Unfortunately OLSR uses the same IDs for IPv4 and IPv6 packets, even
though the size of "messages" differ. The version of the internet protocol
is therefore handed to the "olsr_print" function.
The code isn't very nice, due to a high density of #ifdef INET6'es. If
IPv6-support really should be optional, I'm afraid this is inevitable.
Both, compilation with and without IPv6 support has been tested.
The patch addresses fixes other issues, too. The length given in the packet
was used for pointer arithmetic without checking if the value was in a
reasonable range first in several places. It should now be possible to
decode more than one "namespace message" within a single packet. Other
changes remove trailing whitespace or fix lines indented with tabs (the
majority of the file is indented using spaces).
Signed-off-by: Florian Forster <octo@leeloo.lan.home.verplant.org>
printed when trying to print packets for a DLT_ for which we don't have
a printer to indicate that you can still save to a capture file in that
case. (Slightly changed not to require DLT_USB_LINUX_MMAPPED to be
defined, for older libpcaps that only define DLT_USB_LINUX.)
On e.g. an x86_64 Linux system, configure won't find libcrypto because
it's located in .../lib64. As a temporal workaround, use the last part
of $libdir instead of "lib". On the long run, AC_LBL_SSLEAY should
probably be rewritten.
Update decoding of rx packets used by AFS. Add missing RPC
opcodes for fileserver, cache manager, volume server, and ubik
(database elections). Add missing decoding of volume server
RPC arguments and reply data.
- Remove the capture syntax from the tcpdump manpage, as it has
its own manpage now inside the libpcap package.
- Reference the new pcap-filter(4) manpage to explain the expression
syntax.
- Fix one tpyo.
- Remove reference to patches@tcpdump.org and request that patches be
sent to the standard mailing list instead.
print the TTL for DNS entries with 3 or more "-v" flags;
print the addresses in A, AAAA, and A6 entries numerically (the
point of A, AAAA, and A6 entries being to give the address
corresponding to a name).
Better late than never - do at least a little de-spamification of
addresses in the CREDITS file. (Greg's address was despammed in his
sourceforge.net submission for this.)
Move the late Jun-ichiro itojun Hagino to a "Past maintainers" section.
add support for OSPF Link-Local Signaling (RFC 4811/4812/4813);
when printing the Database Description, show the MTU and
sequence number;
fix "bogus length" messages when printing LSA headers.
(RFC 2347), and add an opening quotation mark to the error message
string.
Don't use the system's <arpa/tftp.h>, use our own.
Update the README to reflect the current practice for submitting
patches, and fix a spelling error.
When a packet contains an IPv6 options header followed by an unknown IPv6
protocol payload, tcpdump displays the proto ID for the known option
header, not for the unknown payload.
For example, this is the output for an IPv6 packet containing a destination
options header, followed by a payload of (unknown) protocol 138:
# tcpdump -s 128 -i eth1
tcpdump: WARNING: addresses not searched
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 128 bytes
11:44:40.862572 I IP6 2007::10:5:2:163 > 2007::10:5:2:164: DSTOPT ip-proto-60 16
The ip-proto-60 refers to the destination option header (DSTOPT), rather
than displaying the unknown option 138, which I think would be more
informative.
The attached patch fixes this problem. With the patch applied, the output
for the packet is:
# tcpdump -s 128 -i eth1
tcpdump: WARNING: addresses not searched
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 128 bytes
11:48:26.160462 I IP6 2007::10:5:2:163 > 2007::10:5:2:164: DSTOPT ip-proto-138 16
if it does, use that for the pf definitions;
if it doesn't, don't compile in pf support;
as both OpenBSD and FreeBSD have changed the pf definitions and header
format without changing the DLT value, so you can't reliably read
pflog-format libpcap files on a machine running an OS version other than
the one on which the file was generated.
add support for the the post-rotate -z flag (to be used in
conjunction with -C or -G) which can be used to specify a command tcpdump
should execute on each savefile after it's been rotated
for example to compress a capture file.
"pcap_version", "pcap_debug", and "yydebug", don't add our own functions
referring to those variables - GCC 3.4.1 optimizes the test code out
before the link is done, as it's in a function that's not called.
quit as soon as we see IPOPT_EOL;
*don't* quit as soon as we see IPOPT_NOP, just advance to the
next option, if any;
implement "quit" as "return the destination address from the IP
header rather than as "return 0".
Also, return the IP header destination address if we see a
source-routing option with a too-short length.
with the current IANA assignment (Apr 13 2004). It consists of the
following four parts:
- added inverse-neighbor-discovery (RFC3122)
- shift MTRACE-related type numbers, since it collides
with inverse-neighbor-discovery.
- added MLDv2 (draft-vida-mld-v2-08.txt)
- shifted Mobile-IPv6 numbers from interim value to the
official one. (draft-ietf-mobile-ipv6-24.txt)
Fix a segfault with the -C option when the number of files grows
to 1000. Limit has been increased to 1,000,000, and the code
will check for exceeding this.
Also, add a -W option which will limit the number of files
created before 'wrapping around' and writing to the first file
again, creating a 'loop tape'. Very useful if you want to have
this running permanently to capture traffic up to a irregular
event.
Change the way that output files with -C are numbered. -C alone
goes <none>, 1, 2, 3.... -C with -W will number 0, 1, 2 ... or
00, 01, 02 ... etc, depending on the value of -W. I.e., it
sorts properly. (Old behaviour was to go <none>, 2, 3...)
Close the current capture file before trying to allocate the buffer for
the new file's name, so that if that allocation fails we've at least
written out all of the previous file.
Make some variables for command-line arguments, and some functions not
used outside tcpdump.c, static.
The first critical piece of code is found in print-isakmp.c:332. The
function rawprint() does not check its arguments thus it's easy for
an attacker to pass a big 'len' or a bogus 'loc' leading to a
segmentation fault in the for loop.
The second bug is located in print-radius.c:471. The for loop of
print_attr_string() is written in an unsafe manner. 'length'
and 'data' should be checked.
propagate CPPFLAGS to Makefile.in;
move the CPPFLAGS and V_INCLS change to the end of the configure
run so users don't see "-I$(srcdir)/missing" in their config.log
output.
The test for DNS message dnssec bit flags in the query and
response are backwards. The CD bit has meaning in a query, and
the AD bit has meaning in a response.
1. Unused things (mbuf, rtentry) have been removed.
2. I've dropped FR_CR_BIT etc. definitions as they have only meaning in
specific location in Q.922 address. FR_EA_BIT is still there as it's
used by all Q.922 bytes.
3. a new parse_q922_addr() parses the whole Q.922 address structure
and produces DLCI, Q.922 byte count and flags in ASCII. While I can't
test 3- and 4-byte Q.922 addresses (using only default 2-byte ones),
they are supported.
4. I've trimmed comments regarding HDLC flags and CRC/FCS bytes in FR
packet. They are wire-only things and as such are never seen by
libpcap/tcpdump.
5. Changed NLPID_LMI into NLPID_CISCO_LMI and NLPID_Q933 into NLPID_LMI
(the latter is used by both ANSI (T1.617 annex D) and CCITT (Q.933
annex A) LMI).
6. fr_hdrlen() now correctly returns FR header length (4 - 6 bytes,
7 bytes with 4-byte Q.922 and incorrectly used pad byte).
7. I've changed output text formatting: "xxx-value-yyy-value" into
"xxx value, yyy value", to be consistent with Ethernet.
Not sure if it's correct.
8. added IPv6 support
9. q933_print() now reads lmi_print()
10. CCITT (Q.933 annex A) LMI is now supported, and both CCITT and ANSI
fields are now correctly displayed
10. lmi_print() no longer prints constant fields (such as always zeroed
Q.922 C/R bit or LMI Call Reference byte) unless they are set
incorrectly.
11. I've added ANSI_ and CCITT_ prefixes to appropriate #defines.
12. a new parse_dlci_el() should handle all (10, 16 and 23-bit)
DLCIs correctly (corresponding to 2, 3 and 4-byte Q.922 addresses,
respectively).
that if tcpdump is being piped to some other program, and that program
exits before tcpdump does, tcpdump will cleanly exit, so that libpcap
can cleanly close devices (such as Endace's DAG cards).
check the header length to make sure it's at least the minimum length,
so we don't, for example, go into an infinite loop if the header length
is 0.
Get rid of some blank lines at the end of the file.
where we wire in the idea that it can't handle unaligned accesses. (I
don't know why the test program doesn't work - but perhaps the test
program is the wrong answer anyway, as it doesn't work when
cross-compiling.)
open the file containing a filter expression in binary mode, so
that we get all the characters that "fstat()" claims are there,
rather than having CRs stripped out (causing us to report an
error because the "read()" call gives us less data than
"fstat()" claims was in the file);
close the file descriptor once we're finished reading the file;
strip out everything on a line starting with "#", so that "#"
can be used for to-end-of-line comments in the file.
Update his address in the CREDITS file.
the output stream for "-w" to be flushed after each packet is dumped.
Add checks for "pcap_dump_flush()", and only enable the "-U" flag if
it's present. Clean up the handling of the "getopt()" argument and the
usage message to get rid of the pile of #ifdefs.
Add documentation for the "-L" and "-y" flags.
Tweak the description of "-r" to properly format "-w" in the text.
Young <dyoung@ojctech.com>, with some minor changes by Jason R. Thorpe
<thorpej@netbsd.org>, and further changes by me to:
use "-y" rather than "-D" to set the link type ("-D" was already
taken);
use libpcap APIs to map between data link type names and values;
supply stub versions of missing-but-needed libpcap APIs.
Update Jason Thorpe's e-mail address (Zembu is going away, if it hasn't
done so already).
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
parsefattr misuses nfsv2 version members for v3.
print_int64 prints at least 9 digits unnecessarily.
-u flag doesn't always suppress decoding handles.
from Takashi Yamamoto <yamt@mwd.biglobe.ne.jp>.
name2" in the "From:" header, "NAME1" is probably the sender's family
name and "name2" is probably the sender's given name, and suggests that
using the typical Western European convention of "given name first" might
be the right way to handle Japanese names as well.
Fix one entry to match that.
