tcpdump used to print an empty line for a Loopback (CTP) packet, which
many Cisco switches send by default every 10 seconds. This commit adds
a decoder for the protocol and a test case, which uses the sample
capture from Wireshark wiki (configuration_test_protocol_aka_loop.pcap).
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
For headers included in only one source file, put the header contents in
the source file in question, and get rid of a bunch of stuff from the
header not used in the source file.
Add new decoder for UDP port 5359 and a sample packet capture produced
on a couple of Linux hosts (a server and a client). Besides that, an
existing Babel capture contained AHCP packets and the current AHCP tests
cover 0, 1 and 2 "-v" flags.
The first revision of the header file was copied from the original
distribution tarball intact to use sizeof() instead of adding new
constants on one hand and provide structure definitions for a reference
on the other. But as soon as the structures had a portability issue and
were removed in commit a6c16ed, the remaining fragments of the header
don't justify for a file of its own.
This commit maps all relevant bits of the remaining contents of
openflow-1.0.h to constants in print-openflow-1.0.c (all being specific
to version 1.0 of OpenFlow) and removes the file.
Don't assume we have <stdint.h>. Instead, use the AC_TYPE_ macros to
ensure we have the C99 intN_t and uintN_t types; we already include
<inttypes.h> in tcpdump-stdinc.h iff we have it.
Get rid of the structure declarations in openflow-1.0.h, as they have
zero-length arrays (not supported by all the compilers people might be
using) and as
1) they're only used in sizeof()
and
2) after each one there's an assertion to check that sizeof()
returns a specific numerical value
so, instead, just #define various _LEN items to those numerical values
and use them.
Add an openflow.h header with a #define for the length of the basic
header, and move the declaration of of10_header_body_print() there.
The new file openflow-1.0.h is a verbatim copy of the file openflow.h
from the openflow-1.0.0.tar.gz distribution. The new file
print-openflow-1.0.c contains a set of functions for OpenFlow 1.0 (wire
protocol 0x01) decoding. Of these functions only
of10_header_body_print() is exported and used by the minimal OpenFlow
decoder.
It is intended that future (1.1, 1.2, 1.3.0) OpenFlow version decoders
are implemented the same way (in modules of their own), since different
versions of OpenFlow specification reuse the same symbols for different
numeric values. This way, print-openflow-1.1.c would include
openflow-1.1.h and so on.
The new test case "of10_p3295-vv" was produced using a Pica8 P-3295
switch and Trema controller running a purpose-built sample application.
This change registers OpenFlow TCP port number and adds processing of
respective packets with openflow_print(), a new function that
understands the minimal OpenFlow header format and can iterate over
messages within a snapshot that starts with the header.
This commit adds the support of Multipath TCP (MPTCP). MPTCP is a new
extension to TCP standardized at the IETF. MPTCP allows to use several IP
addresses at the same time by distributing data across several subflows (TCP
connections) while still presenting the standard TCP socket API to the
application. Its benefits are better resource utilization, better throughput
and smoother reaction to failures.
This change adds support for ZMTP/1.0 (ZeroMQ Message Transport Protocol
1.0) framing in TCP packets, as defined in http://rfc.zeromq.org/spec:13
and implemented in zeromq library.
Since there is no assigned port number for ZeroMQ, the user is left
responsible for making only the related TCP packets captured and
enforcing ZMTP/1.0 decoding through the "-T zmtp1" option.
Each ZMTP/1.0 frame of a packet will produce a single additional line of
output. The "-v" flag will add up to 8 lines (128 bytes) worth of
hex+ASCII dump of the frame body, and "-vv" and higher will dump the
full frame body, however long.
Beware that this code handles neither IP fragmentation nor TCP
segmentation and will incorrectly decode segments not starting at a
frame boundary.
The included sample capture stands for a short ZeroMQ session between a
REQ/REP socket pair doing 3 anonymous 2-way exchanges. It was produced
using version 2.1.9 of zeromq library patched to fix its bug #293, so
that all MBZ bits of the flags field are set to 0.
Unfortunately, the DLT_PFSYNC support depends on header files included
from the pfctl command's source tree, and trying to arrange to find that
would be too much trouble.
From FreeBSD PR bin/124825: tcpdump(8) does not support pfsync(4) data,
which in turn was ported over from OpenBSD. We already have CARP
support, so we did not port that part over.
CARP and VRRP both use IP protocol number 112, so there needs to be a -T
flag to specify that protocol 112 be dissected as CARP rather than VRRP.
Also update the man page.
The Wireshark routine is based on the BSD in-kernel portable checksum
routine (thus BSD-licensed); it takes a vector of pointers and lengths
and checksums the concatenation of the buffers in question (just as the
BSD in-kernel routine checksums a chain of mbufs).
This simplifies the "with a pseudo-header" checksums; hopefully it'll
fix up the problems being seen on some big-endian platforms, which might
be due to hand-calculating some or all of the checksum and doing so
incorrectly. It also gets rid of some code that might be dereferencing
unaligned pointers.
To: tcpdump-workers@lists.tcpdump.org
Date: Sat, 09 Apr 2011 12:51:14 +1000
Subject: [tcpdump-workers] Printing PPI packets
Printing PPI packets with tcpdump does not turn out
to be that hard.
My simple tests have produced the output as below.
It would be worthwhile having some changes made into
the tcpdump code base that were similar to the attached
that print them out.
