Commit Graph

53 Commits

Author SHA1 Message Date
Francois-Xavier Le Bail
ba8936b39b Print truncations with nd_print_trunc() instead of tstr[] strings
Remove the tstr[] strings.
Update the output of some tests accordingly.

Moreover:
Add or update some ndo_protocol fields.
2018-05-04 13:47:49 +02:00
Francois-Xavier Le Bail
56e6581c34 Remove useless comments 2018-03-19 15:16:32 +01:00
Francois-Xavier Le Bail
546558eabd Add the ndo_protocol field in the netdissect_options structure
Update this field in printer entry functions.
It will be used for some printings.
2018-03-16 19:44:47 +01:00
Guy Harris
fb2479d733 Always include <config.h> rather than "config.h".
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options.  This way, we always pick up the
same config.h, in the build directory.
2018-01-21 12:27:28 -08:00
Francois-Xavier Le Bail
513f782ae1 Use quoted include netdissect-stdinc.h instead of angle-bracketed one 2018-01-21 10:28:15 +01:00
Francois-Xavier Le Bail
e2982e7f6f Update ND_PRINT() as a variadic macro 2018-01-07 13:36:41 +01:00
Francois-Xavier Le Bail
d526e47658 Use ND_TTEST_SIZE()/ND_TCHECK_SIZE() macros (1/n) 2018-01-03 21:32:07 +01:00
Guy Harris
974a69a10a Use nd_ types, add EXTRACT_ calls. 2017-12-29 18:36:43 -08:00
Guy Harris
7068209574 Use nd_ types in 802.x and FDDI headers.
Use EXTRACT_U_1() as required by those changes.  Remove
no-longer-necessary & operators from other EXTRACT_ calls.

While we're at it, add MAC_ADDR_LEN to netdissect.h, and use it instead
of ETHER_ADDR_LEN; eliminate ETHER_ADDR_LEN.

Move the maximum Ethernet length field value to ethertype.h, under the
name MAX_ETHERNET_LENGTH_VAL.

Move the Ethernet header structure, and the #define for the Ethernet
header length, to print-ether.c; in non-Ethernet dissectors that were
using the Ethernet header structure, just declare two nd_mac_addr
variables for the source and destination MAC addresses and use them
instead of the Ethernet header (we don't need the type field there).

These changes leave nothing in ether.h, so eliminate it.
2017-12-12 10:36:21 -08:00
Francois-Xavier Le Bail
84ef17ac0e Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)
ND_TTEST2(var, l)  -> ND_TTEST_LEN(p, l)
ND_TCHECK2(var, l) -> ND_TCHECK_LEN(p, l)
2017-12-11 22:11:01 +01:00
Francois-Xavier Le Bail
03a2d9c4c1 Use more the EXTRACT_U_1() macro (47/n)
In: if (... *(p) ...) ...
2017-12-05 10:45:44 +01:00
Francois-Xavier Le Bail
da20bc56d6 Rename EXTRACT_ macros
Now all the macros have a name meaning a count in bytes.

With _S_: signed, _U_: unsigned

e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4

and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8  -> EXTRACT_S_1
2017-11-22 23:54:09 +01:00
Francois-Xavier Le Bail
577621026d Rename EXTRACT_nBITS() macros to EXTRACT_BE_nBITS()
It indicates clearly that these macros are used to extract big-endian
integral values.
2017-11-18 13:56:40 +01:00
Guy Harris
13ab8d1861 CVE-2017-13013/ARP: Fix printing of ARP protocol addresses.
If the protocol type isn't ETHERTYPE_IP or ETHERTYPE_TRAIL, or if the
protocol address length isn't 4, don't print the address as an IPv4 address.

This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.

Add a test using the capture file supplied by the reporter(s), modified
so the capture file won't be rejected as an invalid capture.

Update another test file's tcpdump output to reflect this change.
2017-09-13 12:25:44 +01:00
Guy Harris
64f6392084 CVE-2016-7923/Don't assume the target hardware address is <= 6 octets long.
It might not be, either because an unusual hardware type is using ARP or
because a maliciously-constructed packet was sent.  Instead of comparing
against a 6-octet string of zeros with memcmp(), check each octet of the
address against 0.

Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
2017-01-18 09:16:37 +01:00
Francois-Xavier Le Bail
11d3a01319 Move the printer summaries from INSTALL.txt to each printer
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.

Moreover:
Summarize all printers with a single line in INSTALL.txt
2016-08-14 17:03:43 +02:00
Francois-Xavier Le Bail
99c91c3aec Rename 'tcpdump-stdinc.h' to 'netdissect-stdinc.h'
Get the full log via: git log --follow netdissect-stdinc.h
2015-09-10 08:50:40 +02:00
Francois-Xavier Le Bail
b638c78b40 Remove obsolete comments 2015-09-07 15:01:46 +02:00
Francois-Xavier Le Bail
c1c3c77463 Printers must include 'netdissect.h', not 'interface.h' 2015-09-05 23:35:58 +02:00
Denis Ovsienko
38700c7f24 dismiss NETDISSECT_REWORKED macro
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
2015-03-22 10:06:15 +00:00
mkirkhart
f87c79a80d Fixed bug in arp_print() in handling of inverse arp responses - the target's hardware and protocol address were being printed instead of the sender's hardware and protocol address 2015-02-04 18:55:58 -05:00
Guy Harris
1cde6435df Netdissectify the to-name resolution routines.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.

Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
2014-04-04 00:43:46 -07:00
Denis Ovsienko
1fe6e66ece make use of NETDISSECT_REWORKED
Update the already converted decoders to define the macro and to include
interface.h instead of netdissect.h. Fix incurred compile errors.
2014-03-15 14:19:49 +04:00
Denis Ovsienko
83bec9d56c refine some past NDO conversions
Don't include unneeded headers and replace a few remaining printf's.
2014-03-12 18:11:23 +04:00
Denis Ovsienko
fe3253b9b8 remove tcpdump's own CVS keywords
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
2014-01-03 00:59:08 +04:00
Michael Richardson
a97fb2f3ae whitespace changes 2014-01-01 21:31:18 -05:00
Denis Ovsienko
d8acd8f5d0 make consistent use of the "tstr" idiom
For each decoder that has more than one instance of truncation signaling
and prints the same string in each instance make sure that the string is
declared as "static const char tstr[]" right after the initial includes
block. Where necessary, replace fputs(s, stdout) with equivalent
printf("%s", s).
2013-12-26 18:19:50 +04:00
Denis Ovsienko
7de355927b justify declarations of struct tok arrays
Make sure all of them are declared const and most of them -- static.
Proper declaration of token arrays is a common review point for new code
that is based on existing decoders. Thus fix the issue at its root.
2013-09-24 20:54:03 +04:00
Michal Sekletar
e26785e530 Put in missing break.
Reviewed-by: Guy Harris <guy@alum.mit.edu>
2011-10-13 20:13:03 -07:00
hannes
6ec72b9d78 display cosmetics: set the comma right for all permutations of eflag and vflag 2006-03-03 22:53:21 +00:00
hannes
aebfcfe1f6 rework the ARP printer & add support for Frame-Relay ARP 2006-02-11 22:11:40 +00:00
mcr
fc80a87e4c NDO-ized print-arp.c 2004-04-30 16:42:14 +00:00
guy
bbc1cfa669 Have the configure script arrange that the Makefile define _U_
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".

Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
2003-11-16 09:36:07 +00:00
guy
3824a6c041 From Neil Spring:
use "_U_" in the definitions of "rcsid[]", to eliminate
	complaints about those variables being unused;

	move the definitions after the include of "interface.h", or add
	an include of "interface.h", so that "_U_" is defined.

Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
2003-11-15 00:39:12 +00:00
guy
54db98a0e7 Don't use "sa_len" as a variable name - it causes problems on Irix,
where <sys/socket.h> #defines sa_len.
2003-01-25 23:27:09 +00:00
guy
fcc82f451d The "__attribute__((packed))" tag on structures causes some files not to
compile with Sun C, as "interface.h" isn't being included before the
structures are being declared.

Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun
C to generate code that's safe with unaligned accesses, as
"__attribute__" is defined as a do-nothing macro with compilers that
don't support it.

Therefore, we get rid of that tag on the structures to which it was
added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch
16-bit and 32-bit big-endian quantities from packets.  We also fix some
other references to multi-byte quantities to get rid of code that tries
to do unaligned loads on platforms that don't support them.

We also throw in a hack that makes those macros use
"__attribute__((packed))" on structures containing only one 16-bit or
32-bit integer to get the compiler to generate unaligned-safe code
rather than doing it by hand.  (GCC on SPARC produces the same code that
doing it by hand does; I don't know if GCC on any other big-endian
strict-alignment processor generates better code for that case.  On
little-endian processors, as "ntohs()" and "ntohl()" might be functions,
that might actually produce worse code.)

Fix some places to use "%u" rather than "%d" to print unsigned
quantities.
2002-12-11 07:13:49 +00:00
itojun
10afb02ac8 put __attribute__((packed)) to packet headers. s/u_short/u_int16_t/ and so
forth while i'm here
2002-11-09 17:19:16 +00:00
guy
28b539271c Move the check for a zero-length hardware address into
"atmarp_addr_print()".
2002-09-04 18:56:11 +00:00
guy
f4c699b587 Fix the ATMARP dissector to correctly dissect RFC 2225 ATM ARP.
Fix the ARP dissector to check the hardware type before checking whether
the addresses are in the captured data, and call the ATMARP dissector if
the hardware type is 19.  Also fix it to return after the ATMARP
dissector returns.

Use "TTEST2()" to check whether the addresses are in the captured data.
2002-09-04 11:22:13 +00:00
guy
5dd4a8b71e Do sanity checking on the hardware address and protocol address lengths;
if the checks fail, treat it the same as we do for and unknown protocol
(we require the hardware address length not to be zero, as
"linkaddr_string()" can't handle that, and we require the protocol
address length to be 4, as we only handle IP as a protocol type).
2002-09-04 10:11:44 +00:00
risso
3d932490b8 Added support for Win32, based on WinPcap. 2002-08-01 08:52:55 +00:00
guy
464c44fbd1 Add SunATM support, based on code from Yen Yen Lim at North Dakota State
University.
2002-07-11 09:17:21 +00:00
guy
a6c4a09522 Make "ar_sha()", "ar_spa()", "ar_tha()", and "ar_tpa()" return "const
u_char *" rather than "const caddr_t", to avoid signed vs. unsigned
complaints from various compilers.
2002-04-25 04:37:31 +00:00
guy
c52270fcc5 Call the ARP header structure we define "struct arp_pkthdr" rather than
"struct arphdr"; on Tru64 UNIX 5.x, including <netinet/in.h> causes
<net/if_arp.h> to be included, and that defines its own "struct arphdr",
causing the compile to fail.
2002-02-25 09:40:32 +00:00
fenner
c672f00276 Eliminate some unused parameters.
Use const more.
Use EXTRACT_* macros more.
Use TCHECK* more.
Use tok2str() to replace some home-grown workalikes.
smb:
 - Get rid of private types, use tcpdump-defined types
 - Rename fdata and fdata1 to smb_fdata and smb_fdata1 to avoid conflict
   with IRIX library function.
2001-09-17 21:57:50 +00:00
itojun
ae68164cc6 make arp_print() L2 neutral. from netbsd
TODO: recover portions that peep L2 src/dst, by passing more args from
L2 printing to arp_print().  the current code can bomb when L2 = arcnet
(because the code assumes that L2 address len == 6), for example.
2001-06-18 09:12:27 +00:00
guy
1869f416f3 Remove some includes of <sys/socket.h>, and add includes of
<netinet/in.h> to declare "ntoh[sl]" and "hton[sl]".
2000-10-10 05:05:07 +00:00
guy
596742a577 Some compilers may pad structures to a length that's a multiple of 2 or
4 bytes, even though no member in the structure requires such an
alignment; don't use "sizeof (struct ether_arp), explicitly #define the
header length and use that #defined value.

We don't use "struct ether_addr" in any dissectors, so there's no need
to define it in "ether.h" - and, if compilers pad it to a multiple of 4
bytes, you can't use it anyway, as it'll be 8 bytes long, not 6 bytes
long.
2000-10-09 03:24:24 +00:00
guy
6f8f2af2fb Get rid of some includes that aren't needed; the include of <net/if.h>,
on at least some platforms, drags in <net/if_arp.h>, which may declare
some of the structures for ARP packet layouts, and may do so in a
fashion that conflicts with the declarations here.
2000-09-24 07:42:31 +00:00
guy
e894092542 Add definitions of Ethernet types from
"linux-includes/netinet/if_ether.h" to "ethertype.h".

Move other stuff used by dissectors from <netinet/if_ether.h> to
"ether.h", along the lines of "fddi.h" and "token.h".

Move ARP declarations from BSD include files to "print-arp.c".

Remove from dissectors includes of <netinet/if_ether.h>, and add
includes of "ethertype.h" and/or "ether.h" as necessary.

Get rid of configuration options that test declarations now made in
"ether.h" or "print-arp.c", as those declarations are now under our
control, not the OS's control.
2000-09-23 08:03:27 +00:00