Michal Sekletar [Wed, 19 Mar 2014 13:14:25 +0000 (14:14 +0100)]
Introduce --time-stamp-precision
A while ago we introduced new API in libpcap which made possible to
request time stamps with higher precision (nanoseconds). This commit
aims to move things forward and implement missing bits. It introduces
new long option --time-stamp-precision. Note that there is no equivalent
short option.
When used for a live capture tcpdump will ask the kernel for time stamp
with desired precision and tcpdump will print fraction part of the time
stamp using respective format. We currently support only microsecond and
nanosecond precision. In the future we might support even more granular
time stamp precision, but we should be fine to support only
microseconds and nanoseconds for now. libpcap doesn't provide anything
else at the moment anyway.
When used in combination with -r/-w options then we obtain time stamps
appropriately scaled up or down from libpcap. Also note that distinct
magic number is used for savefiles containing nanosecond time stamps.
Guy Harris [Tue, 6 May 2014 21:25:43 +0000 (14:25 -0700)]
Add a --version option, to print just version information.
Also, use #defines starting at 128 (outside the ASCII range) for long
options having no short-option equivalent, and have -h/--help exit with
an exit status of 0 (you just asked for usage information, and you got
it - no fault, no error).
Francois-Xavier Le Bail [Mon, 5 May 2014 09:02:52 +0000 (11:02 +0200)]
print-ether: print 'ethertype IEEE1905.1' instead of 'ethertype Unknown'
not a full decoder, uses default print
reference: http://standards.ieee.org/develop/regauth/ethertype/eth.txt
Denis Ovsienko [Sun, 4 May 2014 16:48:03 +0000 (20:48 +0400)]
AoE: add version 1 decoder (GH #298)
The sample capture was produced with two Linux hosts (aoetools version
36, kernel module version 85, vblade version 21). One of the hosts
exported a 1MB block device containing a freshly created filesystem and
the other mounted it, wrote a small file and then unmounted.
Guy Harris [Sat, 3 May 2014 19:36:06 +0000 (12:36 -0700)]
Clean up protocol ID printing.
If getprotobynumber() doesn't return a valid protocol name, just print
the protocol number.
Don't bother with setprotoent() and endprotoent() - none of the other
dissectors using getprotobynumber() use them and, if it's a useful
optimization, we should do the optimization in a common routine for all
callers (or do some other optimization, e.g. reading the entire protocol
list and building a table in which we can do a quick lookup).
Guy Harris [Sat, 3 May 2014 18:10:54 +0000 (11:10 -0700)]
Don't care about the Linux kernel version number.
What OS-specific and OS-version-specific features tcpdump uses
*directly* should be checked for specifically; if it *requires* features
not available with systems using a 1.x kernel, the configure should fail
because of *that*, and if it doesn't require any such features, we
should allow building on/for systems with a 1.x kernel.
If there are issues with *libpcap* on systems with a 1.x kernel, then
that should be handled in the libpcap configure script - and, even if
it's impossible to capture traffic on such a system, you can build a
version of libpcap that can read files but not capture, which would give
you a tcpdump that could, at least, read files from other machines.
Guy Harris [Fri, 2 May 2014 18:49:30 +0000 (11:49 -0700)]
Add some long options.
Currently, they're all aliases for existing short options, but we're out
of letters, so we'll be adding some that won't have short options.
This means we can't have entries in the options table corresponding to
short options with no long options, as an entry in the long options
table with a null option name terminates the table.
Gisle Vanem [Fri, 2 May 2014 11:30:57 +0000 (04:30 -0700)]
Update tcpdump-stdinc.h
Put WinPcap's header "bittypes.h" before potentially defining basic types like "uint8_t". Define EAFNOSUPPORT unless defined in system's <errno.h>. The local Win32/Include/errno.h is gone.
Guy Harris [Fri, 2 May 2014 06:20:21 +0000 (23:20 -0700)]
Sort options and put in notes for unusable option letters.
Sort the options alphabetically, and put in comments for the options
we're *currently* not using, to note that other versions of tcpdump use
them and that we should only use them for the same purposes.
Guy Harris [Fri, 2 May 2014 02:50:19 +0000 (19:50 -0700)]
Don't assume the Perl interpreter is in /usr/bin/perl.
It's not necessarily there on all platforms. Explicitly invoke the
interpreter to run the TESTonce script; that requires that, when you run
"make check", your path includes the directory in which the Perl
interpreter resides.
Guy Harris [Fri, 2 May 2014 02:48:10 +0000 (19:48 -0700)]
Split the OSPFv3 header and bodies into separate structures.
Some compilers appear to put some padding before the ospf6_un union, so
the OSPFv3 packets aren't dissected correctly. Pull the members of
that union into separate structures, and find the pointer to the OSPFv6
body by adding the header length to the pointer to the beginning of the
header.
Gisle Vanem [Thu, 1 May 2014 10:39:17 +0000 (14:39 +0400)]
fix missing/inet_ntop.c again
All tests that should print IPv6-addresses failed since 'INET6' wasn't
set when my missing/inet_ntop.c was compiled. Due to "config.h" was not
included.
Also got rid of 2 warnings:
Missing/inet_ntop.c:146:23: warning: 'cur.len' may be used
uninitialized in this function [-Wmaybe-uninitialized]
The tests also failed since the inet_ntop_v6() was returning hex-chars
in upper-case. So this patch returns string in lower-case.
Guy Harris [Wed, 30 Apr 2014 22:28:06 +0000 (15:28 -0700)]
Use getopt_long().
This requires us to check for it in the configure script and to include
a version of getopt_long() for the benefit of platforms that don't have
it; we pick up the FreeBSD version and tweak it a bit (eliminating some
features specific to the BSD version of getopt_long(), as we want to use
it only in a fashion portable to Linux/*BSD/Solaris/etc.)
We also get rid of the version of getopt() we supply for Windows in
favor of the version of getopt_long() we provide.
Guy Harris [Wed, 23 Apr 2014 17:56:20 +0000 (10:56 -0700)]
We still need u_intN_t.
Some libpcap headers use them, and even if we change libpcap to use
uintN_t, we don't require that tcpdump 4.x go with libpcap 1.x - we
allow people to install the latest tcpdump even if they have an older
libpcap and don't want to install a newer one.
However, we now define them in terms of the C99 uintN_t types, rather
than trying to guess what's appropriate; using unsigned long long for
u_int64_t meant that, on some platforms, u_int64_t didn't match
PRI[doux]64, and using unsigned long obviously won't work on ILP32
platforms.
Also, we already had calls to the autoconf macros for C99 types; get rid
of the ones we added.
Also also, clean up a comment in tcpdump-stdinc.h.
Guy Harris [Wed, 23 Apr 2014 07:20:40 +0000 (00:20 -0700)]
u_intN_t is dead, long live uintN_t.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
Guy Harris [Mon, 21 Apr 2014 21:02:29 +0000 (14:02 -0700)]
Shorten sizeof to u_int, to match the %u format used with it.
On LP64 and LLP64 platforms, sizeof returns a 64-bit value, which is
larger than an int or unsigned int, so if you add the result of sizeof
to a value shorter than 64 bits, you can't print the result with %u.
As an M3UA parameter header is much shorter than 2^32 bytes, we can
safely just cast sizeof(struct m3ua_param_header) to u_int.
Merge m3ua.h into the only file that includes it (print-m3ua.c). Make
M3UA functions follow naming pattern, constify some of their arguments
and switch to ND_PRINT(). Make use of tok2str() and ternary conditional.
Eliminate declarations in the middle of code (C89).
Vyacheslav Trushkin [Fri, 22 Nov 2013 09:28:37 +0000 (16:28 +0700)]
M3UA support added (GH #342)
SCTP's payload protocol identifiers added.
M3UA tests provided by wireshark
http://wiki.wireshark.org/SampleCaptures#Sigtran_Protocol_Family
But RFC4666 tells that parameter 0x0002 aren't carried by M3UA, so
it's OK that tcpdump doesn't know about this identifier.
-----------------------------------------------------------------------
The change to sctp_print() does three things:
* makes detection of ForCES consider PPID, not just port number
* verifies chunk length of all SCTP_DATA chunks, not just of ForCES
* adds PPID-specific dispatching with a particular case of M3UA
Guy Harris [Sat, 19 Apr 2014 02:09:49 +0000 (19:09 -0700)]
When parsing information elements, check for the full length beforehand.
When parsing information elements, first check to make sure we have the
element ID and length, and fetch the length; then check to make sure we
have the entire element, including the information. Remove those checks
from the handlers for individual elements.
This squelches a Coverity warning (when we check to make sure the length
remaining in the packet is enough for the element ID; the element ID is
one byte, and the loop continues as long as the length is non-zero, so
that's always true in the loop), and simplifies some other code.
Also check for the right length for fixed-length elements while we're at
it.
Guy Harris [Sat, 19 Apr 2014 00:53:01 +0000 (17:53 -0700)]
The item_len argument to ikev1_id_print() *is* used.
So don't mark it as unused; that *might* be what's causing Coverity to
think that sizeof(struct ikev1_pl_id) is always < item_len and thus that
the "data" variable can never be null.
- add a 'Verify Coverity Scan run condition' step to avoid multiple runs with
Travis matrix.
- add a 'Verify Coverity Scan script test mode' step. if true no uploading, to
avoid reaching the quota. usual processing: false.
- send 'description' as VERSION#SHA (e.g.: 4.6.0-PRE-GIT#c661f8b)
projects / tcpdump / log
