remove prototypes with no matching function and externs with no var
partly checked by millert@

Adjust default_print() to not run over snapend.

Kill default_print_unaligned() and adjust default_print() to also work
with unaligned buffers. There is no need for two functions doing the
same thing

Adjust default_print() to not run over snapend.

Kill default_print_unaligned() and adjust default_print() to also work
with unaligned buffers. There is no need for two functions doing the
same thing.

Pass the right length in nsh_print to default_print(). Fixes on place
that makes tcpdump crash.
Reported by Peter J. Philipp (pjp at delphinusdns dot org)
OK mbuhl@

show more ...

add initial support for handling geneve packets.

it's like vxlan, but different. the most interesting difference to
vxlan is that the protocol adds support for adding optional metadata
to packets (l

add initial support for handling geneve packets.

it's like vxlan, but different. the most interesting difference to
vxlan is that the protocol adds support for adding optional metadata
to packets (like nsh). this diff currently just skips that stuff
and just handles the payload. for now.

show more ...

wire the wireguard packet printer into tcpdump.

from Matt Dunwoodie and Jason A. Donenfeld

add support for printing RfC 2332 NBMA Next Hop Resolution Protocol (NHRP)

ok dlg@

add support for printing RFC 8300 Network Service Header (NSH)

ok deraadt@

rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.

it looks like this code was using draft-ietf-dhc-dhcpv6-14 from
1999. there were 27 drafts, and by the time it got to draft 23 an

rewrite dhcpv6 parsing so it follows the rfc, not an incompat draft.

it looks like this code was using draft-ietf-dhc-dhcpv6-14 from
1999. there were 27 drafts, and by the time it got to draft 23 and
the rfc it was significantly different. this code for draft 14
cannot handle actual dhcpv6 messages. im kind of surprised
(disappointed?) that noone noticed before. i only noticed cos the
code was segfaulting on sparc64, and when i tried to fix it the
resulting messages looked nothing like what stock tcpdump produced.

the main difference between the early drafts and what ended up in
the rfc is that the base dhcpv6 messages in early drafts were large
structure with a lot of fixed fields, while the rfc settled on a 4
byte header that contains a 1 byte message type and a 3 byte
transaction id. the rest of the messages are built from dhcp options
fields.

this cuts all the old handling out, and fixes the fault in the
options handling by using EXTRACT_16BITS to get at the code and
length fields instead of using ntohs. dhcpv6 explicitly states that
it does not align options, so this is necessary to avoid faults on
strict alignment archs anyway. no options are pretty printed at the
moment, you just get a numeric type, a length, and a hexdump of the
value. this is still better than the garbage that the draft parsing
produced.

if someone is interested in making this easier to read, it would
be a straightforward and well contained project to better handle
option printing.

ok deraadt@

show more ...

support -T erspan so arbitrary gre protocols can be seen as erspan

this lets me configure a custom gre protocol on a dell s4810 or
s5048 and see what's inside it when it lands on an openbsd box.

ok

support -T erspan so arbitrary gre protocols can be seen as erspan

this lets me configure a custom gre protocol on a dell s4810 or
s5048 and see what's inside it when it lands on an openbsd box.

ok lteo@

show more ...

support printing cdp over gre and ppp

ok deraadt@ mpi@ sthen@

Remove #ifdef INET6

There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.

Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.

No object change on amd

Remove #ifdef INET6

There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.

Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.

No object change on amd64 and sparc64 with clang, gcc compiles differently
but behaviour stays the same.

OK denis deraadt

show more ...

add support for vxlan packets.

I personally think vxlan looks suspiciously like gre, so I put the
parser in print-gre.c

add "tftp" as a type to use with -T

This forces UDP packets to be parsed as tftp messages, which is useful
to see the DATA and ACK packets. They're usually on high ports which don't
get matched by u

add "tftp" as a type to use with -T

This forces UDP packets to be parsed as tftp messages, which is useful
to see the DATA and ACK packets. They're usually on high ports which don't
get matched by udp_print, which by default only handled tftp packets on
port 69.

show more ...

Add "mpls" as a type to use with -T

This allows arbitrary UDP packets to be parsed as MPLS.

Add "gre" as a type to use with -T

This allows arbitrary UDP packets to be parsed as GRE packets.

Rework UDP parsing, particularly around IP addresses.

This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I n

Rework UDP parsing, particularly around IP addresses.

This originally started as trying to put a consistent space between
the UDP header information and the payload parsing, but while doing
that I noticed inconsistent IPv4 vs IPv6 handling.

Apart from the default "srcip.srcport > dstip.dstpor" output, all
the other places that IP addresses were printed assumed IPv4. It
looks like it is possible that udp_print() can be called without
an IP header, which made these blind IPv4 prints turn into NULL
derefs.

This fixes the problem above by only having a single place that
prints the addresses out, and makes sure to get the difference
between IPv4, IPv6 and no IP correct.

This changes how the checksum is calculated. It incrementally builds
the UDP checksum by feeding the IPv4 and v6 addresses in separately,
then using common code for the rest of the pseudo header and actual
payload.

Lastly, this does make printing the space between the UDP header
and its payload consistent. The UDP code is now responsible for
adding a space after itself so the payload parsers don't have to.
They got it wrong in some cases anyway, so this should be a lot
more uniform.

help and ok sthen@

show more ...

move the ip checksumming code into in_cksum.c

this is part of a bigger change that refactors udp handling, but
works on hosts of both endians.

discussed at length with proctor@
ok sthen@

print etherip on ipv6.

rework ppp, pptp, and gre parsing.

this started cos i was looking at pptp, which came out like this:

23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap)
23:52:00.198930 call 1 seq 7 ack 7:

rework ppp, pptp, and gre parsing.

this started cos i was looking at pptp, which came out like this:

23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap)
23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)

now it looks like this:

23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request
23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply

the big improvement in ppp parsing is it stops parsing based on
what the ppp headers say, rather than what bytes have been captured.
this also adds parsing of EAP packets.

DLT_PPP_SERIAL is now recognised and printed. gre now prints the
outer addresses always, not just when it's encapsulated by ipv6 or
-v is passed to tcpdump.

ok sthen@

show more ...

Simple USBPcap parser for tcpdump(8). Raw dumps can be nicely analysed
in wireshark.

ok deraadt@, dlg@

Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),
eg. tcpdump -y openflow -i switch0

Includes a minor bump for libpcap.

Feedback and OK rzalamena@

Teach tcpdump(8) how to read OpenFlow packets. This initial implementation
supports the following message types: hello, error, echo request/reply,
feature request/reply, set config, packet-in, packet

Teach tcpdump(8) how to read OpenFlow packets. This initial implementation
supports the following message types: hello, error, echo request/reply,
feature request/reply, set config, packet-in, packet-out, flow removed and
flow mod.

We currently only support printing this messages for OpenFlow 1.3.5, however
it is possible to reuse some functions and get other versions working too.

ok deraadt@

show more ...

Teach tcpdump to recognize MPLS pseudowire with control words. Added
support to print encapsulated ethernet packets as well.

"Looks good" deraadt@

Remove more register keywords.

ok daniel@, discussed on hackers@

Upstream has retired the gnuc.h header, so do so as well, killing a gcc 2.x
reference.

ok sthen@ jca@ deraadt@

Make ip6_print() take an unsigned length matching
ip_print() and others.

Allows code deciding on a minimum length to memmove()
to work as intended, preventing various crashes found
with the afl fuzz

Make ip6_print() take an unsigned length matching
ip_print() and others.

Allows code deciding on a minimum length to memmove()
to work as intended, preventing various crashes found
with the afl fuzzer. Callers of ip6_print() should of
course be fixed to provide sane lengths as well.

ok deraadt@ djm@

show more ...