| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Locally administered addresses do not contain an OUI, thus do not try to
resolve it. Instead show "Locally Administered" as the vendor string.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Do not needlessly duplicate code between the oui and the lookup module.
Instead, add an additional lookup table for OUIs to the lookup module.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Commit a37101161784 ("dissectors: ethernet: Handle multicast/broadcast
addresses properly") introduced handling of multicast/broadcast
addresses in string translation, but only for the verbose mode. Also
print these strings instead of "Unknown" in less mode.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
In commit d312a25879d5 ("netsniff-ng nlmsg: Print netlink protocol
name"), the struct protocol member of struct pkt_buff was renamed to
handler to account for the newly added proto field. However, the
corresponding function pkt_set_proto wasn't renamed which is a bit
counter-intuitive. Fix this by renaming the member again, this time to
dissector (as I don't consider handler a particulary meaningful name)
and adjust the set function's name accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Up to now, the lookup of TCP/UDP port names and Ethernet types was
tightly integrated with the dissector infrastructure, since it is its
main user. However, flowtop also makes use of the name lookup
functionality without needing the actual dissector infrastructure. Thus,
the basic dissector infrastructure also needs to be linked into flowtop
without actually being used.
Fix this by extracting the port/ethertype lookup into an own module
which can then be used either directly (for flowtop) or as part of the
dissector infrastructure (for netsniff-ng).
This also reverts the quick & dirty fix introduced in commit f3322c6
("flowtop: Include netlink dissector to fix build temporarily").
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
Until now, we just looked up the vendor string based on the OUI for each
MAC address. Thus, multicast and broadcast addresses were just printed
as "Unknown" which is a bit misleading.
Improve this situation by checking bit 0 of the 1st octet of the address
and by checking for the broadcast address if it is set. If a
multicast/broadcast address is found, the respective string is returned.
In all other cases, the existing OUI lookup is done.
In the future we might extend this mechanism to look up well-known
multicast addresses.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
This header is actually only needed in dissector_eth and
dissector_80211, so remove the other users accordingly.
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
|
We decided to get rid of the old Git history and start a new one for
several reasons:
*) Allow / enforce only high-quality commits (which was not the case
for many commits in the history), have a policy that is more close
to the one from the Linux kernel. With high quality commits, we
mean code that is logically split into commits and commit messages
that are signed-off and have a proper subject and message body.
We do not allow automatic Github merges anymore, since they are
total bullshit. However, we will either cherry-pick your patches
or pull them manually.
*) The old archive was about ~27MB for no particular good reason.
This basically derived from the bad decision that also some PDF
files where stored there. From this moment onwards, no binary
objects are allowed to be stored in this repository anymore.
The old archive is not wiped away from the Internet. You will still
be able to find it, e.g. on git.cryptoism.org etc.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
|
