Currently the return value of link-layer dissectors is supposed to be
the length of the link-layer header, so that it can be skipped for -x
and -X.
If a link-layer dissector or a called function throws an exception, it
returns no value, so that length isn't available.
The goal is to change all the link-layer dissectors to be void functions
and dissectors should update a new field of the netdissect_options
structure "link-layer header length" rather than returning it as a value.
In this transition process, the link-layer dissectors will be moved, when
updated, from the uint_printers[] array (named before printers[]) to the
void_printers[] array.
In this transition process, a new field of the netdissect_options
structure, ndo_void_printer (TRUE/FALSE), set in the updated function
lookup_printer(), will permit to choose between the old and new way to
update the link-layer header length.
The exceptions are currently:
Some EXTRACT_ in print-juniper.c, not used on packet buffer pointer.
An EXTRACT_BE_U_3 in addrtoname.c, not always used on packet buffer
pointer.
This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
Printing NULL string pointers with printf format %s is an undefined
behaviour.
pcap_datalink_val_to_name() may return NULL on unknown DLT_ value.
tcpdump terminated with Segmentation Fault on such case on Solaris 10
SPARC with Solaris Studio 12.3 compiler.
Also, don't use the length of the fixed-length portion of the PPI header
as the metadata length, use the *entire* length.
Otherwise, "-x" doesn't start printing at the link-layer payload.
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Remove the TTEST{2}/TCHECK{2} macros. Rename all "ndo_printer" routines,
structures, and structure members to just "printer", and get rid of the
old routines/structures/structure members with those names.
Header printing (-e) had a stray ", " before the header; remove it.
Payload printing was skipping only the fixed portion of the PPI header,
not the entire header.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Both interface.h and netdissect.h include <pcap.h>, thus most files
should not include it regardless if these need it or not. The only
exceptions so far remain:
* addrtoname.c
* missing/datalinks.c
* missing/dlnames.c
* tcpdump.c
For headers included in only one source file, put the header contents in
the source file in question, and get rid of a bunch of stuff from the
header not used in the source file.
To: tcpdump-workers@lists.tcpdump.org
Date: Sat, 09 Apr 2011 12:51:14 +1000
Subject: [tcpdump-workers] Printing PPI packets
Printing PPI packets with tcpdump does not turn out
to be that hard.
My simple tests have produced the output as below.
It would be worthwhile having some changes made into
the tcpdump code base that were similar to the attached
that print them out.
