| #
f6e4162f |
| 15-Sep-2024 |
jsg <jsg@openbsd.org> |
remove unused variables
|
| #
146262ea |
| 08-Apr-2024 |
jsg <jsg@openbsd.org> |
more ansi function decls
ok deraadt@
|
| #
19fef815 |
| 05-Apr-2024 |
deraadt <deraadt@openbsd.org> |
ANSI functions; ok tb
|
| #
2c53affb |
| 27-Dec-2022 |
jmc <jmc@openbsd.org> |
spelling fixes; from paul tagliamonte
any changes not taken noted on tech, but chiefly here i did not take the
cancelation - cancellation changes;
|
| #
9aff5a10 |
| 28-May-2022 |
deraadt <deraadt@openbsd.org> |
clear cur_membag so that pcap can be used more than once
|
| #
c8ee1a74 |
| 28-May-2022 |
deraadt <deraadt@openbsd.org> |
Do not walk off the end of the array performing frees
crash found by daharmasterkor
|
| #
daa036ab |
| 28-Mar-2022 |
dlg <dlg@openbsd.org> |
tweak the pflog ifname filter to include the terminating nul.
without this the code effectively just compares the start of the
string, which means you can get a prefix match unexpectedly. including
tweak the pflog ifname filter to include the terminating nul.
without this the code effectively just compares the start of the
string, which means you can get a prefix match unexpectedly. including
the nul in the comparison means it only works for whole interface
names, as it was originally intended.
reported by Aner Perez on misc@
ok deraadt@ (who also dug through the history behind this)
show more ...
|
| #
0931029a |
| 13-Feb-2022 |
otto <otto@openbsd.org> |
Handle the case in freechunks where not a single allocation has happened.
ok deraadt@
|
| #
6c734e6e |
| 05-Dec-2021 |
deraadt <deraadt@openbsd.org> |
libpcap parser uses a memory tracker to only free all objects at the end.
this code was slicing up large mallocs with sys/param.h ALIGN(). such a
scheme loses the many overflow/damage checking benef
libpcap parser uses a memory tracker to only free all objects at the end.
this code was slicing up large mallocs with sys/param.h ALIGN(). such a
scheme loses the many overflow/damage checking benefits of malloc per object.
Change the code to track independent allocations, rather than slicing.
ok gnezdo claudio
show more ...
|
| #
426b943d |
| 01-Dec-2021 |
deraadt <deraadt@openbsd.org> |
we do not need 'struct mbuf; struct rtentry;' to satisfy some ancient unix
variant that made a header file mistake.
ok jsg
|
| #
ff78d6ed |
| 18-Jan-2021 |
sthen <sthen@openbsd.org> |
support PCAP_NETMASK_UNKNOWN, adapted from an old commit in upstream
libpcap, ok dlg@
https://github.com/the-tcpdump-group/libpcap/commit/74b2de364f3443fc2414d0160b0b942f347c6fd4
https://github.com/
support PCAP_NETMASK_UNKNOWN, adapted from an old commit in upstream
libpcap, ok dlg@
https://github.com/the-tcpdump-group/libpcap/commit/74b2de364f3443fc2414d0160b0b942f347c6fd4
https://github.com/the-tcpdump-group/libpcap/commit/117cb5eb2eb4fe212d3851f1205bb0b8f57873c6
show more ...
|
| #
fe3e795b |
| 12-Sep-2020 |
kn <kn@openbsd.org> |
Fix byte order handling for DLT_LOOP links
Fixing filters on DLT_LOOP revealed that we treat DLT_NULL, DLT_ENC and
DLT_LOOP the same way even though DLT_LOOP stores the AF value in network
not byte
Fix byte order handling for DLT_LOOP links
Fixing filters on DLT_LOOP revealed that we treat DLT_NULL, DLT_ENC and
DLT_LOOP the same way even though DLT_LOOP stores the AF value in network
not byte order like the rest.
This amends the missing conversion which ought to land with the recent
commit exposing the byte order mismatch:
revision 1.53
date: 2020/07/21 22:44:55; author: dlg; state: Exp; lines: +2 -2;
DLT_LOOP does have a link header, so tell pcap-filter so it can use it.
...
debugged with and ok kn@
Discussed with bluhm who reported src/regress/sys/netinet6/rip6cksum/
failing on i386 after above commit.
The comment in this commit is taken from libpcap upstream as is modulo
additional file-save related byte-order handling which we don't seem to do.
OK bluhm
show more ...
|
| #
2cba36b5 |
| 03-Aug-2020 |
dlg <dlg@openbsd.org> |
add "sample NUM" so you can ask to capture 1/NUM packets from a filter.
the use of the sample keyword matches similar config in other
products.
NUM can be a number between 2 and 1048576, and is use
add "sample NUM" so you can ask to capture 1/NUM packets from a filter.
the use of the sample keyword matches similar config in other
products.
NUM can be a number between 2 and 1048576, and is used to divide
0x100000000 into a threshold that is then compared against a randomly
generated number produced by a load of BPF_RND.
having sampling as part of the grammar means you can write things
like "icmp or sample 128". this lets you capture all icmp traffic
and a sample of the rest of the traffic.
ok jmatthew@ kn@ tb@
show more ...
|
| #
a8e9f808 |
| 03-Aug-2020 |
dlg <dlg@openbsd.org> |
add support for handling loads from BPF_RND.
this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can prin
add support for handling loads from BPF_RND.
this adds "rnd" and "random" as keywords in the grammar, and handles
them as an arithmetic operator. the decoder recognises the load,
so tcpdump can print it as 'ld #random'. most of the handling is
copied from the "len"/"length" keywoard handling that generates and
decodes a load of the actual wire length of the packet.
ok jmatthew@ tb@ kn@
show more ...
|
| #
0918526a |
| 21-Jul-2020 |
dlg <dlg@openbsd.org> |
DLT_LOOP does have a link header, so tell pcap-filter so it can use it.
matthieu@ reported that asking tcpdump to look at ip or ip6 traffic
on a wg(4) interface caused all packets to be captured. th
DLT_LOOP does have a link header, so tell pcap-filter so it can use it.
matthieu@ reported that asking tcpdump to look at ip or ip6 traffic
on a wg(4) interface caused all packets to be captured. this is
because pcap assumes that if your link type doesn't have a link
header then it is always ip or ip6 (which is weird anyway) and
captures everything.
there was already code to generate a filter for the DLT_LOOP link
header, it was just bypassed cos earlier code said that there wasn't
one.
debugged with and ok kn@
show more ...
|
| #
ff52dd4a |
| 09-Dec-2018 |
denis <denis@openbsd.org> |
add basic MPLS filtering support
OK claudio@ jca@
|
| #
4f6bb374 |
| 10-Nov-2018 |
denis <denis@openbsd.org> |
unbreak VLAN filtering
OK dlg@
|
| #
ac451769 |
| 09-Nov-2018 |
denis <denis@openbsd.org> |
fix a typo
OK jca@ (from a long time ago...)
|
| #
aa4ed2b9 |
| 03-Jun-2018 |
sthen <sthen@openbsd.org> |
Change some libpcap functions which use pointers as arguments and
returns to const pointers:
- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression ar
Change some libpcap functions which use pointers as arguments and
returns to const pointers:
- the prefix argument to pcap_perror();
- the return value of pcap_strerror();
- the filter expression argument to pcap_compile() and pcap_compile_nopcap();
- the BPF filter program argument to bpf_image().
Matches changes made earlier in tcpdump.org's version of libpcap.
From Guy Harris, ok tb@, been through a bulk ports build.
show more ...
|
| #
2524a2d3 |
| 06-Feb-2018 |
dlg <dlg@openbsd.org> |
recognise DLT_PPP_SERIAL.
shlib version doesnt need a bump before no new symbols were added
or removed.
part of a larger diff that was ok sthen@
|
| #
d00b8992 |
| 03-Feb-2018 |
mpi <mpi@openbsd.org> |
Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed
in wireshark.
ok deraadt@, dlg@
|
| #
8167ef46 |
| 20-Nov-2016 |
reyk <reyk@openbsd.org> |
Extend the DLT_OPENFLOW header to include the switch datapath id.
OK rzalamena@
|
| #
7a61d4b0 |
| 16-Nov-2016 |
reyk <reyk@openbsd.org> |
Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),
eg. tcpdump -y openflow -i switch0
Includes a minor bump for libpcap.
Feedback and OK rzalamena@
|
| #
526dd6c5 |
| 22-Dec-2015 |
mmcc <mmcc@openbsd.org> |
remove NULL-checks before free()
|
| #
d0438536 |
| 17-Nov-2015 |
mmcc <mmcc@openbsd.org> |
Remove register keyword.
ok deraadt@
|