On Tue, Mar 07, 2023 at 09:35:28AM +0100, p...@delphinusdns.org wrote:
> >Synopsis: unsafe macro in tcpdump/print-ike.c and /etc/tcpdump.conf
I hope I made some impact on this. Let me spice it up a little more with an
updated /etc/tcpdump.conf file. I forgot to add ntp to the default so I added
that. Also this implementation errors out on 802_11 file, I'll fix that, if
you like it. If you don't like it I'm worried this change will get buried as
I'm not able to maintain my own code on top of OpenBSD's, things happen too
quickly at OpenBSD.
# $OpenBSD$
# /etc/tcpdump.conf policy file
default_L2="ether, llc"
default_L3="ip, ip6, arp"
default_L4="icmp, tcp, udp, icmp6"
default_L7="domain, ntp"
# the default policy
policy default { $default_L2, $default_L3, $default_L4, $default_L7 }
# only allow ethernet
policy ethernet { ether, llc }
# allow tunnels
tunnels="gre, etherip, enc, wg, ipsec"
policy tunnels { $default_L2, $default_L3, $default_L4, $default_L7, $tunnels }
# all protocols, Use with Caution!
policy all { arp, atalk, atm, bgp, bootp, carp, cdp, cnfp, decnet, dhcp6,
domain, dvmrp, enc, ether, etherip, fddi, frag6, gre, gtp, hsrp, iapp, icmp,
icmp6, igrp, ike, ip, ip6, ip6opts, ipsec, ipx, isoclns, krb, l2tp, llc, lldp,
lwres, mobile, mpls, netbios, nfs, nhrp, nsh, ntp, null, ofp, ospf, ospf6,
pflog, pfsync, pim, ppp, radius, raw, rip, ripng, rt6, sl, slow, smb, snmp,
stp, sunrpc, tcp, tftp, timed, udp, udpencap, usbpcap, vqp, vrrp, wb, wg }
This tcpdump.conf file works for me. To get the old tcpdump behaviour you
would use tcpdump -Yall, but like the comments says Use with Caution.
Best Regards,
-peter
