Permalink
Commits on Jan 1, 2018
  1. Merge pull request #11 from rfrancoise/configures-fixes

    jpr5 committed Jan 1, 2018
    Fix two configure issues for system PCRE and Libnet
  2. Check for libnet_init in configure.in

    rfrancoise committed Jan 1, 2018
    libnet_init_packet was the old libnet 1.0 function which is now long
    deprecated.
Commits on Sep 8, 2017
  1. Fix another doc goof

    jpr5 committed Sep 8, 2017
Commits on Sep 7, 2017
  1. Fix doc goof

    jpr5 committed Sep 7, 2017
  2. Version bump for release

    jpr5 committed Sep 7, 2017
  3. Fix configure --enable-* logic

    jpr5 committed Sep 7, 2017
    There were a few places where I handled flag processing wrong, treating
    "specified" vs. "unspecified" wrongly as "enabled" vs. "disabled".
  4. Fallback fix for VLAN & related problems

    jpr5 committed Sep 7, 2017
    Building off of the disable-VLAN-auto-inclusion fix, if we encounter a
    problem with the PCAP filter, now we just disable VLAN from being
    included in the filter and blindly try a second time.
    
    This patch organizes the big initialization pieces into separate
    routines to make the retry easier.
  5. Always count matches, and emit total upon exit

    jpr5 committed Sep 6, 2017
    For long-running sessions the number will wrap back to 0, but I see no
    harm in that vs. trying to make a 64bit number work across all the
    supported platforms.  They all overflow in the end.
    
    Also no longer emits pcap_stats on exit; pcap_stat manpage basically
    says the entire structure is unreliable across platforms.  "May or may
    not be useful", is what it should say.  Instead we emit ngrep's stats,
    so as not to cause confusion by visibly exiting with a consistent
    mismatch between ngrep vs. PCAP stats.
    
    Credit to @rwhalb in #5 for the suggestion.
  6. Modify exit behavior to match BSD/GNU grep

    jpr5 committed Sep 6, 2017
    Credit to @rwhalb in #5 for the suggestion.
  7. Emit frame # in header when not in single mode

    jpr5 committed Sep 6, 2017
    Useful for referencing/conversing about packet flows when doing analysis.
    
    Credit to @rwhalb in #5 for the suggestion.
Commits on Sep 6, 2017
  1. Add support for Solaris IPnet

    jpr5 committed Sep 6, 2017
    Credit to @sjthomason for #8 , which turned out to be a combination of
    IPnet support as well as a solution for a nasty VLAN header frame
    calculation bug.  Many thanks!
  2. Fix pcap datalink bug introducd with VLAN changes

    jpr5 committed Sep 6, 2017
    Context: a bug report came in while ago on ngrep for not "seeing" TCP
    frames in a pcap dump, when there obviously were TCP frames present.
    That ended up being due to the fact that the PCAP data had been captured
    off a VLAN, and thus had VLAN headers embedded in the frames.  Ended up
    not being ngrep's fault per se; all the user had to do was specify
    `vlan` in their BPF filter and PCAP would deliver the frames to ngrep.
    But for a netops person moving across lots of different interfaces and
    pcap files quickly, it's hard to keep track and you kind of just want it
    to work.  Favoring convenience at the time, I thought it would be both
    helpful and harmless to include VLAN frames automatically in the BPF
    filter.
    
    Turns out it wasn't harmless.  I found newer bug reports for "no VLAN
    support for data link type 113", which is the PCAP error message you get
    when you combine `vlan` in your BPF filter with frames that come from a
    Linux "cooked" socket (what you get with `-d any`).
    
    I'm still working out what to do in the long run, around Just Working
    when VLANs are in the mix.  In the meantime, this reworks how the
    filters are constructed, introduces the `include_vlan` flag, switches it
    off when `-d any` is specified, and moves BPF filter construction to
    later in the initialization so there's more opportunity to conditionally
    switch it off (e.g. when reading from a `DLT_LINUX_SLL` device).
  3. Doc updates for new version

    jpr5 committed Sep 6, 2017
  4. Update Copyright

    jpr5 committed Sep 6, 2017
Commits on Mar 9, 2016
  1. Reduce searchable space when vlan header present

    jpr5 committed Mar 9, 2016
    Bug originally reported by Charles L. Athey III <athey3@llnl.gov>, thank
    you for the good catch!
Commits on Sep 14, 2015
  1. Expand integer range for various options to 32-bits -- closes #3

    haguenau authored and jpiccari committed Jul 8, 2015
    List of affected options:
      -A num of packets to dump after match
      -n num of packets to inspect
      -s set bpf caplen
      -S set limitlen on matched packets
Commits on Sep 3, 2015
  1. Adds required libnet check to enable tcpkill

    jpr5 committed Sep 3, 2015
    Incorporated an unsophisticated check for libnet_init_packet before
    enabling the option.  Requires that `libnet-config` be in your path and
    `libnet` and its headers are in the configured path (either system-wide,
    or via `configure` options).
  2. Adds missing USE_TCPKILL config.h.in entry

    jpr5 committed Sep 3, 2015
    Guh, forgot to add an entry to config.h.in to carry forward the configure
    option for --enable-tcpkill.
Commits on Jul 24, 2014
  1. Update VS2012 configuration, builds on Win32 again

    jpr5 committed Jul 24, 2014
    - use ws2tcpip.h, packet.lib to get inet_ntop
    - removed support/inet_ntop.[ch] -- no longer necessary
    - update gitignore to nuke MSFT turds
  2. Version bump for release

    jpr5 committed Jul 23, 2014
  3. Actual confirmed bugfix for VLAN parsing issue.

    jpr5 committed Jul 23, 2014
    Originally ngrep only accounted for VLAN offset if it was
    specified in the BPF filter.
    
    Prior version 1.46 expanded the BPF filter to include IPv4/6
    traffic, regardless of whether or not VLANs were in use -- but
    the offset calculation didn't account for the variable presence
    of VLAN headers.
    
    This version keeps the inclusive BPF filter, but detects VLAN
    frames in every packet and adjusts the offset on the fly.