On Mon, Apr 1, 2024 at 11:06 AM Michael Richardson wrote:
>
> Bill Fenner wrote:
> > mcr suggested:
> >> I wonder if we should nuke our own make tarball system.
>
> > The creation of a tarball and its signature gives a place to hang
> one's
mcr suggested:
> I wonder if we should nuke our own make tarball system.
The creation of a tarball and its signature gives a place to hang one's hat
about origin of code - "someone with the right key claims that this tarball
genuinely reflects what the project wants to distribute". Is there a
On Sat, Feb 24, 2024 at 1:40 PM Guy Harris wrote:
> On Feb 5, 2024, at 9:38 AM, Bill Fenner wrote:
>
> > Is this a reasonable way to proceed?
>
> Yes.
>
> Perhaps have a file icmp-common.c or print-icmp-common.c with code and
> data structures common to ICMP(v4) and
Hi,
I'm working on RFC8335 (PROBE) support for tcpdump - I've already submitted
the pull request for IPv4. I'm working on IPv6 support, and it looks like
this is the first case that the packet format is identical between ICMP and
ICMPv6 but complex enough that it's worth reusing code.
My commit
--- Begin Message ---
On Sat, Jan 7, 2023 at 12:38 PM Denis Ovsienko wrote:
> On Wed, 4 Jan 2023 08:40:21 -0500
> Bill Fenner via tcpdump-workers
> wrote:
>
> > Hi,
> >
> > I know the tcpdump style follows a bunch of bsd patterns, since it
> > came from Berke
--- Begin Message ---
Hi,
I know the tcpdump style follows a bunch of bsd patterns, since it came
from Berkeley in the first place. Does anyone have a clang-format config
that reflects these coding conventions? One of the problems I have in
upstreaming Arista-developed tcpdump code is making
--- Begin Message ---
On Sun, Jul 17, 2022 at 3:30 PM Guy Harris via tcpdump-workers <
tcpdump-workers@lists.tcpdump.org> wrote:
>
> Should we care about it, or should we just drop support for OSes lacking
> native IPv6 support in 5.0?
IMO it is safe to drop support for OSes lacking native IPv6
--- Begin Message ---
Hi Denis,
Thanks for pointing out the manpage update. I had old man pages (my work
is being done in the context of the 1.10 release). What confused me is the
asymmetry of the API. If you call pcap_setnonblock() on an
un-activated socket, it sets a flag and doesn't return
--- Begin Message ---
On Fri, May 20, 2022 at 6:10 PM Bill Fenner wrote:
> On Fri, May 20, 2022 at 12:36 PM Guy Harris wrote:
>
>> If it's putting them in non-blocking mode, and using some
>> select/poll/epoll/etc. mechanism in a single event loop, then the right
&
--- Begin Message ---
On Fri, May 20, 2022 at 6:10 PM Bill Fenner wrote:
> On Fri, May 20, 2022 at 12:36 PM Guy Harris wrote:
>
>> If it's putting them in non-blocking mode, and using some
>> select/poll/epoll/etc. mechanism in a single event loop, then the right
&
--- Begin Message ---
On Fri, May 20, 2022 at 12:36 PM Guy Harris wrote:
> If it's putting them in non-blocking mode, and using some
> select/poll/epoll/etc. mechanism in a single event loop, then the right
> name for the API is pcap_setnonblock(). There's no need for an eventfd to
> wake up
--- Begin Message ---
I'm helping to debug a system that uses many many pcap handles, and never
calls pcap_loop - only ever pcap_next. We've found that each pcap handle
has an associated eventfd, which is used to make sure to wake up when
pcap_breakloop() is called. Since this code doesn't call
--- Begin Message ---
It would be perfectly reasonable (and fairly straightforward) to update
libpcap to be able to filter on the Ethernet address in DLT_LINUX_SLL or
DLT_LINUX_SLL2 mode. There are already filters that match other offsets in
the SLL or SLL2 header. However, I don't think it
--- Begin Message ---
On Wed, Sep 9, 2020 at 12:08 PM Denis Ovsienko via tcpdump-workers <
tcpdump-workers@lists.tcpdump.org> wrote:
> Travis CI tcpdump builds have been failing for a while and I went to
> see why. It is easy to see that only the jobs that have
> "BUILD_LIBPCAP=yes CMAKE=yes"
--- Begin Message ---
On Tue, Jan 5, 2021 at 8:10 PM Denis Ovsienko via tcpdump-workers <
tcpdump-workers@lists.tcpdump.org> wrote:
> Bill Fenner via tcpdump-workers
> wrote:
>
> > I just wanted to share some of my thinking about how to proceed with
> > the truncation-
--- Begin Message ---
I just wanted to share some of my thinking about how to proceed with the
truncation-related changes on the road to 5.0.0.
1. Improve code coverage for the printer that's being modified. (This
ensures that the code being modified has a corresponding test pcap that can
be
--- Begin Message ---
On Mon, Nov 30, 2020 at 12:59 PM Michael Richardson
wrote:
> Hi, CVE-2020-8037 causes a big amount of memory to be allocated (then
> freed),
> it does not cause an attack.
That's helpful information. (On a low-memory device that actually requires
memory at malloc time,
--- Begin Message ---
I see that Red Hat/Fedora have released new packages to address
CVE-2020-8037 in tcpdump. Does the tcpdump group have any message about
this CVE? Is there a release from tcpdump.org with this CVE fixed?
See https://bugzilla.redhat.com/show_bug.cgi?id=1895080 for details
--- Begin Message ---
On Wed, Aug 12, 2020 at 6:22 PM Guy Harris wrote:
> On Aug 12, 2020, at 1:31 PM, Guy Harris via tcpdump-workers <
> tcpdump-workers@lists.tcpdump.org> wrote:
>
> > We should probably have an include/libnetdissect directory in which we
> install netdissect.h and the headers
--- Begin Message ---
Hi,
Is there a plan for a public face for libnetdissect? I've tried teasing it
out, and I ended up having to install:
funcattrs.h print.h config.h netdissect.h ip.h ip6.h compiler-tests.h
status-exit-codes.h
in /usr/include/tcpdump/ in order to compile a libnetdissect-using
--- Begin Message ---
Since there's interest in SLL2 here, I'd like to raise the visibility of my
libpcap pull request for filtering on ifindex:
https://github.com/the-tcpdump-group/libpcap/pull/829
It filters on both live "any" captures (SLL or SLL2) and reading from a
saved SLL2 pcap.
Bill
--- Begin Message ---
The "-y" flag to tcpdump allows you to specify capturing with
DLT_LINUX_SLL2.
//tmp @fenner-t493.sjc% tcpdump -i any -y linux_sll2 udp port 53
tcpdump: data link type linux_sll2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any,
Hi,
On Linux, the kernel filter code uses negative offsets for some purposes -
for example, "inbound" is implemented via "ether[-4092] = 4". Using this
mechanism, the user can apply kernel filter methods for which there is no
pcap support.
When capturing on an SLL or SLL2 socket, these negative
On Wed, Sep 25, 2019 at 6:50 AM P.B. wrote:
> I would like to contribute a small fix for valgrind issue with
> uninitialized bytes but I an;t push a branch to pcap repo. Any guidance on
> how to add it and create a pull request ?
>
Hi Pawel,
Start at
On Mon, Mar 18, 2013 at 11:08 PM, Wesley Shields w...@freebsd.org wrote:
On Fri, Mar 15, 2013 at 06:37:25PM -0700, Guy Harris wrote:
On Mar 15, 2013, at 2:45 PM, Michael Richardson m...@sandelman.ca wrote:
wen == wen lui esolvepol...@gmail.com writes:
wen I used libpcap function
On Wed, Feb 6, 2013 at 4:08 AM, ri...@happyleptic.org wrote:
Many people suggested reordercap from wireshark 1.9.
Thank you, I was not aware of this tool.
But looking at the code, it seams that this program loads the whole pcap
before
sorting it - this is not practical when the pcap is
On Fri, Feb 1, 2013 at 8:07 PM, Michael Richardson m...@sandelman.ca wrote:
Ani == Ani Sinha a...@aristanetworks.com writes:
Ani hello folks :
Ani As you guys have been aware, I am hacking libpcap for a
Ani while. Me and Bill noticed something seriously broken for any
Ani
...@alum.mit.edu]
Sent: Friday, February 01, 2013 6:19 PM
To: Bill Fenner
Cc: Gianluca Varenni; Michael Richardson; tcpdump-workers@lists.tcpdump.org;
Francesco Ruggeri
Subject: Re: [tcpdump-workers] not vlan filter expression broken
catastrophically!
On Feb 1, 2013, at 4:49 AM, Bill Fenner fen
generation code.
Bill
-Original Message-
From: tcpdump-workers-boun...@lists.tcpdump.org
[mailto:tcpdump-workers-boun...@lists.tcpdump.org] On Behalf Of Ani Sinha
Sent: Thursday, January 31, 2013 3:42 PM
To: tcpdump-workers@lists.tcpdump.org
Cc: Bill Fenner; Michael Richardson
...@gmail.com [mailto:fen...@gmail.com] On Behalf Of Bill Fenner
Sent: Friday, February 01, 2013 4:49 AM
To: Gianluca Varenni
Cc: Ani Sinha; tcpdump-workers@lists.tcpdump.org; Michael Richardson;
Francesco Ruggeri
Subject: Re: [tcpdump-workers] not vlan filter expression broken
catastrophically
On Mon, Jan 7, 2013 at 10:04 PM, Paul Pearce pea...@cs.berkeley.edu wrote:
However, raw vlan tagged packets that are *injected* into the
interface using libpcap's pcap_inject() (which is just a fancy wrapper
for the send() syscall) are not identified by filters using the recent
BPF
On Wed, Oct 31, 2012 at 6:20 PM, Guy Harris g...@alum.mit.edu wrote:
On Oct 31, 2012, at 2:50 PM, Ani Sinha a...@aristanetworks.com wrote:
pcap files that already have the tags reinsrted should work with
current filter code. However for live traffic, one has to get the tags
from CMSG() and
.
You have to use and to join any look here for this value and look there for
that value.
Bill
Thanks again.
Best regards,
Ezequiel
On Wed, Oct 17, 2012 at 4:49 PM, Bill Fenner fen...@gmail.com wrote:
On Wed, Oct 17, 2012 at 3:59 AM, Ezequiel Garzón
garzon.luc...@gmail.com wrote
On Wed, Oct 17, 2012 at 3:59 AM, Ezequiel Garzón
garzon.luc...@gmail.com wrote:
Greetings! I'm trying to understand tcpdump expressions a bit more,
and I'm confused about a basic example given in the pcap-filter man
pages. They first state:
| The filter expression consists of one or more
I've been meaning to revisit aclocal.m4 and the autoconf setup for a
long time. Much of it was hand-spun to get around bugs or limitations
in autoconf 2.9. Unfortunately, I don't have access to many of the
funny systems to make sure that I don't delete something that looks
like cruft but is
35 matches
Mail list logo