This commit adds support for RESP as defined in: http://redis.io/topics/protocol.
It also supports inline commands and pipelining. Due to the popularity of RESP,
numerous services are emerging that use this protocol. You may decode RESP packets
on arbitrary ports using the "-T resp" option.
Example captures can be found in tests/resp_*.
A simple way to test this parser is to start redis-server and then run
redis-cli commands such as "redis-cli set key value".
Traditionally, redis-cli monitor is used to debug redis. Unfortunately,
the "monitor" command can cause significant load on a redis-server in
production. This parser may be used as a non-invasive alternative to
redis-cli monitor.
!(nfhdr->nflog_version) is equivalent to (nfhdr->nflog_version == 0).
That will evaluate to 1 if nfhdr->nflog_version is 0 and to 0 otherwise.
So !(nfhdr->nflog_version) == 0 is equivalent to nfhdr->nflog_version != 0,
but 1) it's more obvious what it means and 2) compilers don't point out
that it may not mean what you intended.
Only recompile the filter - and only find a new printer and a new DLT
name - if, when reading multiple files with the -V flag, the new file
has a different DLT value from the old file. With lots of small files,
that can make a significant performance difference.
Addresses GitHub issue #508.
If we have a routing header, instead of overwriting the packet's IPv6
destination address in the packet with the final destination, so that
the next protocol's checksum routine can use it, we do as we do for
IPv4, and, in the "next protocol checksum" routine, scan the headers
looking for a routing header and, if we find one, copy the final
destination from it.
While we're at it, clean up a few things.
There's probably less DDP-over-UDP traffic passing through tcpdump these
days than, for example, SNMP v2 traffic from a low source port longer
than 512 bytes, so move the latter heuristic check after all the other
checks.
Fixes GitHub tcpdump issue #499.
Process bits 29, 30, and 31 in code that's independent of what namespace
we're in:
If we're switching to the radiotap namespace, reset the bit numbers to
start back at 0.
If we're switching to a vendor namespace, get the vendor OUI and
subspace, and the skip length.
Keep trace of which namespace we're in.
If we're *in* a vendor namespace, skip over the data specified by the
skip length (and reset it, as we've processed all the vendor namespace
data and, if there's a subsequent bitmap in the same namespace,
there's nothing more to process. Use cpack_align_and_reserve() to
skip that, so we check that we don't go past the end of the packet
data.
Fixes GitHub tcpdump issue #498.
This removes some bogus errors; update the test output to reflect that.
Newer versions of libpcap, when configured to provide debugging
printouts for the filter expression parser or optimizer, provide
routines to set the "debug the parser" and "debug the optimizer" flags;
use them if the library has them. If the library doesn't have them, do
our best to try to use the older mechanisms for requesting debugging, if
present.
./print-rsvp.c: In function ‘rsvp_print’:
./print-rsvp.c:1870:13: warning: ISO C90 forbids mixed declarations and code [-Wpedantic]
u_short subplen, subtlen;
^
So don't hand rsvp_obj_print() a pointer to the beginning of, and the
length of, the entire bundle message; hand it a pointer to the beginning
of, and the length of, the submessage.
Use "bundle" rather than "aggregate" as the message type, while we're at
it; to quote RFC 2961, "The term "bundling" is used to avoid confusion
with RSVP reservation aggregation."
Just pass it a pointer to a routine to do the clearing and a pointer to
the data that needs to be cleared; signature_verify() will relocate all
pointers to stuff that needs to be cleared to point into the copy, clear
the signature itself, and call the routine to clear anything else.
Call it that, to indicate that it's not necessarily a type field.
While we're at it, get rid of references to "DEC/Intel/Xerox" and
"802.3" Ethernet headers in comments; since 802.3y, the 802.3 standard
supports both "DIX" frames, with a type field, and earlier 802.3 frames,
with a length field, so there's only one version of Ethernet, 802.3,
which supports frames with type fields and frames with length fields.
Reference: IEEE Std 802.3-2012
"If the value of this field is less than or equal to 1500 decimal
(05DC hexadecimal), then the Length/Type field indicates the number
of MAC client data octets contained in the subsequent MAC Client Data
field of the basic frame (Length interpretation)."
Update the output of a test accordingly.
Step through the SCTP packet with the bp variable, and keep a packet
data remaining variable and use that for bounds checking. For each
chunk, keep a chunk data remaining variable and use that as well. If
there's not enough room for a full item, that gets reported as an error.
While we're at it, fix an error printout.
We use AC_TYPE_UINTPTR_T in the configure script, so it'll be defined if
we use autotools, and MSVC has supported it since at least Visual Studio
.NET 2003, so we'll use it instead of "unsigned long"; "unsigned long"
causes warnings on LLP64 platforms, as it's not wide enough for a
pointer on those platforms.
The bounds check is already done before by ND_TCHECK2(*tptr, len).
So we are deliberately ignoring the return value of fn_printn with last
argument NULL (no bounds check).
