found in "/etc/hosts" and "/etc/ethers", say it must be found by the
host-name-to-IP-address resolution mechanism and the host-name-to-Ethernet-
address resolution mechanism - the host could be in DNS, for example.
remember which pcap_t's were opened (with SOCK_PACKET) in promiscuous
mode on interfaces not already in promiscuous mode, turn promiscuous
mode off when closing such a pcap_t, and arrange that, when the program
exits, all pcap_t's of that sort not already closed have their
interfaces taken out of promiscuous mode. (It's not sufficient to do
this on exit - applications may close a pcap_t without exiting, e.g.
Ethereal.)
This won't always work right (if somebody else requests promiscuous mode
after it's opened by libpcap, we'll turn promiscuous mode off when we
close the pcap_t, and if the program doesn't exit cleanly, it won't
clean up the interfaces), but neither of those problems are fixable -
the only way to get things to work correctly is to use PF_PACKET
sockets, which requires a 2.2 or later kernel.
On a 2.0[.x] kernel, when doing a "recvfrom()" on a SOCK_PACKET socket
to read a captured packet, don't pass a byte count value based on the
snapshot length - "recvfrom()" won't return the actual packet length if
you do that. (2.2 and later kernels will return the actual packet
length if MSG_TRUNC is passed in.)
Update the documentation to reflect improved Appletalk support.
and for ESIS and ISIS packets.
Don't describe "atalk", "aarp", "lat", "sca", "moprc", or "mopdl" as
qualifiers that restrict address or port matches to a particular
protocol, as they aren't.
"iso", however, is a qualifier that applies to "proto", at least, and
can take a number or "esis" or "isis" as arguments; "esis" and "isis"
are short for "iso proto esis" and "iso proto isis".
Update the enumeration of the protocols that can be the target of "ip
proto" to reflect current reality.
Enumerate all the protocols that can be the target of "ether proto",
including the new "iso".
letting you filter based on the VLAN to which a packet belongs, and an
improvement to the printing of VLAN packets (adding an extra space to
separate the VLAN priority and flags from the next stuff printed).
Change some font choices to match the conventions used historically in
this man page (use boldface for literal strings, italics for variables,
and italics for "tcpdump" when it refers to the name of the program).
the introductory README section of the libpcap README file, giving
information about anonymous CVS and other additional information.
Update to note that non-patch mail should be sent to
"tcpdump-workers@tcpdump.org", and that patches should be sent to
"patches@tcpdump.org".
Merge in changes from the tcpdump 3.5 branch:
"\f(CW" doesn't work on all systems - which appears to cause a
subsequent "\fP" to revert to the font from which *roff last
switched, which is often an italic or boldface font. Use "\fR"
instead of "\fP" to undo a "\f(CW".
and other changes not in the main line.
Here is a new version of the libsmi patch for tcpdump. It provides
some bug fixes and some enhancements such as access checking and
better range checking. The patch also fixed a few bugs in the
print_snmp.c module of tcpdump itself (unrelated to the usage of
libsmi).
Hope I did not break anything. Portability on IPv4-only node needs checking,
I'll do this very soon. (sorry for rather jumbo commit)
XXx what is _FAVOR_BSD?
