In some loops, don't loop just until we get an error, stop when we run
out of data to parse.
Also, add some comments to indicate what we know about lengths at
various points, before we do something with the length that happens to
assume what we know. Add some checks that this auditing found
necessary.
Use ForCES_HDRL, TLV_HDRL, and ILV_HDRL instead of various sizeof's, to
make it clearer what certain tests ensure are true (as, in other cases,
the #defines are subtracted from values that should be, at that point,
ensured not to be less than the #define in question).
Add TCHECK/TCHECK2 calls to make sure we are within the packet boundary
before fetching data. Make some length variables that could in theory
have values that don't fit in 16 bits 32 bits long.
Get rid of blanks before newlines.
There's no guarantee that those values are aligned on the appropriate
boundary, nor is there a guarantee that accessing misaligned values will
behave as desired.
There's no guarantee that those quantities will be properly aligned, nor
is there any guarantee that fetching an improperly-aligned quantity will
work as desired.
Use EXTRACT_16BITS() and EXTRACT_32BITS() to fetch 16-bit and 32-bit
big-endian quantities from the packet, as there's no guarantee that a
given 16-bit quantity will be aligned on a 2-byte boundary or that a
given 32-bit quantity will be aligned on a 4-byte boundary, nor is there
a guarantee that unaligned accesses will succeed (they might trap, or
they might not fetch an unaligned quantity).
When debugging NFS operations one may find it easier to get the actual access
flags decoded rather than having to look up the NFS access flags to find which
permissions were requested by the client.
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The configure script doesn't define BYTE_ORDER, so they can't validly be
compared against BYTE_ORDER; don't leave them around for people to think
they can.
use Ethernet types, to call the appropriate printer routine for the
encapsulated type. IPNET is the only protocol using IPNET types, so
ipnet_encap_print() isn't needed.
device for which they're being reported, so if no -i flag was given
people don't think it's something such as the union of of all link-layer
types supported by all devices, and, if we can determine whether the
device supports monitor mode (with libpcap 1.0.0 and later), indicate
whether the link-layer types are the ones supported when not in monitor
mode (if -I wasn't specified) or when in monitor mode (if -I was
specified), so people don't wonder why some types aren't available (as
some are available only in monitor mode, and others are available only
when not in monitor mode, on some platforms).
use Ethernet types, to call the appropriate printer routine for the
encapsulated type. IPNET is the only protocol using IPNET types, so
ipnet_encap_print() isn't needed.
on OpenSolaris, or Solaris Express Community Edition, build 125 and later.
The attached patch introduces support for printing out the IPNET headers used
for packet capture inside of zones that share their networking with the global
zone and for packets "transmitted" between zones.
tcpdump 4.0.0 will ship with builds 129 and later of OpenSolaris/SXCE and
when run as root with the '-L' option, should behave as below to indicate that
the system is fully functional:
Data link types (use option -y to set):
DOCSIS (DOCSIS) (printing not supported)
IPNET (Solaris IPNET)
EN10MB (Ethernet)
Cheers,
Darren
commit 0a029bab08
Author: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sat Nov 14 20:51:44 2009 -0500
updated print-flags test case to have new TCP flags
to print-capXX.out, prior to removing print-XX.out (again - see previous
commits; it collides with print-xx.out on systems with case-insensitive
file systems).
commit 0a029bab08
Author: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Sat Nov 14 20:51:44 2009 -0500
updated print-flags test case to have new TCP flags
to print-capXX.out, prior to removing print-XX.out (again - see previous
commits; it collides with print-xx.out on systems with case-insensitive
file systems).
