Remove atalk support. Significantly shortens the manpage. libpcap still
supports it. This diff doesn't include the removal of two files:
appletalk.h and print-atalk.c.
Index: usr.sbin/tcpdump/INSTALL
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/INSTALL,v
retrieving revision 1.6
diff -u -p -r1.6 INSTALL
--- usr.sbin/tcpdump/INSTALL 5 Dec 2015 21:43:51 -0000 1.6
+++ usr.sbin/tcpdump/INSTALL 28 May 2017 13:46:58 -0000
@@ -8,7 +8,6 @@ README - description of distribution
VERSION - version of this release
addrtoname.c - address to hostname routines
addrtoname.h - address to hostname definitions
-appletalk.h - AppleTalk definitions
atime.awk - TCP ack awk script
bootp.h - BOOTP definitions
bpf_dump.c - bpf instruction pretty-printer routine
@@ -35,7 +34,6 @@ ospf.h - Open Shortest Path First defin
packetdat.awk - TCP chunk summary awk script
parsenfsfh.c - Network File System file parser routines
print-arp.c - Address Resolution Protocol printer routines
-print-atalk.c - AppleTalk printer routines
print-atm.c - atm printer routines
print-bootp.c - BOOTP printer routines
print-cnfp.c - Cisco NetFlow printer routines
Index: usr.sbin/tcpdump/Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v
retrieving revision 1.61
diff -u -p -r1.61 Makefile
--- usr.sbin/tcpdump/Makefile 18 Nov 2016 17:37:03 -0000 1.61
+++ usr.sbin/tcpdump/Makefile 28 May 2017 13:46:58 -0000
@@ -35,7 +35,7 @@ DPADD+= ${LIBL} ${LIBPCAP} ${LIBCRYPTO}
SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c privsep_pcap.c \
print-ether.c print-ip.c print-arp.c print-tcp.c print-udp.c \
- print-atalk.c print-domain.c print-tftp.c print-bootp.c print-nfs.c \
+ print-domain.c print-tftp.c print-bootp.c print-nfs.c \
print-icmp.c print-sl.c print-ppp.c print-rip.c print-timed.c \
print-snmp.c print-ntp.c print-null.c print-ospf.c print-gtp.c \
print-fddi.c print-llc.c print-sunrpc.c print-hsrp.c print-vqp.c \
Index: usr.sbin/tcpdump/ethertype.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/ethertype.h,v
retrieving revision 1.14
diff -u -p -r1.14 ethertype.h
--- usr.sbin/tcpdump/ethertype.h 5 Dec 2008 01:25:24 -0000 1.14
+++ usr.sbin/tcpdump/ethertype.h 28 May 2017 13:46:58 -0000
@@ -93,12 +93,6 @@
#ifndef ETHERTYPE_VPROD
#define ETHERTYPE_VPROD 0x805c
#endif
-#ifndef ETHERTYPE_ATALK
-#define ETHERTYPE_ATALK 0x809b
-#endif
-#ifndef ETHERTYPE_AARP
-#define ETHERTYPE_AARP 0x80f3
-#endif
#ifndef ETHERTYPE_8021Q
#define ETHERTYPE_8021Q 0x8100
#endif
Index: usr.sbin/tcpdump/interface.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v
retrieving revision 1.69
diff -u -p -r1.69 interface.h
--- usr.sbin/tcpdump/interface.h 16 Nov 2016 13:47:27 -0000 1.69
+++ usr.sbin/tcpdump/interface.h 28 May 2017 13:46:58 -0000
@@ -183,10 +183,7 @@ extern int ether_encap_print(u_short, co
extern int llc_print(const u_char *, u_int, u_int, const u_char *,
const u_char *);
extern int pppoe_if_print(u_short, const u_char *, u_int, u_int);
-extern void aarp_print(const u_char *, u_int);
extern void arp_print(const u_char *, u_int, u_int);
-extern void atalk_print(const u_char *, u_int);
-extern void atalk_print_llap(const u_char *, u_int);
extern void atm_if_print(u_char *, const struct pcap_pkthdr *, const u_char *);
extern void bootp_print(const u_char *, u_int, u_short, u_short);
extern void bgp_print(const u_char *, int);
Index: usr.sbin/tcpdump/print-ether.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-ether.c,v
retrieving revision 1.31
diff -u -p -r1.31 print-ether.c
--- usr.sbin/tcpdump/print-ether.c 11 Jul 2016 00:27:50 -0000 1.31
+++ usr.sbin/tcpdump/print-ether.c 28 May 2017 13:46:58 -0000
@@ -206,16 +206,6 @@ recurse:
decnet_print(p, length, caplen);
return (1);
- case ETHERTYPE_ATALK:
- if (vflag)
- fputs("et1 ", stdout);
- atalk_print_llap(p, length);
- return (1);
-
- case ETHERTYPE_AARP:
- aarp_print(p, length);
- return (1);
-
case ETHERTYPE_8021Q:
printf("802.1Q ");
case ETHERTYPE_QINQ:
Index: usr.sbin/tcpdump/print-llc.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-llc.c,v
retrieving revision 1.20
diff -u -p -r1.20 print-llc.c
--- usr.sbin/tcpdump/print-llc.c 16 Nov 2015 00:16:39 -0000 1.20
+++ usr.sbin/tcpdump/print-llc.c 28 May 2017 13:46:58 -0000
@@ -118,24 +118,7 @@ llc_print(const u_char *p, u_int length,
/* This is an encapsulated Ethernet packet */
et = EXTRACT_16BITS(&llc.ethertype[0]);
-
- /*
- * Some protocols have special handling if they are 802.3
- * SNAP encapsulated vs vers II encapsulated. Handle
- * those special protocols here, and hand the rest to
- * print-ether.c so we don't have to duplicate
- * all that code here.
- */
- switch (et) {
- case ETHERTYPE_ATALK:
- atalk_print(p, length);
- ret = 1;
- break;
- default:
- ret = ether_encap_print(et, p, length, caplen);
- break;
- }
-
+ ret = ether_encap_print(et, p, length, caplen);
if (ret)
return (ret);
}
Index: usr.sbin/tcpdump/print-udp.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-udp.c,v
retrieving revision 1.40
diff -u -p -r1.40 print-udp.c
--- usr.sbin/tcpdump/print-udp.c 22 Dec 2015 21:01:07 -0000 1.40
+++ usr.sbin/tcpdump/print-udp.c 28 May 2017 13:46:59 -0000
@@ -56,7 +56,6 @@
#include "interface.h"
#include "addrtoname.h"
#include "extract.h"
-#include "appletalk.h"
#include "nfsv2.h"
#include "bootp.h"
@@ -521,14 +520,6 @@ udp_print(const u_char *bp, u_int length
return;
}
#endif
- }
- if (TTEST(((struct LAP *)cp)->type) &&
- ((struct LAP *)cp)->type == lapDDP &&
- (atalk_port(sport) || atalk_port(dport))) {
- if (vflag)
- fputs("kip ", stdout);
- atalk_print_llap(cp, length);
- return;
}
}
#if 0
Index: usr.sbin/tcpdump/privsep.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.44
diff -u -p -r1.44 privsep.c
--- usr.sbin/tcpdump/privsep.c 23 Jan 2017 04:25:05 -0000 1.44
+++ usr.sbin/tcpdump/privsep.c 28 May 2017 13:46:59 -0000
@@ -101,8 +101,7 @@ struct ftab {
int count;
};
-static struct ftab file_table[] = {{"/etc/appletalk.names", 1, 0},
- {PF_OSFP_FILE, 1, 0}};
+static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}};
#define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab))
Index: usr.sbin/tcpdump/privsep.h
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.h,v
retrieving revision 1.8
diff -u -p -r1.8 privsep.h
--- usr.sbin/tcpdump/privsep.h 14 Jul 2015 20:23:40 -0000 1.8
+++ usr.sbin/tcpdump/privsep.h 28 May 2017 13:46:59 -0000
@@ -22,8 +22,7 @@
#define TCPDUMP_MAGIC 0xa1b2c3d4
/* file ids used by priv_getlines */
-#define FTAB_APPLETALK 0
-#define FTAB_PFOSFP 1
+#define FTAB_PFOSFP 0
enum cmd_types {
PRIV_OPEN_BPF, /* open a bpf descriptor */
Index: usr.sbin/tcpdump/tcpdump.8
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v
retrieving revision 1.92
diff -u -p -r1.92 tcpdump.8
--- usr.sbin/tcpdump/tcpdump.8 19 Apr 2017 05:36:13 -0000 1.92
+++ usr.sbin/tcpdump/tcpdump.8 28 May 2017 13:47:00 -0000
@@ -1604,142 +1604,6 @@ requests, and matches them to the replie
.Pq transaction ID .
If a reply does not closely follow the corresponding request,
it might not be parsable.
-.Ss KIP AppleTalk (DDP in UDP)
-AppleTalk DDP packets encapsulated in UDP datagrams
-are de-encapsulated and dumped as DDP packets
-.Pq i.e., all the UDP header information is discarded .
-The file
-.Pa /etc/atalk.names
-is used to translate AppleTalk net and node numbers to names.
-Lines in this file have the form
-.Bl -column "number" "name" -offset indent
-.It Sy "number" Ta Ta Sy "name"
-.It "1.254" Ta Ta "ether"
-.It "16.1" Ta Ta "icsd-net"
-.It "1.254.110" Ta Ta "ace"
-.El
-.Pp
-The first two lines give the names of AppleTalk networks.
-The third line gives the name of a particular host
-(a host is distinguished from a net by the 3rd octet in the number;
-a net number
-.Em must
-have two octets and a host number
-.Em must
-have three octets).
-The number and name should be separated by whitespace (blanks or tabs).
-The
-.Pa /etc/atalk.names
-file may contain blank lines or comment lines
-(lines starting with a
-.Ql # ) .
-.Pp
-AppleTalk addresses are printed in the form
-.Pp
-.D1 Ar net . Ns Ar host . Ns Ar port
-.Pp
-For example:
-.Bd -unfilled -offset indent
-144.1.209.2 > icsd-net.112.220
-office.2 > icsd-net.112.220
-jssmag.149.235 > icsd-net.2
-.Ed
-.Pp
-If
-.Pa /etc/atalk.names
-doesn't exist or doesn't contain an entry for some AppleTalk
-host/net number, addresses are printed in numeric form.
-In the first example, NBP
-.Pq DDP port 2
-on net 144.1 node 209
-is sending to whatever is listening on port 220 of net icsd-net node 112.
-The second line is the same except the full name of the source node is known
-.Pq Dq office .
-The third line is a send from port 235 on
-net jssmag node 149 to broadcast on the icsd-net NBP port.
-The broadcast address
-.Pq 255
-is indicated by a net name with no host number;
-for this reason it is a good idea to keep node names and net names distinct in
-.Pa /etc/atalk.names .
-.Pp
-NBP
-.Pq name binding protocol
-and ATP
-.Pq AppleTalk transaction protocol
-packets have their contents interpreted.
-Other protocols just dump the protocol name
-.Po
-or number if no name is registered for the protocol
-.Pc
-and packet size.
-.Pp
-NBP packets are formatted like the following examples:
-.Bd -unfilled
-icsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*"
-jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250
-techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186
-.Ed
-.Pp
-The first line is a name lookup request for laserwriters sent by
-net icsdi-net host
-112 and broadcast on net jssmag.
-The nbp ID for the lookup is 190.
-The second line shows a reply for this request
-.Pq note that it has the same ID
-from host jssmag.209 saying that it has a laserwriter
-resource named RM1140 registered on port 250.
-The third line is another reply to the same request
-saying host techpit has laserwriter techpit registered on port 186.
-.Pp
-ATP packet formatting is demonstrated by the following example:
-.Bd -unfilled -offset indent
-jssmag.209.165 > helios.132: atp-req 12266<0-7> 0xae030001
-helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:4 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:6 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp*12266:7 (512) 0xae040000
-jssmag.209.165 > helios.132: atp-req 12266<3,5> 0xae030001
-helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000
-helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000
-jssmag.209.165 > helios.132: atp-rel 12266<0-7> 0xae030001
-jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002
-.Ed
-.Pp
-Jssmag.209 initiates transaction ID 12266 with host helios by requesting
-up to 8 packets
-.Sm off
-.Pq the Dq <0\-7> .
-.Sm on
-The hex number at the end of the line is the value of the
-.Ar userdata
-field in the request.
-.Pp
-Helios responds with 8 512-byte packets.
-The
-.Dq : Ns Ar n
-following the
-transaction ID gives the packet sequence number in the transaction
-and the number in parentheses is the amount of data in the packet,
-excluding the ATP header.
-The
-.Ql *
-on packet 7 indicates that the EOM bit was set.
-.Pp
-Jssmag.209 then requests that packets 3 & 5 be retransmitted.
-Helios resends them then jssmag.209 releases the transaction.
-Finally, jssmag.209 initiates the next request.
-The
-.Ql *
-on the request indicates that XO
-.Pq exactly once
-was
-.Em not
-set.
.Ss IP Fragmentation
Fragmented Internet datagrams are printed as
.Bd -ragged -offset indent
@@ -1901,12 +1765,6 @@ question section is printed rather than
Some believe that inverse queries are themselves a bug and
prefer to fix the program generating them rather than
.Nm tcpdump .
-.Pp
-Apple Ethertalk DDP packets could be dumped as easily as KIP DDP packets
-but aren't.
-Even if we were inclined to do anything to promote the use of Ethertalk
-(we aren't, LBL doesn't allow Ethertalk on any of its
-networks so we'd have no way of testing this code).
.Pp
A packet trace that crosses a daylight saving time change will give
skewed time stamps
--
Michal Mazurek
