Have nd_push_buffer() take a snapshot length, not a snapshot end, as
its last argument.
Replace nd_push_snapend() and nd_change_snapend() with nd_push_snaplen()
and nd_change_snaplen(), both of which take a pointer into the packet
buffer and snapshot length relative to that pointer as arguments. Have
those routines check the snapshot length to make sure it's not bigger
than the number of bytes in the packet past the pointer, and silently
ignore the requst if it is.
Using a length rather than a pointer avoids the possibility of the
calculation of the snapshot end overflowing and resulting in a snapshot
end *before* the point in the buffer.
Add a test for this, with a capture file containing an IPv6 packet with
an extremely large "jumbo" packet size.
Revert the "Make sure we don't set the snapend before the beginning of
the packet." changes, as they no longer apply with this change (which
also makes sure we don't set the snapend before the beginning of the
packet).
If a caller attempts to set it after the current snapend, just silently
ignore the attempt.
If they try to set it before the beginning of the packet, report it as a
bug and quit dissection. Add a new setjmp() return value meaning "bug"
rather than "truncated packet", add an "nd_bug_longjmp()" routine for
reporting bugs where we should quit dissecting, and use that in this
case.
Don't pad the pflog header with BPF_WORDALIGN(); round up to a multiple
of 4, instead, as that's what all but FreeBSD do, and FreeBSD used to do
that and should go back to doing so (kern/261566).
Don't rely on the OS's pflog include files to define direction types,
reason types, action types, or the layout of the header; instead, define
them ourselves in a header of our own, with #ifs to select the ones that
are only on some platforms. That way, it'll handle some fields and
field values (the ones common to all OSes with pflog) on all OSes, even
ones without pflog.
That also expands the set of direction, reason, and action codes to what
various *BSDs and Darwin support.
Also, handle all the different AF_INET6 values in various *BSDs and
Darwin.
It prints now, by default, also the static functions names.
To configure the printing of only the global functions names, as before:
$ make instrument_global
To go back to print all the functions names:
$ make instrument_all
In case of truncation, the indentation level is reset to its previous
level in pretty_print_packet().
[skip ci]
This should help some debugging processes.
Usage:
./configure --enable-instrument-functions
Generate instrumentation calls for entry and exit to functions.
Just after function entry and just before function exit, these
profiling functions are called and print the function names with
indentation and call level.
To instument a static function, remove temporarily the static specifier.
In case of truncation, the indentation level is reset currently to 1 in
pretty_print_packet(), main is level 0.
New option `--print-sampling=NTH` will parse and print every NTH packet,
with all other packets producing no output. This option enables
`--print` and `-S` flags.
Print sampling is useful for real-time inspection of an interface with
a high packet rate, or initial inspection of large capture files.
With these changes tcpdump passes "CFLAGS=-Werror make" on OpenBSD 6.8
AMD64, so build.sh has one less reason to fail.
gcc (GCC) 4.2.1 20070719
(also from OpenBSD clang version 10.0.1 with different wording)
./addrtoname.c: In function 'etheraddr_string':
./addrtoname.c:605: warning: passing argument 2 of 'ether_ntohost'
discards qualifiers from pointer target type
./addrtoname.c: In function 'init_etherarray':
./addrtoname.c:980: warning: passing argument 2 of 'ether_ntohost'
discards qualifiers from pointer target type
./print.c: In function 'pretty_print_packet':
./print.c:389: warning: passing argument 2 of 'ts_print' from
incompatible pointer type
./bpf_dump.c:34: warning: no previous prototype for 'bpf_dump'
Also rename 'ndo_truncated' to 'ndo_early_end'.
The current case (truncated packet) uses ND_TRUNCATED value.
Prepare to add other cases when the current packet cannot be processed
any more ('Invalid' cases, etc.).
All the link-layer dissectors are now void functions.
All the functions were moved to the void_printers[] array.
Rename this array to printers[].
Remove the uint_printers[] array, now empty.
Remove the 'ndo_void_printer' flag field, now useless, from
netdissect_options.
Remove other transitional code.
DLT_LANE8023 was never defined in libpcap.
It was, perhaps, defined in some SuSE libpcap update, but no evidence
of this.
It is not defined in OpenSuSE Leap 15.2 (information from Guy).
brcm_tag_if_print()
brcm_tag_prepend_if_print()
dsa_if_print()
edsa_if_print()
ether_if_print()
netanalyzer_if_print()
netanalyzer_transparent_if_print()
Update ether_print(), ether_common_print() and ether_switch_tag_print()
to void functions.
Add a flag parameter to ether_print(), ether_common_print() and
ether_switch_tag_print() to increment the link-layer header length field
of the netdissect_options when needed.
The calls use TRUE when the return value of the funtions was used.
The calls with FALSE avoid increments when the calls are nested.
Moreover:
Remove trailing "_if" from some protocol names.
Moreover:
Merge ppi_if_print() and ppi_print() in one function.
Remove two useless ND_TCHECK_ tests (GET_ used).
Remove a no longer used 'trunc' label.
Moreover:
Remove trailing "_if" from protocol name.
Remove a useless ND_TCHECK_4 test (GET_HE_U_4 used).
Remove a no longer used 'trunc' label.
Use uint32_t type for family in null_hdr_print().
