Guy Harris [Tue, 13 Nov 2012 09:08:04 +0000 (01:08 -0800)]
Note that "-e" can be used to get MAC addresses printed.
Also give more details on shell metacharacters in filter expressions -
in particular, note that a common use of a shell metacharacter is a
backslash used to escape protocol names, e.g. "ether proto \ip", and
that the alternative to quoting the entire expression is to escapet he
shell metacharacters, e.g.
peppe [Tue, 13 Nov 2012 05:59:56 +0000 (21:59 -0800)]
The peer polling interval is an exponent; treat it as such.
RFC 1119 says
Peer Poll Interval (peer.ppoll, pkt.ppoll): This is a signed
integer indicating the minimum interval between messages
sent by the peer, in seconds as a power of two. For
instance, a alue of six indicates a minimum interval of 64
seconds.
so print both the raw value and 2^{raw value}, showing the latter.
Marc Abramowitz [Sun, 14 Oct 2012 17:21:19 +0000 (10:21 -0700)]
Fix failing Travis CI build (e.g.:
https://travis-ci.org/#!/mcr/tcpdump/builds/2786065)
Remove hacky patching of `configure.in` because this is now redundant
with the change that was accepted in
https://github.com/mcr/tcpdump/pull/32 and it causes patch to prompt for
whether to reverse the patch which makes the Travis build time out.
Marc Abramowitz [Sat, 13 Oct 2012 18:21:45 +0000 (11:21 -0700)]
Simplify the detection of OpenSSL libcrypto by using standard autoconf
macros rather than a local copy of AC_LBL_SSLEAY.
AC_LBL_SSLEAY is old and has not kept pace with some more recent
developments in packaging like Debian and Ubuntu's multiarch support.
The autoconf macros have been updated to handle multiarch so using them
means that tcpdump gains the ability to be built with libcrypto on these
new multiarch distros and to work successfully with Travis CI, which
uses Ubuntu 12, which is one such multiarch distro (see GH-32).
Guy Harris [Fri, 28 Sep 2012 04:12:00 +0000 (21:12 -0700)]
More strictly check for numbers as arguments to -i.
Use strtol() and only treat the argument as a number if it's *all*
number, so that interface names such as 192_1_2 aren't treated as
"interface number 192".
Guy Harris [Fri, 28 Sep 2012 03:44:34 +0000 (20:44 -0700)]
Use PATH_MAX, not NAME_MAX.
NAME_MAX is the maximum length of a file pathname *component*; PATH_MAX
is the maximum length of a file pathname. We're dealing with pathnames,
so use PATH_MAX. (On some systems, NAME_MAX can be as low as 14,
presumably for binary compatibility with V7-era data structures
containing file names, as there are probably few if any non-historic
UN*Xes around with 14-character file name limitations.)
Boost the default PATH_MAX to 1024 while we're at it.
Bill Parker [Mon, 3 Sep 2012 21:21:32 +0000 (17:21 -0400)]
In reviewing addrtoname.c, I found a minor issue with a call to
malloc() failing to check it's return value in file 'addrtoname.c' in
function 'LookupBytestring'. Here is the resulting patch below :)
Bill Parker [Mon, 3 Sep 2012 21:19:37 +0000 (17:19 -0400)]
In reviewing tcpdump.c, I found a minor issue with a call to malloc()
failing to check it's return value in file 'tcpdump.c' in function
'MakeFileName'. Here is the resulting patch below :)
Denis Ovsienko [Tue, 21 Aug 2012 12:09:40 +0000 (16:09 +0400)]
update for current Babel auth spec
This change updates Babel decoder output format to match terminology of
draft-ovsienko-babel-hmac-authentication-00 and reverts recent addition
of DLen field to TLV type 12.
Romain Francoise [Sat, 30 Jun 2012 19:42:41 +0000 (12:42 -0700)]
LLDP: print packet protocol at all verbosity levels
The LLDP printer doesn't show the packet protocol unless -v is used,
which results in pretty useless output lines where only the timestamp is
present. Make sure we include the default protocol+length output even in
default mode.
Denis Ovsienko [Fri, 29 Jun 2012 18:27:16 +0000 (22:27 +0400)]
update Babel decoder for DLen in HD TLV
This change reflects a new Digest Length field added to Hash Digest TLV
in the current draft of Babel authentication spec. babel_print_v2() is
updated to fetch and validate the new field. Test files too.
Denis Ovsienko [Thu, 21 Jun 2012 13:14:55 +0000 (17:14 +0400)]
fix printing of infinite lifetime in ICMPv6
icmp6_opt_print() in the case of ND_OPT_PREFIX_INFORMATION always
appended "s" (seconds) to the returned string result of get_lifetime(),
which could be either a printed number or the "infinite" word. This
change leaves it up to get_lifetime() to decide if "s" is necessary.
This also improves the ND_OPT_ROUTE_INFO case, where route information
lifetime has the same type and semantics.
Denis Ovsienko [Mon, 11 Jun 2012 17:06:00 +0000 (21:06 +0400)]
decode RIPv2 authentication up to RFC4822
This change addresses a few issues in rip_entry_print_v2() and
rip_print():
1. In the case of Simple Password (RFC2453) authentication the last
(16th) character of a password was never printed. Other password
characters were printed regardless of existing isprint() test.
2. In the case of Cryptographic (RFC4822) authentication there were no
details available for fixed-size auth header and variable-size auth
trailer.
3. Depending on particular hash function used, a normal authentication
trailer "RTE" may be 20 or more bytes long. Iteration over packet RTEs
should stop once a trailer is decoded. Exact number of RTEs in a message
cannot be told from message size any more.
Test cases are added for Request and Response messages with Simple
Password, Keyed-MD5, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384 and
HMAC-SHA-512 authentication modes. Earlier test case is updated to match
new "number of routes" output format.
Denis Ovsienko [Mon, 11 Jun 2012 17:01:34 +0000 (21:01 +0400)]
fix RIP Request/full table decoding issues
RIP Request and Response messages have the same structure. Update a
switch block in rip_print() to proceed with decoding of both.
A Request message may contain an AFI 0 RTE standing for a full table
request, normally sent on a router start. Update rip_entry_print_v1()
and rip_entry_print_v2() to treat IPv4 and AFI 0 as two valid,
distinguishable cases.
Guy Harris [Sat, 9 Jun 2012 02:07:20 +0000 (19:07 -0700)]
Add some attribute/TLV length checks.
Make sure we don't run past the end of a BGP attribute or LDP TLV when
dissecting the attribute/TLV.
Make some of the code do a bit more of a "step the pointer through the
data"-style dissection; that was done while debugging the changes in
question. It also fixes up some code to not check for more data than
should actually be there.
Update references to RFC 4906 from the draft, and note that RFC 4447
replaces it.
Guy Harris [Fri, 8 Jun 2012 05:24:04 +0000 (22:24 -0700)]
Fix an error and a warning.
Use a separate variable to index through the hash digest, not the
variable used to index through the packet.
Make some variables holding one-byte quantities u_int rather than u_char
while we're at it - not much use in *requiring* them to fit into 8 bits
(the code might be better if we don't, and that eliminates a warning).
Guy Harris [Fri, 8 Jun 2012 05:12:28 +0000 (22:12 -0700)]
Fix printing of 64-bit quantities.
Do *NOT* assume that "%l[doxu]x" - or "%ll[doxu]" - is the way to print
a 64-bit quantity; on UN*X, it might be a "long" or a "long long",
depending on whether you're on a 32-bit or 64-bit platform and, on
Windows with MSVC++, it's not a long (even in 64-bit mode) and doesn't
use "%ll[doxu]", either. Instead, use PRI[doxu]64; that's what C99
defines, and what we define ourselves if the C environment doesn't
define it.
Denis Ovsienko [Wed, 6 Jun 2012 13:57:20 +0000 (17:57 +0400)]
add decoding of Babel authentication TLVs
This change extends existing Babel protocol decoder to recognise
experimental authentication TLVs (types 11 and 12) and includes
a respective test case for the new code.
The most notable difference between RFC5006 and RFC6106 is the addition
of DNSSL RA option. This commit adds DNSSL handling code to make tcpdump
fully RFC6106-aware. This code has been tested against RA packets
generated by Quagga and radvd.
projects / tcpdump / log
