[tcpdump-workers] Re: Dropping support in tcpdump for older versions of libpcap?

ose first appeared in libpcap 1.0, which was > released in 2008, almost 16 years ago. > Is there any reason not to require libpcap 1.0 or later? If there is, > is there any reason not to require libpcap 0.7 or later? I think libpcap 1.0 or later is good. -- Michael Richardson

[tcpdump-workers] Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster)

Guy Harris wrote: > If so, do we > 1) require people to have autotools installed and run ./autogen.sh > or > 2) generate the configure scripts on some standard platform and check it in 3) stop using autoconf, cmake only. ___

[tcpdump-workers] Re: openwrt Conclusions from CVE-2024-3094 (libxz disaster)

Bill Fenner wrote: > mcr suggested: >> I wonder if we should nuke our own make tarball system. > The creation of a tarball and its signature gives a place to hang one's hat > about origin of code - "someone with the right key claims that this tarball > genuinely reflects

[tcpdump-workers] openwrt Conclusions from CVE-2024-3094 (libxz disaster)

-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpd

[tcpdump-workers] Re: Test

Guy Harris wrote: > Is the list working? It was not. I finally found the web process hanging onto a database lock, and cleared that. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to

[tcpdump-workers] Re: upgrade to mailman3

Michael Richardson wrote: > Michael Richardson wrote: >> This message is partly to see if anything is fixed. > At least the emails went through, but did not get archived yet. > Help sought. maybe working now. ___

[tcpdump-workers] Re: upgrade to mailman3

Michael Richardson wrote: > This message is partly to see if anything is fixed. At least the emails went through, but did not get archived yet. Help sought. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe s

[tcpdump-workers] upgrade to mailman3

We have gone from 3.3.3 to mailman3 3.3.8 with an operating system update to Debian 12 (Devuan 4). Missed the broken kernel (I checked). The previous system had numerous faults, particularly around archiving which I was unable to fix in the time I had available. This message is partly to see

[tcpdump-workers] Re: Request for a LINKTYPE/DLT for DECT NR+ (ETSI TS 103 636)

Stig Bjørlykke via tcpdump-workers wrote: > We are in the process of making a trace tool and a Wireshark dissector > for DECT NR+ [1]. The "DECT-2020 New Radio (NR); Part 4: MAC layer" > chapter 6 defines PDU formats and parameters for this protocol. > Proposed name:

[tcpdump-workers] Re: Removing untested libpcap support for older platforms

Guy Harris wrote: > Should we also consider removing support for some older UN*X platforms, > such as: Yes. > SunOS prior to SunOS 4 - pcap-nit.c; the last such version, SunOS > 3.5, was released in January 1988 > SunOS 4.x - pcap-snit.c; the last such version, SunOS

[tcpdump-workers] Re: Request for Information: libpcap

Zhang, Cynthia X. (GSFC-710.0)[KPMG LLP] wrote: > Hello, my name is Cynthia Zhang and I am a Supply Chain Risk Management > Analyst at NASA. NASA is currently conducting a supply chain assessment > of libpcap. We are interested in confirming the following information: > 1. Is

[tcpdump-workers] Re: Accurate ECN support in tcpdump/libpcap

Scheffenegger, Richard wrote: > Tcpdump - any every tool afterwards - has been using "." for ACKs. Hi, so there have been some tools which have parsed the tcpdump "TCP" output in the past, and there have been small variations in the output, and often we've broken those tools. One such tool

[tcpdump-workers] Re: [tcpdump] About PR 812

Francois-Xavier Le Bail wrote: > Does anyone see a problem with this change? (Answer on PR page.) > https://github.com/the-tcpdump-group/tcpdump/pull/812 It looks so simple, it's probably correct :-) -- Michael Richardson. o O ( IPv6 IøT consulting ) San

[tcpdump-workers] Re: libpcap : An entry in the manual about multithreading

could be a global map of pcap_t* handles to > thread ID's, something like: > struct Mapping { pcap_t *handle; pthread_t thread_id; }; > Mapping mappings[32u]; I could tolerate this. -- ] Never tell me the odds! | ipv6 mesh networks [ ]

[tcpdump-workers] more testing...

There are some problems on the list host where some files wind up root owned, when they shouldn't be. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpdump-workers-le...@lists.tcpdump.org

[tcpdump-workers] more testing emails

I'm sorry for the troubles. We are still getting continuous attempts to send email subscribe (DDoS) spam via HTTP, even though mailman2 is gone, and the links are are 404, but the script kiddies continue. fail2ban is doing some things, needs further tuning. But overall, it's just annoying.

[tcpdump-workers] Re: mailman3 list imported

Michael Richardson via tcpdump-workers wrote: > --- Forwarded Message The DMARC mitigation was forced on, which is not what I wanted. ___ tcpdump-workers mailing list -- tcpdump-workers@lists.tcpdump.org To unsubscribe send an email to tcpd

[tcpdump-workers] mailman3 list imported

--- Begin Message --- The mailing list has been moved from a mailman2 host to a mailman3 host. I had subscribed everyone with an option to confirm, but that was a bad idea. I have now found the import21 command, and imported the "pickle" file from the mailman2 installation. I hope that this

Re: [tcpdump-workers] Speed specific Link-Layer Header Types for USB 2.0

ith a subtype header, but if you want to go with three, I don't object. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.san

Re: [tcpdump-workers] Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

provide further information. > Best regards > Frank Gorgas-Waller Software Architect > Auerswald Gesellschaft für Datensysteme mbH Vor den Grashöfen 1 38162 > Cremlingen Germany -- ] Never tell me the odds! | ipv6 mesh networks [

Re: [tcpdump-workers] Stick with Travis for continuous integration, or switch?

--- Begin Message --- Francois-Xavier Le Bail via tcpdump-workers wrote: > To save CI runtime, I have committed > a063c2d21417345ee583551ef2c07a0be6b32696 for libpcap. > This will currently run only five builders (amd64, arm64, ppc64le, > s390x and osx) and do the matrix

Re: [tcpdump-workers] Request to add MCTP and PCI_DOE to PCAP link type

--- Begin Message --- Yao, Jiewen wrote: > Thank you. I will file a Pull-Request. > The DOE header definition can be found > https://github.com/jyao1/openspdm/blob/master/Include/IndustryStandard/PciDoeBinding.h > It starts from PCI_DOE_DATA_OBJECT_HEADER. That sounds like

Re: [tcpdump-workers] Request to add MCTP and PCI_DOE to PCAP link type

--- Begin Message --- Yao, Jiewen via tcpdump-workers wrote: > Hello Any response ? > Thank you Yao Jiewen ... Hi, sorry abotu that. > Hi I write this email to request to below 2 link types. > 1. MCTP > Management Component Transport Protocol (MCTP) is an industry

Re: [tcpdump-workers] libpcap detection and linking in tcpdump

ly-installed tcpdump. Effectively, this is what libtool tries to do. I would rather just be explicit about it somehow. Maybe that goes into how we use "make check", but I'm not sure where else it matters. -- ] Never tell me the odds! | ipv6 mesh

Re: [tcpdump-workers] libpcap detection and linking in tcpdump

ith one of my Ubuntu VMs. > In the meantime, for some fun head-exploding reading, take a look at > https://en.wikipedia.org/wiki/Rpath > and perhaps some other documents found by a search for Yeah... I don't even know what to say. -- ] Never tell me the odds! |

Re: [tcpdump-workers] Any way to filter ether address when type is LINUX_SLL?

--- Begin Message --- Guy Harris via tcpdump-workers wrote: > I've been thinking about a world in which we have more pcapng-style > APIs. With a capture API that can deliver, for each packet, something > similar to a pcapng Enhanced Packet Block, with an interface number > from

Re: [tcpdump-workers] bpf.tcpdump.org updates

--- Begin Message --- Michael Richardson via tcpdump-workers wrote: > bpf.tcpdump.org is being updated from devuan ascii (2.0) to devuan > beowolf (3.1). (Equvialent to Debian buster). > I've doing this to upgrade git to the version that supports --mirror,

[tcpdump-workers] bpf.tcpdump.org updates

--- Begin Message --- bpf.tcpdump.org is being updated from devuan ascii (2.0) to devuan beowolf (3.1). (Equvialent to Debian buster). I've doing this to upgrade git to the version that supports --mirror, which is not the right thing for the local repositories. (I was, you know, reading the man

Re: [tcpdump-workers] Any way to filter ether address when type is LINUX_SLL?

--- Begin Message --- Bill Fenner via tcpdump-workers wrote: > It would be perfectly reasonable (and fairly straightforward) to update > libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL > or DLT_LINUX_SLL2 mode. There are already filters that match other >

Re: [tcpdump-workers] [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- IANA considerations

--- Begin Message --- wrote: >> -Message d'origine- >> De : OPSAWG [mailto:opsawg-boun...@ietf.org] De la part de Michael >> Richardson >> Envoyé : mardi 22 décembre 2020 17:36 >> À : Guy Harris >> Cc : Pcap-ng file form

Re: [tcpdump-workers] [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- FCS length description

or whether > it's still supported. Wow, lots of ill-defined complexity here. I think that we should just regard this as water under the bridge. If NetBSD wants to propose a use for those empty bits, then a new specification could update that use case. -- Michael Richardson. o O ( IP

Re: [tcpdump-workers] [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- IANA considerations

That one's there for NetBSD; I *think* the packet contains just a PPPoE > header and payload. I may have to dig into the NetBSD code to see what > they do. okay, but we don't have to get that perfect in the document. What matters is that it points to /linktypes.html in th

Re: [tcpdump-workers] [OPSAWG] draft-gharris-opsawg-pcap.txt --- FCS length description

--- Begin Message --- -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Carsten Bormann wrote: > On 2020-12-22, at 01:31, Michael Richardson wrote: >> >> #define LT_FCS_LENGTH(x) (((x) & 0xF000) >> 28) >> #define LT_FCS_DATALINK_EXT(x

[tcpdump-workers] draft-gharris-opsawg-pcap.txt --- IANA considerations

arris-opsawg-pcap-01 Diff: https://www.ietf.org/rfcdiff?url2=draft-gharris-opsawg-pcap-01 -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide --- End Message --- ___ tcpdump-

[tcpdump-workers] draft-gharris-opsawg-pcap.txt --- FCS length description

d? Or would that be indicated by LENGTH_PRESENT(x)==0? Or is 0 ==> 8 * 16-bits => 128 bits of FCS. I'm going to propose IANA considerations in a followup email and in -01. -- Michael Richardson. o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwid

[tcpdump-workers] man pages... what's cool now? (fwd) Michael Richardson: man pages... what's cool now?

--- Begin Message --- I forgot not to PGP sign. --- End Message --- ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] pcap_open_offline_... and options and the like

--- Begin Message --- Michael Richardson via tcpdump-workers wrote: > trying without GPG signature YUP. That's it. So mailman2 will have to get replaced finally. It eats emails with signature attachments, I think. This is new. After a few hours thinking about my previous email I wan

[tcpdump-workers] pcap_open_offline_... and options and the like

extensive rework so that pcap_create() could create handle for live and offline captures, and that specifying the capture type was just another set. These are not mutually exclusive. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sand

Re: [tcpdump-workers] CVE-2020-8037: memory allocation in ppp decapsulator

ixes, or should we rely on Red Hat and others for that? I can strive to do better. I think that you are on the security@ list, and I think that this did go through that list at the time. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, San

Re: [tcpdump-workers] tcpslice licence

--- Begin Message --- Denis Ovsienko via tcpdump-workers wrote: > [...] >> The first step I'd take would be to get rid of the GPLed headers in >> favor of BSD-licensed headers, e.g. taking the ip.h, tcp.h, and udp.h >> headers from tcpdump and changing the code to work with them.

Re: [tcpdump-workers] [pcap-ng-format] "Custom" link-layer types for pcap and pcapng

r *two* capture file formats, these lists are > probably better places for discussion than having two pull requests and > discussing them in comments there. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software W

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] Use tab instead of space in formatting pcap-int.h (#918)

I took it directly to the list to ask if this was right. You didn't miss anything. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] Use tab instead of space in formatting pcap-int.h (#918)

--- Begin Message --- Francois-Xavier Le Bail wrote: >> > If we do, we should replace all the tabs in pcap-int.h with spaces; we >> > should at least be consistent, and change #918 fixed one inconsistent >> > case. >> >> Let's agree that we are going towards spaces. >> I

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] Use tab instead of space in formatting pcap-int.h (#918)

hitespace settings? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ --- End Message --- __

[tcpdump-workers] snprintf in libpcap

just use "snprintf()" now. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ --- E

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] CVE-2018-16301 information (#855)

not present in libpcap 1.8.x -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___

Re: [tcpdump-workers] TESTrun.sh and TESTonce -> combining into single perl driver?

gh reason. > Although there'd be more work required - TESTonce depends on having > cat, diff, and sed, and crypto.sh depends on grep, for example. cat and sed I can eliminate. probably the crypto.sh can be brought into the test structure. -- ] Never tell me the odds!

Re: [tcpdump-workers] TESTrun.sh and TESTonce -> combining into single perl driver?

Guy Harris wrote: > If "make check" required *only* Perl, not a Bourne-compatible shell, > that might also make running "make check" on Windows easier. That's probably a good enough reason. ___ tcpdump-workers mailing list

[tcpdump-workers] TESTrun.sh and TESTonce -> combining into single perl driver?

that Perl is now ubiquitous enough on Windows that we could just use one program to drive it all? OpenSSL uses the Perl unit test framework; I'm not sure I'd want to go that far, but I'd consider it. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael

[tcpdump-workers] {clang, gcc} X {i386, x86_64} building, and docker/travis

a four hour disaster? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-

Re: [tcpdump-workers] New official link-layer type request

intention to have it adopted there, there is no advantage to daking it hta tway. http://socket.hr/draft-dfranusic-elee-00.xml This URL is really good enough for me. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Softw

Re: [tcpdump-workers] New official link-layer type request

ed to be easily extensible. So, you'd create whatever blocks you needed. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/|

[tcpdump-workers] libpcap logo?

..0i8i30j0i24j0i10i24.whbzqDKWRMA -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails

Re: [tcpdump-workers] Link-layer header type for unix domain sockets (UDS)

of thing. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___

[tcpdump-workers] Introducing Season of Docs [LWN.net]

https://lwn.net/Articles/782785/rss If tcpdump was to do this, what kind of things would you want to revise? Man page, web site, pcap API documents, API walkthrough, tuning, how to capture or analyze things... ___ tcpdump-workers mailing list

Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type.

ds, and what they are used for? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| r

Re: [tcpdump-workers] tcpdump-workers subscription notification

mailman-boun...@lists.tcpdump.org wrote: > PcapPlusPlus Support has been successfully > subscribed to tcpdump-workers. What an interesting email address :-) ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org

Re: [tcpdump-workers] DLT request for EBHSCR

I'll get you a DLT value by Friday! ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] [tcpdump] ndo_nflag in print-sl.c ?

the right flag to use. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby

Re: [tcpdump-workers] pcap_inject change?

Steve Bourland wrote: > Yes, things broke moving from 4.15.0-32 to 4.15.0-34, so it looks like > the change came with the move from -32 to -33 (the original machines > showing the problem have the -33 kernel installed). > These kernels are what come with Ubuntu 18.04 from

Re: [tcpdump-workers] DLT request for EBHSCR

specific URL? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby

Re: [tcpdump-workers] Should the tcpdump tests be run with TZ=GMT0, or should the AFS printer print time stamps in UTC?

Francois-Xavier Le Bail wrote: >> 2) For tests in TESTLIST, we could build and check the output with TZ=GMT0 (in TESTrun.sh and >> update-test.sh). >> Like that, we could run the tests without the '-t' option and get problems/changes in time printing >> functions. Need an update

Re: [tcpdump-workers] Should the tcpdump tests be run with TZ=GMT0, or should the AFS printer print time stamps in UTC?

additional times from within the tickets or something? If so, they should definitely be in UTC... whether we do that with TZ=GMT0 or fix the printer, I'm not sure. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works

Re: [tcpdump-workers] [tcpdump-security] [libpcap] Problem with version 1.9.0

as our official mechanism now... i.e. have travis, etc. use it in preference to configure. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://

[tcpdump-workers] [libpcap] Problem with version 1.9.0

libdnet unknown version > Compiled with AddressSanitizer/CLang. > Need autoreconf. > And 1.9.1 ? Let's do 1.9.1 in September. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [

[tcpdump-workers] libpcap 1.9.0 released

is coming very soon, and a 4.10 as well. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails

[tcpdump-workers] Precompiled binaries or compile script needed for Android

secur...@tcpdump.org is not an appropriate place to ask about binaries. Sometime on tcpdump-workers might be able to help you. https://www.androidtcpdump.com/ also is around. I don't know who runs it. I spent some time trying to integrate the Android (ASOP) build system Makefiles into tcpdump,

Re: [tcpdump-workers] tcpdump-workers Digest, Vol 72, Issue 3

Steve Bourland wrote: > If you have the server's certificate, wireshark has the capability to I think you mean the server's private key. > decrypt SSL traffic captured with tcpdump, but you must have the > certificate and the start of the tcp session. TLS 1.3 will break that as it

[tcpdump-workers] garbage to list

/RESTRICTION_CLASS_README.html#internal][2] -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails

Re: [tcpdump-workers] getting libpcap out the door

for any of the pushes I did. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[

[tcpdump-workers] automating, or validating DLT_ vs LINKTYPE_ values

dlt.h and that new file from a third file (YAML or JSON or CSV format...) -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby

Re: [tcpdump-workers] getting libpcap out the door

Michael Richardson wrote: > Since we now support building on windows, should we attempt to get > appveyor to do regular builds for windows? I see the .appveyor.yml now. I didn't see it integrations, because it's transitioned to webhooks. > Is there another choice? My e

Re: [tcpdump-workers] Request for link-layer header type (XRA)

Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers maili

Re: [tcpdump-workers] One of these things is not like the others

gt; greppable output being the purpose of the flag), which puts the IPv4 > input back on one line: How can we move to this format? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network ar

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] Added a module definition file for wpcap.dll (#586)

a makefile rule... part of make release or something? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/|

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] on the fly decompression of savefiles named *.gz (#578)

it will be used. libz.so is probably pretty ubiquitous, so probably I'm just grasping at straws, but already have a bunch of annoying dependancies for libpcap... -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| n

Re: [tcpdump-workers] [the-tcpdump-group/libpcap] on the fly decompression of savefiles named *.gz (#578)

h just writing out data in gzip format from the outset. I have some concern with introducing a new libz.so or something dependancy to libpcap. I wonder if a popen("|gzip >") will work? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael

Re: [tcpdump-workers] Request for link layer header type

odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdum

[tcpdump-workers] -fPIC for libnetdissect

! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers

Re: [tcpdump-workers] [the-tcpdump-group/tcpdump] tcpdump fails to build when openssl-1.1 was built with --api=1.1.0 (#539)

I would imagine either having two packages, or can it be compiled with both APIs? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/

[tcpdump-workers] tcpdump 4.8 soon

IETF96 is next week in Berlin. (unicast me if you want to connect...) As usual, the tcpdump releases tend to get done around an IETF meeting, but my life has been too hectic of recent. There will be a release next week. Probably WednesdayAny show stoppers?

[tcpdump-workers] openssl 1.1 changes required for tcpdump: what minimum openssl?

! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org

Re: [tcpdump-workers] Hardware Timestamping Problem

o the kernel? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| r

Re: [tcpdump-workers] Hardware Timestamping Problem

fic on outgoing, tcpdump captures before the hardware queue. A big hardware send buffer would result in significant skew. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@san

Re: [tcpdump-workers] Hardware Timestamping Problem

Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdum

[tcpdump-workers] tablets in hotel rooms

start controlling my lights, turning the TV on and off and even making my curtains open and close. What fun! " -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect

Re: [tcpdump-workers] Support for "-T domain"

should see the not-port-53 packets decoded. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.c

Re: [tcpdump-workers] [libpcap] [RFC] bpf: if generating code for vlan keyword also check for non-offloaded case (#431)

> Since this is [RFC] and - if I understand correctly - there are > problems with the produced BPF code, maybe this should be > discussed in the tcpdump-workers mailing-list? Michal Sekletar wrote: > Any particular reason why we shouldn't continue

Re: [tcpdump-workers] [tcpdump] Cannot split pcap into big pcaps (#488)

nversion function that returns a bigger type. A tested patch would be most appreciated... -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelma

Re: [tcpdump-workers] [tcpdump] Sanity check on major/minor libpcap version

> What are the pairs major / minor to authorize currently? I think that as long as major <= PCAP_VERSION_MAJOR, we are good. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ]

Re: [tcpdump-workers] Require Flex to build libpcap?

t we should use flex, and >2.5.6? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/

[tcpdump-workers] next release planning

e the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.t

[tcpdump-workers] LLVM 3.7 released - has BPF backend

http://lwn.net/Articles/656335/rss ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] BPF Extended: addressing BPF's shortcomings

? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers

Re: [tcpdump-workers] [tcpdump] New feature to limit capture file size (#464)

re: https://github.com/the-tcpdump-group/tcpdump/pull/464 Guy writes: We have the -C option, giving a file size in megabytes (real megabytes, i.e. 1,000,000 bytes, not 1,048,576 bytes); once the file gets that big, tcpdump switches to a new file. This adds another file size option, with a

[tcpdump-workers] bpf.tcpdump.org moving virtual hosts

bpf.tcpdump.org will go down at about 2pm EDT for about an hour so that I can transfer it to a more powerful virtual machine host. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect

Re: [tcpdump-workers] how many stable branches to have

Guy Harris g...@alum.mit.edu wrote: I have no problem with having lts- branches created for distros, and I'd rather do that than have old stable. I'd rather call them something like: wheezy-4.7 or centos7-4.7 So, if both Chocolate Coated Spinach Linux Orangina

[tcpdump-workers] how many stable branches to have

we can abandon them... -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works| network architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails

Re: [tcpdump-workers] tcpdump-workers Digest, Vol 34, Issue 3

Jesse Johnson jesse.alan.john...@gmail.com wrote: Is there a list of things that need to be done ie: bug fixes, new features, documentation, etc...? 1) Reading issues on github is important. 2) the priv seperate work that brooksdavis is doing

Re: [tcpdump-workers] pull request: Marvell DSA header

great. Thank you for including sample packets! Is this the kind of thing seen in home routers/SoC? I'm just wondering where one has to dump to see traffic like this... -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works

  1   2   3   4   5   >