- fprintf(stdout, ...) -> printf()
- fputs(x, stdout) -> printf(); for consistency.
fputs is twice as fast on atom x5-Z8300@1.44GHz but Amdahl sees a pure printf
tcpdump only 2% slower than a pure fputs (for constant strings) tcpdump
to /dev/null across a 20MB/~170k packet pcap file.
ok dlg@ for fputs and ok tedu@ krw@ deraadt@ a2k19 for the rest
There's not reason to build without IPv6 support, `-U INET6' builds were
broken anyway.
Fix an empty redefine for IPPROTO_IPV6 in print-ip.c while here.
No object change on amd64 and sparc64 with clang, gcc compiles differently
but behaviour stays the same.
OK denis deraadt
this started cos i was looking at pptp, which came out like this:
23:52:00.197893 call 24 seq 7: gre-ppp-payload (gre encap)
23:52:00.198930 call 1 seq 7 ack 7: gre-ppp-payload (gre encap)
now it looks like this:
23:52:00.197893 20.0.0.2 > 20.0.0.1: pptp callid 24 seq 7: 17.1.1.122 > 40.0.0.2: icmp: echo request
23:52:00.198930 20.0.0.1 > 20.0.0.2: pptp callid 1 seq 7 ack 7: 40.0.0.2 > 17.1.1.122: icmp: echo reply
the big improvement in ppp parsing is it stops parsing based on
what the ppp headers say, rather than what bytes have been captured.
this also adds parsing of EAP packets.
DLT_PPP_SERIAL is now recognised and printed. gre now prints the
outer addresses always, not just when it's encapsulated by ipv6 or
-v is passed to tcpdump.
ok sthen@
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)
bpf aligns data following the datalink header (e.g. ethernet)
on the BPF_ALIGNMENT boundary. Since rev1.41 of bpf.h it's
uint32_t instead of a long. And also since then almost all
packets become "unaligned" from the tcpdump perspective and
require costly copies into the internal buffer. Neither IP
header (struct ip) nor IPv6 (struct ip6_hdr) have fields
larger than 32 bits and therefore alignment requirements for
them are at most 32 bit.
ok millert, jsg, deraadt
aligned IP/IPv6 packet so that tcpdump can print hexdump of the whole
packet including the Ethernet header (if requested) and not only the
IP/IPv6 part of it.
ok jsg
checksum, make tcpdump (with the -v flag) show the actual bad checksum
within the IP/protocol header itself and what the good checksum should
be, e.g. "[bad tcp cksum abcd! -> d1e6]"
This change applies to IP, TCP (over IPv4 and IPv6), UDP (over IPv4 and
IPv6), ICMP, and ICMPv6. This commit also fixes several inconsistencies
in the way bad checksums were displayed for these protocols.
Tested on amd64, i386, and macppc.
ok henning@
packet without the IP header. This is needed by the next commit that
will allow tcpdump to detect bad ICMP checksums.
Related functions like {tcp,udp,icmp6}_print() already accept this
length variable, so this change makes icmp_print() consistent with
them as well.
This commit makes no functional change to tcpdump itself.
OK florian@
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms
buffers overlap, which happens on 64 bit archs, when
handling encapsulated packets. Reported and tested by Jurjen Oskam
additional testing by Stuart Henderson and todd@, ok henning@
Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif
must be on a trusted network. ie, a crossover cable between the two
firewalls.
NOTABLE CHANGES:
- A new index based on a unique (creatorid, stateid) tuple has been
added to the state tree.
- Updates now appear on the pfsync(4) interface; multiple updates may
be compressed into a single update.
- Applications which use bpf on pfsync(4) will need modification;
packets on pfsync no longer contains regular pf_state structs,
but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
-a flag; attempt to convert network and broadcast addresses to names
Improved signal handling
Miscellaneous fixes and typos
OSPF MD5 authentication support
- -X flag; emacs-hexl print (including ascii)
- Add ECN bits to TCP and IP headers
- IKE & IPsec (ESP & AH) support
OK deraadt@