Commit Graph

5641 Commits

Author SHA1 Message Date
Guy Harris
07a7f33ba3 Fix some narrowing warnings on LP64/LLP64 platforms.
Add a ND_BYTES_AVAILABLE_AFTER() macro to find the number of bytes
available in the captured data, starting at the byte pointed to by the
argument.  It returns a u_int rather than a ptrdiff_t, so it'll be
32 bits on LP64 and LLP64 platforms as well as on ILP32 platforms.  Use
that macro.

Make size-of-buffer arguments size_t.

Cast some size_t and ptrdiff_t values to u_int or int.
2019-04-18 10:13:49 -07:00
Guy Harris
7c30120f52 Squelch C4324 warnings. 2019-04-18 00:20:24 -07:00
Guy Harris
1f30c0e9d3 Update comments to mention Npcap. 2019-04-18 00:16:11 -07:00
Guy Harris
42682f7bb9 Squelch a "const object should be initialized" warning.
MSVC says a const object should be initialized, so initialize it.

Use nd_ipv6 as the type, while we're at it (it shouldn't make a
difference, but this means we know the type - array of 16 octets - so we
can just initialize it with { 0 }).
2019-04-17 21:15:39 -07:00
Guy Harris
8c296c6278 Don't generate formats on the fly.
Some compilers warn about that, because it prevents them from doing
format checks.
2019-04-17 21:01:06 -07:00
Guy Harris
dc9744f7c6 Squelch more warnings. 2019-04-17 20:21:53 -07:00
Guy Harris
bef667db65 Clean up types to squelch narrowing warnings. 2019-04-17 19:53:00 -07:00
Guy Harris
845d1aad10 Get rid of unused variables. 2019-04-17 19:32:54 -07:00
Guy Harris
b12b2d669e
Merge pull request #751 from Sashan/10-arphdr-infiniband
InfiniBand support for tcpdump.
2019-04-17 18:46:10 -07:00
alexandr nedvedicky - Sun Microsystems - Prague Czech Republic
ed2c22b7b4 InfiniBand support for tcpdump.
InfiniBand support for tcpdump.
This is an in-house patch. Sent upstream for potential inclusion in future
versions of tcpdump.

(also adding print-ipoib.c to CMakeLists.txt, asked by @guyharris)

(s/u_int16_t/uint16_t asked by @guyharris)
2019-04-18 01:15:03 +02:00
Guy Harris
b2c97d4f55
Merge pull request #750 from Sashan/system-test
allow unit tests to specify an alternate tcpdump binary
2019-04-17 10:21:14 -07:00
alexandr nedvedicky - Sun Microsystems - Prague Czech Republic
2d53b50885 allow unit tests to specify an alternate tcpdump binary
solaris userland gate requires this change. will make our
life bit easier if upstream will kindly accept this change.
2019-04-17 11:20:39 +02:00
Francois-Xavier Le Bail
de250d5215 Rename a pcapng test file to .pcapng 2019-04-16 21:01:38 +02:00
Guy Harris
59c57f40fe Use GET macros to fetch packet data. 2019-04-16 11:43:45 -07:00
Guy Harris
01b4db0cae
Merge pull request #744 from vivien/dsa
Add DLT support for decoding (E)DSA tags
2019-04-16 11:33:24 -07:00
Vivien Didelot
a5d37edf38 Add tests for Marvell (E)DSA tags 2019-04-16 12:27:13 -04:00
Vivien Didelot
d5c16b1668 Remove MEDSA ethertype printer
MEDSA (which unofficially stands for Marvell EDSA) relies on the
unregistered 0xDADA ethertype value that was randomly choosen and
currently used by the kernel. But with EDSA this value is programmable,
hence can be changed anytime.

Now that a reliable DLT parser is implemented for both DSA and EDSA
tagged master interfaces, let's get rid for the MEDSA ethertype parser.
2019-04-16 12:27:08 -04:00
Vivien Didelot
43b5720499 Add support for decoding Marvell (E)DSA tags
Similarly to commit 6eaebfe adding support for the Broadcom tagging
format supported by the DSA kernel subsystem, this commit adds support
for the Marvell DSA and Ethertype DSA (EDSA) tagging formats.

Marvell DSA is a 4-byte proprietary tag placed between the ether source
address and the ether length/type. It contains data such as the switch
device and port IDs from which a frame came from, or to which port
a frame is targetting. It also contains additional FPri and IEEE bits.

EDSA is a 8-byte variant including a programmable ethertype, two null
bytes and a standard DSA tag.
2019-04-16 12:19:38 -04:00
Stefan Hajnoczi
032c684850 Add vsock test case
Add a simple vsock packet capture test.
2019-04-16 15:12:13 +01:00
Gerard Garcia
cda9bf8c5f Add printing support for vsockmon devices.
Print Linux 4.12 vsockmon captures:

  # modprobe vsockmon
  # ip link add type vsockmon
  # ip link set vsockmon0 up
  # tcpdump -i vsockmon0
  16:25:24.987917 VIRTIO 3.1025 > 2.1234 CONNECT, length 76
  16:25:24.987963 VIRTIO 2.1234 > 3.1025 CONNECT, length 76
  16:25:26.568271 VIRTIO 3.1025 > 2.1234 PAYLOAD, length 82
  16:25:26.568512 VIRTIO 2.1234 > 3.1025 CONTROL, length 76
  16:25:28.411335 VIRTIO 3.1025 > 2.1234 DISCONNECT, length 76
  16:25:28.411628 VIRTIO 2.1234 > 3.1025 DISCONNECT, length 76

For more information about vsock see:
http://wiki.qemu.org/Features/VirtioVsock
2019-04-16 15:12:13 +01:00
Francois-Xavier Le Bail
4027411713 Use quoted include netdissect-stdinc.h instead of angle-bracketed one 2019-04-14 10:54:04 +02:00
Wang Jian
79c7ffc667 Add support for decoding DNS URI RR (typecode 256, RFC7553) 2019-04-13 16:08:03 +08:00
Bill Fenner
dc36fbcfb3 Print Protocol ID correctly in Application Priority Table
Closes #511
2019-04-12 04:18:12 -07:00
Bill Fenner
550907c4fe Add 4-byte ASN tests, both with -b and without 2019-04-11 22:54:42 +02:00
Denis Ovsienko
dcf83034e0 Update the date in tcpdump.1.in.
[skip ci]
2019-04-11 20:35:52 +01:00
Francois-Xavier Le Bail
0610a7cff2 IS-IS: Simplify some expressions 2019-04-09 22:50:41 +02:00
Francois-Xavier Le Bail
eafdbf764b ISOCLNS: Replace printf by ND_PRINT even when "#if 0"ed-out 2019-04-09 09:20:09 +02:00
Francois-Xavier Le Bail
c36abfe8a8 IS-IS: Fix some loops for undefined behavior at runtime
Same bugfixes than in previous commit, based on a code inspection.

Update the output of a test accordingly.

Moreover:
Clean up whitespaces/indentation.
2019-04-08 19:36:13 +02:00
Francois-Xavier Le Bail
fed13fc486 IS-IS: Fix a loop for undefined behavior at runtime
The error was:
print-isoclns.c:2822:7: runtime error: unsigned integer overflow:
4 - 6 cannot be represented in type 'unsigned int'

Update the output of a test accordingly.

Moreover:
Clean up whitespaces/indentation.
2019-04-08 17:23:53 +02:00
Francois-Xavier Le Bail
cc82ffa44f Ethernet: Rename a printer
Rename ether_print_hdr_len() to ether_hdr_len_print(), with _print
suffix like in most similar cases.
2019-04-03 20:59:41 +02:00
Guy Harris
db2c996e9c
Merge pull request #743 from taghos/master
Add shortcuts for setting time stamp precision
2019-04-03 11:17:30 -07:00
Guy Harris
e6b28d9d94 Explain why we're defining HAVE_REMOTE before including pcap.h. 2019-04-03 11:10:26 -07:00
Francois-Xavier Le Bail
de707da02a BRCMTAG: Prefer symbolic name than value 2019-04-03 15:46:57 +02:00
Francois-Xavier Le Bail
157a191052 Clean up whitespaces/indentation 2019-04-03 15:46:57 +02:00
Francois-Xavier Le Bail
968561fa1d Clean up whitespaces/indentation 2019-04-03 15:13:31 +02:00
Francois-Xavier Le Bail
1095f1011a DNS: Rename a printer
Rename ns_nprint() to fqdn_print(), with _print suffix like in most
similar cases.

Moreover:
Move a misplaced comment.
2019-04-03 14:38:07 +02:00
Ricardo Nabinger Sanchez
371e1fca31 Add shortcuts for setting time stamp precision
Add two shortcuts (as long-options) for setting the time stamp
precision: --micro and --nano.  While adding these options, reshuffle
the usage message to group up the options related to time stamp, and
removing the macro TIME_STAMP_PRECISION_USAGE.

If setting the time stamp precision is not supported by the available
libpcap, the usage won't mention these options (including
--time-stamp-precision), but they will still be presented in the
manpage.
2019-04-03 08:34:41 -03:00
Francois-Xavier Le Bail
dec3c3e848 OSPFv3: Add/remove some bounds checks
Remove two bounds checks now useless with GET_ macros uses.
The check on 'lshp->ls_router' is needed before ipaddr_string() call.
2019-04-02 15:38:43 +02:00
Francois-Xavier Le Bail
89c54d9bda Remove a trailing space 2019-04-02 14:24:17 +02:00
Francois-Xavier Le Bail
cf2a949169 Remove parameters names in functions declarations
As in most similar cases.
2019-03-31 15:04:57 +02:00
Francois-Xavier Le Bail
3fc59aec36 Fix some warnings
The warnings were:
implicit declaration of function 'malloc' [-Wimplicit-function-declaration]
incompatible implicit declaration of built-in function 'malloc'
implicit declaration of function 'free' [-Wimplicit-function-declaration]
incompatible implicit declaration of built-in function 'free'
2019-03-31 12:02:23 +02:00
Guy Harris
6da51b3ec9 Introduce a buffer stack, and use it for ESP decryption.
If a dissector has to process its input - decryption, decompression,
etc. - rather than dissect the raw input, it should push the processed
input onto the buffer stack.  As soon as the dissection is done, the
stack should be popped, to free the buffer into which the processing was
done, and restore the "pointer to packet data" and "pointer to end of
packet data" members of the netdissect_options structure, so the code
can go back to dissecting the original data.

The stack will get everything popped off it when dissection is done.

Use this mechanism in the ESP decryption code rather than scribbling on
top of the input packet data.
2019-03-30 19:26:06 -07:00
Guy Harris
3d9ae63197 Remove "ptr" from the names of pointers into the packet.
The IV pointer is just called iv in esp_print_decrypt_buffer_by_ikev2();
do the same in esp_print().  Rename ctptr to match.
2019-03-30 19:10:27 -07:00
Guy Harris
ada17ed496 Clean up code a bit.
"ivoff" is a pointer to the IV, not the offset of the IV; call it ivptr.

Have a variable that points to the beginning of the ciphertext, and use
that.

Fix the check that makes sure the authentication data/integrity check
value length isn't too big - it needs to make sure that it doesn't go
before the beginning of the ciphertext, i.e. doesn't overlap with the
IV.

Don't bother with a variable pointing to the secret, just pass
sa->secret.

Fix the check that makes sure the padding length isn't too big - make
sure it, plus 2 for the padding length and next header bytes, isn't
bigger than the ciphertext length.

Update a test to reflect the stricter length checks.
2019-03-30 18:08:02 -07:00
Guy Harris
fefd7f527f Clean up the check to make sure we can get the next header field.
Just check whether the pointer to it is within the available packet data
- and, if it's not, report truncation.

While we're at it:

Make the initialization vector length unsigned; it's either zero or a
positive number.

Rename a variable used for the ciphertext len to ctlen.
2019-03-29 16:16:46 -07:00
Guy Harris
a0ac048cf8 Check the return values of set_cipher_parameters() and EVP_Cipher(). 2019-03-29 12:40:20 -07:00
Guy Harris
b0acedad18 Don't hand un-decrypted data to the IP demuxer.
If we can't decrypt the payload, we can't dissect it, so don't try -
just give up immediately.

While we're at it:

If EVP_CIPHER_CTX_new() fails, it means a memory allocation failed;
treat that as such.

Use some of the arguments we're passed rather than re-fetching them from
the IP header.

Add some comments.

Call nd_print_trunc() for failed length sanity checks, and note that
they can fail due to the decryption being done with the wrong key.

Update one test's output; it is, I think, being decrypted with the wrong
key.
2019-03-29 10:52:58 -07:00
Ahmed Abdelsalam
a87d6a0448 Fix checksum calculation for IPv6 Segment Routing (SRv6) traffic
The checksum calculation for IPv6 packets is based on a pseudo
header that includes the packet's final Destination Address (DA).

If the IPv6 packet contains a Routing header, the final DA is the
last element of the Routing header [RFC8200].

Currently, tcpdump supports Routing header types 0 and 2.

IPv6 Segment Routing Header (SRH) is a new Routing header type (4).
SRH is defined in draft-ietf-6man-segment-routing-header [1].

This patch fix the checksum calculation for SRv6 packets. It allows
tcpdump to get the final DA value from SRv6 packets.

[1] https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-17
2019-03-29 12:04:21 +01:00
Guy Harris
7fbec6b880 Add a length check. 2019-03-28 14:30:33 -07:00
Guy Harris
48644533f2 Have esp_print() handle printing its payload.
That cleans things up a bit, including removing some duplicate code.

Clean up some other things, and add a length check, while we're at it.
2019-03-28 11:45:43 -07:00