Commit Graph

75 Commits

Author SHA1 Message Date
thorpej e9c2ed11fe Add names for some ICMP and TCP protocol header offsets:
- icmptype (offset of ICMP type field)
	- icmpcode (offset of ICMP code field)
	- tcpflags (offset of TCP flags field)
and field values:
	- icmp-echoreply, icmp-unreach, icmp-sourcequench,
	  icmp-redirect, icmp-echo, icmp-routeradvert,
	  icmp-routersolicit, icmp-timxceed, icmp-paramprob,
	  icmp-tstamp, icmp-tstampreply, icmp-ireq, icmp-ireqreply,
	  icmp-maskreq, icmp-maskreply
	- tcp-fin, tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg

This allows expressions like the following:

	icmp[0] = 3
	(tcp[13] & 0x02) != 0

to be written as:

	icmp[icmptype] = icmp-unreach
	(tcp[tcpflags] & tcp-syn) != 0

which is a bit more user-friendly for e.g. writing packet filter rules.
2000-12-28 22:12:07 +00:00
thorpej f3b5a7d293 Add support for the DLT_RAWAF() data link type. 2000-12-28 22:04:22 +00:00
itojun 4f72111370 re-introduce netbsd fix 1.5 -> 1.6, which was mistakenly removed.
pointed by Gui Harris.

---
Fix a hairy optimizer bug that causes the expression:
'ip and ((icmp and dst host 1.1.1.1 and not host 2.2.2.2) or (host 1.1.1.1 and src host 3.3.3.3))'
to compile incorrectly.  Details about to be mailed to LBL.
2000-11-19 13:18:03 +00:00
is e999d8013c Format string cleanups by sommerfeld. 2000-10-10 19:12:48 +00:00
itojun ffc3a749e5 we already have all fixes toward 0.4 (v0.4 Sat Jul 25 12:40:09 PDT 1998 -
note that there are MULTIPLE 0.4), so update version identification.
2000-10-08 14:28:05 +00:00
thorpej 761a000d3c Add pcap_compile_nopcap() from the most recent libpcap release
from tcpdump.org, although with a slightly different signature.
The tcpdump.org version has no way to report an error string back
to the caller.  This version takes an additional "errbuf" argument
(similar to pcap_open_*()).
2000-10-06 16:39:24 +00:00
matt 312f91fa50 Add a trailing newline 2000-06-30 06:34:46 +00:00
is 4d9fa509f7 Change ARCnet link type address format from ':XX' to '$XX'.
Fixes PR 9885 by Jun-ichiro itojun Hagino.
2000-05-04 13:08:25 +00:00
itojun 3237209fe3 more fallback #define. more friendly message on "ip host ip6only-host"
or "ip6 host ip4only-host". (sync with tcpdump.org)
2000-04-14 14:26:35 +00:00
itojun c43e0a1d53 explicitly parse IPv6 address, to avoid conflict with "ip[2:2]" syntax. 2000-04-14 14:25:40 +00:00
itojun b7a973c8c1 comment fix (less diff with tcpdump.org) 2000-04-14 14:18:40 +00:00
itojun 01d2c4aaac avoid malloc(0). from kame changes, sync with tcpdump.org. 2000-04-14 14:17:13 +00:00
itojun cf9ebfbd63 use getifaddrs, instead of SIOCGIFCONF.
sync with more-recent LBL 0.4, about loopback interface detection
(/^lo[0-9]?$/).

CAVEAT: with GENERIC kernel on laptops laptops, pcap_lookupdev would almost
always pick eon0 as the interface, and fails because eon0 has no bpf
attachment.  we may want to change pcap_lookup{,dev} to check if the
interface has bpf attachment or not.

almost in sync with tcpdump.org source code tree.
2000-04-13 05:14:19 +00:00
itojun b5a6411fbe sprintf -> snprintf 2000-04-13 05:10:17 +00:00
itojun 9281a845a8 fix bug in pcap.c, which appeared in LBL libpcap version 0.4 of the following
date (NOTE: there are multiple version 0.4 with different datestamp!)
	v0.4 Sat Jul 25 12:40:09 PDT 1998

libpcap CHANGES reads:
- Fixed bug in pcap_dispatch() that kept it from returning on packet
  timeouts.

(this fixes nmap hangup if we use /usr/lib/libpcap.a with nmap)
2000-04-12 14:40:33 +00:00
itojun 94e731e9d2 fix "ip host foo" or "ip6 host foo" where foo has
both A and AAAA.  fix from Bill Fenner, FreeBSD PR: 17083.
2000-03-01 03:47:48 +00:00
itojun 7a9fea2792 improve message when IPv4 address is not assigned to interface
(and netmask-related directives can misbehave).

the change is in kame and tcpdump.org repository as well.
2000-01-13 17:14:56 +00:00
itojun 60860abcb8 be more pedant. remove unused vars and such.
don't use s6_addr{8,16,32} directly, they are not in standard.
hide not-supposed-to-be-visible functions as static.

increase shlib minor.
1999-12-13 01:44:30 +00:00
itojun d92ae4181c restrict result from getaddrinfo() by specifying ai_socktype.
(otherwise getaddrinfo() will glob through all the possible ai_socktype
and ai_protocol)
1999-11-28 14:51:04 +00:00
is 57a250cc8c Add code to do link level address matching for ARCnet interfaces.
ARCnet link level addresses are encoded as :HH (``:'' followed by a
byte encoded in hexadecimal notation).
1999-10-25 16:39:37 +00:00
is 339b6a0303 Limited support for matching on ARCnet payload:
- oldstyle and PHDS IPv4+ARP; RARP, IPv6, Appletalk are matched now.
- in case this is an unfragmented or first-fragment IPv4, IPv6, ARP, RARP or
  Appletalk packet, matching inside the payload is possible to the extent
  already supported by tcpdump/libpcap. For 2nd and next fragments, this
  won't work; it also won't work for oldstyle (RFC1051) IPv4 and ARP.
1999-10-18 19:44:12 +00:00
is a7c7586cf6 First part of ARCnet support.
Matching for anything won't work (as we need to teach the stuff about
variable length link level headers), but printing is fine.
1999-10-05 20:37:21 +00:00
itojun 2c1cc70ed3 add several ETHERTYPE_IPV6 case.
add DLT_PPP_SERIAL case into link type recognition,
hoping this to fix ppp packet recognition problem.
1999-07-25 05:52:16 +00:00
itojun 3ebb62ecc7 support for PPP_IPV6. 1999-07-25 00:15:22 +00:00
mjacob c0e65db53f quiesce the alpha compiler 1999-07-05 20:04:50 +00:00
mjacob 4a7b34ded4 add missing include for memset prototype 1999-07-05 20:01:09 +00:00
itojun 67b57a858e upgrade shlib major version for src/lib/libpcap (0.1 -> 1.0).
document KAME IPv6/IPsec import into INSTALL.txt (installation notes).
1999-07-02 18:53:26 +00:00
simonb 3f777e28cc More trailing white space. 1999-07-02 15:58:35 +00:00
itojun 0be14eaf65 (shlib monor)++ for libpcap. 1999-07-02 14:50:25 +00:00
itojun c6f88a42f4 support IPv6 address and IPv6 protocols.
"tcp" will match both IPv4 TCP and IPv6 TCP.
"ip6" will match IPv6.
you can chase header chain by using "protochain" instead of "proto"
(but bpf code is not optimizable in this case)

commit to tcpdump will follow.

I've sent this fix to LBL guys to get no response.  I wonder why it was.
1999-07-02 10:05:22 +00:00
thorpej b62918959e The only two data link types that support the "inbound" and "outbound"
qualifiers are DLT_SLIP and DLT_PPP (i.e. old-style serial encap PPP).
If an attempt to use these qualifiers is used for any other link type,
cause a BPF program compilation error.
1999-05-15 17:39:07 +00:00
thorpej ceb79b2488 Math is hard. 1999-05-11 06:36:26 +00:00
thorpej 4e571c43d4 Handle the new NetBSD PPP data link types. 1999-05-11 02:20:56 +00:00
ross 417af5fb91 Tweak to allow (perfectly legal) single-character host names, or,
in RFC-speak, `subdomain labels'. Reported to libpcap@ee.lbl.gov.
1999-03-22 09:15:10 +00:00
abs edc1a24a56 Add a note to update src/distrib/sets/lists/base/shl.*, and add a missing
RCS Id.
1999-02-25 08:02:19 +00:00
lukem 85b6237327 convert to using LPREFIX and YPREFIX 1998-11-01 03:48:35 +00:00
matt ca5d93c91e Switch to the same padding ULTRIX and Digital UNIX use. 1998-09-19 21:44:37 +00:00
matt 44530d0f1f Don't pad fddi on NetBSD 1998-09-18 16:43:36 +00:00
mycroft be432ed479 const poisoning. 1998-07-26 14:49:36 +00:00
explorer cac9ccdfa9 make DLT_HDLC interfaces work 1998-07-26 07:23:53 +00:00
kleink add2e5783d Fix pasto; from matt debergalis <deberg@mit.edu> in PR lib/5649. 1998-06-24 19:07:00 +00:00
tv 482063559a .y.c <sys.mk> rule fixes. Don't create a y.tab.h file unless asked for,
and use smarter creation of the header file.
1998-04-09 00:32:31 +00:00
perry 93db5caa95 RCSID Police. 1998-01-05 07:41:06 +00:00
cgd 7ff54a795e lint 1997-11-05 21:37:27 +00:00
thorpej 4942b96bf8 Don't provide a prototype for ether_hostton() if __NetBSD__. 1997-11-05 04:28:29 +00:00
lukem 4d327fc09d use CPPFLAGS instead of CFLAGS 1997-10-23 02:53:50 +00:00
mikel ea36cfbd5a xref tcpdump(8) not nonexistent tcpdump(8); remove tcpslice(1) xrefs 1997-10-18 06:57:59 +00:00
lukem 4971f40228 add dependancies so that "make depend" isn't required, remove WARNS from here 1997-10-09 12:43:57 +00:00
christos 1611699624 Add support for version.c; this is needed by other programs. 1997-10-03 16:40:56 +00:00
christos 0bdf738f9f Make life easier for the next import... 1997-10-03 16:01:32 +00:00