Merge sync of head

3 files changed, 354 insertions, 144 deletions

diff --git a/usr.sbin/tcpdump/tcpdump/Makefile b/usr.sbin/tcpdump/tcpdump/Makefile
index fcaa13e..00d768e 100644
--- a/usr.sbin/tcpdump/tcpdump/Makefile
+++ b/usr.sbin/tcpdump/tcpdump/Makefile
@@ -23,7 +23,9 @@ SRCS=	addrtoname.c \
 	print-802_11.c \
 	print-802_15_4.c \
 	print-ah.c \
+	print-ahcp.c \
 	print-aodv.c \
+	print-aoe.c \
 	print-ap1394.c \
 	print-arcnet.c \
 	print-arp.c \
@@ -35,6 +37,7 @@ SRCS=	addrtoname.c \
 	print-bgp.c \
 	print-bootp.c \
 	print-bt.c \
+	print-calm-fast.c \
 	print-carp.c \
 	print-cdp.c \
 	print-cfm.c \
@@ -55,6 +58,7 @@ SRCS=	addrtoname.c \
 	print-fddi.c \
 	print-forces.c \
 	print-fr.c \
+	print-geonet.c \
 	print-gre.c \
 	print-hsrp.c \
 	print-icmp.c \
@@ -75,22 +79,28 @@ SRCS=	addrtoname.c \
 	print-llc.c \
 	print-lldp.c \
 	print-lmp.c \
+	print-loopback.c \
 	print-lspping.c \
 	print-lwapp.c \
 	print-lwres.c \
+	print-m3ua.c \
 	print-mobile.c \
 	print-mpcp.c \
 	print-mpls.c \
+	print-mptcp.c \
 	print-msdp.c \
 	print-msnlb.c \
 	print-nfs.c \
 	print-ntp.c \
 	print-null.c \
 	print-olsr.c \
+	print-openflow.c \
+	print-openflow-1.0.c \
 	print-ospf.c \
 	print-otv.c \
 	print-pgm.c \
 	print-pim.c \
+	print-pktap.c \
 	print-ppi.c \
 	print-ppp.c \
 	print-pppoe.c \
@@ -160,16 +170,13 @@ CFLAGS+=	-DINET6
 CFLAGS+=	-DLBL_ALIGN
 .endif
 
-DPADD=	${LIBL} ${LIBPCAP}
-LDADD=	-ll -lpcap
+LIBADD=	l pcap
 .if ${MK_CASPER} != "no"
-DPADD+=	${LIBCAPSICUM} ${LIBNV}
-LDADD+=	-lcapsicum -lnv
-CFLAGS+=-DHAVE_LIBCAPSICUM
+LIBADD+=	capsicum
+CFLAGS+=-DHAVE_CAPSICUM
 .endif
 .if ${MK_OPENSSL} != "no"
-DPADD+= ${LIBCRYPTO}
-LDADD+= -lcrypto
+LIBADD+=	crypto
 CFLAGS+= -I${DESTDIR}/usr/include/openssl
 CFLAGS+= -DHAVE_LIBCRYPTO -DHAVE_OPENSSL_EVP_H
 .endif
diff --git a/usr.sbin/tcpdump/tcpdump/config.h b/usr.sbin/tcpdump/tcpdump/config.h
index 62fa3cd..84dc094 100644
--- a/usr.sbin/tcpdump/tcpdump/config.h
+++ b/usr.sbin/tcpdump/tcpdump/config.h
@@ -3,92 +3,39 @@
 
 /* config.h.  Generated from config.h.in by configure.  */
 /* config.h.in.  Generated from configure.in by autoheader.  */
-/* "generated automatically" means DO NOT MAKE CHANGES TO config.h.in --
- * make them to acconfig.h and rerun autoheader */
 
-/* Define if you enable IPv6 support */
-/* See Makefile */
-/* #undef INET6 */
-
-/* Define if you enable support for the libsmi. */
-/* #undef LIBSMI */
-
-/* define if you have the addrinfo function. */
+/* define if you have the addrinfo function */
 #define HAVE_ADDRINFO 1
 
-/* define if you need to include missing/addrinfoh.h. */
-/* #undef NEED_ADDRINFO_H */
-
-/* define ifyou have the h_errno variable. */
-#define HAVE_H_ERRNO 1
-
-/* define if you have struct sockaddr_storage */
-#define HAVE_SOCKADDR_STORAGE 1
-
-/* define if you have both getipnodebyname() and getipnodebyaddr() */
-/* #undef USE_GETIPNODEBY */
-
-/* define if you have ether_ntohost() and it works */
-#define USE_ETHER_NTOHOST 1
-
-/* define if libpcap has pcap_version */
-/* #undef HAVE_PCAP_VERSION */
-
-/* define if libpcap has pcap_debug */
-/* #undef HAVE_PCAP_DEBUG */
-
-/* define if libpcap has yydebug */
-/* #undef HAVE_YYDEBUG */
-
-/* define if libpcap has pcap_list_datalinks() */
-#define HAVE_PCAP_LIST_DATALINKS 1
-
-/* define if libpcap has pcap_set_datalink() */
-#define HAVE_PCAP_SET_DATALINK 1
-
-/* define if libpcap has pcap_datalink_name_to_val() */
-#define HAVE_PCAP_DATALINK_NAME_TO_VAL 1
-
-/* define if libpcap has pcap_datalink_val_to_description() */
-#define HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION 1
-
-/* define if libpcap has pcap_dump_ftell() */
-#define HAVE_PCAP_DUMP_FTELL 1
-
-/* define if you have getrpcbynumber() */
-#define HAVE_GETRPCBYNUMBER 1
+/* Define to 1 if you have the `alarm' function. */
+#define HAVE_ALARM 1
 
-/* Workaround for missing 64-bit formats */
-/* #undef PRId64 */
-/* #undef PRIo64 */
-/* #undef PRIx64 */
-/* #undef PRIu64 */
+/* Define to 1 if you have the `bpf_dump' function. */
+#define HAVE_BPF_DUMP 1
 
-/* Whether or not to include the possibly-buggy SMB printer */
-#define TCPDUMP_DO_SMB 1
+/* capsicum support available */
+/* See Makefile */
+/* #undef HAVE_CAPSICUM */
 
-/* Define if you have the dnet_htoa function.  */
-/* #undef HAVE_DNET_HTOA */
+/* Define to 1 if you have the `cap_enter' function. */
+#define HAVE_CAP_ENTER 1
 
-/* Define if you have a dnet_htoa declaration in <netdnet/dnetdb.h>.  */
-/* #undef HAVE_NETDNET_DNETDB_H_DNET_HTOA */
+/* Define to 1 if you have the `cap_ioctls_limit' function. */
+#define HAVE_CAP_IOCTLS_LIMIT 1
 
-/* define if should drop privileges by default */
-/* #undef WITH_USER */
+/* Define to 1 if you have the `cap_rights_init' function. */
+/* #undef HAVE_CAP_RIGHTS_INIT */
 
-/* define if should chroot when dropping privileges */
-/* #undef WITH_CHROOT */
-
-/* Define to 1 if you have the `alarm' function. */
-#define HAVE_ALARM 1
-
-/* Define to 1 if you have the `bpf_dump' function. */
-#define HAVE_BPF_DUMP 1
+/* Define to 1 if you have the `cap_rights_limit' function. */
+#define HAVE_CAP_RIGHTS_LIMIT 1
 
 /* Define to 1 if you have the declaration of `ether_ntohost', and to 0 if you
    don't. */
 #define HAVE_DECL_ETHER_NTOHOST 1
 
+/* define if you have the dnet_htoa function */
+/* #undef HAVE_DNET_HTOA */
+
 /* Define to 1 if you have the `ether_ntohost' function. */
 #define HAVE_ETHER_NTOHOST 1
 
@@ -101,6 +48,15 @@
 /* Define to 1 if you have the `getnameinfo' function. */
 #define HAVE_GETNAMEINFO 1
 
+/* Define to 1 if you have the `getopt_long' function. */
+#define HAVE_GETOPT_LONG 1
+
+/* define if you have getrpcbynumber() */
+#define HAVE_GETRPCBYNUMBER 1
+
+/* define if you have the h_errno variable */
+#define HAVE_H_ERRNO 1
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #define HAVE_INTTYPES_H 1
 
@@ -111,15 +67,15 @@
 /* Define to 1 if you have the `rpc' library (-lrpc). */
 /* #undef HAVE_LIBRPC */
 
-/* Define to 1 if you have the `smi' library (-lsmi). */
-/* #undef HAVE_LIBSMI */
-
 /* Define to 1 if you have the <memory.h> header file. */
 #define HAVE_MEMORY_H 1
 
 /* Define to 1 if you have the <netdnet/dnetdb.h> header file. */
 /* #undef HAVE_NETDNET_DNETDB_H */
 
+/* define if you have a dnet_htoa declaration in <netdnet/dnetdb.h> */
+/* #undef HAVE_NETDNET_DNETDB_H_DNET_HTOA */
+
 /* Define to 1 if you have the <netinet/ether.h> header file. */
 /* #undef HAVE_NETINET_ETHER_H */
 
@@ -130,6 +86,9 @@
 /* See Makefile */
 /* #undef HAVE_NET_PFVAR_H */
 
+/* Define to 1 if you have the `openat' function. */
+#define HAVE_OPENAT 1
+
 /* Define to 1 if you have the <openssl/evp.h> header file. */
 /* See Makefile */
 /* #undef HAVE_OPENSSL_EVP_H 1 */
@@ -146,24 +105,57 @@
 /* Define to 1 if you have the `pcap_create' function. */
 #define HAVE_PCAP_CREATE 1
 
+/* define if libpcap has pcap_datalink_name_to_val() */
+#define HAVE_PCAP_DATALINK_NAME_TO_VAL 1
+
+/* define if libpcap has pcap_datalink_val_to_description() */
+#define HAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION 1
+
+/* define if libpcap has pcap_debug */
+/* #undef HAVE_PCAP_DEBUG */
+
 /* Define to 1 if you have the `pcap_dump_flush' function. */
 #define HAVE_PCAP_DUMP_FLUSH 1
 
+/* define if libpcap has pcap_dump_ftell() */
+#define HAVE_PCAP_DUMP_FTELL 1
+
 /* Define to 1 if you have the `pcap_findalldevs' function. */
 #define HAVE_PCAP_FINDALLDEVS 1
 
+/* Define to 1 if you have the `pcap_free_datalinks' function. */
+#define HAVE_PCAP_FREE_DATALINKS 1
+
 /* Define to 1 if the system has the type `pcap_if_t'. */
 #define HAVE_PCAP_IF_T 1
 
 /* Define to 1 if you have the `pcap_lib_version' function. */
 #define HAVE_PCAP_LIB_VERSION 1
 
+/* define if libpcap has pcap_list_datalinks() */
+#define HAVE_PCAP_LIST_DATALINKS 1
+
+/* Define to 1 if you have the <pcap/nflog.h> header file. */
+/* #undef HAVE_PCAP_NFLOG_H */
+
+/* Define to 1 if you have the `pcap_setdirection' function. */
+#define HAVE_PCAP_SETDIRECTION 1
+
+/* Define to 1 if you have the `pcap_set_datalink' function. */
+#define HAVE_PCAP_SET_DATALINK 1
+
+/* Define to 1 if you have the `pcap_set_tstamp_precision' function. */
+#define HAVE_PCAP_SET_TSTAMP_PRECISION 1
+
 /* Define to 1 if you have the `pcap_set_tstamp_type' function. */
 #define HAVE_PCAP_SET_TSTAMP_TYPE 1
 
 /* Define to 1 if you have the <pcap/usb.h> header file. */
 /* #undef HAVE_PCAP_USB_H */
 
+/* define if libpcap has pcap_version */
+/* #undef HAVE_PCAP_VERSION */
+
 /* Define to 1 if you have the `pfopen' function. */
 /* #undef HAVE_PFOPEN */
 
@@ -182,9 +174,6 @@
 /* Define to 1 if you have the `sigset' function. */
 /* #undef HAVE_SIGSET */
 
-/* Define to 1 if you have the <smi.h> header file. */
-/* #undef HAVE_SMI_H */
-
 /* Define to 1 if you have the `snprintf' function. */
 #define HAVE_SNPRINTF 1
 
@@ -224,9 +213,6 @@
 /* Define to 1 if the system has the type `struct ether_addr'. */
 /* #undef HAVE_STRUCT_ETHER_ADDR */
 
-/* Define to 1 if you have the <sys/bitypes.h> header file. */
-/* #undef HAVE_SYS_BITYPES_H */
-
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #define HAVE_SYS_STAT_H 1
 
@@ -245,12 +231,22 @@
 /* Define to 1 if you have the `vsnprintf' function. */
 #define HAVE_VSNPRINTF 1
 
+/* define if libpcap has yydebug */
+/* #undef HAVE_YYDEBUG */
+
 /* define if your compiler has __attribute__ */
 #define HAVE___ATTRIBUTE__ 1
 
+/* Define if you enable IPv6 support */
+/* See Makefile */
+/* #undef INET6 */
+
 /* if unaligned access fails */
 /* #undef LBL_ALIGN */
 
+/* define if you need to include missing/addrinfo.h */
+/* #undef NEED_ADDRINFO_H */
+
 /* Define to 1 if netinet/ether.h declares `ether_ntohost' */
 /* #undef NETINET_ETHER_H_DECLARES_ETHER_NTOHOST */
 
@@ -269,9 +265,24 @@
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME ""
 
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
 /* Define to the version of this package. */
 #define PACKAGE_VERSION ""
 
+/* define if the platform doesn't define PRId64 */
+/* #undef PRId64 */
+
+/* define if the platform doesn't define PRIo64 */
+/* #undef PRIo64 */
+
+/* define if the platform doesn't define PRIx64 */
+/* #undef PRIu64 */
+
+/* define if the platform doesn't define PRIu64 */
+/* #undef PRIx64 */
+
 /* Define as the return type of signal handlers (`int' or `void'). */
 #define RETSIGTYPE void
 
@@ -281,48 +292,102 @@
 /* Define to 1 if you have the ANSI C header files. */
 #define STDC_HEADERS 1
 
+/* define if you want to build the possibly-buggy SMB printer */
+#define TCPDUMP_DO_SMB 1
+
 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #define TIME_WITH_SYS_TIME 1
 
+/* define if you have ether_ntohost() and it works */
+#define USE_ETHER_NTOHOST 1
+
+/* Define if you enable support for libsmi */
+/* #undef USE_LIBSMI */
+
+/* define if should chroot when dropping privileges */
+/* #undef WITH_CHROOT */
+
+/* define if should drop privileges by default */
+/* #undef WITH_USER */
+
 /* get BSD semantics on Irix */
 /* #undef _BSD_SIGNALS */
 
-/* needed on HP-UX */
-/* #undef _HPUX_SOURCE */
-
 /* define on AIX to get certain functions */
 /* #undef _SUN */
 
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT32_T */
+
+/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT64_T */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* define if your compiler allows __attribute__((format)) without a warning */
+#define __ATTRIBUTE___FORMAT_OK 1
+
 /* define if your compiler allows __attribute__((format)) to be applied to
    function pointers */
 #define __ATTRIBUTE___FORMAT_OK_FOR_FUNCTION_POINTERS 1
 
+/* define if your compiler allows __attribute__((noreturn)) to be applied to
+   function pointers */
+#define __ATTRIBUTE___NORETURN_OK_FOR_FUNCTION_POINTERS 1
+
 /* to handle Ultrix compilers that don't support const in prototypes */
 /* #undef const */
 
 /* Define as token for inline if inlining supported */
 #define inline inline
 
-/* Define to `short' if int16_t not defined. */
+/* Define to the type of a signed integer type of width exactly 16 bits if
+   such a type exists and the standard includes do not define it. */
 /* #undef int16_t */
 
-/* Define to `int' if int32_t not defined. */
+/* Define to the type of a signed integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
 /* #undef int32_t */
 
-/* Define to `long long' if int64_t not defined. */
+/* Define to the type of a signed integer type of width exactly 64 bits if
+   such a type exists and the standard includes do not define it. */
 /* #undef int64_t */
 
-/* Define to `signed char' if int8_t not defined. */
+/* Define to the type of a signed integer type of width exactly 8 bits if such
+   a type exists and the standard includes do not define it. */
 /* #undef int8_t */
 
-/* Define to `unsigned short' if u_int16_t not defined. */
+/* Define to `uint16_t' if u_int16_t not defined. */
 /* #undef u_int16_t */
 
-/* Define to `unsigned int' if u_int32_t not defined. */
+/* Define to `uint32_t' if u_int32_t not defined. */
 /* #undef u_int32_t */
 
-/* Define to `unsigned long long' if u_int64_t not defined. */
+/* Define to `uint64_t' if u_int64_t not defined. */
 /* #undef u_int64_t */
 
-/* Define to `unsigned char' if u_int8_t not defined. */
+/* Define to `uint8_t' if u_int8_t not defined. */
 /* #undef u_int8_t */
+
+/* Define to the type of an unsigned integer type of width exactly 16 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint16_t */
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint32_t */
+
+/* Define to the type of an unsigned integer type of width exactly 64 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint64_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
diff --git a/usr.sbin/tcpdump/tcpdump/tcpdump.1 b/usr.sbin/tcpdump/tcpdump/tcpdump.1
index ca6d795..bef5690 100644
--- a/usr.sbin/tcpdump/tcpdump/tcpdump.1
+++ b/usr.sbin/tcpdump/tcpdump/tcpdump.1
@@ -1,6 +1,4 @@
 .\" $FreeBSD$
-.\" @(#) $Header: /tcpdump/master/tcpdump/tcpdump.1.in,v 1.2 2008-11-09 23:35:03 mcr Exp $ (LBL)
-.\"
 .\"	$NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $
 .\"
 .\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
@@ -23,18 +21,21 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH TCPDUMP 1  "12 July 2012"
+.TH TCPDUMP 1  "11 July 2014"
 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
 .na
 .B tcpdump
 [
-.B \-AbdDefhHIJKlLnNOpqRStuUvxX
+.B \-AbdDefhHIJKlLnNOpqRStuUvxX#
 ] [
 .B \-B
 .I buffer_size
-] [
+]
+.br
+.ti +8
+[
 .B \-c
 .I count
 ]
@@ -71,6 +72,14 @@ tcpdump \- dump traffic on a network
 .br
 .ti +8
 [
+.B \-\-number
+]
+[
+.B \-Q
+.I in|out|inout
+]
+.ti +8
+[
 .B \-r
 .I file
 ]
@@ -118,6 +127,13 @@ tcpdump \- dump traffic on a network
 ]
 .ti +8
 [
+.BI \-\-time\-stamp\-precision= tstamp_precision
+]
+[
+.B \-\-version
+]
+.ti +8
+[
 .I expression
 ]
 .br
@@ -206,14 +222,18 @@ capturing web pages.
 Print the AS number in BGP packets in ASDOT notation rather than ASPLAIN
 notation.
 .TP
-.B \-B
+.BI \-B " buffer_size"
+.PD 0
+.TP
+.BI \-\-buffer\-size= buffer_size
+.PD
 Set the operating system capture buffer size to \fIbuffer_size\fP, in
 units of KiB (1024 bytes).
 .TP
-.B \-c
+.BI \-c " count"
 Exit after receiving \fIcount\fP packets.
 .TP
-.B \-C
+.BI \-C " file_size"
 Before writing a raw packet to a savefile, check whether the file is
 currently larger than \fIfile_size\fP and, if so, close the current
 savefile and open a new one.  Savefiles after the first savefile will
@@ -236,6 +256,10 @@ program fragment.
 Dump packet-matching code as decimal numbers (preceded with a count).
 .TP
 .B \-D
+.PD 0
+.TP
+.B \-\-list\-interfaces
+.PD
 Print the list of the network interfaces available on the system and on
 which
 .I tcpdump
@@ -315,11 +339,11 @@ because the capture is being done on the Linux "any" interface, which
 can capture on more than one interface, this option will not work
 correctly.
 .TP
-.B \-F
+.BI \-F " file"
 Use \fIfile\fP as input for the filter expression.
 An additional expression given on the command line is ignored.
 .TP
-.B \-G
+.BI \-G " rotate_seconds"
 If specified, rotates the dump file specified with the
 .B \-w
 option every \fIrotate_seconds\fP seconds.
@@ -334,17 +358,29 @@ If used in conjunction with the
 option, filenames will take the form of `\fIfile\fP<count>'.
 .TP
 .B \-h
+.PD 0
+.TP
+.B \-\-help
+.PD
 Print the tcpdump and libpcap version strings, print a usage message,
 and exit.
 .TP
+.B \-\-version
+.PD
+Print the tcpdump and libpcap version strings and exit.
+.TP
 .B \-H
 Attempt to detect 802.11s draft mesh headers.
 .TP
-.B \-i
+.BI \-i " interface"
+.PD 0
+.TP
+.BI \-\-interface= interface
+.PD
 Listen on \fIinterface\fP.
 If unspecified, \fItcpdump\fP searches the system interface list for the
-lowest numbered, configured up interface (excluding loopback).
-Ties are broken by choosing the earliest match.
+lowest numbered, configured up interface (excluding loopback), which may turn
+out to be, for example, ``eth0''.
 .IP
 On Linux systems with 2.2 or later kernels, an
 .I interface
@@ -360,6 +396,10 @@ used as the
 argument.
 .TP
 .B \-I
+.PD 0
+.TP
+.B \-\-monitor\-mode
+.PD
 Put the interface in "monitor mode"; this is supported only on IEEE
 802.11 Wi-Fi interfaces, and supported only on some operating systems.
 .IP
@@ -380,19 +420,50 @@ monitor mode will be shown; if
 is specified, only those link-layer types available when in monitor mode
 will be shown.
 .TP
-.B \-j
+.BI \-j " tstamp_type"
+.PD 0
+.TP
+.BI \-\-time\-stamp\-type= tstamp_type
+.PD
 Set the time stamp type for the capture to \fItstamp_type\fP.  The names
 to use for the time stamp types are given in
-.BR pcap-tstamp-type (7);
+.BR pcap-tstamp (7);
 not all the types listed there will necessarily be valid for any given
 interface.
 .TP
 .B \-J
+.PD 0
+.TP
+.B \-\-list\-time\-stamp\-types
+.PD
 List the supported time stamp types for the interface and exit.  If the
 time stamp type cannot be set for the interface, no time stamp types are
 listed.
 .TP
+.BI \-\-time\-stamp\-precision= tstamp_precision
+When capturing, set the time stamp precision for the capture to
+\fItstamp_precision\fP.  Note that availability of high precision time
+stamps (nanoseconds) and their actual accuracy is platform and hardware
+dependent.  Also note that when writing captures made with nanosecond
+accuracy to a savefile, the time stamps are written with nanosecond
+resolution, and the file is written with a different magic number, to
+indicate that the time stamps are in seconds and nanoseconds; not all
+programs that read pcap savefiles will be able to read those captures.
+.LP
+When reading a savefile, convert time stamps to the precision specified
+by \fItimestamp_precision\fP, and display them with that resolution.  If
+the precision specified is less than the precision of time stamps in the
+file, the conversion will lose precision.
+.LP
+The supported values for \fItimestamp_precision\fP are \fBmicro\fP for
+microsecond resolution and \fBnano\fP for nanosecond resolution.  The
+default is microsecond resolution.
+.TP
 .B \-K
+.PD 0
+.TP
+.B \-\-dont\-verify\-checksums
+.PD
 Don't attempt to verify IP, TCP, or UDP checksums.  This is useful for
 interfaces that perform some or all of those checksum calculation in
 hardware; otherwise, all outgoing TCP checksums will be flagged as bad.
@@ -435,6 +506,10 @@ than at the end of each line; this is buffered on all platforms,
 including Windows.
 .TP
 .B \-L
+.PD 0
+.TP
+.B \-\-list\-data\-link\-types
+.PD
 List the known data link types for the interface, in the specified mode,
 and exit.  The list of known data link types may be dependent on the
 specified mode; for example, on some platforms, a Wi-Fi interface might
@@ -445,12 +520,12 @@ and another set of data link types when in monitor mode (for example, it
 might support 802.11 headers, or 802.11 headers with radio information,
 only in monitor mode).
 .TP
-.B \-m
+.BI \-m " module"
 Load SMI MIB module definitions from file \fImodule\fR.
 This option
 can be used several times to load several MIB modules into \fItcpdump\fP.
 .TP
-.B \-M
+.BI \-M " secret"
 Use \fIsecret\fP as a shared secret for validating the digests found in
 TCP segments with the TCP-MD5 option (RFC 2385), if present.
 .TP
@@ -463,18 +538,42 @@ E.g.,
 if you give this flag then \fItcpdump\fP will print ``nic''
 instead of ``nic.ddn.mil''.
 .TP
+.B \-#
+.PD 0
+.TP
+.B \-\-number
+.PD
+Print an optional packet number at the beginning of the line.
+.TP
 .B \-O
+.PD 0
+.TP
+.B \-\-no\-optimize
+.PD
 Do not run the packet-matching code optimizer.
 This is useful only
 if you suspect a bug in the optimizer.
 .TP
 .B \-p
+.PD 0
+.TP
+.B \-\-no\-promiscuous\-mode
+.PD
 \fIDon't\fP put the interface
 into promiscuous mode.
 Note that the interface might be in promiscuous
 mode for some other reason; hence, `-p' cannot be used as an abbreviation for
 `ether host {local-hw-addr} or ether broadcast'.
 .TP
+.BI \-Q " direction"
+.PD 0
+.TP
+.BI \-\-direction= direction
+.PD
+Choose send/receive direction \fIdirection\fR for which packets should be
+captured. Possible values are `in', `out' and `inout'. Not available
+on all platforms.
+.TP
 .B \-q
 Quick (quiet?) output.
 Print less protocol information so output
@@ -486,16 +585,24 @@ If specified, \fItcpdump\fP will not print replay prevention field.
 Since there is no protocol version field in ESP/AH specification,
 \fItcpdump\fP cannot deduce the version of ESP/AH protocol.
 .TP
-.B \-r
+.BI \-r " file"
 Read packets from \fIfile\fR (which was created with the
 .B \-w
-option).
+option or by other tools that write pcap or pcap-ng files).
 Standard input is used if \fIfile\fR is ``-''.
 .TP
 .B \-S
+.PD 0
+.TP
+.B \-\-absolute\-tcp\-sequence\-numbers
+.PD
 Print absolute, rather than relative, TCP sequence numbers.
 .TP
-.B \-s
+.BI \-s " snaplen"
+.PD 0
+.TP
+.BI \-\-snapshot\-length= snaplen
+.PD
 Snarf \fIsnaplen\fP bytes of data from each packet rather than the
 default of 65535 bytes.
 Packets truncated because of a limited snapshot
@@ -513,13 +620,16 @@ Setting
 for backwards compatibility with recent older versions of
 .IR tcpdump .
 .TP
-.B \-T
+.BI \-T " type"
 Force packets selected by "\fIexpression\fP" to be interpreted the
 specified \fItype\fR.
 Currently known types are
 \fBaodv\fR (Ad-hoc On-demand Distance Vector protocol),
 \fBcarp\fR (Common Address Redundancy Protocol),
 \fBcnfp\fR (Cisco NetFlow protocol),
+\fBlmp\fR (Link Management Protocol),
+\fBpgm\fR (Pragmatic General Multicast),
+\fBpgm_zmtp1\fR (ZMTP/1.0 inside PGM/EPGM),
 \fBradius\fR (RADIUS),
 \fBrpc\fR (Remote Procedure Call),
 \fBrtp\fR (Real-Time Applications protocol),
@@ -531,6 +641,16 @@ Currently known types are
 \fBzmtp1\fR (ZeroMQ Message Transport Protocol 1.0)
 and
 \fBvxlan\fR (Virtual eXtensible Local Area Network).
+.IP
+Note that the \fBpgm\fR type above affects UDP interpretation only, the native
+PGM is always recognised as IP protocol 113 regardless. UDP-encapsulated PGM is
+often called "EPGM" or "PGM/UDP".
+.IP
+Note that the \fBpgm_zmtp1\fR type above affects interpretation of both native
+PGM and UDP at once. During the native PGM decoding the application data of an
+ODATA/RDATA packet would be decoded as a ZeroMQ datagram with ZMTP/1.0 frames.
+During the UDP decoding in addition to that any UDP packet would be treated as
+an encapsulated PGM packet.
 .TP
 .B \-t
 \fIDon't\fP print a timestamp on each dump line.
@@ -553,6 +673,10 @@ on each dump line.
 Print undecoded NFS handles.
 .TP
 .B \-U
+.PD 0
+.TP
+.B \-\-packet\-buffered
+.PD
 If the
 .B \-w
 option is not specified, make the printed packet output
@@ -603,11 +727,11 @@ With
 .B \-X
 Telnet options are printed in hex as well.
 .TP
-.B \-V
+.BI \-V " file"
 Read a list of filenames from \fIfile\fR. Standard input is used
 if \fIfile\fR is ``-''.
 .TP
-.B \-w
+.BI \-w " file"
 Write the raw packets to \fIfile\fR rather than parsing and printing
 them out.
 They can later be printed with the \-r option.
@@ -680,10 +804,14 @@ each packet,
 .I including
 its link level header, in hex and ASCII.
 .TP
-.B \-y
+.BI \-y " datalinktype"
+.PD 0
+.TP
+.BI \-\-linktype= datalinktype
+.PD
 Set the data link type to use while capturing packets to \fIdatalinktype\fP.
 .TP
-.B \-z
+.BI \-z " postrotate-command"
 Used in conjunction with the
 .B -C
 or
@@ -691,7 +819,7 @@ or
 options, this will make
 .I tcpdump
 run "
-.I command file
+.I postrotate-command file
 " where
 .I file
 is the savefile being closed after each rotation. For example, specifying
@@ -708,7 +836,11 @@ different arguments, you can always write a shell script that will take the
 savefile name as the only argument, make the flags & arguments arrangements
 and execute the command that you want.
 .TP
-.B \-Z
+.BI \-Z " user"
+.PD 0
+.TP
+.BI \-\-relinquish\-privileges= user
+.PD
 If
 .I tcpdump
 is running as root, after opening the capture device or input savefile,
@@ -729,8 +861,8 @@ only packets for which \fIexpression\fP is `true' will be dumped.
 For the \fIexpression\fP syntax, see
 .BR pcap-filter (7).
 .LP
-Expression arguments can be passed to \fItcpdump\fP as either a single
-argument or as multiple arguments, whichever is more convenient.
+The \fIexpression\fP argument can be passed to \fItcpdump\fP as either a single
+Shell argument, or as multiple Shell arguments, whichever is more convenient.
 Generally, if the expression contains Shell metacharacters, such as
 backslashes used to escape protocol names, it is easier to pass it as
 a single, quoted argument rather than to escape the Shell
@@ -1390,39 +1522,45 @@ Sun NFS (Network File System) requests and replies are printed as:
 .RS
 .nf
 .sp .5
-\fIsrc.xid > dst.nfs: len op args\fP
-\fIsrc.nfs > dst.xid: reply stat len op results\fP
+\fIsrc.sport > dst.nfs: NFS request xid xid len op args\fP
+\fIsrc.nfs > dst.dport: NFS reply xid xid reply stat len op results\fP
 .sp .5
 \f(CW
-sushi.6709 > wrl.nfs: 112 readlink fh 21,24/10.73165
-wrl.nfs > sushi.6709: reply ok 40 readlink "../var"
-sushi.201b > wrl.nfs:
+sushi.1023 > wrl.nfs: NFS request xid 26377
+	112 readlink fh 21,24/10.73165
+wrl.nfs > sushi.1023: NFS reply xid 26377
+	reply ok 40 readlink "../var"
+sushi.1022 > wrl.nfs: NFS request xid 8219
 	144 lookup fh 9,74/4096.6878 "xcolors"
-wrl.nfs > sushi.201b:
+wrl.nfs > sushi.1022: NFS reply xid 8219
 	reply ok 128 lookup fh 9,74/4134.3150
 \fR
 .sp .5
 .fi
 .RE
-In the first line, host \fIsushi\fP sends a transaction with id \fI6709\fP
-to \fIwrl\fP (note that the number following the src host is a
-transaction id, \fInot\fP the source port).
+In the first line, host \fIsushi\fP sends a transaction with id \fI26377\fP
+to \fIwrl\fP.
 The request was 112 bytes,
 excluding the UDP and IP headers.
 The operation was a \fIreadlink\fP
 (read symbolic link) on file handle (\fIfh\fP) 21,24/10.731657119.
 (If one is lucky, as in this case, the file handle can be interpreted
 as a major,minor device number pair, followed by the inode number and
-generation number.)
-\fIWrl\fP replies `ok' with the contents of the link.
+generation number.) In the second line, \fIwrl\fP replies `ok' with
+the same transaction id and the contents of the link.
+.LP
+In the third line, \fIsushi\fP asks (using a new transaction id) \fIwrl\fP
+to lookup the name `\fIxcolors\fP' in directory file 9,74/4096.6878. In
+the fourth line, \fIwrl\fP sends a reply with the respective transaction id.
 .LP
-In the third line, \fIsushi\fP asks \fIwrl\fP to lookup the name
-`\fIxcolors\fP' in directory file 9,74/4096.6878.
 Note that the data printed
 depends on the operation type.
 The format is intended to be self
 explanatory if read in conjunction with
 an NFS protocol spec.
+Also note that older versions of tcpdump printed NFS packets in a
+slightly different format: the transaction id (xid) would be printed
+instead of the non-NFS port number of the packet.
 .LP
 If the \-v (verbose) flag is given, additional information is printed.
 For example:
@@ -1430,9 +1568,9 @@ For example:
 .nf
 .sp .5
 \f(CW
-sushi.1372a > wrl.nfs:
+sushi.1023 > wrl.nfs: NFS request xid 79658
 	148 read fh 21,11/12.195 8192 bytes @ 24576
-wrl.nfs > sushi.1372a:
+wrl.nfs > sushi.1023: NFS reply xid 79658
 	reply ok 1472 read REG 100664 ids 417/0 sz 29388
 \fP
 .sp .5
@@ -1735,7 +1873,7 @@ Ethernet interface removed the packet from the wire and when the kernel
 serviced the `new packet' interrupt.
 .SH "SEE ALSO"
 stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(5),
-pcap-filter(7), pcap-tstamp-type(7)
+pcap-filter(7), pcap-tstamp(7)
 .LP
 .RS
 .I http://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap