Structures that describe packet formats now all use nd_ types, none of
which require more than 1-byte alignment, so compilers shouldn't assume
that anything in those structures is aligned on any particular boundary,
even without a "this is unaligned" hint.
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
As it was correctly pointed out in GitHub issue #516, the TCPOPT_TCPAO
(formerly TCPOPT_AUTH) case had an issue with option length processing,
though without significant consequences thanks to a check elsewhere.
Besides that, the old code (introduced in 2005) decoded a structure
similar to a proposed encoding variant of the early (first published in
2007) revisions of the Internet-Draft but different from the encoding
of RFC 5925 (published in 2010). These issues are now addressed and the
TCP option renamed to TCP-AO.
As it was correctly pointed out in GitHub issue #516, the TCPOPT_TCPAO
(formerly TCPOPT_AUTH) case had an issue with option length processing,
though without significant consequences thanks to a check elsewhere.
Besides that, the old code (introduced in 2005) decoded a structure
similar to a proposed encoding variant of the early (first published in
2007) revisions of the Internet-Draft but different from the encoding
of RFC 5925 (published in 2010). These issues are now addressed and the
TCP option renamed to TCP-AO.
This commit adds support for RESP as defined in: http://redis.io/topics/protocol.
It also supports inline commands and pipelining. Due to the popularity of RESP,
numerous services are emerging that use this protocol. You may decode RESP packets
on arbitrary ports using the "-T resp" option.
Example captures can be found in tests/resp_*.
A simple way to test this parser is to start redis-server and then run
redis-cli commands such as "redis-cli set key value".
Traditionally, redis-cli monitor is used to debug redis. Unfortunately,
the "monitor" command can cause significant load on a redis-server in
production. This parser may be used as a non-invasive alternative to
redis-cli monitor.
From Bill Parker: sort the port definitions, add some additional
ports, and use #ifndef/#endif around all definitions.
From me: use consistent indentation, add the RFCs for NetBIOS-over-TCP
to the #defines for the NBT ports, and don't keep the IPv6 ports
separate.
Move the port number #define's to the TCP and UDP files such that they
don't require nameser.h anymore. Update the TCP printer to disregard the
multicast DNS port as it is UDP-only.
"Text protocols" are protocols that have the general feel of FTP, with
command lines with a command name and space-separated arguments and
response lines beginning with a 3-digit reply code. They can also
include HTTP-style headers and an entity body.
We add support for the FTP control channel, HTTP, SMTP, and RTSP. We
also change the SIP printer to use it.
OF specifications 1.0.2 and 1.3.3 use a different port number. That
said, the old port is still likely to be seen in the wild after 4 years
of deployment. Let tcpdump recognize both for a while.
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
This change registers OpenFlow TCP port number and adds processing of
respective packets with openflow_print(), a new function that
understands the minimal OpenFlow header format and can iterate over
messages within a snapshot that starts with the header.
This commit adds the support of Multipath TCP (MPTCP). MPTCP is a new
extension to TCP standardized at the IETF. MPTCP allows to use several IP
addresses at the same time by distributing data across several subflows (TCP
connections) while still presenting the standard TCP socket API to the
application. Its benefits are better resource utilization, better throughput
and smoother reaction to failures.
RFC 5482 specifies a new TCP option -- the TCP User Timeout
Option (UTO) -- that allows one end of a TCP connection to
advertise its current user timeout value. The Kind of UTO
option is 28 and the Length is 4. The tcpdump currently does
not recognize UTO option.
- seperate fields by comma
- use [] for flags and options sets
- print a trailing length field
make use of tok2str() and bitttok2str()
move port definitions into tcp.h
compile with Sun C, as "interface.h" isn't being included before the
structures are being declared.
Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun
C to generate code that's safe with unaligned accesses, as
"__attribute__" is defined as a do-nothing macro with compilers that
don't support it.
Therefore, we get rid of that tag on the structures to which it was
added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch
16-bit and 32-bit big-endian quantities from packets. We also fix some
other references to multi-byte quantities to get rid of code that tries
to do unaligned loads on platforms that don't support them.
We also throw in a hack that makes those macros use
"__attribute__((packed))" on structures containing only one 16-bit or
32-bit integer to get the compiler to generate unaligned-safe code
rather than doing it by hand. (GCC on SPARC produces the same code that
doing it by hand does; I don't know if GCC on any other big-endian
strict-alignment processor generates better code for that case. On
little-endian processors, as "ntohs()" and "ntohl()" might be functions,
that might actually produce worse code.)
Fix some places to use "%u" rather than "%d" to print unsigned
quantities.
that bitfields other than "int" or "unsigned int" are allowed, some
compilers warn about them, and, given that the declaration of a bit
field says how many bits it is wide, declaring them "u_char" doesn't
have any advantage (other than making it a bit clearer, when reading the
header, that the bitfields in question are part of a single byte).
have dissectors include them rather than <netinet/ip.h> or
<netinet/ip_var.h>, if they actually need that stuff.
Put the declarations of the ICMP stuff directly into "print-icmp.c".
Remove all unnecessary includes of <netinet/ip*.h> files.
Copy the byte-order stuff from "nameser.h" into "tcp.h".
by dissectors, and have dissectors include them rather than
<netinet/udp.h>, <netinet/udp_var.h>, or <netinet/tcp.h>, if they
actually need that stuff.
Remove all unnecessary includes of <netinet/udp*.h> or <netinet/tcp*.h>
files.