code is broken, period.
How can we get travis-CI to give us a big-endian test machine?!?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelm
Guy Harris wrote:
> On Dec 12, 2013, at 3:02 AM, Evgheni Antropov wrote:
>> Makefile and full process of the libpcap compile and config.log of
tcpdump
>> compiling are attached.
> Unfortunately, it appears that the attachments were removed.
> Michael, under what circumsta
ll miss $Id$, and the SCCS "what" command...)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
The other thought I have is that java is heavily threaded, while libpcap is
not thread safe. pcap_loop() is going to block.
I see that your jni variable is a global... I wonder about that.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers
ver could run anywhere.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
_
d try it out...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| r
ary.
Fork, and push your branch to github, and let's see what travis-CI says.
You may want to update .travis.yml to include netmap
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
The ESP tests are failing because you haven't got libssl-dev.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
r.h are all is needed
> to access the port and do I/O.
Are there any issues if someone makes tcpdump (or wireshark, or some other
libpcap using program) setuid? (I don't see any call to popen()...)
--
] Never tell me the odds! | ipv6 mesh networks [
]
g.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
Hi, I'm aka m...@tcpdump.org, and getting tcpdump in AOSP updated to the
latest has been on my list for awhile.
It's been two years since I last did much Android build work, so it took me
a few days to get a build VM going again.
I checked out a copy of kitkat, built it, and proceeded to extract
{this is a resend. I don't see my email in the android-platform online
archives}
Hi, I'm aka mcr at tcpdump.org, and getting tcpdump in AOSP updated to the
latest has been on my list for awhile.
It's been two years since I last did much Android build work, so it took me
a few days to get a buil
I was way too at this ietf89 to build changelog and push release button.
I propose to release at Easter. (April 21)
I need to review, but I think I will proposing a new DLT for 15.4e, as it needs
to record channel (freq) and offset per packet. At the plugfest we talked about
having 16 motes doin
I guess that this means that we also now have testing against bigendian
systems. thank you wireshark guys!
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
{For reasons I do not understand, yahoo.com doesn't even attempt to deliver
email from Shoham to tcpdump.org. There is simply no connections in the
logs of the spam filter system...}
>From Shoham:
Haven't got the time to get to it. I intend to, soon.
2 questions (that are very related to
repository (Nightly? Periodically with some other period?
They get pushed nightly, but I added --all so that all the old branches would
get pushed. Should be a one-time event.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman S
cribers as moderated, and I'm sorry, but I
won't be forwarding email. As soon as a patch for mailman is available that
will reject p=reject email, I will apply it.
Sorry...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sand
TYPE_/DLT_ value is
> OK.
But, if the human has to say which thing is being captured, shouldn't we want
to capture what the human thought as different types?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Softw
scan-ad...@coverity.com wrote:
> Your request for analysis of the-tcpdump-group/libpcap has been
> completed. The results> should be available now at
> http://scan.coverity.com/
wow, that's a stupidly useless message.
The URL isn't even specific to the project or the run, and it
says, "please visit the web site" is just stupid, and I'm
really complaining to coverity.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca ht
of tcpdump that uses getopt_long(); I'll work on
> making it work right when the OS doesn't have getopt_long(), and check
> it in.
okay... !
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software W
ll run
> the risk of running out of single-letter options.
I don't think that I'd want to let specific dissectors capture single letter
options, period. So, yes, -o sounds right, or just use long options for
that.
--
] Never tell me the odds! | ipv6
S/WAN and had to debug what was going
on. I guess having the script available is a good thing.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.san
the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
t
7;s a protocol that Wireshark dissects, in which
some
> 802.11 APs (Cisco and somebody else) send out packets over UDP -
Wildpackets'
> OmniPeek handles it directly, and it'd be nice if tcpdump/*Shark/etc.
could do
> so as well.
Yes to "tcpdump+ssh" URL
Romain Francoise wrote:
>> I was way too at this ietf89 to build changelog and push release button.
>> I propose to release at Easter. (April 21)
> So it looks like this never happened?
Yeah, my bad; was sick that weekend, and stuff... happened.
How about July 1?
_
Romain Francoise wrote:
>> Yeah, my bad; was sick that weekend, and stuff... happened.
> No problem.
>> How about July 1?
> So -rc1 on July 1, then release a week later? Or -rc1 in the meantime,
> and release on July 1? (Works for me either way.)
-rc1 on July 1.
Release a
he release.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| rub
should be another tcpdump 4.x release
that writes to pcap format by default, but has an option to force output
format to pcapng, and then a 5.x release that defaults to writing pcapng.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson,
buildbot-no-re...@wireshark.org wrote:
> The Buildbot has detected a new failure on builder Ubuntu-12.04-x64 while
building tcpdump+libpcap.
> Full details are available at:
> http://buildbot.wireshark.org/tcpdump/builders/Ubuntu-12.04-x64/builds/801
reason: unable to connect to bpf.
efault; I'm
> not sure whether we should then make -P specify "write pcap" or add a
> new option for that.
I'd like it to be -P pcap or -P pcapng (or -P pcap3 ).
I'd also like tcpdump 5 to come with a new (alternate) main() where we
get to start again on all the s
stall both the amd64
and i386 versions of libusb-dev. We don't attempt to build both in .travis,
but I have another application that I build for -m32 as well, and it depends
upon libpcap.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson,
pcap-usb support, and I'm building libpcap from source
anyway as I need the latest one, I'm happy to simply turn off usb support.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network archit
can't handle - and .
in tag names (which seeps into brains).
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on
at option, which ought to eliminate needing to link with -lusb.
I wonder if canusb sniffing is sufficiently rare, and forcing people
to have libusb-dev around is sufficiently annoying that we should
turn that off by default.
--
] Never tell me the odds! | ipv6 mesh networks
{resending, because my address book was confused}
So, was pcap-ng well receives by opsarea WG this morning?
and the reply was:
Michael Tuexen said:
>There were a couple of people willing to review and contribute.
>I also got or will get contacts within Apple, Google, Microsoft
>and hopefully o
Michal Sekletar wrote:
> Seems like bpf.tcpdump.org is still down.
oops.
power brownout- that machine doesn't reboot when the power dips to 80V
and comes back... it just gets stuck. The machine will move in two weeks
to a place with protected power.
_
ink we already have a
BSD licensed getopt_long in missing/ I guess I could go check... yes.
I'm open to suggestions on other ways to proceed.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
Guy Harris wrote:
> On Sep 3, 2014, at 12:34 PM, Michael Richardson
> wrote:
>> It seems that we might need more patches to better select Linux memory
>> mapped packet choices?
> I'd prefer a patch that reduces or the removes the *need* to do so
see that Guy actually pulled your patch up to the 1.6 tree.
If this is a critical fix, I can push the button on 1.6.3 once I'm back
in the same building as the USB key that can sign it, which should be
in about 12 hours.
--
] Never tell me the odds! | ipv6 mesh netwo
), or because???
If we don't need it, can we remove the test in configure for it?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sa
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcp
quot;
is an available name, or if someone has a better name. Arguably, pktcap
actually belongs in the libpcap repository...)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
bpf.tcpdump.org will go down at 9am EDT until around 11am EDT so that
it can be moved to a location (a host, it's a VM) with more stable power.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listin
n 8192,
> options [nop,nop,TS val 1306300953 ecr 1306300951], length 5559: HTTP:
> HTTP/1.1 200 OK
Did something change with the print-http and it's sensitivity to flags?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson,
4 2004496
> One CentOS, I see twice the amount of memory (4G) being allocated from
> the same command
The other question, other than kernel version, is if they are the same
32-bit/64-bit?
--
] Never tell me the odds! | ipv6 mesh networks [
]
ot;oui", and also the "unknown"
string. We'll report the things in our table, and just won't bother with
bytes of output that don't help.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman So
ing to parse tcpdump
> output?
I'm thinking that we leave the () there, and just make it blank when we don't
know rather than say "oui unknown".
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Wor
John Hawkinson wrote:
>> In the interim, I suggest removing the word "oui", and also the
>> "unknown" string. We'll report the things in our table, and just
>> won't bother with bytes of output that don't help.
> That was my original proposal. Do you want a patch?
Yes.
If someo
rmmod nlmon
suggests that it all just works... I will report when I know what kernel
I need to make this work, and I guess we should have a web page on doing
this, and what is going on.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, San
ecause a
> RFC name (if available) is defined with hyphens and not spaces. (Ok,
> there are maybe exceptions and some protocols are not defined par a
> RFC).
Yes, this is the right thing to do.
--
] Never tell me the odds! | ipv6 mesh networks
Guy Harris wrote:
>> I'm looking for the official patches for CVE-2014-8767, CVE-2014-8768
>> and CVE-2014-8769 but they don't seem to be in the Github repository.
> Michael, are changes made to the bpf.tcpdump.org repository still
> getting pushed to the Github repository? Ther
Romain Francoise wrote:
> That's a lot bigger than typical security patches. :(
>> It's in the tcpdump.org/beta/ directory, but I didn't want to release
>> until the distros had a chance to patch.
> But did you notify the distros? Because I didn't get advance notice, and
> t
ws tcpdump
to exist on more than one person's laptop at a time.
So I guess we should remove it from git, and go back to CVS?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m
ned again, or goes offline again, or their database
gets confused about which fork is the lead and which fork is the "child"...
[for a few months, the "master" repo you speak of, was listed as a child
of some random other user]
--
] Never tell me the odd
es.
d) this CVE process has been botched (I said this, and I take
responsability for this)
before I propose some solution/policy/adjustment, I want to make sure that
I've heard all the issues.
--
] Never tell me the odds! | ipv6 mesh networks [
] Mic
it --- it was too new, and we were too
experienced with sourceforge coming and going to want to sign up for another
disaster.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works|
to get a fresh kernel and a bigger (inode-wise) /.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
It's much easier to get the wider review and long term archival by posting to
the mailing list. I have done that for you.
Steve Karg wrote:
> For a few years I have been using DLT_USER0 147 (user defined) for
> capturing and saving a serial protocol used by Wattstopper Digital
> Lig
f time...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
Xiufeng Xie wrote:
> is not caused by tcpdump, libpcap or Android. I found the phone actually
> has two LTE interfaces "lte_rmnet0" and "lte_rmnet1", which is
Maybe different frequencies?
4G VoIP vs 4G data?
___
tcpdump-workers mailing lis
Do people know that #tcpdump-dev on irc.freenode.net has the git.io bot in
it, and see stuff like:
(01:48:44 PM) GitHub15: tcpdump/master 94b4c01 Denis Ovsienko: OpenFlow: add
vendor name printing...
(01:48:44 PM) GitHub15: tcpdump/master 78a0b1c Denis Ovsienko: OpenFlow:
improve vendor message d
h may mean a different default if printing packets or if
I think that we should be able to override things.
I had hoped to spend time on tcpdump over the holidays, but IETF nomcom work
ate my brain.
--
] Never tell me the odds! | ipv6 mesh networks [
]
nd "more bytes of data sent/received on this flow"
> as extra frame types.
Eventually, we'll be using this format to debug multi-path TCP, in which case
the IP addresses (and maybe even the IP4/IP6-ness of it) might change.
And gzip'ed those addresses will compress quite easi
7;s hard to get the behaviour I think you want from
the pcap compiler, which is to filter the traffic within the VLAN from the
bearer.
(I think that showing the tcp packets might be a fluke)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Ric
Denis Ovsienko wrote:
> I have to correct myself: "tcpdump -pni eth0 not tcp" actually yields
> both TCP and everything else (ARP and UDP). It turns out that during
> all previous runs that "everything else" just didn't make it to the
> screen because of timing. Now it does, pleas
Denis Ovsienko wrote:
> Thus the behaviour is the same as it used to be for years, both on
> tcpdump side and on Linux side. It must be the odd timing that kept me
> thinking the BPF filter had somewhere flipped to do the opposite from
> its normal job, I had checked several times
ng of PPPoE and MPLS can be cleaned up
> internally to gencode.c; if so, *that* would be the right way to handle
> Geneve.
I agree that they should all be handled the same way.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman
http://xmodulo.com/how-to-check-package-dependencies-on-ubuntu-or-debian.html
" To show package dependency information of a particular package (e.g.,
tcpdump), run the command with package name:"
___
tcpdump-workers mailing list
tcpdump-workers@lis
Guy Harris wrote:
> I guess my concern is whether the "our own copy" could get people
> complaining that we just took GPLed code from Linux or not; if it was a
> reimplementation from scratch (I don't think "clean room" is
> necessary), that should suffice.
I am not disputing thi
Longinus00 wrote:
> The final commit in my tcp_fast_open brach was never merged into the
> upstream because of the issue with sequence number tracking. Handling
> all the corner cases and getting a "correct" output would also
> potentially create incompatibilites with programs tha
Denis Ovsienko wrote:
> Could you please check bpf repository once again? There is still no
> such commit in it.
okay, I sorted things out.
The problem is that I got stuck with the MPTCP patch which no longer
compiled, and wound up reverting too much, and then I had code on the wrong
br
What do you think of this patch.
I was trying to use ND_TTEST2() in a place where l was seemingly to become
negative, and I felt that we should check for that situation.
In the situation at hand, that actually wasn't the problem, but I still think
that perhaps this is a good thing.
--- a/netdiss
Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-wo
Forwarding to list for wider discussion.
Guy Harris wrote:
> The bittok2str routines are, for better or worse, currently being used
> for bitfields that aren't flags, e.g. the "recursion count" field in
> GRE (or "recursion control", as it's called in RFC 1701). They don't
> work
looks great. Thank you for including sample packets!
Is this the kind of thing seen in home routers/SoC?
I'm just wondering where one has to dump to see traffic like this...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelm
Jesse Johnson wrote:
> Is there a list of things that need to be done ie: bug fixes, new
> features, documentation, etc...?
1) Reading issues on github is important.
2) the priv seperate work that brooksdavis is doing
https://github.com/the-tcpdump-group/tcpdump/pull/455
3) anythi
;. I'd rather call them something like:
wheezy-4.7
or centos7-4.7
so that we'd know both where it is going, and also when we can abandon
them...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richard
Guy Harris wrote:
>> I have no problem with having lts- branches created for distros, and I'd
>> rather do that than have "old stable". I'd rather call them something
>like:
>> wheezy-4.7
>> or centos7-4.7
> So, if both Chocolate Coated Spinach Linux "Orangina" and P
bpf.tcpdump.org will go down at about 2pm EDT for about an hour
so that I can transfer it to a more powerful virtual machine host.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
re: https://github.com/the-tcpdump-group/tcpdump/pull/464
Guy writes:
> We have the -C option, giving a file size in megabytes (real megabytes,
> i.e. 1,000,000 bytes, not 1,048,576 bytes); once the file gets that big,
> tcpdump switches to a new file.
> This adds another file size option, with
6 or whatever...
Is Linux even going to set that if it's for a VLAN or an IP address that
is not recognized as local?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca
http://lwn.net/Articles/656335/rss
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
e the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdump-workers@lists.t
nd >2.5.6?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| r
jor / minor to authorize currently?
I think that as long as major <= PCAP_VERSION_MAJOR, we are good.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://w
ld continue to handle that.
okay... and should we add some fprintf()s there too :-)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca
| ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https:/
urns a bigger type.
A tested patch would be most appreciated...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman
> Since this is [RFC] and - if I understand correctly - there are
> problems with the produced BPF code, maybe this should be
> discussed in the tcpdump-workers mailing-list?
Michal Sekletar wrote:
> Any particular reason why we shouldn't continue discussion here? I
> think it
-T domain, and you should see
the not-port-53 packets decoded.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails
as
bug-fixes :-)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
__
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tc
gets annoying really quickly, but it's good for
short things.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/
start controlling my lights,
turning the TV on and off and even making my curtains open and
close. What fun! "
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect
amp-precision=nano -w name.pcap
> Now, my results in itself make sense and would give me the desired
results,
> but they have a big offset to them. 36 seconds to be exact.
36s between which point and which point?
--
] Never tell me the odds! | ipv6
hardware queue. A big hardware send buffer would result in significant skew.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/|
when you do not use the -j option?
if that's the case, then it seems like it's the hardware which is mis-stamping.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network archite
ell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works| network architect [
] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[
___
tcpdump-workers mailin
401 - 500 of 614 matches
Mail list logo
