From: taesub kim Date: Fri, 25 May 2018 09:41:28 +0000 (+0900) Subject: Imported Upstream version 4.9.2 X-Git-Tag: upstream/4.9.2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Ftags%2Fupstream%2F4.9.2;p=platform%2Fupstream%2Ftcpdump.git Imported Upstream version 4.9.2 Change-Id: I490892f19c71ba126fa4e1d3d78e730429a3b454 --- diff --git a/CHANGES b/CHANGES index 0031431..09acbb2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,438 @@ -Friday April 3, 2011. mcr@sandelman.ca. +Sunday September 3, 2017 denis@ovsienko.info + Summary for 4.9.2 tcpdump release + Do not use getprotobynumber() for protocol name resolution. Do not do + any protocol name resolution if -n is specified. + Improve errors detection in the test scripts. + Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. + Clean up IS-IS printing. + Fix buffer overflow vulnerabilities: + CVE-2017-11543 (SLIP) + CVE-2017-13011 (bittok2str_internal) + Fix infinite loop vulnerabilities: + CVE-2017-12989 (RESP) + CVE-2017-12990 (ISAKMP) + CVE-2017-12995 (DNS) + CVE-2017-12997 (LLDP) + Fix buffer over-read vulnerabilities: + CVE-2017-11541 (safeputs) + CVE-2017-11542 (PIMv1) + CVE-2017-12893 (SMB/CIFS) + CVE-2017-12894 (lookup_bytestring) + CVE-2017-12895 (ICMP) + CVE-2017-12896 (ISAKMP) + CVE-2017-12897 (ISO CLNS) + CVE-2017-12898 (NFS) + CVE-2017-12899 (DECnet) + CVE-2017-12900 (tok2strbuf) + CVE-2017-12901 (EIGRP) + CVE-2017-12902 (Zephyr) + CVE-2017-12985 (IPv6) + CVE-2017-12986 (IPv6 routing headers) + CVE-2017-12987 (IEEE 802.11) + CVE-2017-12988 (telnet) + CVE-2017-12991 (BGP) + CVE-2017-12992 (RIPng) + CVE-2017-12993 (Juniper) + CVE-2017-11542 (PIMv1) + CVE-2017-11541 (safeputs) + CVE-2017-12994 (BGP) + CVE-2017-12996 (PIMv2) + CVE-2017-12998 (ISO IS-IS) + CVE-2017-12999 (ISO IS-IS) + CVE-2017-13000 (IEEE 802.15.4) + CVE-2017-13001 (NFS) + CVE-2017-13002 (AODV) + CVE-2017-13003 (LMP) + CVE-2017-13004 (Juniper) + CVE-2017-13005 (NFS) + CVE-2017-13006 (L2TP) + CVE-2017-13007 (Apple PKTAP) + CVE-2017-13008 (IEEE 802.11) + CVE-2017-13009 (IPv6 mobility) + CVE-2017-13010 (BEEP) + CVE-2017-13012 (ICMP) + CVE-2017-13013 (ARP) + CVE-2017-13014 (White Board) + CVE-2017-13015 (EAP) + CVE-2017-11543 (SLIP) + CVE-2017-13016 (ISO ES-IS) + CVE-2017-13017 (DHCPv6) + CVE-2017-13018 (PGM) + CVE-2017-13019 (PGM) + CVE-2017-13020 (VTP) + CVE-2017-13021 (ICMPv6) + CVE-2017-13022 (IP) + CVE-2017-13023 (IPv6 mobility) + CVE-2017-13024 (IPv6 mobility) + CVE-2017-13025 (IPv6 mobility) + CVE-2017-13026 (ISO IS-IS) + CVE-2017-13027 (LLDP) + CVE-2017-13028 (BOOTP) + CVE-2017-13029 (PPP) + CVE-2017-13030 (PIM) + CVE-2017-13031 (IPv6 fragmentation header) + CVE-2017-13032 (RADIUS) + CVE-2017-13033 (VTP) + CVE-2017-13034 (PGM) + CVE-2017-13035 (ISO IS-IS) + CVE-2017-13036 (OSPFv3) + CVE-2017-13037 (IP) + CVE-2017-13038 (PPP) + CVE-2017-13039 (ISAKMP) + CVE-2017-13040 (MPTCP) + CVE-2017-13041 (ICMPv6) + CVE-2017-13042 (HNCP) + CVE-2017-13043 (BGP) + CVE-2017-13044 (HNCP) + CVE-2017-13045 (VQP) + CVE-2017-13046 (BGP) + CVE-2017-13047 (ISO ES-IS) + CVE-2017-13048 (RSVP) + CVE-2017-13049 (Rx) + CVE-2017-13050 (RPKI-Router) + CVE-2017-13051 (RSVP) + CVE-2017-13052 (CFM) + CVE-2017-13053 (BGP) + CVE-2017-13054 (LLDP) + CVE-2017-13055 (ISO IS-IS) + CVE-2017-13687 (Cisco HDLC) + CVE-2017-13688 (OLSR) + CVE-2017-13689 (IKEv1) + CVE-2017-13690 (IKEv2) + CVE-2017-13725 (IPv6 routing headers) + +Sunday July 23, 2017 denis@ovsienko.info + Summary for 4.9.1 tcpdump release + CVE-2017-11108/Fix bounds checking for STP. + Make assorted documentation updates and fix a few typos in tcpdump output. + Fixup -C for file size >2GB (GH #488). + Show AddressSanitizer presence in version output. + Fix a bug in test scripts (exposed in GH #613). + On FreeBSD adjust Capsicum capabilities for netmap. + On Linux fix a use-after-free when the requested interface does not exist. + +Wednesday January 18, 2017 devel.fx.lebail@orange.fr + Summary for 4.9.0 tcpdump release + General updates: + Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others + (More information in the log with CVE-2016-* and CVE-2017-*) + Change the way protocols print link-layer addresses (Fix heap overflows + in CALM-FAST and GeoNetworking printers) + Pass correct caplen value to ether_print() and some other functions + Fix lookup_nsap() to match what isonsap_string() expects + Clean up relative time stamp printing (Fix an array overflow) + Fix some alignment issues with GCC on Solaris 10 SPARC + Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks + Add a fn_printztn() which returns the number of bytes processed + Add nd_init() and nd_cleanup() functions. Improve libsmi support + Add CONTRIBUTING file + Add a summary comment in all printers + Compile with more warning options in devel mode if supported (-Wcast-qual, ...) + Fix some leaks found by Valgrind/Memcheck + Fix a bunch of de-constifications + Squelch some Coverity warnings and some compiler warnings + Update Coverity and Travis-CI setup + Update Visual Studio files + + Frontend: + Fix capsicum support to work with zerocopy buffers in bpf + Try opening interfaces by name first, then by name-as-index + Work around pcap_create() failures fetching time stamp type lists + Fix a segmentation fault with 'tcpdump -J' + Improve addrtostr6() bounds checking + Add exit_tcpdump() function + Don't drop CAP_SYS_CHROOT before chrooting + Fixes issue where statistics not reported when -G and -W options used + + Updated printers: + 802.11: Beginnings of 11ac radiotap support + 802.11: Check the Protected bit for management frames + 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow) + 802.11: Fix the radiotap printer to handle the special bits correctly + 802.11: If we have the MCS field, it's 11n + 802.11: Only print unknown frame type or subtype messages once + 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly + 802.11: Source and destination addresses were backwards + AH: Add a bounds check + AH: Report to our caller that dissection failed if a bounds check fails + AP1394: Print src > dst, not dst > src + ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow) + ATALK: Add bounds and length checks (Fix heap overflows) + ATM: Add some bounds checks (Fix a heap overflow) + ATM: Fix an incorrect bounds check + BFD: Update specification from draft to RFC 5880 + BFD: Update to print optional authentication field + BGP: Add support for the AIGP attribute (RFC7311) + BGP: Print LARGE_COMMUNITY Path Attribute + BGP: Update BGP numbers from IANA; Print minor values for FSM notification + BOOTP: Add a bounds check + Babel: Add decoder for source-specific extension + CDP: Filter out non-printable characters + CFM: Fixes to match the IEEE standard, additional bounds and length checks + CSLIP: Add more bounds checks (Fix a heap overflow) + ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow) + DHCP: Fix MUDURL and TZ options + DHCPv6: Process MUDURL and TZ options + DHCPv6: Update Status Codes with RFCs/IANA names + DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case + DTP: Improve packet integrity checks + EGP: Fix bounds checks + ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later + Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow) + Ethernet: Print the Length/Type field as length when needed + FDDI: Fix -e output for FDDI + FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows) + GRE: Add some bounds checks (Fix heap overflows) + Geneve: Fix error message with invalid option length; Update list option classes + HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes + ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS() + IGMP: Add a length check + IP: Add a bounds check (Fix a heap overflow) + IP: Check before fetching the protocol version (Fix a heap overflow) + IP: Don't try to dissect if IP version != 4 (Fix a heap overflow) + IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP + IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow) + IPoFC: Fix -e output (IP-over-Fibre Channel) + IPv6: Don't overwrite the destination IPv6 address for routing headers + IPv6: Fix header printing + IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP + ISAKMP: Clean up parsing of IKEv2 Security Associations + ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases + ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature + ISOCLNS/IS-IS: Filter out non-printable characters + ISOCLNS/IS-IS: Fix segmentation faults + ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing + ISOCLNS: Add some bounds checks + Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow) + LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header + LLC: Add a bounds check (Fix a heap overflow) + LLC: Clean up printing of LLC packets + LLC: Fix the printing of RFC 948-style IP packets + LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols + LLDP: Implement IANA OUI and LLDP MUD option + MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks + MPLS: "length" is now the *remaining* packet length + MPLS: Add bounds and length checks (Fix a heap overflow) + NFS: Don't assume the ONC RPC header is nicely aligned + NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault) + NFS: Don't run past the end of an NFSv3 file handle + OLSR: Add a test to cover a HNA sgw case + OLSR: Fix 'Advertised networks' count + OLSR: Fix printing of smart-gateway HNAs in IPv4 + OSPF: Add a bounds check for the Hello packet options + OSPF: Do more bounds checking + OSPF: Fix a segmentation fault + OSPF: Fix printing 'ospf_topology_values' default + OTV: Add missing bounds checks + PGM: Print the formatted IP address, not the raw binary address, as a string + PIM: Add some bounds checking (Fix a heap overflow) + PIMv2: Fix checksumming of Register messages + PPP: Add some bounds checks (Fix a heap overflow) + PPP: Report invalid PAP AACK/ANAK packets + Q.933: Add a missing bounds check + RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute + RADIUS: Filter out non-printable characters + RADIUS: Translate UDP/1700 as RADIUS + RESP: Do better checking of RESP packets + RPKI-RTR: Add a return value check for "fn_printn" call + RPKI-RTR: Remove printing when truncated condition already detected + RPL: Fix 'Consistency Check' control code + RPL: Fix suboption print + RSVP: An INTEGRITY object in a submessage covers only the submessage + RSVP: Fix an infinite loop; Add bounds and length checks + RSVP: Fix some if statements missing brackets + RSVP: Have signature_verify() do the copying and clearing + RTCP: Add some bounds checks + RTP: Add some bounds checks, fix two segmentation faults + SCTP: Do more bounds checking + SFLOW: Fix bounds checking + SLOW: Fix bugs, add checks + SMB: Before fetching the flags2 field, make sure we have it + SMB: Do bounds checks on NBNS resource types and resource data lengths + SNMP: Clean up the "have libsmi but no modules loaded" case + SNMP: Clean up the object abbreviation list and fix the code to match them + SNMP: Do bounds checks when printing character and octet strings + SNMP: Improve ASN.1 bounds checks + SNMP: More bounds and length checks + STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows) + STP: Filter out non-printable characters + TCP: Add bounds and length checks for packets with TCP option 20 + TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP + TCP: Fix two bounds checks (Fix heap overflows) + TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow) + TCP: Put TCP-AO option decoding right + TFTP: Don't use strchr() to scan packet data (Fix a heap overflow) + Telnet: Add some bounds checks + TokenRing: Fix -e output + UDLD: Fix an infinite loop + UDP: Add a bounds check (Fix a heap overflow) + UDP: Check against the packet length first + VAT: Add some bounds checks + VTP: Add a test on Mgmt Domain Name length + VTP: Add bounds checks and filter out non-printable characters + VXLAN: Add a bound check and a test case + ZeroMQ: Fix an infinite loop + +Tuesday October 25, 2016 mcr@sandelman.ca + Summary for 4.8.1 tcpdump release + Fix "-x" for Apple PKTAP and PPI packets + Improve separation frontend/backend (tcpdump/libnetdissect) + Fix display of timestamps with -tt, -ttt and -ttttt options + Add support for the Marvell Extended Distributed Switch Architecture header + Use PRIx64 to print a 64-bit number in hex. + Printer for HNCP (RFCs 7787 and 7788). + dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer. + RSVP: Add bounds and length checks + OSPF: Do more bounds checking + Handle OpenSSL 1.1.x. + Initial support for the REdis Serialization Protocol known as RESP. + Add printing function for Generic Protocol Extension for VXLAN + draft-ietf-nvo3-vxlan-gpe-01 + Network Service Header: draft-ietf-sfc-nsh-01 + Don't recompile the filter if the new file has the same DLT. + Pass an adjusted struct pcap_pkthdr to the sub-printer. + Add three test cases for already fixed CVEs + CVE-2014-8767: OLSR + CVE-2014-8768: Geonet + CVE-2014-8769: AODV + Don't do the DDP-over-UDP heuristic first: GitHub issue #499. + Use the new debugging routines in libpcap. + Harmonize TCP source or destination ports tests with UDP ones + Introduce data types to use for integral values in packet structures. + RSVP: Fix an infinite loop + Support of Type 3 and Type 4 LISP packets. + Don't require IPv6 library support in order to support IPv6 addresses. + Many many changes to support libnetdissect usage. + Add a test that makes unaligned accesses: GitHub issue #478. + add a DNSSEC test case: GH #445 and GH #467. + BGP: add decoding of ADD-PATH capability + fixes to LLC header printing, and RFC948-style IP packets + +Friday April 10, 2015 guy@alum.mit.edu + Summary for 4.7.4 tcpdump release + RPKI to Router Protocol: Fix Segmentation Faults and other problems + RPKI to Router Protocol: print strings with fn_printn() + wb: fix some bounds checks + +Wednesday March 11, 2015 mcr@sandelman.ca + Summary for 4.7.3 tcpdump release + Capsicum fixes for FreeBSD 10 + +Tuesday March 10, 2015 mcr@sandelman.ca + Summary for 4.7.2 tcpdump release + DCCP: update Packet Types with RFC4340/IANA names + fixes for CVE-2015-0261: IPv6 mobility header check issue + fixes for CVE-2015-2153, 2154, 2155: kday packets + +Friday Nov. 12, 2014 guy@alum.mit.edu + Summary for 4.7.0 tcpdump release + changes to hex printing of CDP packets + Fix PPI printing + Radius: update Packet Type Codes and Attribute Types with RFC/IANA names + Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support. + improvements to telnet printer, even if not -v + omit length for bcp, print-tcp uses it + formatting fixes for a bunch of protocols + new bounds checks for a number of protocols + split netflow 1,6, and 6 dissector up. + added geneve dissector + CVE-2014-9140 PPP dissector fixed. + +Tuesday Sep. 2, 2014 mcr@sandelman.ca + Summary for 4.6.2 tcpdump release + fix out-of-source-tree builds: find libpcap that is out of source + better configure check for libsmi + +Saturday Jul. 19, 2014 mcr@sandelman.ca + Summary for 4.6.1 tcpdump release + added FreeBSD capsicum + add a short option '#', same as long option '--number' + +Wednesday Jul. 2, 2014 mcr@sandelman.ca + Summary for 4.6.0 tcpdump release + all of tcpdump is now using the new "NDO" code base (Thanks Denis!) + nflog, mobile, forces, pptp, AODV, AHCP, IPv6, OSPFv4, RPL, DHCPv6 enhancements/fixes + M3UA decode added. + many new test cases: 82 in 4.5.1 to 133 in 4.6.0 + many improvements to travis continuous integration system: OSX, and Coverity options + cleaned up some unnecessary header files + Added bittok2str(). + a number of unaligned access faults fixed + -A flag does not consider CR to be printable anymore + fx.lebail took over coverity baby sitting + default snapshot size increased to 256K for accomodate USB captures + WARNING: this release contains a lot of very worthwhile code churn. + +Wednesday Jan. 15, 2014 guy@alum.mit.edu + Summary for 4.5.2 tcpdump release + Man page fix + Fix crashes on SPARC + +Monday Nov. 11, 2013 mcr@sandelman.ca + Summary for 4.5.1 tcpdump release + CREDITS file fixes + +Thursday Nov. 7, 2013 mcr@sandelman.ca and guy@alum.mit.edu. + Summary for 4.5.0 tcpdump release + some NFSv4 fixes for printing + fix printing of unknown TCP options, and tcp fast-open + fixes for syslog parser + some gcc-version-specific flag tuning + adopt MacOS deprecation workarounds for openssl + improvements to babel printing + add OpenFlow 1.0 (no SSL) and test cases + GeoNet printer. + added STBC Rx support + improvements to DHCPv6 decoder + clarify which autoconf is needed + Point users to the the-tcpdump-group repository on GitHub rather + than the mcr repository + Add MSDP printer. + Fixed IPv6 check on Solaris and other OSes requiring extra + networking libraries. + Add support for VXLAN (draft-mahalingam-dutt-dcops-vxlan-03), + and add "vxlan" as an option for -T. + Add support for OTV (draft-hasmit-otv-04). + fixes for DLT_IEEE802_11_RADIO datalink types + added MPTCP decoder + +Saturday April 6, 2013 guy@alum.mit.edu. + Summary for 4.4.0 tcpdump release + RPKI-RTR (RFC6810) is now official (TCP Port 323) + Fix detection of OpenSSL libcrypto. + Add DNSSL (RFC6106) support. + Add "radius" as an option for -T. + Update Action codes for handle_action function according to + 802.11s amendment. + Decode DHCPv6 AFTR-Name option (RFC6334). + Updates for Babel. + Fix printing of infinite lifetime in ICMPv6. + Added support for SPB, SPBM Service Identifier, and Unicast + Address sub-TLV in ISIS. + Decode RIPv2 authentication up to RFC4822. + Fix RIP Request/full table decoding issues. + On Linux systems with cap-ng.h, drop root privileges + using Linux Capabilities. + Add support for reading multiple files. + Add MS NLB heartbeat printer. + Separate multiple nexthops in BGP. + +Wednesday November 28, 2012 guy@alum.mit.edu. + Summary for 4.3.1 tcpdump release + Print "LLDP, length N" for LLDP packets even when not in verbose + mode, so something is printed even if only the timestamp is + present + Document "-T carp" + Print NTP poll interval correctly (it's an exponent, so print + both its raw value and 2^value) + Document that "-e" is used to get MAC addresses + More clearly document that you need to escape or quote + backslashes in filter expressions on the command line + Fix some "the the" in the man page + Use the right maximum path length + Don't treat 192_1_2, when passed to -i, as an interface number + +Friday April 3, 2012. mcr@sandelman.ca. Summary for 4.3.0 tcpdump release fixes for forces: SPARSE data (per RFC 5810) some more test cases added @@ -79,7 +513,7 @@ Thu. April 1, 2010. guy@alum.mit.edu. Summary for 4.1.1 tcpdump release Fix build on systems with PF, such as FreeBSD and OpenBSD. Don't blow up if a zero-length link-layer address is passed to - linkaddr_string(). + linkaddr_string(). Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Summary for 4.1.0 tcpdump release @@ -108,7 +542,7 @@ Thu. March 11, 2010. ken@netfunctional.ca/guy@alum.mit.edu. Add printer for ForCES Handle frames with an FCS Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames - Fix TCP sequence number printing + Fix TCP sequence number printing Report 802.2 packets as 802.2 instead of 802.3 Don't include -L/usr/lib in LDFLAGS On x86_64 Linux, look in lib64 directory too @@ -144,13 +578,13 @@ Mon. September 10, 2007. ken@xelerance.com. Summary for 3.9.8 tcpdump relea Converted print-isakmp.c to NETDISSECT Moved AF specific stuff into af.h Test subsystem now table driven, and saves outputs and diffs to one place - Require for pf definitions - allows reading of pflog formatted + Require for pf definitions - allows reading of pflog formatted libpcap files on an OS other than where the file was generated Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release - NFS: Print unsigned values as such. + NFS: Print unsigned values as such. RX: parse safely. BGP: fixes for IPv6-less builds. 801.1ag: use standard codepoint. @@ -160,7 +594,7 @@ Wed. July 23, 2007. mcr@xelerance.com. Summary for 3.9.7 libpcap release smb: squelch an uninitialized complaint from coverity. NFS: from NetBSD; don't interpret the reply as a possible NFS reply if it got MSG_DENIED. - BGP: don't print TLV values that didn't fit, from www.digit-labs.org. + BGP: don't print TLV values that didn't fit, from www.digit-labs.org. revised INSTALL.txt about libpcap dependancy. Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release @@ -178,11 +612,11 @@ Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release Add support for 802.3ah loopback ctrl msg Add support for Multiple-STP as per 802.1s Add support for rapid-SPT as per 802.1w - Add support for CFM Link-trace msg, Link-trace-Reply msg, + Add support for CFM Link-trace msg, Link-trace-Reply msg, Sender-ID tlv, private tlv, port, interface status Add support for unidirectional link detection as per http://www.ietf.org/internet-drafts/draft-foschiano-udld-02.txt - Add support for the olsr protocol as per RFC 3626 plus the LQ + Add support for the olsr protocol as per RFC 3626 plus the LQ extensions from olsr.org Add support for variable-length checksum in DCCP, as per section 9 of RFC 4340. @@ -194,7 +628,7 @@ Wed. April 25, 2007. ken@xelerance.com. Summary for 3.9.6 tcpdump release Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release - + Fix compiling on AIX (, at end of ENUM) Updated list of DNS RR typecodes Use local Ethernet defs on WIN32 @@ -209,7 +643,7 @@ Tue. September 19, 2006. ken@xelerance.com. Summary for 3.9.5 tcpdump release Add support for BGP signaled VPLS Cleanup the bootp printer Add support for PPP over Frame-Relay - Add some bounds checking to the IP options code, and clean up + Add some bounds checking to the IP options code, and clean up the options output a bit. Add additional modp groups to ISAKMP printer Add support for Address-Withdraw and Label-Withdraw Msgs @@ -340,10 +774,10 @@ Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release - Fixed infinite loop when parsing malformed isakmp packets. + Fixed infinite loop when parsing invalid isakmp packets. (reported by iDefense; already fixed in CVS) - Fixed infinite loop when parsing malformed BGP packets. - Fixed buffer overflow with certain malformed NFS packets. + Fixed infinite loop when parsing invalid BGP packets. + Fixed buffer overflow with certain invalid NFS packets. Pretty-print unprintable network names in 802.11 printer. Handle truncated nbp (appletalk) packets. Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..186583e --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,151 @@ +Some Information for Contributors +--------------------------------- +You want to contribute to Tcpdump, Thanks! +Please, read these lines. + + +How to report bugs and other problems +------------------------------------- +To report a security issue (segfault, buffer overflow, infinite loop, arbitrary +code execution etc) please send an e-mail to security@tcpdump.org, do not use +the bug tracker! + +To report a non-security problem (failure to compile, incorrect output in the +protocol printout, missing support for a particular protocol etc) please check +first that it reproduces with the latest stable release of tcpdump and the latest +stable release of libpcap. If it does, please check that the problem reproduces +with the current git master branch of tcpdump and the current git master branch of +libpcap. If it does (and it is not a security-related problem, otherwise see +above), please navigate to https://github.com/the-tcpdump-group/tcpdump/issues +and check if the problem has already been reported. If it has not, please open +a new issue and provide the following details: + +* tcpdump and libpcap version (tcpdump --version) +* operating system name and version and any other details that may be relevant + (uname -a, compiler name and version, CPU type etc.) +* configure flags if any were used +* statement of the problem +* steps to reproduce + +Please note that if you know exactly how to solve the problem and the solution +would not be too intrusive, it would be best to contribute some development time +and open a pull request instead as discussed below. + +Still not sure how to do? Feel free to [subscribe](http://www.tcpdump.org/#mailing-lists) +to the mailing list tcpdump-workers@lists.tcpdump.org and ask! + + +How to add new code and to update existing code +----------------------------------------------- + +0) Check that there isn't a pull request already opened for the changes you + intend to make. + +1) Fork the Tcpdump repository on GitHub from + https://github.com/the-tcpdump-group/tcpdump + (See https://help.github.com/articles/fork-a-repo/) + +2) Setup an optional Travis-CI build + You can setup a travis build for your fork. So, you can test your changes + on Linux and OSX before sending pull requests. + (See http://docs.travis-ci.com/user/getting-started/) + +3) Setup your git working copy + git clone https://github.com//tcpdump.git + cd tcpdump + git remote add upstream https://github.com/the-tcpdump-group/tcpdump + git fetch upstream + +4) Do a 'touch .devel' in your working directory. + Currently, the effect is + a) add (via configure, in Makefile) some warnings options ( -Wall + -Wmissing-prototypes -Wstrict-prototypes, ...) to the compiler if it + supports these options, + b) have the Makefile support "make depend" and the configure script run it. + +5) Configure and build + ./configure && make -s && make check + +6) Add/update sample.pcap files + We use tests directory to do regression tests on the dissection of captured + packets, by running tcpdump against a savefile sample.pcap, created with -w + option and comparing the results with a text file sample.out giving the + expected results. + + Any new/updated fields in a dissector must be present in a sample.pcap file + and the corresponding output file. + + Configuration is set in tests/TESTLIST. + Each line in this file has the following format: + test-name sample.pcap sample.out tcpdump-options + + the sample.out file can be build by: + (cd tests && ../tcpdump -n -r sample.pcap tcpdump-options > sample.out) + + It is often useful to have test outputs with different verbosity levels + (none, -v, -vv, -vvv, etc.) depending on the code. + +7) Test with 'make check' + Don't send a pull request if 'make check' gives failed tests. + +8) Try to rebase your commits to keep the history simple. + git rebase upstream/master + (If the rebase fails and you cannot resolve, issue "git rebase --abort" + and ask for help in the pull request comment.) + +9) Once 100% happy, put your work into your forked repository. + git push + +10) Initiate and send a pull request + (See https://help.github.com/articles/using-pull-requests/) + + +Code style and generic remarks +------------------------------ +a) A thorough reading of some other printers code is useful. + +b) Put the normative reference if any as comments (RFC, etc.). + +c) Put the format of packets/headers/options as comments if there is no + published normative reference. + +d) The printer may receive incomplete packet in the buffer, truncated at any + random position, for example by capturing with '-s size' option. + Thus use ND_TTEST, ND_TTEST2, ND_TCHECK or ND_TCHECK2 for bound checking. + For ND_TCHECK2: + Define : static const char tstr[] = " [|protocol]"; + Define a label: trunc + Print with: ND_PRINT((ndo, "%s", tstr)); + You can test the code via: + sudo ./tcpdump -s snaplen [-v][v][...] -i lo # in a terminal + sudo tcpreplay -i lo sample.pcap # in another terminal + You should try several values for snaplen to do various truncation. + +e) Do invalid packet checks in code: Think that your code can receive in input + not only a valid packet but any arbitrary random sequence of octets (packet + - built malformed originally by the sender or by a fuzz tester, + - became corrupted in transit). + Print with: ND_PRINT((ndo, "%s", istr)); /* to print " (invalid)" */ + +f) Use 'struct tok' for indexed strings and print them with + tok2str() or bittok2str() (for flags). + +g) Avoid empty lines in output of printers. + +h) A commit message must have: + First line: Capitalized short summary in the imperative (70 chars or less) + + Body: Detailed explanatory text, if necessary. Fold it to approximately + 72 characters. There must be an empty line separating the summary from + the body. + +i) Avoid non-ASCII characters in code and commit messages. + +j) Use the style of the modified sources. + +k) Don't mix declarations and code + +l) Don't use // for comments + Not all C compilers accept C++/C99 comments by default. + +m) Avoid trailing tabs/spaces diff --git a/CREDITS b/CREDITS index 3a0fba8..85ee5f4 100644 --- a/CREDITS +++ b/CREDITS @@ -2,41 +2,49 @@ This file lists people who have contributed to tcpdump: The current maintainers: Bill Fenner - David Young + Denis Ovsienko Fulvio Risso Guy Harris - Hannes Gredler + Hannes Gredler Michael Richardson + Francois-Xavier Le Bail Additional people who have contributed patches: - A Costa Aaron Campbell - Alfredo Andres + A Costa Albert Chin + Alexandra Kossovsky + Alfredo Andres Ananth Suryanarayana Andrea Bittau Andrew Brown Andrew Church + Andrew Darqui Andrew Hintz Andrew Nording Andrew Tridgell Andy Heffernan Anton Bernal + Antonin Décimo Arkadiusz Miskiewicz Armando L. Caro Jr. Arnaldo Carvalho de Melo - Ben Byer Atsushi Onoe + Baptiste Jonglez + Ben Byer Ben Smithurst Bert Vermeulen + Bill Parker Bjoern A. Zeeb + Bram Brent L. Bates + Brian Carpenter Brian Ginsbach Bruce M. Simpson Carles Kishimoto Bisbe - Charlie Lenahan Charles M. Hannum + Charlie Lenahan Chris Cogdon Chris G. Demetriou Chris Jepeway @@ -47,11 +55,13 @@ Additional people who have contributed patches: Craig Rodrigues Crist J. Clark Daniel Hagerty + Daniel Lee Darren Reed David Binderman David Horn David Smith David Young + Dmitrij Tejblum Dmitry Eremin-Solenikov Don Ebright Eddie Kohler @@ -59,25 +69,29 @@ Additional people who have contributed patches: Fang Wang Florent Drouin Florian Forster - Francis Dupont + fra + Francesco Fondelli Francisco Matias Cuenca-Acuna - Francois-Xavier Le Bail + Francis Dupont Frank Volf Fulvio Risso George Bakos Gerald Combs Gerrit Renker Gert Doering + Gilbert Ramirez Jr. + Gisle Vanem Greg Minshall + Grégoire Henry + Gregory Detal Greg Stark - Grégoire Henry - Gilbert Ramirez Jr. - Gisle Vanem - Hannes Viertel Hank Leininger + Hannes Viertel + Hanno Böck Harry Raaymakers Heinz-Ado Arnolds Hendrik Scholz + Herwin Weststrate Ian McDonald Ilpo Järvinen Jacek Tobiasz @@ -87,41 +101,47 @@ Additional people who have contributed patches: Jason R. Thorpe Jefferson Ogata Jeffrey Hutzelman + Jean-Raphaël Gaglione Jesper Peterson + Jesse Gross Jim Hutchins - Jonathan Heusser - Tatuya Jinmei João Medeiros - Joerg Mayer - Jørgen Thomsen + Joerg Mayer + Jonathan Heusser + Jorge Boncompte [DTI2] + Jørgen Thomsen Julian Cowley - Juliusz Chroboczek + Juliusz Chroboczek Kaarthik Sivakumar Kaladhar Musunuru + Kamil Frankowicz Karl Norby Kazushi Sugyo Kelly Carmichael Ken Hornstein - Kevin Steves Kenichi Maehashi + Kevin Steves Klaus Klein Kris Kennaway Krzysztof Halasa Larry Lile Lennert Buytenhek + Loganaden Velvindron Loris Degioanni Love Hörnquist-Åstrand Lucas C. Villa Real Luis MartinGarcia Maciej W. Rozycki Manu Pathak - Marc Binderberger + Marc Abramowitz Marc A. Lehmann + Marc Binderberger Mark Ellzey Thomas Marko Kiiskila Markus Schöpflin Marshall Rose Martin Husemann + Matthieu Boutier Max Laier Michael A. Meffie III Michael Madore @@ -135,28 +155,32 @@ Additional people who have contributed patches: Minto Jeyananth Monroe Williams Motonori Shindo - Nathan J. Williams Nathaniel Couper-Noles + Nathan J. Williams Neil T. Spring - Niels Provos Nickolai Zeldovich Nicolas Ferrero + Niels Provos Noritoshi Demizu Olaf Kirch + Ola Martin Lykkja + Oleksij Rempel Onno van der Linden Paolo Abeni Pascal Hennequin Pasvorn Boonmark + Patrik Lundquist Paul Ferrell Paul Mundt Paul S. Traina Pavlin Radoslavov Pawel Worach - Pekka Savola + Pekka Savola + Petar Alilovic Peter Fales Peter Jeremy - Peter Volkov + Phil Wood Rafal Maszkowski Randy Sofia @@ -168,9 +192,10 @@ Additional people who have contributed patches: Robert Edmonds Roderick Schertler Romain Francoise + Ruben Kerkhof Sagun Shakya Sami Farin - Scott Mcmillan + Scott Mcmillan Scott Rose Sebastian Krahmer Sebastien Raveau @@ -180,20 +205,27 @@ Additional people who have contributed patches: Shinsuke Suzuki Simon Ruderich Steinar Haug + Stephane Bortzmeyer Swaminathan Chandrasekaran + Swaathi Vetrivel Takashi Yamamoto + Tatuya Jinmei Terry Kennedy + Thomas Jacob Timo Koskiahde Tony Li Toshihiro Kanda + Udayakumar Uns Lider Victor Oppleman + Vyacheslav Trushkin Weesan Lee Wesley Griffin Wesley Shields Wilbert de Graaf Will Drewry William J. Hulley + Wim Torfs Yen Yen Lim Yoshifumi Nishida @@ -203,4 +235,4 @@ The original LBL crew: Van Jacobson Past maintainers: - Jun-ichiro itojun Hagino + Jun-ichiro itojun Hagino Also see: http://www.wide.ad.jp/itojun-award/ diff --git a/INSTALL.txt b/INSTALL.txt index a03e2c0..57d4a45 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -1,5 +1,3 @@ -@(#) $Header: /tcpdump/master/tcpdump/INSTALL.txt,v 1.2 2008-02-06 10:47:53 guy Exp $ (LBL) - If you have not built libpcap, and your system does not have libpcap installed, install libpcap first. Your system might provide a version of libpcap that can be installed; if so, to compile tcpdump you might @@ -9,9 +7,7 @@ libpcap; see the README file in this directory for the ftp location. You will need an ANSI C compiler to build tcpdump. The configure script will abort if your compiler is not ANSI compliant. If this happens, use -the GNU C compiler, available via anonymous ftp: - - ftp://ftp.gnu.org/pub/gnu/gcc/ +the generally available GNU C compiler (GCC). After libpcap has been built (either install it with "make install" or make sure both the libpcap and tcpdump source trees are in the same @@ -41,27 +37,23 @@ Please see "PLATFORMS" for notes about tested platforms. FILES ----- CHANGES - description of differences between releases +CONTRIBUTING - guidelines for contributing CREDITS - people that have helped tcpdump along -FILES - list of files exported as part of the distribution INSTALL.txt - this file LICENSE - the license under which tcpdump is distributed Makefile.in - compilation rules (input to the configure script) README - description of distribution Readme.Win32 - notes on building tcpdump on Win32 systems (with WinPcap) VERSION - version of this release -acconfig.h - autoconf input aclocal.m4 - autoconf macros addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions ah.h - IPSEC Authentication Header definitions -aodv.h - AODV definitions appletalk.h - AppleTalk definitions -arcnet.h - ARCNET definitions +ascii_strcasecmp.c - locale-independent case-independent string comparison + routines atime.awk - TCP ack awk script atm.h - ATM traffic type definitions -atmuni31.h - ATM Q.2931 definitions -bgp.h - BGP declarations -bootp.h - BOOTP definitions bpf_dump.c - BPF program printing routines, in case libpcap doesn't have them chdlc.h - Cisco HDLC definitions @@ -72,37 +64,21 @@ config.h.in - autoconf input config.sub - autoconf support configure - configure script (run this first) configure.in - configure script source -dccp.h - DCCP definitions -decnet.h - DECnet definitions -decode_prefix.h - Declarations of "decode_prefix{4,6}()" -enc.h - OpenBSD IPsec encapsulation BPF layer definitions -esp.h - IPSEC Encapsulating Security Payload definitions ether.h - Ethernet definitions ethertype.h - Ethernet type value definitions extract.h - alignment definitions -fddi.h - Fiber Distributed Data Interface definitions gmpls.c - GMPLS definitions gmpls.h - GMPLS declarations gmt2local.c - time conversion routines gmt2local.h - time conversion prototypes -icmp6.h - ICMPv6 definitiions -ieee802_11.h - IEEE 802.11 definitions -ieee802_11_radio.h - radiotap header definitions -igrp.h - Interior Gateway Routing Protocol definitions install-sh - BSD style install script interface.h - globals, prototypes and definitions ip.h - IP definitions ip6.h - IPv6 definitions -ipfc.h - IP-over-Fibre Channel definitions ipproto.c - IP protocol type value-to-name table ipproto.h - IP protocol type value definitions -ipsec_doi.h - ISAKMP packet definitions - RFC2407 -ipx.h - IPX definitions -isakmp.h - ISAKMP packet definitions - RFC2408 l2vpn.c - L2VPN encapsulation value-to-name table l2vpn.h - L2VPN encapsulation definitions -l2tp.h - Layer Two Tunneling Protocol definitions -lane.h - ATM LANE definitions lbl/os-*.h - OS-dependent defines and prototypes llc.h - LLC definitions machdep.c - machine dependent routines @@ -113,143 +89,35 @@ missing/* - replacements for missing library functions mkdep - construct Makefile dependency list mpls.h - MPLS definitions nameser.h - DNS definitions -netbios.h - NETBIOS definitions netdissect.h - definitions and declarations for tcpdump-as-library (under development) nfs.h - Network File System V2 definitions nfsfh.h - Network File System file handle definitions nlpid.c - OSI NLPID value-to-name table nlpid.h - OSI NLPID definitions -ntp.h - Network Time Protocol definitions -oakley.h - ISAKMP packet definitions - RFC2409 ospf.h - Open Shortest Path First definitions -ospf6.h - IPv6 Open Shortest Path First definitions packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines pcap_dump_ftell.c - pcap_dump_ftell() implementation, in case libpcap doesn't have it pcap-missing.h - declarations of functions possibly missing from libpcap -pmap_prot.h - definitions for ONC RPC portmapper protocol ppp.h - Point to Point Protocol definitions -print-802_11.c - IEEE 802.11 printer routines -print-ap1394.c - Apple IP-over-IEEE 1394 printer routines -print-ah.c - IPSEC Authentication Header printer routines -print-aodv.c - AODV printer routines -print-arcnet.c - ARCNET printer routines -print-arp.c - Address Resolution Protocol printer routines -print-ascii.c - ASCII packet dump routines -print-atalk.c - AppleTalk printer routines -print-atm.c - ATM printer routines -print-beep.c - BEEP printer routines -print-bgp.c - Border Gateway Protocol printer routines -print-bootp.c - BOOTP and IPv4 DHCP printer routines -print-bt.c - Bluetooth printer routines -print-cdp.c - Cisco Discovery Protocol printer routines -print-chdlc.c - Cisco HDLC printer routines -print-cip.c - Classical-IP over ATM routines -print-cnfp.c - Cisco NetFlow printer routines -print-dccp.c - DCCP printer routines -print-decnet.c - DECnet printer routines -print-dhcp6.c - IPv6 DHCP printer routines -print-domain.c - Domain Name System printer routines -print-dvmrp.c - Distance Vector Multicast Routing Protocol printer routines -print-eap.c - EAP printer routines -print-enc.c - OpenBSD IPsec encapsulation BPF layer printer routines -print-egp.c - External Gateway Protocol printer routines -print-esp.c - IPSEC Encapsulating Security Payload printer routines -print-ether.c - Ethernet printer routines -print-fddi.c - Fiber Distributed Data Interface printer routines -print-fr.c - Frame Relay printer routines -print-frag6.c - IPv6 fragmentation header printer routines -print-gre.c - Generic Routing Encapsulation printer routines -print-hsrp.c - Cisco Hot Standby Router Protocol printer routines -print-icmp.c - Internet Control Message Protocol printer routines -print-icmp6.c - IPv6 Internet Control Message Protocol printer routines -print-igmp.c - Internet Group Management Protocol printer routines -print-igrp.c - Interior Gateway Routing Protocol printer routines -print-ip.c - IP printer routines -print-ip6.c - IPv6 printer routines -print-ip6opts.c - IPv6 header option printer routines -print-ipcomp.c - IP Payload Compression Protocol printer routines -print-ipx.c - IPX printer routines -print-isakmp.c - Internet Security Association and Key Management Protocol -print-isoclns.c - ISO CLNS, ESIS, and ISIS printer routines -print-krb.c - Kerberos printer routines -print-l2tp.c - Layer Two Tunneling Protocol printer routines -print-lane.c - ATM LANE printer routines -print-llc.c - IEEE 802.2 LLC printer routines -print-lspping.c - LSPPING printer routines -print-lwres.c - Lightweight Resolver protocol printer routines -print-mobile.c - IPv4 mobility printer routines -print-mobility.c - IPv6 mobility printer routines -print-mpls.c - Multi-Protocol Label Switching printer routines -print-msdp.c - Multicast Source Discovery Protocol printer routines -print-netbios.c - NetBIOS frame protocol printer routines -print-nfs.c - Network File System printer routines -print-ntp.c - Network Time Protocol printer routines -print-null.c - BSD loopback device printer routines -print-ospf.c - Open Shortest Path First printer routines -print-ospf6.c - IPv6 Open Shortest Path First printer routines -print-pflog.c - OpenBSD packet filter log file printer routines -print-pgm.c - Pragmatic General Multicast printer routines -print-pim.c - Protocol Independent Multicast printer routines -print-ppp.c - Point to Point Protocol printer routines -print-pppoe.c - PPP-over-Ethernet printer routines -print-pptp.c - Point-to-Point Tunnelling Protocol printer routines -print-radius.c - Radius protocol printer routines -print-raw.c - Raw IP printer routines -print-rip.c - Routing Information Protocol printer routines -print-ripng.c - IPv6 Routing Information Protocol printer routines -print-rrcp.c - Realtek Remote Control Protocol routines -print-rsvp.c - Resource reSerVation Protocol (RSVP) printer routines -print-rt6.c - IPv6 routing header printer routines -print-rx.c - AFS RX printer routines -print-sctp.c - Stream Control Transmission Protocol printer routines -print-sip.c - SIP printer routines -print-sl.c - Compressed Serial Line Internet Protocol printer routines -print-sll.c - Linux "cooked" capture printer routines -print-slow.c - IEEE "slow protocol" (802.3ad) printer routines -print-smb.c - SMB/CIFS printer routines -print-snmp.c - Simple Network Management Protocol printer routines -print-stp.c - IEEE 802.1d spanning tree protocol printer routines -print-sunatm.c - SunATM DLPI capture printer routines -print-sunrpc.c - Sun Remote Procedure Call printer routines -print-symantec.c - Symantec Enterprise Firewall printer routines -print-tcp.c - TCP printer routines -print-telnet.c - Telnet option printer routines -print-tftp.c - Trivial File Transfer Protocol printer routines -print-timed.c - BSD time daemon protocol printer routines -print-token.c - Token Ring printer routines -print-udp.c - UDP printer routines -print-usb.c - USB printer routines -print-vjc.c - PPP Van Jacobson compression (RFC1144) printer routines -print-vrrp.c - Virtual Router Redundancy Protocol -print-wb.c - White Board printer routines -print-zephyr.c - Zephyr printer routines -route6d.h - packet definition for IPv6 Routing Information Protocol +print.c - Top-level routines for protocol printing +print-*.c - The netdissect printers rpc_auth.h - definitions for ONC RPC authentication rpc_msg.h - definitions for ONC RPC messages -rx.h - AFS RX definitions -sctpConstants.h - Stream Control Transmission Protocol constant definitions -sctpHeader.h - Stream Control Transmission Protocol packet definitions send-ack.awk - unidirectional tcp send/ack awk script setsignal.c - OS-independent signal routines setsignal.h - OS-independent signal prototypes slcompress.h - SLIP/PPP Van Jacobson compression (RFC1144) definitions -slip.h - SLIP definitions -sll.h - Linux "cooked" capture definitions smb.h - SMB/CIFS definitions smbutil.c - SMB/CIFS utility routines stime.awk - TCP send awk script -strcasecmp.c - missing routine tcp.h - TCP definitions tcpdump.1 - manual entry tcpdump.c - main program -telnet.h - Telnet definitions -tftp.h - TFTP definitions -timed.h - BSD time daemon protocol definitions -token.h - Token Ring definitions +timeval-operations.h - timeval operations macros udp.h - UDP definitions -util.c - utility routines +util-print.c - utility routines for protocol printers vfprintf.c - emulation routine win32 - headers and routines for building on Win32 systems diff --git a/Makefile-devel-adds b/Makefile-devel-adds index 512a119..7bf6420 100644 --- a/Makefile-devel-adds +++ b/Makefile-devel-adds @@ -2,12 +2,12 @@ # Auto-regenerate configure script or Makefile when things change. # From autoconf.info . Works best with GNU Make. # -${srcdir}/configure: configure.in +${srcdir}/configure: configure.in aclocal.m4 cd ${srcdir} && autoconf # autoheader might not change config.h.in, so touch a stamp file. ${srcdir}/config.h.in: ${srcdir}/stamp-h.in -${srcdir}/stamp-h.in: configure.in acconfig.h +${srcdir}/stamp-h.in: configure.in aclocal.m4 cd ${srcdir} && autoheader echo timestamp > ${srcdir}/stamp-h.in diff --git a/Makefile.in b/Makefile.in index 3b589dc..0941f0e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -16,8 +16,6 @@ # THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -# -# @(#) $Header: /tcpdump/master/tcpdump/Makefile.in,v 1.325 2008-11-21 23:17:26 guy Exp $ (LBL) # # Various configurable paths (remember to edit Makefile.in, not Makefile) @@ -41,6 +39,8 @@ VPATH = @srcdir@ # CC = @CC@ +AR = @AR@ +MKDEP = @MKDEP@ PROG = tcpdump CCOPT = @V_CCOPT@ INCLS = -I. @V_INCLS@ @@ -61,6 +61,8 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_DATA = @INSTALL_DATA@ RANLIB = @RANLIB@ +DEPENDENCY_CFLAG = @DEPENDENCY_CFLAG@ + # Explicitly define compilation rule since SunOS 4's make doesn't like gcc. # Also, gcc does not remove the .o before forking 'as', which can be a # problem if you don't own the file but can write to the directory. @@ -68,132 +70,239 @@ RANLIB = @RANLIB@ @rm -f $@ $(CC) $(FULL_CFLAGS) -c $(srcdir)/$*.c -CSRC = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c ipproto.c \ - nlpid.c l2vpn.c machdep.c parsenfsfh.c in_cksum.c \ - print-802_11.c print-802_15_4.c print-ap1394.c print-ah.c \ - print-arcnet.c print-aodv.c print-arp.c print-ascii.c print-atalk.c \ - print-atm.c print-beep.c print-bfd.c print-bgp.c \ - print-bootp.c print-bt.c print-carp.c print-cdp.c print-cfm.c \ - print-chdlc.c print-cip.c print-cnfp.c print-dccp.c print-decnet.c \ - print-domain.c print-dtp.c print-dvmrp.c print-enc.c print-egp.c \ - print-eap.c print-eigrp.c\ - print-esp.c print-ether.c print-fddi.c print-forces.c print-fr.c \ - print-gre.c print-hsrp.c print-icmp.c print-igmp.c \ - print-igrp.c print-ip.c print-ipcomp.c print-ipfc.c print-ipnet.c \ - print-ipx.c print-isoclns.c print-juniper.c print-krb.c \ - print-l2tp.c print-lane.c print-ldp.c print-lldp.c print-llc.c \ - print-lmp.c print-lspping.c print-lwapp.c \ - print-lwres.c print-mobile.c print-mpcp.c print-mpls.c print-msdp.c \ - print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \ - print-pgm.c print-pim.c \ - print-ppi.c print-ppp.c print-pppoe.c print-pptp.c \ - print-radius.c print-raw.c print-rip.c print-rpki-rtr.c print-rrcp.c print-rsvp.c \ - print-rx.c print-sctp.c print-sflow.c print-sip.c print-sl.c print-sll.c \ - print-slow.c print-snmp.c print-stp.c print-sunatm.c print-sunrpc.c \ - print-symantec.c print-syslog.c print-tcp.c print-telnet.c print-tftp.c \ - print-timed.c print-tipc.c print-token.c print-udld.c print-udp.c \ - print-usb.c print-vjc.c print-vqp.c print-vrrp.c print-vtp.c \ - print-wb.c print-zephyr.c signature.c setsignal.c tcpdump.c util.c - -LIBNETDISSECT_SRC=print-isakmp.c -LIBNETDISSECT_OBJ=$(LIBNETDISSECT_SRC:.c=.o) -LIBNETDISSECT=libnetdissect.a +CSRC = setsignal.c tcpdump.c + +LIBNETDISSECT_SRC=\ + addrtoname.c \ + addrtostr.c \ + af.c \ + ascii_strcasecmp.c \ + checksum.c \ + cpack.c \ + gmpls.c \ + gmt2local.c \ + in_cksum.c \ + ipproto.c \ + l2vpn.c \ + machdep.c \ + nlpid.c \ + oui.c \ + parsenfsfh.c \ + print.c \ + print-802_11.c \ + print-802_15_4.c \ + print-ah.c \ + print-ahcp.c \ + print-aodv.c \ + print-aoe.c \ + print-ap1394.c \ + print-arcnet.c \ + print-arp.c \ + print-ascii.c \ + print-atalk.c \ + print-atm.c \ + print-babel.c \ + print-beep.c \ + print-bfd.c \ + print-bgp.c \ + print-bootp.c \ + print-bt.c \ + print-calm-fast.c \ + print-carp.c \ + print-cdp.c \ + print-cfm.c \ + print-chdlc.c \ + print-cip.c \ + print-cnfp.c \ + print-dccp.c \ + print-decnet.c \ + print-dhcp6.c \ + print-domain.c \ + print-dtp.c \ + print-dvmrp.c \ + print-eap.c \ + print-egp.c \ + print-eigrp.c \ + print-enc.c \ + print-esp.c \ + print-ether.c \ + print-fddi.c \ + print-forces.c \ + print-fr.c \ + print-frag6.c \ + print-ftp.c \ + print-geneve.c \ + print-geonet.c \ + print-gre.c \ + print-hncp.c \ + print-hsrp.c \ + print-http.c \ + print-icmp.c \ + print-icmp6.c \ + print-igmp.c \ + print-igrp.c \ + print-ip.c \ + print-ip6.c \ + print-ip6opts.c \ + print-ipcomp.c \ + print-ipfc.c \ + print-ipnet.c \ + print-ipx.c \ + print-isakmp.c \ + print-isoclns.c \ + print-juniper.c \ + print-krb.c \ + print-l2tp.c \ + print-lane.c \ + print-ldp.c \ + print-lisp.c \ + print-llc.c \ + print-lldp.c \ + print-lmp.c \ + print-loopback.c \ + print-lspping.c \ + print-lwapp.c \ + print-lwres.c \ + print-m3ua.c \ + print-medsa.c \ + print-mobile.c \ + print-mobility.c \ + print-mpcp.c \ + print-mpls.c \ + print-mptcp.c \ + print-msdp.c \ + print-msnlb.c \ + print-nflog.c \ + print-nfs.c \ + print-nsh.c \ + print-ntp.c \ + print-null.c \ + print-olsr.c \ + print-openflow-1.0.c \ + print-openflow.c \ + print-ospf.c \ + print-ospf6.c \ + print-otv.c \ + print-pgm.c \ + print-pim.c \ + print-pktap.c \ + print-ppi.c \ + print-ppp.c \ + print-pppoe.c \ + print-pptp.c \ + print-radius.c \ + print-raw.c \ + print-resp.c \ + print-rip.c \ + print-ripng.c \ + print-rpki-rtr.c \ + print-rrcp.c \ + print-rsvp.c \ + print-rt6.c \ + print-rtsp.c \ + print-rx.c \ + print-sctp.c \ + print-sflow.c \ + print-sip.c \ + print-sl.c \ + print-sll.c \ + print-slow.c \ + print-smtp.c \ + print-snmp.c \ + print-stp.c \ + print-sunatm.c \ + print-sunrpc.c \ + print-symantec.c \ + print-syslog.c \ + print-tcp.c \ + print-telnet.c \ + print-tftp.c \ + print-timed.c \ + print-tipc.c \ + print-token.c \ + print-udld.c \ + print-udp.c \ + print-usb.c \ + print-vjc.c \ + print-vqp.c \ + print-vrrp.c \ + print-vtp.c \ + print-vxlan.c \ + print-vxlan-gpe.c \ + print-wb.c \ + print-zephyr.c \ + print-zeromq.c \ + netdissect.c \ + signature.c \ + strtoaddr.c \ + util-print.c LOCALSRC = @LOCALSRC@ GENSRC = version.c LIBOBJS = @LIBOBJS@ +LIBNETDISSECT_OBJ=$(LIBNETDISSECT_SRC:.c=.o) ${LOCALSRC:.c=.o} ${LIBOBJS} +LIBNETDISSECT=libnetdissect.a + + SRC = $(CSRC) $(GENSRC) $(LOCALSRC) $(LIBNETDISSECT_SRC) # We would like to say "OBJ = $(SRC:.c=.o)" but Ultrix's make cannot # hack the extra indirection -OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) $(LOCALSRC:.c=.o) $(LIBOBJS) $(LIBNETDISSECT_OBJ) +OBJ = $(CSRC:.c=.o) $(GENSRC:.c=.o) $(LIBNETDISSECT_OBJ) HDR = \ - acconfig.h \ addrtoname.h \ + addrtostr.h \ af.h \ ah.h \ - aodv.h \ appletalk.h \ - arcnet.h \ + ascii_strcasecmp.h \ atm.h \ - atmuni31.h \ - bootp.h \ - bgp.h \ chdlc.h \ cpack.h \ - dccp.h \ - decnet.h \ - decode_prefix.h \ - enc.h \ - esp.h \ ether.h \ ethertype.h \ extract.h \ - fddi.h \ - forces.h \ + funcattrs.h \ + getopt_long.h \ gmpls.h \ gmt2local.h \ - icmp6.h \ - ieee802_11.h \ - ieee802_11_radio.h \ - igrp.h \ - interface.h \ interface.h \ ip.h \ ip6.h \ - ipfc.h \ - ipnet.h \ ipproto.h \ - ipsec_doi.h \ - ipx.h \ - isakmp.h \ - l2tp.h \ l2vpn.h \ - lane.h \ llc.h \ machdep.h \ mib.h \ mpls.h \ nameser.h \ - netbios.h \ netdissect.h \ nfs.h \ nfsfh.h \ nlpid.h \ - ntp.h \ - oakley.h \ + openflow.h \ ospf.h \ - ospf6.h \ oui.h \ pcap-missing.h \ - pmap_prot.h \ - ppi.h \ ppp.h \ - route6d.h \ + print.h \ rpc_auth.h \ rpc_msg.h \ - rx.h \ - sctpConstants.h \ - sctpHeader.h \ + rpl.h \ setsignal.h \ signature.h \ slcompress.h \ - slip.h \ - sll.h \ smb.h \ + strtoaddr.h \ tcp.h \ - tcpdump-stdinc.h \ - telnet.h \ - tftp.h \ - timed.h \ - token.h \ + netdissect-stdinc.h \ + timeval-operations.h \ udp.h TAGHDR = \ /usr/include/arpa/tftp.h \ /usr/include/net/if_arp.h \ - /usr/include/net/slip.h \ /usr/include/netinet/if_ether.h \ /usr/include/netinet/in.h \ /usr/include/netinet/ip_icmp.h \ @@ -207,12 +316,15 @@ CLEANFILES = $(PROG) $(OBJ) $(GENSRC) EXTRA_DIST = \ CHANGES \ + CONTRIBUTING \ CREDITS \ INSTALL.txt \ LICENSE \ Makefile.in \ Makefile-devel-adds \ + PLATFORMS \ README \ + README.md \ Readme.Win32 \ VERSION \ aclocal.m4 \ @@ -229,15 +341,10 @@ EXTRA_DIST = \ lbl/os-sunos4.h \ lbl/os-ultrix4.h \ makemib \ - missing/addrinfo.h \ missing/dlnames.c \ missing/datalinks.c \ - missing/getnameinfo.c \ - missing/inet_aton.c \ - missing/inet_ntop.c \ - missing/inet_pton.c \ + missing/getopt_long.c \ missing/snprintf.c \ - missing/sockstorage.h \ missing/strdup.c \ missing/strlcat.c \ missing/strlcpy.c \ @@ -245,120 +352,23 @@ EXTRA_DIST = \ mkdep \ packetdat.awk \ pcap_dump_ftell.c \ - print-babel.c \ - print-dhcp6.c \ - print-frag6.c \ - print-icmp6.c \ - print-ip6.c \ - print-ip6opts.c \ - print-mobility.c \ - print-netbios.c \ - print-ospf6.c \ print-pflog.c \ - print-ripng.c \ - print-rt6.c \ print-smb.c \ send-ack.awk \ smbutil.c \ stime.awk \ - strcasecmp.c \ tcpdump.1.in \ - tests/02-sunrise-sunset-esp.pcap \ - tests/08-sunrise-sunset-aes.pcap \ - tests/08-sunrise-sunset-esp2.pcap \ - tests/QinQpacket.out \ - tests/QinQpacket.pcap \ - tests/QinQpacketv.out \ - tests/TESTLIST \ - tests/TESTonce \ - tests/TESTrun.sh \ - tests/babel.pcap \ - tests/babel1.out \ - tests/babel1v.out \ - tests/bgp-infinite-loop.pcap \ - tests/bgp_vpn_attrset.out \ - tests/bgp_vpn_attrset.pcap \ - tests/chdlc-slarp-short.pcap \ - tests/chdlc-slarp.pcap \ - tests/dio.out \ - tests/dio.pcap \ - tests/e1000g.out \ - tests/e1000g.pcap \ - tests/eapon1.gdbinit \ - tests/eapon1.out \ - tests/eapon1.pcap \ - tests/empty.uu \ - tests/esp-secrets.txt \ - tests/esp0.out \ - tests/esp1.gdbinit \ - tests/esp1.out \ - tests/esp2.gdbinit \ - tests/esp2.out \ - tests/esp3.gdbinit \ - tests/esp4.gdbinit \ - tests/esp5.gdbinit \ - tests/esp5.out \ - tests/espudp1.out \ - tests/espudp1.pcap \ - tests/forces1.out \ - tests/forces1.pcap \ - tests/forces1vvv.out \ - tests/forces1vvvv.out \ - tests/forces2v.out \ - tests/forces2vv.out \ - tests/forces3vvv.out \ - tests/icmpv6.out \ - tests/icmpv6.pcap \ - tests/ikev2four.out \ - tests/ikev2four.pcap \ - tests/ikev2fourv.out \ - tests/ikev2fourv4.out \ - tests/ikev2pI2-secrets.txt \ - tests/ikev2pI2.out \ - tests/ikev2pI2.pcap \ - tests/isakmp-delete-segfault.pcap \ - tests/isakmp-identification-segfault.pcap \ - tests/isakmp-pointer-loop.pcap \ - tests/isakmp1.out \ - tests/isakmp2.out \ - tests/isakmp3.out \ - tests/isakmp4.out \ - tests/isakmp4500.pcap \ - tests/isis-infinite-loop.pcap \ - tests/ldp-infinite-loop.pcap \ - tests/lmp.out \ - tests/lmp.pcap \ - tests/lmp.sh \ - tests/lspping-fec-ldp.pcap \ - tests/lspping-fec-rsvp.pcap \ - tests/mpls-ldp-hello.out \ - tests/mpls-ldp-hello.pcap \ - tests/mpls-traceroute.pcap \ - tests/ospf-gmpls.out \ - tests/ospf-gmpls.pcap \ - tests/pppoe.out \ - tests/pppoe.pcap \ - tests/print-A.out \ - tests/print-AA.out \ - tests/print-capX.out \ - tests/print-capXX.out \ - tests/print-flags.pcap \ - tests/print-flags.sh \ - tests/print-x.out \ - tests/print-xx.out \ - tests/rsvp-infinite-loop.pcap \ - tests/sflow_multiple_counter_30_pdus.out \ - tests/sflow_multiple_counter_30_pdus.pcap \ vfprintf.c \ - win32/Include/errno.h \ - win32/Include/getopt.h \ - win32/Include/w32_fzs.h \ - win32/Src/getopt.c \ win32/prj/GNUmakefile \ win32/prj/WinDump.dsp \ - win32/prj/WinDump.dsw + win32/prj/WinDump.dsw \ + win32/prj/WinDump.sln \ + win32/prj/WinDump.vcproj \ + win32/src/ether_ntohost.c -all: $(PROG) +TEST_DIST= `find tests \( -name 'DIFF' -prune \) -o \( -name NEW -prune \) -o -type f \! -name '.*' \! -name '*~' -print` + +all: $(PROG) $(LIBNETDISSECT) $(PROG): $(OBJ) @V_PCAPDEP@ @rm -f $@ @@ -366,25 +376,19 @@ $(PROG): $(OBJ) @V_PCAPDEP@ $(LIBNETDISSECT): $(LIBNETDISSECT_OBJ) @rm -f $@ - $(AR) cr $@ $(LIBNETDISSECT_OBJ) + $(AR) cr $@ $(LIBNETDISSECT_OBJ) $(RANLIB) $@ datalinks.o: $(srcdir)/missing/datalinks.c $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/datalinks.c dlnames.o: $(srcdir)/missing/dlnames.c $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/dlnames.c -getnameinfo.o: $(srcdir)/missing/getnameinfo.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/getnameinfo.c -getaddrinfo.o: $(srcdir)/missing/getaddrinfo.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/getaddrinfo.c -inet_pton.o: $(srcdir)/missing/inet_pton.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/inet_pton.c -inet_ntop.o: $(srcdir)/missing/inet_ntop.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/inet_ntop.c -inet_aton.o: $(srcdir)/missing/inet_aton.c - $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/inet_aton.c +getopt_long.o: $(srcdir)/missing/getopt_long.c + $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/getopt_long.c snprintf.o: $(srcdir)/missing/snprintf.c $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/snprintf.c +strdup.o: $(srcdir)/missing/strdup.c + $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/strdup.c strlcat.o: $(srcdir)/missing/strlcat.c $(CC) $(FULL_CFLAGS) -o $@ -c $(srcdir)/missing/strlcat.c strlcpy.o: $(srcdir)/missing/strlcpy.c @@ -428,12 +432,17 @@ clean: distclean: rm -f $(CLEANFILES) Makefile config.cache config.log config.status \ - config.h gnuc.h os-proto.h stamp-h stamp-h.in $(PROG).1 - rm -rf autom4te.cache + config.h gnuc.h os-proto.h stamp-h stamp-h.in $(PROG).1 \ + libnetdissect.a tests/.failed tests/.passed \ + tests/failure-outputs.txt + rm -rf autom4te.cache tests/DIFF tests/NEW check: tcpdump (cd tests && ./TESTrun.sh) +extags: $(TAGFILES) + ctags $(TAGFILES) + tags: $(TAGFILES) ctags -wtd $(TAGFILES) @@ -443,9 +452,12 @@ TAGS: $(TAGFILES) releasetar: @cwd=`pwd` ; dir=`basename $$cwd` ; name=$(PROG)-`cat VERSION` ; \ mkdir $$name; \ - tar cf - $(CSRC) $(HDR) $(LIBNETDISSECT_SRC) $(EXTRA_DIST) | (cd $$name; tar xf -); \ + tar cf - $(CSRC) $(HDR) $(LIBNETDISSECT_SRC) $(EXTRA_DIST) $(TEST_DIST) | (cd $$name; tar xf -); \ tar -c -z -f $$name.tar.gz $$name; \ rm -rf $$name +testlist: + echo $(TEST_DIST) + depend: $(GENSRC) - ${srcdir}/mkdep -c $(CC) $(DEFS) $(INCLS) $(SRC) + $(MKDEP) -c $(CC) -m $(DEPENDENCY_CFLAG) $(DEFS) $(INCLS) $(SRC) diff --git a/PLATFORMS b/PLATFORMS new file mode 100644 index 0000000..4f11c51 --- /dev/null +++ b/PLATFORMS @@ -0,0 +1,16 @@ +In many operating systems tcpdump is available as a native package or port, +which simplifies installation of updates and long-term maintenance. However, +the native packages are sometimes a few versions behind and to try a more +recent snapshot it will take to compile tcpdump from the source code. + +tcpdump compiles and works on at least the following platforms: + +* AIX +* FreeBSD +* HP-UX 11i +* Linux (any) with glibc (usually just works) +* Linux (any) with musl libc (sometimes fails to compile, please report any bugs) +* Mac OS X / macOS +* NetBSD +* OpenWrt +* Solaris diff --git a/README b/README deleted file mode 100644 index ed657c1..0000000 --- a/README +++ /dev/null @@ -1,233 +0,0 @@ -@(#) $Header: /tcpdump/master/tcpdump/README,v 1.68 2008-12-15 00:05:27 guy Exp $ (LBL) - -TCPDUMP 4.x.y -Now maintained by "The Tcpdump Group" -See www.tcpdump.org - -Please send inquiries/comments/reports to: - tcpdump-workers@lists.tcpdump.org - -Anonymous Git is available via: - git clone git://bpf.tcpdump.org/tcpdump - -Version 4.x.y of TCPDUMP can be retrieved with the CVS tag "tcpdump_4_xrely": - cvs -d :pserver:cvs.tcpdump.org:/tcpdump/master checkout -r tcpdump_4_xrely tcpdump - -Please submit patches against the master copy to the tcpdump project on -sourceforge.net. - -formerly from Lawrence Berkeley National Laboratory - Network Research Group - ftp://ftp.ee.lbl.gov/tcpdump.tar.Z (3.4) - -This directory contains source code for tcpdump, a tool for network -monitoring and data acquisition. This software was originally -developed by the Network Research Group at the Lawrence Berkeley -National Laboratory. The original distribution is available via -anonymous ftp to ftp.ee.lbl.gov, in tcpdump.tar.Z. More recent -development is performed at tcpdump.org, http://www.tcpdump.org/ - -Tcpdump uses libpcap, a system-independent interface for user-level -packet capture. Before building tcpdump, you must first retrieve and -build libpcap, also originally from LBL and now being maintained by -tcpdump.org; see http://www.tcpdump.org/ . - -Once libpcap is built (either install it or make sure it's in -../libpcap), you can build tcpdump using the procedure in the INSTALL -file. - -The program is loosely based on SMI's "etherfind" although none of the -etherfind code remains. It was originally written by Van Jacobson as -part of an ongoing research project to investigate and improve tcp and -internet gateway performance. The parts of the program originally -taken from Sun's etherfind were later re-written by Steven McCanne of -LBL. To insure that there would be no vestige of proprietary code in -tcpdump, Steve wrote these pieces from the specification given by the -manual entry, with no access to the source of tcpdump or etherfind. - -Over the past few years, tcpdump has been steadily improved by the -excellent contributions from the Internet community (just browse -through the CHANGES file). We are grateful for all the input. - -Richard Stevens gives an excellent treatment of the Internet protocols -in his book ``TCP/IP Illustrated, Volume 1''. If you want to learn more -about tcpdump and how to interpret its output, pick up this book. - -Some tools for viewing and analyzing tcpdump trace files are available -from the Internet Traffic Archive: - - http://www.acm.org/sigcomm/ITA/ - -Another tool that tcpdump users might find useful is tcpslice: - - ftp://ftp.ee.lbl.gov/tcpslice.tar.Z - -It is a program that can be used to extract portions of tcpdump binary -trace files. See the above distribution for further details and -documentation. - -Problems, bugs, questions, desirable enhancements, etc. should be sent -to the address "tcpdump-workers@lists.tcpdump.org". Bugs, support -requests, and feature requests may also be submitted on the SourceForge -site for tcpdump at - - http://sourceforge.net/projects/tcpdump/ - -Source code contributions, etc. should be sent to the email address -submitted as patches on the SourceForge site for tcpdump. - -Current versions can be found at www.tcpdump.org, or the SourceForge -site for tcpdump. - - - The TCPdump team - -original text by: Steve McCanne, Craig Leres, Van Jacobson - -------------------------------------- -This directory also contains some short awk programs intended as -examples of ways to reduce tcpdump data when you're tracking -particular network problems: - -send-ack.awk - Simplifies the tcpdump trace for an ftp (or other unidirectional - tcp transfer). Since we assume that one host only sends and - the other only acks, all address information is left off and - we just note if the packet is a "send" or an "ack". - - There is one output line per line of the original trace. - Field 1 is the packet time in decimal seconds, relative - to the start of the conversation. Field 2 is delta-time - from last packet. Field 3 is packet type/direction. - "Send" means data going from sender to receiver, "ack" - means an ack going from the receiver to the sender. A - preceding "*" indicates that the data is a retransmission. - A preceding "-" indicates a hole in the sequence space - (i.e., missing packet(s)), a "#" means an odd-size (not max - seg size) packet. Field 4 has the packet flags - (same format as raw trace). Field 5 is the sequence - number (start seq. num for sender, next expected seq number - for acks). The number in parens following an ack is - the delta-time from the first send of the packet to the - ack. A number in parens following a send is the - delta-time from the first send of the packet to the - current send (on duplicate packets only). Duplicate - sends or acks have a number in square brackets showing - the number of duplicates so far. - - Here is a short sample from near the start of an ftp: - 3.00 0.20 send . 512 - 3.20 0.20 ack . 1024 (0.20) - 3.20 0.00 send P 1024 - 3.40 0.20 ack . 1536 (0.20) - 3.80 0.40 * send . 0 (3.80) [2] - 3.82 0.02 * ack . 1536 (0.62) [2] - Three seconds into the conversation, bytes 512 through 1023 - were sent. 200ms later they were acked. Shortly thereafter - bytes 1024-1535 were sent and again acked after 200ms. - Then, for no apparent reason, 0-511 is retransmitted, 3.8 - seconds after its initial send (the round trip time for this - ftp was 1sec, +-500ms). Since the receiver is expecting - 1536, 1536 is re-acked when 0 arrives. - -packetdat.awk - Computes chunk summary data for an ftp (or similar - unidirectional tcp transfer). [A "chunk" refers to - a chunk of the sequence space -- essentially the packet - sequence number divided by the max segment size.] - - A summary line is printed showing the number of chunks, - the number of packets it took to send that many chunks - (if there are no lost or duplicated packets, the number - of packets should equal the number of chunks) and the - number of acks. - - Following the summary line is one line of information - per chunk. The line contains eight fields: - 1 - the chunk number - 2 - the start sequence number for this chunk - 3 - time of first send - 4 - time of last send - 5 - time of first ack - 6 - time of last ack - 7 - number of times chunk was sent - 8 - number of times chunk was acked - (all times are in decimal seconds, relative to the start - of the conversation.) - - As an example, here is the first part of the output for - an ftp trace: - - # 134 chunks. 536 packets sent. 508 acks. - 1 1 0.00 5.80 0.20 0.20 4 1 - 2 513 0.28 6.20 0.40 0.40 4 1 - 3 1025 1.16 6.32 1.20 1.20 4 1 - 4 1561 1.86 15.00 2.00 2.00 6 1 - 5 2049 2.16 15.44 2.20 2.20 5 1 - 6 2585 2.64 16.44 2.80 2.80 5 1 - 7 3073 3.00 16.66 3.20 3.20 4 1 - 8 3609 3.20 17.24 3.40 5.82 4 11 - 9 4097 6.02 6.58 6.20 6.80 2 5 - - This says that 134 chunks were transferred (about 70K - since the average packet size was 512 bytes). It took - 536 packets to transfer the data (i.e., on the average - each chunk was transmitted four times). Looking at, - say, chunk 4, we see it represents the 512 bytes of - sequence space from 1561 to 2048. It was first sent - 1.86 seconds into the conversation. It was last - sent 15 seconds into the conversation and was sent - a total of 6 times (i.e., it was retransmitted every - 2 seconds on the average). It was acked once, 140ms - after it first arrived. - -stime.awk -atime.awk - Output one line per send or ack, respectively, in the form -