1
0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 16:42:56 -08:00
Commit Graph

53 Commits

Author SHA1 Message Date
procter
f96bb33f47 - (void)printf() -> printf(); the cast adds clutter for little value.
- fprintf(stdout, ...) -> printf()
- fputs(x, stdout) -> printf(); for consistency.
fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf
tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump
to /dev/null across a 20MB/~170k packet pcap file.

ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest
2020-01-24 22:46:36 +00:00
dlg
1e14b8a65f print the IPs on ESP packets.
this was lost when tcpdump learnt to look inside udpencap.

found by, and ok markus@
2019-09-19 23:23:58 +00:00
kn
e654d8cdd2 Remove #ifdef INET6
There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.

Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.

No object change on amd64 and sparc64 with clang, gcc compiles differently
but behaviour stays the same.

OK denis deraadt
2018-10-22 16:12:45 +00:00
dlg
dd17d5ca93 move the ip checksumming code into in_cksum.c
this is part of a bigger change that refactors udp handling, but
works on hosts of both endians.

discussed at length with proctor@
ok sthen@
2018-07-06 04:49:21 +00:00
dlg
c97d4a2508 print etherip on ipv6. 2018-02-10 10:00:32 +00:00
dlg
c834ed8830 rework ppp, pptp, and gre parsing.
this started cos i was looking at pptp, which came out like this:

23:52:00.197893  call 24 seq 7: gre-ppp-payload (gre encap)
23:52:00.198930  call 1 seq 7 ack 7: gre-ppp-payload (gre encap)

now it looks like this:

23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request
23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply

the big improvement in ppp parsing is it stops parsing based on
what the ppp headers say, rather than what bytes have been captured.
this also adds parsing of EAP packets.

DLT_PPP_SERIAL is now recognised and printed. gre now prints the
outer addresses always, not just when it's encapsulated by ipv6 or
-v is passed to tcpdump.

ok sthen@
2018-02-06 03:07:51 +00:00
jsg
0854b16d3b If a length from an ip packet encapsulated in gre or etherip would cause
the position to go past snapend truncate.  Found with afl.
2016-10-30 04:10:21 +00:00
jsg
a8a9bd5624 Replace a snapend test in ip_print() with a call to TCHECK2 as there
is already a trunc label with the same printf in the function.
2016-10-30 04:03:29 +00:00
mmcc
6ad041cbfa Remove remaining instances of the register keyword.
ok deraadt@
2015-11-16 00:16:39 +00:00
deraadt
323ce4b6a2 since stdlib.h is in scope, don't cast.... you know the drill.
no sneakiness detected by krw
2015-08-21 02:07:32 +00:00
deraadt
b9fc9a728f Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible.  Annotate <sys/param.h> lines with their current reasons.  Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc.  Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution.  These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
2015-01-16 06:39:28 +00:00
mikeb
1d0e91d0c3 Catch up with the BPF_ALIGNMENT switch to the uint32_t.
bpf aligns data following the datalink header (e.g. ethernet)
on the BPF_ALIGNMENT boundary.  Since rev1.41 of bpf.h it's
uint32_t instead of a long.  And also since then almost all
packets become "unaligned" from the tcpdump perspective and
require costly copies into the internal buffer.  Neither IP
header (struct ip) nor IPv6 (struct ip6_hdr) have fields
larger than 32 bits and therefore alignment requirements for
them are at most 32 bit.

ok millert, jsg, deraadt
2014-12-09 17:03:19 +00:00
mikeb
471f5c51b9 Restore packetp and snapend pointers once we're done with an incorrectly
aligned IP/IPv6 packet so that tcpdump can print hexdump of the whole
packet including the Ethernet header (if requested) and not only the
IP/IPv6 part of it.

ok jsg
2014-12-03 13:22:18 +00:00
mikeb
6a5be1f3cd Fixup a crash found by jsg using the AFL fuzzer. IP and IPv6 printing
routines should check that there's at least a complete IP/IPv6 header
available in the buffer before trying to do anything else.

ok jsg
2014-12-03 13:19:03 +00:00
mpi
c8768c6415 No use for <netinet/in_systm.h> nor <netinet/tcpip.h>. 2014-08-14 12:44:44 +00:00
lteo
127a37bf87 Instead of showing the difference between a bad checksum and a good
checksum, make tcpdump (with the -v flag) show the actual bad checksum
within the IP/protocol header itself and what the good checksum should
be, e.g. "[bad tcp cksum abcd! -> d1e6]"

This change applies to IP, TCP (over IPv4 and IPv6), UDP (over IPv4 and
IPv6), ICMP, and ICMPv6.  This commit also fixes several inconsistencies
in the way bad checksums were displayed for these protocols.

Tested on amd64, i386, and macppc.

ok henning@
2014-06-20 04:04:52 +00:00
lteo
b2b5e59be1 Make icmp_print() accept the length variable, which is the length of the
packet without the IP header.  This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.

Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.

This commit makes no functional change to tcpdump itself.

OK florian@
2014-01-11 04:35:52 +00:00
naddy
29b017f610 Add TCP/UDP checksum display for v6 and clean up the checksum
calculation.  Mostly from tcpdump.org; ok jsing@
2010-01-12 06:10:33 +00:00
deraadt
043fbe51c1 rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable).  these days, people use source.  these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms
2009-10-27 23:59:19 +00:00
deraadt
2068f6866b trash $Header goo which is just annoying; 5595 2007-10-07 16:41:05 +00:00
canacar
620a734dd6 When aligning buffers correctly handle the case where the
buffers overlap, which happens on 64 bit archs, when
handling encapsulated packets. Reported and tested by Jurjen Oskam
additional testing by Stuart Henderson and todd@, ok henning@
2007-06-27 18:15:25 +00:00
moritz
e3fcc7855d Pass the captured packet length in addition to the real packet length
to etherip_print() and do all the bounds checking with it. Also add
bounds checks to ether_print(). This fixes even more crashes.

ok canacar@
2006-06-01 17:18:38 +00:00
moritz
99c45ee38c No need for return; at end of functions returning void. 2006-05-29 20:41:41 +00:00
moritz
39a2eeee7b Be more careful to not touch memory outside the
captured packet. Fixes some more crashes.

ok canacar@ deraadt@
2006-05-29 20:30:11 +00:00
canacar
6736499f35 Check IP version when decoding v4 and v6 packets.
From Jason Wright via PR-4531.
2005-10-08 19:24:03 +00:00
markus
1735f53c98 print ip_len for -v; ok otto, hshoexer, henning 2004-10-15 11:10:29 +00:00
markus
ffa7c7e6f1 print checksum differences on -vv; ok otto@ 2004-08-10 19:55:35 +00:00
mcbride
d934cd823d Pass the length of what was captured to pfsync_print, not the length
of the original packet.

ok beck@
2004-05-08 01:01:35 +00:00
mcbride
05c07c4656 Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp.
ok markus@ pb@
2004-04-28 02:17:03 +00:00
otto
65161bc568 Some more non-alignment problems resolved.
ok deraadt@
2004-02-04 08:35:12 +00:00
otto
e4c9ae7d97 Do away with non-aligned memory accesses.
ok deraadt@ hshoexer@
2004-02-02 09:43:27 +00:00
mcbride
a08d7de22e Clean up pfsync output: print source address by default, pass -vv correctly
to pf_print_state(), and other minor cleanup.
2004-01-21 06:15:18 +00:00
mcbride
f580e9d770 Change pfsync IP protocol and multicast group numbers.
IPPROTO_PFSYNC -> 240
INADDR_PFSYNC_GROUP -> 224.0.0.240

ok deraadt@
2003-12-17 21:36:17 +00:00
mcbride
2a409ae32e Add initial support for pf state synchronization over the network.
Implemented as an in-kernel multicast IP protocol.

Turn it on like this:

# ifconfig pfsync0 up syncif fxp0

There is not yet any authentication on this protocol, so the syncif
must be on a trusted network. ie, a crossover cable between the two
firewalls.

NOTABLE CHANGES:
- A new index based on a unique (creatorid, stateid) tuple has been
  added to the state tree.
- Updates now appear on the pfsync(4) interface; multiple updates may
  be compressed into a single update.
- Applications which use bpf on pfsync(4) will need modification;
  packets on pfsync no longer contains regular pf_state structs,
  but pfsync_state structs which contain no pointers.

Much more to come.

ok deraadt@
2003-12-15 07:11:29 +00:00
jason
517bee15a2 add printing of ipcomp, and while in the neighborhood, make ah/esp actually
check the length of the data
2003-02-20 23:39:20 +00:00
cedric
ad65a17380 Show DF on IP fragments
ok henric@
2003-02-11 12:21:32 +00:00
jakob
a6751ae82a remove egp support; unresolved non-bsd license for a decoder of protocol that
noone uses anymore is not worth the amount of work needed to be resolved.
2002-09-18 08:51:17 +00:00
deraadt
cbc824f5f1 If the IP header length is zero, the packet will loop in ip_print().
Taken from tcpdump 3.7.1; mbing@nfr.net; ho ok
2002-04-10 10:22:59 +00:00
niklas
c52c206115 There has been confusion wrt IP protocols 4, 94 and 98. Make us
consistent, and make IPSEC tunnelmode tcpdumping work as expected.
2001-02-15 16:16:48 +00:00
jason
284e04e3b2 etherip printing code... handles draft (v2) and current (v3) 2001-02-05 15:18:46 +00:00
mickey
9151d3fc3b when printing vrrp and verbose set -- print src/dst ip addrs 2000-12-22 19:08:00 +00:00
mickey
f366d6b49b add vrrp printing; from tcpdump.org 2000-12-07 21:52:38 +00:00
ho
cf4e9b474f Add $OpenBSD$. (jakob@ ok) 2000-10-03 14:31:54 +00:00
jakob
edd7aa8f67 INET6
DHCP/BOOTP
tcp & udp checksum detection
numerous bugfixes
2000-04-26 21:35:36 +00:00
jakob
42416b7cd8 Mobile IP support (from KAME/NetBSD) 2000-01-16 11:20:14 +00:00
deraadt
6778dda146 big endian fixes; ryker, jd@noc7.uchsc.edu 1999-10-06 01:46:40 +00:00
brad
5205045a72 bring more inline with tcpdump 3.4 1999-09-16 20:58:44 +00:00
jakob
da08816c9c - Merge some changes from tcpdump 3.4
-a flag; attempt to convert network and broadcast addresses to names
   Improved signal handling
   Miscellaneous fixes and typos
   OSPF MD5 authentication support

-  -X flag; emacs-hexl print (including ascii)

-  Add ECN bits to TCP and IP headers

-  IKE & IPsec (ESP & AH) support

OK deraadt@
1999-07-28 20:41:34 +00:00
bitblt
dc70913641 *** empty log message *** 1996-12-12 16:22:20 +00:00
mickey
c15d59eda0 it is 3.2 now. 1996-07-13 11:01:05 +00:00