add support for the the post-rotate -z flag (to be used in
conjunction with -C or -G) which can be used to specify a command tcpdump
should execute on each savefile after it's been rotated
for example to compress a capture file.
"pcap_version", "pcap_debug", and "yydebug", don't add our own functions
referring to those variables - GCC 3.4.1 optimizes the test code out
before the link is done, as it's in a function that's not called.
quit as soon as we see IPOPT_EOL;
*don't* quit as soon as we see IPOPT_NOP, just advance to the
next option, if any;
implement "quit" as "return the destination address from the IP
header rather than as "return 0".
Also, return the IP header destination address if we see a
source-routing option with a too-short length.
with the current IANA assignment (Apr 13 2004). It consists of the
following four parts:
- added inverse-neighbor-discovery (RFC3122)
- shift MTRACE-related type numbers, since it collides
with inverse-neighbor-discovery.
- added MLDv2 (draft-vida-mld-v2-08.txt)
- shifted Mobile-IPv6 numbers from interim value to the
official one. (draft-ietf-mobile-ipv6-24.txt)
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
The first critical piece of code is found in print-isakmp.c:332. The
function rawprint() does not check its arguments thus it's easy for
an attacker to pass a big 'len' or a bogus 'loc' leading to a
segmentation fault in the for loop.
The second bug is located in print-radius.c:471. The for loop of
print_attr_string() is written in an unsafe manner. 'length'
and 'data' should be checked.
propagate CPPFLAGS to Makefile.in;
move the CPPFLAGS and V_INCLS change to the end of the configure
run so users don't see "-I$(srcdir)/missing" in their config.log
output.
The test for DNS message dnssec bit flags in the query and
response are backwards. The CD bit has meaning in a query, and
the AD bit has meaning in a response.
1. Unused things (mbuf, rtentry) have been removed.
2. I've dropped FR_CR_BIT etc. definitions as they have only meaning in
specific location in Q.922 address. FR_EA_BIT is still there as it's
used by all Q.922 bytes.
3. a new parse_q922_addr() parses the whole Q.922 address structure
and produces DLCI, Q.922 byte count and flags in ASCII. While I can't
test 3- and 4-byte Q.922 addresses (using only default 2-byte ones),
they are supported.
4. I've trimmed comments regarding HDLC flags and CRC/FCS bytes in FR
packet. They are wire-only things and as such are never seen by
libpcap/tcpdump.
5. Changed NLPID_LMI into NLPID_CISCO_LMI and NLPID_Q933 into NLPID_LMI
(the latter is used by both ANSI (T1.617 annex D) and CCITT (Q.933
annex A) LMI).
6. fr_hdrlen() now correctly returns FR header length (4 - 6 bytes,
7 bytes with 4-byte Q.922 and incorrectly used pad byte).
7. I've changed output text formatting: "xxx-value-yyy-value" into
"xxx value, yyy value", to be consistent with Ethernet.
Not sure if it's correct.
8. added IPv6 support
9. q933_print() now reads lmi_print()
10. CCITT (Q.933 annex A) LMI is now supported, and both CCITT and ANSI
fields are now correctly displayed
10. lmi_print() no longer prints constant fields (such as always zeroed
Q.922 C/R bit or LMI Call Reference byte) unless they are set
incorrectly.
11. I've added ANSI_ and CCITT_ prefixes to appropriate #defines.
12. a new parse_dlci_el() should handle all (10, 16 and 23-bit)
DLCIs correctly (corresponding to 2, 3 and 4-byte Q.922 addresses,
respectively).
that if tcpdump is being piped to some other program, and that program
exits before tcpdump does, tcpdump will cleanly exit, so that libpcap
can cleanly close devices (such as Endace's DAG cards).
check the header length to make sure it's at least the minimum length,
so we don't, for example, go into an infinite loop if the header length
is 0.
Get rid of some blank lines at the end of the file.
where we wire in the idea that it can't handle unaligned accesses. (I
don't know why the test program doesn't work - but perhaps the test
program is the wrong answer anyway, as it doesn't work when
cross-compiling.)
open the file containing a filter expression in binary mode, so
that we get all the characters that "fstat()" claims are there,
rather than having CRs stripped out (causing us to report an
error because the "read()" call gives us less data than
"fstat()" claims was in the file);
close the file descriptor once we're finished reading the file;
strip out everything on a line starting with "#", so that "#"
can be used for to-end-of-line comments in the file.
Update his address in the CREDITS file.
the output stream for "-w" to be flushed after each packet is dumped.
Add checks for "pcap_dump_flush()", and only enable the "-U" flag if
it's present. Clean up the handling of the "getopt()" argument and the
usage message to get rid of the pile of #ifdefs.
Add documentation for the "-L" and "-y" flags.
Tweak the description of "-r" to properly format "-w" in the text.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to:
use "-y" rather than "-D" to set the link type ("-D" was already
taken);
use libpcap APIs to map between data link type names and values;
supply stub versions of missing-but-needed libpcap APIs.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
