Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jun 9, 2014
  1. @guyharris
Commits on May 18, 2014
  1. @guyharris

    For historical reasons, note BSD/OS's use of some values.

    guyharris authored
    See
    
       https://www.usenix.org/legacy/events/bsdcon02/full_papers/lidl/lidl_html/index.html
    
    for some information on that; we probably won't be implementing those
    extensions, but we might want to avoid using the encodings used by them.
  2. @guyharris

    Ask that people inform us of additions to BPF.

    guyharris authored
    At minimum, we'd like to keep track of new instructions added, so that
    others don't use the same encoding for different operations.  Ideally,
    we'd like to update our implementation to support the new instructions
    and encourage other implementations to add them as well.
    
    Also remove the "from Linux" note on BPF_MOD and BPF_XOR, as the Linux
    kernel BPF implementation isn't the only one that has them now, given
    that we have them.
  3. @guyharris

    Support mod and XOR operators.

    guyharris authored
    Same opcodes as on Linux.  We support them in BPF filters, but warn, in
    the man page, that using them on anything other than Linux 3.7 or later
    will cause the filter to run in userland and thus require more resources
    and perhaps cause more packets to be dropped.  (The filter will
    presumably be rejected by the kernel-mode code if it doesn't support
    BPF_MOD or BPF_XOR, and libpcap will fall back on running the filter in
    userland.)
  4. @guyharris

    Add entries for unused instruction encodings.

    guyharris authored
    Most are reserved; two are used by Linux for mod and XOR instructions,
    and two are used by NetBSD for "coprocessor" operations.
Commits on Apr 22, 2014
  1. @guyharris

    Add LINKTYPE_EPON/DLT_EPON.

    guyharris authored
    Also add some missing elements to the dlt_choices[] table, and move the
    entry for DLT_DBUS where it belongs (in order by type).
Commits on Apr 1, 2014
  1. @guyharris
Commits on Mar 30, 2014
  1. @guyharris
Commits on Feb 21, 2014
  1. @guyharris
Commits on Feb 18, 2014
  1. @MichalLabedzki

    Add support for Bluetooth Linux Monitor interface

    MichalLabedzki authored
    Interface "bluetooth_monitor" is used to monitoring all Bluetooth
    adapters together on Linux platform.
Commits on Feb 17, 2014
  1. @guyharris
Commits on Feb 14, 2014
  1. @guyharris

    Add {DLT,LINKTYPE}_BLUETOOTH_LINUX_MONITOR for BlueZ.

    guyharris authored
    This is a new link-layer header type for the Bluetooth Linux Monitor in
    the BlueZ Bluetooth stack.
Commits on Feb 7, 2014
  1. @guyharris

    Fix typo.

    guyharris authored
Commits on Feb 3, 2014
  1. @guyharris
  2. @guyharris

    Have nflog_tlv_t include only the TLV header.

    guyharris authored
    That way, sizeof(nflog_tlv_t) is the minimum size of a TLV.
  3. @guyharris

    Byte-swap the T and L in TLVs as necessary when reading an NFLOG file.

    guyharris authored
    That means that, when reading a LINKTYPE_NFLOG file, the type and length
    values are in the byte order of the host *reading* the file, rather than
    the host that *wrote* the file, just as they're in the byte order of the
    host capturing the traffic if you're doing a live capture of NFLOG
    messages.
    
    That way, when reading a LINKTYPE_NFLOG file and writing another one
    from those packets, the type and length in the output file will be in
    the byte order of the host writing the file, rather than the byte order
    of the host that wrote the input file.
    
    Export the nflog.h file containing the declarations and definitions we
    need, for use by tcpdump and other programs reading LINKTYPE_NFLOG
    files.
    
    Put the bulk of the byte-swapping code into a common routine, for use by
    pcap and pcap-ng readers, while we're at it.
Commits on Jan 10, 2014
  1. @guyharris

    Fix indentation.

    guyharris authored
  2. @crondaemon
  3. @crondaemon

    spaces

    crondaemon authored
Commits on Jan 3, 2014
  1. @infrastation

    remove libpcap's own CVS keywords

    infrastation authored
    This change removes CVS keywords that express that the file belongs to
    libpcap repository. All such keywords represented the revision and
    timestamp by the end of 2008 or even older.
Commits on Nov 18, 2013
  1. @borkmann @guyharris

    linktype: add netlink link/dlt type

    borkmann authored guyharris committed
    With Linux 3.11, we have the possibility to debug local netlink traffic
    [1] i.e.  the workflow looks like this:
    
    Setup:
      modprobe nlmon
      ip link add type nlmon
      ip link set nlmon0 up
    
    Capture:
      tcpdump -i nlmon0 ...
    
    Teardown:
      ip link set nlmon0 down
      ip link del dev nlmon0
      rmmod nlmon
    
    For pcap interoperability, introduce a common link type for netlink
    captures.
Commits on Aug 7, 2013
  1. @guyharris
Commits on Jul 2, 2013
  1. @guyharris

    Remove Linux-specific time stamp precision stuff from pcap.c.

    guyharris authored
    Do time stamp precisions the way we do time stamp types - if a module
    supports more than one time stamp precision, have it attach a table of
    time stamp precisions to the pcap_t, and have the code to set the time
    stamp check that list.
    
    Check for the two #ifdefs in pcap-linux.c to see whether it supports
    nanosecond time stamps - and don't use the ioctl or the socket option
    for those #ifdefs if they're not defined.
    
    This means we don't need to check for it in the configure script.
    
    Also, have both the time stamp type-setting and precision-setting
    routines allow the default value (PCAP_TSTAMP_NONE/PCAP_TSTAMP_PRECISION_MICRO)
    if no list is supplied.
    
    Make "can't set the precision" an error; not being able to set the time
    stamp *type* doesn't mean your code won't work at all, it just means the
    time stamps won't be as accurate as you'd like, but not being able to
    set the time stamp *precision* means you'll be getting
    seconds/microseconds, and your code may have to cope with that.
Commits on Jul 1, 2013
  1. @guyharris

    Have pcap_open_dead_with_tstamp_precision().

    guyharris authored
    As with the open_offline routines, so with pcap_open_dead(); instead of
    a nanosecond-resolution version, have a
    pcap_open_dead_with_tstamp_precision() routine that takes a
    PCAP_TSTAMP_PRECISION_ value, and make pcap_open_dead() a wrapper that
    requests microsecond resolution.
    
    Declare it in pcap/pcap.h while we're at it.
  2. @guyharris

    Replace the _nsectime routines with _with_tstamp_precision routines.

    guyharris authored
    For opening savefiles, instead of having separate open_offline and
    open_offline_nsectime routines, have open_offline_with_tstamp_precision
    routies that take an additional PCAP_TSTAMP_PRECISION_xxx argument, and
    make the open_offline routines wrappers around them requesting
    microsecond precision.
    
    Also, the timestamp precisions are a separate "namespace" from the
    timestamp types, so give them their own numerical value set, starting at
    0 for microsecond precision.
    
    For pcap files, figure out up front whether we pass the time stamps
    through, scale them up, or scale them down, and save that with the
    private data and just use it when reading the capture file; that's less
    work than determining that for every packet.
  3. @guyharris

    Merge branch 'timestamps' of https://github.com/msekletar/libpcap

    guyharris authored
    It says "Please enter a commit message to explain why this merge is
    necessary".  I guess this merge is necessary because Git says it's
    necessary.  Mysterious are the ways of Git.
  4. @guyharris

    Clarify that LINKTYPE_WIRESHARK_UPPER_PDU uses LINKTYPE_ values.

    guyharris authored
    In most cases, DLT_ values and LINKTYPE_ values are the same, but, in
    some cases, DLT_ values are platform-dependent, but LINKTYPE_ values
    aren't, so that a savefile can be read on platforms other than the one
    on which it was created.
  5. @guyharris

    Add a LINKTYPE_ value for DLT_WIRESHARK_UPPER_PDU.

    guyharris authored
    They have the same numerical value, as with all newly-added link-layer
    header types.
Commits on Jun 27, 2013
  1. added DLT type for wireshark save

    authored
Commits on Jun 25, 2013
  1. @msekletar
Commits on Jun 13, 2013
  1. @guyharris
Commits on May 30, 2013
  1. @msekletar

    Make timestamps precision configurable

    msekletar authored msekletar committed
    Two new functions are introduced, pcap_set_tstamp_precision() and
    pcap_get_tstamp_precision(). Those functions allow one to specify
    desired timestamps precision for captured packets. By default
    application will obtain timestamps in microseconds.
Commits on May 21, 2013
  1. @guyharris
Commits on May 8, 2013
  1. @guyharris

    Add an API to set "immediate mode".

    guyharris authored
    In "immediate mode", packets are delivered as soon as they arrive.
Commits on Apr 16, 2013
  1. @guyharris

    Point people to the the-tcpdump-group repositories, not the mcr repos…

    guyharris authored
    …itories.
    
    We've created a the-tcpdump-group organization on GitHub, and created
    repositories for libpcap and tcpdump, owned by them.  Those are now the
    "official" GitHub locations for repositories from which to clone or
    against which to file issues/pull requests.
Something went wrong with that request. Please try again.