameter problems reported by GCC. Add an _U_ tag to label
parameters as unused if the function is called through a pointer (so
that you can't change its signature by removing parameters) or if there
are unused parameters only because the function isn't complete.
Add some additional bounds checks the necessity for which was revealed
while cleaning up unused-parameter problems.
Make some routines static.
"lcp_print()", defined in "print-lcp.c", isn't called anywhere -
"print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
"pcap-dump-trunc.c".
Don't make the variables "dump_and_trunc()" manipulates external or even
static; fill in a structure with their values and pass a pointer to that
structure to "dump_and_trunc()". "dump_and_trunc()" will update the
"pcap_dumper_t" pointer in that structure if it rotates capture files,
so that the next call to "dump_and_trunc()" will supply the updated
pointer (the previous code was just opening a new capture, but not
updating the variable passed to "dump_and_trunc()").
Instead of duplicating an old version of the "pcap_dump()" code (a
version that didn't write out time stamps as 32-bit seconds and
microsecond values on platforms where the fields in a "struct timeval"
are 64-bit) in "dump_and_trunc()", just call "pcap_dump()" from
"dump_and_trunc()".
live captures with a "cooked" (SOCK_DGRAM) rather than a "raw"
(SOCK_RAW) PF_PACKET socket; it includes a bunch of the fields from the
"struct sockaddr_ll" you get in a "recvfrom()", including the Ethernet
protocol field.
change the directory mode to 755 after making the directory, so that the
directory is publicly readable and searchable even if the user doing the
"make install" has a umask that takes away public read and search
permissions. (I think that's been a problem at least once - somebody
had trouble configuring and building Ethereal, probably because
"/usr/local/include/net" wasn't publicly readable and searchable, and my
suspicion is that somebody did "make install-incl" or "make install" of
libpcap when their umask was 027.)
the classic BSD "F" flag, which tells it to *exclude* certain files, is
unnecessary; furthermore, some versions of tar may not support it, and
GNU tar, as appears in FreeBSD and perhaps other BSDs, and in Linux,
interprets the "F" flag as meaning "run, at the end of each archive
volume, the script whose name is given as an argument to the flag", so
it's not even syntactically compatible with the classic "F" flag.
The latter problem causes "make tar" to fail; we remove the "F" flags to
fix the problem.
if .devel exists. This should allow developers to have the convenience
of automatic regeneration without the inconvenience of having to have
autoconf installed for Joe User to build tcpdump.
Hope I did not break anything. Portability on IPv4-only node needs checking,
I'll do this very soon. (sorry for rather jumbo commit)
XXx what is _FAVOR_BSD?
