In the prose use the names from respective registry [1], which says:
* "PSH", not "PUSH",
* "CWR", not "ECN CWR", and
* "ECE", not "ECN-Echo".
This does not resolve all known inconsistencies related to TCP flags,
but at least makes the problem smaller.
1: https://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml
New option `--print-sampling=NTH` will parse and print every NTH packet,
with all other packets producing no output. This option enables
`--print` and `-S` flags.
Print sampling is useful for real-time inspection of an interface with
a high packet rate, or initial inspection of large capture files.
Support upper-case suffixes (K/M/G) as well as lower-case suffixes.
Make sure nothing *follows* the suffix.
We don't need to check for the suffix before parsing the number; the
parsing routines stop if they see a non-digit character.
Accurate skipping of the link level header was working before the
conversion started, it will hopefully work after the conversion is
complete, but meanwhile be clear about what it is now.
As explained in GH #155, when tcpdump is given -r, -w and -v and it
takes long enough to read from the input file (because it is stdin
connected through network or a pipe to stdout of another tcpdump doing
a live capture), pcap_loop() will error before long. One of the ways to
reproduce the fault is as follows:
$ tcpdump -i eno1 -w - | tcpdump -r - -w /tmp/tmp.pcap -v
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
reading from file -, link-type EN10MB (Ethernet), snapshot length 262144
tcpdump: pcap_loop: error reading dump file: Interrupted system call
Skip the verbose_stats_dump() timer setup in this specific corner case
for the time being and document it.
This change add an option to print only on stderr the packet count
when reading capture file(s) instead of parsing/printing the packets.
If a filter is specified on the command line, tcpdump counts only
packets that were matched by the filter expression.
The option name is '--count'.
Add two shortcuts (as long-options) for setting the time stamp
precision: --micro and --nano. While adding these options, reshuffle
the usage message to group up the options related to time stamp, and
removing the macro TIME_STAMP_PRECISION_USAGE.
If setting the time stamp precision is not supported by the available
libpcap, the usage won't mention these options (including
--time-stamp-precision), but they will still be presented in the
manpage.
When using all three switches (-C -G and -W), the behavior is
practically identical to only using -C and -G, as the -W flag will only
affect the filename suffix.
Fixes#695
Three CLI output examples in the tcpdump man page used to request a
smaller font size since the beginning of the version control history.
That had no effect on the plain text format, and made the examples
difficult to read in the HTML format, so get rid of it.
[skip ci]
