Remove atalk support. Significantly shortens the manpage. libpcap still supports it. This diff doesn't include the removal of two files: appletalk.h and print-atalk.c.
Index: usr.sbin/tcpdump/INSTALL =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/INSTALL,v retrieving revision 1.6 diff -u -p -r1.6 INSTALL --- usr.sbin/tcpdump/INSTALL 5 Dec 2015 21:43:51 -0000 1.6 +++ usr.sbin/tcpdump/INSTALL 28 May 2017 13:46:58 -0000 @@ -8,7 +8,6 @@ README - description of distribution VERSION - version of this release addrtoname.c - address to hostname routines addrtoname.h - address to hostname definitions -appletalk.h - AppleTalk definitions atime.awk - TCP ack awk script bootp.h - BOOTP definitions bpf_dump.c - bpf instruction pretty-printer routine @@ -35,7 +34,6 @@ ospf.h - Open Shortest Path First defin packetdat.awk - TCP chunk summary awk script parsenfsfh.c - Network File System file parser routines print-arp.c - Address Resolution Protocol printer routines -print-atalk.c - AppleTalk printer routines print-atm.c - atm printer routines print-bootp.c - BOOTP printer routines print-cnfp.c - Cisco NetFlow printer routines Index: usr.sbin/tcpdump/Makefile =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/Makefile,v retrieving revision 1.61 diff -u -p -r1.61 Makefile --- usr.sbin/tcpdump/Makefile 18 Nov 2016 17:37:03 -0000 1.61 +++ usr.sbin/tcpdump/Makefile 28 May 2017 13:46:58 -0000 @@ -35,7 +35,7 @@ DPADD+= ${LIBL} ${LIBPCAP} ${LIBCRYPTO} SRCS= tcpdump.c addrtoname.c privsep.c privsep_fdpass.c privsep_pcap.c \ print-ether.c print-ip.c print-arp.c print-tcp.c print-udp.c \ - print-atalk.c print-domain.c print-tftp.c print-bootp.c print-nfs.c \ + print-domain.c print-tftp.c print-bootp.c print-nfs.c \ print-icmp.c print-sl.c print-ppp.c print-rip.c print-timed.c \ print-snmp.c print-ntp.c print-null.c print-ospf.c print-gtp.c \ print-fddi.c print-llc.c print-sunrpc.c print-hsrp.c print-vqp.c \ Index: usr.sbin/tcpdump/ethertype.h =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/ethertype.h,v retrieving revision 1.14 diff -u -p -r1.14 ethertype.h --- usr.sbin/tcpdump/ethertype.h 5 Dec 2008 01:25:24 -0000 1.14 +++ usr.sbin/tcpdump/ethertype.h 28 May 2017 13:46:58 -0000 @@ -93,12 +93,6 @@ #ifndef ETHERTYPE_VPROD #define ETHERTYPE_VPROD 0x805c #endif -#ifndef ETHERTYPE_ATALK -#define ETHERTYPE_ATALK 0x809b -#endif -#ifndef ETHERTYPE_AARP -#define ETHERTYPE_AARP 0x80f3 -#endif #ifndef ETHERTYPE_8021Q #define ETHERTYPE_8021Q 0x8100 #endif Index: usr.sbin/tcpdump/interface.h =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/interface.h,v retrieving revision 1.69 diff -u -p -r1.69 interface.h --- usr.sbin/tcpdump/interface.h 16 Nov 2016 13:47:27 -0000 1.69 +++ usr.sbin/tcpdump/interface.h 28 May 2017 13:46:58 -0000 @@ -183,10 +183,7 @@ extern int ether_encap_print(u_short, co extern int llc_print(const u_char *, u_int, u_int, const u_char *, const u_char *); extern int pppoe_if_print(u_short, const u_char *, u_int, u_int); -extern void aarp_print(const u_char *, u_int); extern void arp_print(const u_char *, u_int, u_int); -extern void atalk_print(const u_char *, u_int); -extern void atalk_print_llap(const u_char *, u_int); extern void atm_if_print(u_char *, const struct pcap_pkthdr *, const u_char *); extern void bootp_print(const u_char *, u_int, u_short, u_short); extern void bgp_print(const u_char *, int); Index: usr.sbin/tcpdump/print-ether.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-ether.c,v retrieving revision 1.31 diff -u -p -r1.31 print-ether.c --- usr.sbin/tcpdump/print-ether.c 11 Jul 2016 00:27:50 -0000 1.31 +++ usr.sbin/tcpdump/print-ether.c 28 May 2017 13:46:58 -0000 @@ -206,16 +206,6 @@ recurse: decnet_print(p, length, caplen); return (1); - case ETHERTYPE_ATALK: - if (vflag) - fputs("et1 ", stdout); - atalk_print_llap(p, length); - return (1); - - case ETHERTYPE_AARP: - aarp_print(p, length); - return (1); - case ETHERTYPE_8021Q: printf("802.1Q "); case ETHERTYPE_QINQ: Index: usr.sbin/tcpdump/print-llc.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-llc.c,v retrieving revision 1.20 diff -u -p -r1.20 print-llc.c --- usr.sbin/tcpdump/print-llc.c 16 Nov 2015 00:16:39 -0000 1.20 +++ usr.sbin/tcpdump/print-llc.c 28 May 2017 13:46:58 -0000 @@ -118,24 +118,7 @@ llc_print(const u_char *p, u_int length, /* This is an encapsulated Ethernet packet */ et = EXTRACT_16BITS(&llc.ethertype[0]); - - /* - * Some protocols have special handling if they are 802.3 - * SNAP encapsulated vs vers II encapsulated. Handle - * those special protocols here, and hand the rest to - * print-ether.c so we don't have to duplicate - * all that code here. - */ - switch (et) { - case ETHERTYPE_ATALK: - atalk_print(p, length); - ret = 1; - break; - default: - ret = ether_encap_print(et, p, length, caplen); - break; - } - + ret = ether_encap_print(et, p, length, caplen); if (ret) return (ret); } Index: usr.sbin/tcpdump/print-udp.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/print-udp.c,v retrieving revision 1.40 diff -u -p -r1.40 print-udp.c --- usr.sbin/tcpdump/print-udp.c 22 Dec 2015 21:01:07 -0000 1.40 +++ usr.sbin/tcpdump/print-udp.c 28 May 2017 13:46:59 -0000 @@ -56,7 +56,6 @@ #include "interface.h" #include "addrtoname.h" #include "extract.h" -#include "appletalk.h" #include "nfsv2.h" #include "bootp.h" @@ -521,14 +520,6 @@ udp_print(const u_char *bp, u_int length return; } #endif - } - if (TTEST(((struct LAP *)cp)->type) && - ((struct LAP *)cp)->type == lapDDP && - (atalk_port(sport) || atalk_port(dport))) { - if (vflag) - fputs("kip ", stdout); - atalk_print_llap(cp, length); - return; } } #if 0 Index: usr.sbin/tcpdump/privsep.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v retrieving revision 1.44 diff -u -p -r1.44 privsep.c --- usr.sbin/tcpdump/privsep.c 23 Jan 2017 04:25:05 -0000 1.44 +++ usr.sbin/tcpdump/privsep.c 28 May 2017 13:46:59 -0000 @@ -101,8 +101,7 @@ struct ftab { int count; }; -static struct ftab file_table[] = {{"/etc/appletalk.names", 1, 0}, - {PF_OSFP_FILE, 1, 0}}; +static struct ftab file_table[] = {{PF_OSFP_FILE, 1, 0}}; #define NUM_FILETAB (sizeof(file_table) / sizeof(struct ftab)) Index: usr.sbin/tcpdump/privsep.h =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/privsep.h,v retrieving revision 1.8 diff -u -p -r1.8 privsep.h --- usr.sbin/tcpdump/privsep.h 14 Jul 2015 20:23:40 -0000 1.8 +++ usr.sbin/tcpdump/privsep.h 28 May 2017 13:46:59 -0000 @@ -22,8 +22,7 @@ #define TCPDUMP_MAGIC 0xa1b2c3d4 /* file ids used by priv_getlines */ -#define FTAB_APPLETALK 0 -#define FTAB_PFOSFP 1 +#define FTAB_PFOSFP 0 enum cmd_types { PRIV_OPEN_BPF, /* open a bpf descriptor */ Index: usr.sbin/tcpdump/tcpdump.8 =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v retrieving revision 1.92 diff -u -p -r1.92 tcpdump.8 --- usr.sbin/tcpdump/tcpdump.8 19 Apr 2017 05:36:13 -0000 1.92 +++ usr.sbin/tcpdump/tcpdump.8 28 May 2017 13:47:00 -0000 @@ -1604,142 +1604,6 @@ requests, and matches them to the replie .Pq transaction ID . If a reply does not closely follow the corresponding request, it might not be parsable. -.Ss KIP AppleTalk (DDP in UDP) -AppleTalk DDP packets encapsulated in UDP datagrams -are de-encapsulated and dumped as DDP packets -.Pq i.e., all the UDP header information is discarded . -The file -.Pa /etc/atalk.names -is used to translate AppleTalk net and node numbers to names. -Lines in this file have the form -.Bl -column "number" "name" -offset indent -.It Sy "number" Ta Ta Sy "name" -.It "1.254" Ta Ta "ether" -.It "16.1" Ta Ta "icsd-net" -.It "1.254.110" Ta Ta "ace" -.El -.Pp -The first two lines give the names of AppleTalk networks. -The third line gives the name of a particular host -(a host is distinguished from a net by the 3rd octet in the number; -a net number -.Em must -have two octets and a host number -.Em must -have three octets). -The number and name should be separated by whitespace (blanks or tabs). -The -.Pa /etc/atalk.names -file may contain blank lines or comment lines -(lines starting with a -.Ql # ) . -.Pp -AppleTalk addresses are printed in the form -.Pp -.D1 Ar net . Ns Ar host . Ns Ar port -.Pp -For example: -.Bd -unfilled -offset indent -144.1.209.2 > icsd-net.112.220 -office.2 > icsd-net.112.220 -jssmag.149.235 > icsd-net.2 -.Ed -.Pp -If -.Pa /etc/atalk.names -doesn't exist or doesn't contain an entry for some AppleTalk -host/net number, addresses are printed in numeric form. -In the first example, NBP -.Pq DDP port 2 -on net 144.1 node 209 -is sending to whatever is listening on port 220 of net icsd-net node 112. -The second line is the same except the full name of the source node is known -.Pq Dq office . -The third line is a send from port 235 on -net jssmag node 149 to broadcast on the icsd-net NBP port. -The broadcast address -.Pq 255 -is indicated by a net name with no host number; -for this reason it is a good idea to keep node names and net names distinct in -.Pa /etc/atalk.names . -.Pp -NBP -.Pq name binding protocol -and ATP -.Pq AppleTalk transaction protocol -packets have their contents interpreted. -Other protocols just dump the protocol name -.Po -or number if no name is registered for the protocol -.Pc -and packet size. -.Pp -NBP packets are formatted like the following examples: -.Bd -unfilled -icsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*" -jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250 -techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186 -.Ed -.Pp -The first line is a name lookup request for laserwriters sent by -net icsdi-net host -112 and broadcast on net jssmag. -The nbp ID for the lookup is 190. -The second line shows a reply for this request -.Pq note that it has the same ID -from host jssmag.209 saying that it has a laserwriter -resource named RM1140 registered on port 250. -The third line is another reply to the same request -saying host techpit has laserwriter techpit registered on port 186. -.Pp -ATP packet formatting is demonstrated by the following example: -.Bd -unfilled -offset indent -jssmag.209.165 > helios.132: atp-req 12266<0-7> 0xae030001 -helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:4 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:6 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp*12266:7 (512) 0xae040000 -jssmag.209.165 > helios.132: atp-req 12266<3,5> 0xae030001 -helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000 -helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000 -jssmag.209.165 > helios.132: atp-rel 12266<0-7> 0xae030001 -jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002 -.Ed -.Pp -Jssmag.209 initiates transaction ID 12266 with host helios by requesting -up to 8 packets -.Sm off -.Pq the Dq <0\-7> . -.Sm on -The hex number at the end of the line is the value of the -.Ar userdata -field in the request. -.Pp -Helios responds with 8 512-byte packets. -The -.Dq : Ns Ar n -following the -transaction ID gives the packet sequence number in the transaction -and the number in parentheses is the amount of data in the packet, -excluding the ATP header. -The -.Ql * -on packet 7 indicates that the EOM bit was set. -.Pp -Jssmag.209 then requests that packets 3 & 5 be retransmitted. -Helios resends them then jssmag.209 releases the transaction. -Finally, jssmag.209 initiates the next request. -The -.Ql * -on the request indicates that XO -.Pq exactly once -was -.Em not -set. .Ss IP Fragmentation Fragmented Internet datagrams are printed as .Bd -ragged -offset indent @@ -1901,12 +1765,6 @@ question section is printed rather than Some believe that inverse queries are themselves a bug and prefer to fix the program generating them rather than .Nm tcpdump . -.Pp -Apple Ethertalk DDP packets could be dumped as easily as KIP DDP packets -but aren't. -Even if we were inclined to do anything to promote the use of Ethertalk -(we aren't, LBL doesn't allow Ethertalk on any of its -networks so we'd have no way of testing this code). .Pp A packet trace that crosses a daylight saving time change will give skewed time stamps -- Michal Mazurek