If a dissector has to process its input - decryption, decompression,
etc. - rather than dissect the raw input, it should push the processed
input onto the buffer stack. As soon as the dissection is done, the
stack should be popped, to free the buffer into which the processing was
done, and restore the "pointer to packet data" and "pointer to end of
packet data" members of the netdissect_options structure, so the code
can go back to dissecting the original data.
The stack will get everything popped off it when dissection is done.
Use this mechanism in the ESP decryption code rather than scribbling on
top of the input packet data.
That means less duplication of functionality - and less chance that
XXX-over-IPv4 will be handled but XXX-over-IPv6 won't be handled, or
*vice versa*. (CARP and VRRP were being handled over IPv4 but not over
IPv6; this fixes that.)
Add GET_{BE|HE|LE}_, GET_U_1, GET_S_1, GET_IPV4_TO_HOST_ORDER,
GET_IPV4_TO_NETWORK_ORDER macros and
get_{be|he|le}_, get_u_1, get_s_1, get_ipv4_to_host_order,
get_ipv4_to_network_order inline functions,
with setjmp/longjmp logic to do better and easier data fetch with
bounds checking.
Based on Guy Harris's idea and code.
This adds support for decoding the Broadcom Ethernet switches tags which
are are 4byte in length and are located between the Ethernet MAC SA and
the Type/Length field (DSA_TAG_BRCM) as well as the pre-pended Broadcom
tag (DSA_TAG_BRCM_PREPEND) which are located in front of the standard
Ethernet header.
This makes use of the recently introduced ether_print_hdr_len() to allow
specifying the non-standard Ethernet header length of 12 + 4 + 2 bytes.
A fair number of proprietary Ethernet switch tagging protocols, such as
Broadcom tags for instance, will place their tag between the MAC SA and
the Type/Length field.
Move the body of ether_print() into ether_print_hdr_len() and specify
the Ethernet header length as an argument to that function.
ether_print() calls ether_print_hdr_len() with a standard Ethernet
header lenght of 14 bytes, while other callers could specify an
arbitrary length. We still assume that the first Length/Type field to
parse is located 2 bytes before the end of that Ethernet header length.
This will be used in a subsequent commit to parse Broadcom tags.
This means we get the same behavior in Turkish locales (where, if we
aren't in the C locale, we might get lower-case "i" mapped to upper-case
"I with dot" and upper-case "I" mapped to lower-case "i without dot),
and may also suppress some shortening warnings from MSVC.
This reverts commit 76ed0bb392.
It doesn't help.
We may just want to suppress the warning, as in "trust us, we know what
we're doing", although it'd be nice if the format string passed to those
functions could be checked to make sure it is one that takes exactly one
integer argument.
Declare the format-string argument to tok2strbuf(), tok2str(),
bittok2str(), and bittok2str_nosep() as such, to see whether that gets
MSVC not to complain - or if it just gets upset because there's no "..."
argument list for it.
Apparently, if you have an interface in monitor mode, capturing on the
"any" device can get packets that have a SLL hatype of 803, which is the
ARPHRD_ value for radiotap, and with the payload containing a radiotap
header, followed by an 802.11 header, followed by the 802.11 payload.
Handle that.
Using seconds offset from GMT to local time to compute local time give
errors when printing times outside the same daylight saving time period.
Use the localtime() function for default and -tttt cases.
Use the gmtime() function for -ttt and -ttttt cases.
Rename ts_hmsfrac_print() to ts_date_hmsfrac_print().
Remove some variables now useless.
Update some comments.
This function print a null-terminated string, filtering out non-printable
characters.
DON'T USE IT with a pointer on the packet buffer because there is no
truncation check. For this use, see the nd_printX() functions.
The functions are: nd_print, nd_printztn, nd_printn and nd_printzp.
Trying to make it clearer that they currently have to be used only on part
of the packet buffer.
Update some comments.
Structures that describe packet formats now all use nd_ types, none of
which require more than 1-byte alignment, so compilers shouldn't assume
that anything in those structures is aligned on any particular boundary,
even without a "this is unaligned" hint.
Some versions of the MSVC runtime library have a non-C99-compliant
vsnprintf(), which we want to avoid. On Windows, use snprintf() and
vsnprintf() for VS 2015 and later, where they both exist in
C99-compliant forms, and wrap _{v}snprintf_s() otherwise (they're
guaranteed to do the null termination that we want).
It's netdissect-specific, and there are some files that include
netdissect.h, that don't include netdissect-stdinc.h, and that include
files that define structures using ND_UNALIGNED.
Because we now stop decoding packet when header length(s) is/are invalid,
there is no more need to keep the invalid header flag out of
pretty_print_packet function.
And consequently ND_TCHECK2() and ND_TTEST2() macros.
The macros to use now are:
(Comments in netdissect.h)
ND_TCHECK_n(p), n in { 1, 2, 3, 4, 5, 6, 7, 8, 16 }
ND_TCHECK_SIZE(p)
ND_TCHECK_LEN(p, l)
ND_TTEST_n(p), n in { 1, 2, 3, 4, 5, 6, 7, 8, 16 }
ND_TTEST_SIZE(p)
ND_TTEST_LEN(p, l)
Instead, use compiler test macros to check whether *particular*
attributes are supported, and set various #defines appropriately, in
header files.
Rename the UNALIGNED structure attribute to ND_UNALIGNED, and ask
whether we still need it.
Use unsigned for lengths. Add additional length checks, as we can no
longer cheat and rely on "underflow turns the length negative, so just
check for > 0".
Show most NBT and SMB numerical fields as unsigned, as that's what they
are. Have "d" and "D" treat the value as signed; add "u" and "U" for
unsigned values.
