This can prevent bizarre failures if, for example, you've done a
configuration in the top-level source directory, leaving behind one
config.h file, and then do an out-of-tree build in another directory,
with different configuration options. This way, we always pick up the
same config.h, in the build directory.
Use EXTRACT_U_1() as required by those changes. Remove
no-longer-necessary & operators from other EXTRACT_ calls.
While we're at it, add MAC_ADDR_LEN to netdissect.h, and use it instead
of ETHER_ADDR_LEN; eliminate ETHER_ADDR_LEN.
Move the maximum Ethernet length field value to ethertype.h, under the
name MAX_ETHERNET_LENGTH_VAL.
Move the Ethernet header structure, and the #define for the Ethernet
header length, to print-ether.c; in non-Ethernet dissectors that were
using the Ethernet header structure, just declare two nd_mac_addr
variables for the source and destination MAC addresses and use them
instead of the Ethernet header (we don't need the type field there).
These changes leave nothing in ether.h, so eliminate it.
Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
This fixes a buffer over-read discovered by Kamil Frankowicz.
Don't pass the remaining caplen - that's too hard to get right, and we
were getting it wrong in at least one case; just use ND_TTEST().
Add a test using the capture file supplied by the reporter(s).
The code in medsa_print() assumed that the MEDSA packet always follows
an Ethernet header that is inside the allocated memory buffer. But
this is not always the case, see commit 6bc4429 for rationale.
Eliminate the Ethernet header pointer and just pass on the struct
lladdr_info arguments provided.
In that function the "length" parameter means off-the-wire length, that
is, the length declared inside the outer header. The "caplen" parameter
means the amount of bytes actually available in the captured packet.
gre_print_0() and the functions modelled after it passed the value of
"length" instead of the value of "caplen", this could make ether_print()
access beyond the memory allocated for the captured packet. Brian
Carpenter had demonstrated this for the OTV case.
Fix the involved functions that call ether_print() to pass the correct
value and leave a comment to dismiss "caplen" later as its value can be
reliably derived from the other ether_print() parameters.
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
Call it that, to indicate that it's not necessarily a type field.
While we're at it, get rid of references to "DEC/Intel/Xerox" and
"802.3" Ethernet headers in comments; since 802.3y, the 802.3 standard
supports both "DIX" frames, with a type field, and earlier 802.3 frames,
with a length field, so there's only one version of Ethernet, 802.3,
which supports frames with type fields and frames with length fields.
Reference: IEEE Std 802.3-2012
"If the value of this field is less than or equal to 1500 decimal
(05DC hexadecimal), then the Length/Type field indicates the number
of MAC client data octets contained in the subsequent MAC Client Data
field of the basic frame (Length interpretation)."
Update the output of a test accordingly.
This header can be used with Marvell switches to direct packets in/out
of a specific port in a tree of interconnected switches. The header
uses its own Ethertype of 0xdada.
By default, only brief output is printed, showing the switch device,
port, and vlan the packet is to/from. However if -e is given, to print
the link-level header, all fields are printed.
Have llc_print() return the length of the LLC header, plus the length of
the SNAP header, if available - or, if it couldn't dissect the payload,
return the *negative* of that sum. Use that return value in link-layer
printers.
Don't print LLC header information for SNAP packets; if we have a SNAP
header, just call snap_print() and return its return value, regardless
of whether it's 1 or 0, don't fall into the code to print raw LLC header
information - and don't print it with -e, either.
If llc_print() returns 0, just call the default packet printer, don't
print the MAC-layer header or the extracted ethertype - llc_print() will
print the source and destination MAC addresses and whatever type
information is in the LLC or SNAP headers.
If we don't know the DSAP/LSAP, and it's an information frame (numbered
or not) and not an XID frame, return 0, so that we give a hex dump of
the raw payload.
In addition, print the length when printing SNAP header information with
-e.
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
Always define and declare ip6_print(), always compile print-ip6.c, and
always call it if we recognize a payload as IPv6. If INET6 isn't
defined, ip6_print() will just print the length and note that printing
isn't supported.
That way, we don't do weird dissection of IPv6 packets on systems
without IPv6 support, due to, for example, ethertype_print() returning 0
("not dissected") for IPv6 packets on those systems (IPv6-over-Frame
Relay was dissected weirdly due to this).
The sample capture was produced with two Linux hosts (aoetools version
36, kernel module version 85, vblade version 21). One of the hosts
exported a 1MB block device containing a freshly created filesystem and
the other mounted it, wrote a small file and then unmounted.
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
Eliminate a number of fputs(), putchar() and fflush() uses. Justify
preprocessor directives. Don't typecast ND_PRINT() to void and fix some
indentation.
Both interface.h and netdissect.h include <pcap.h>, thus most files
should not include it regardless if these need it or not. The only
exceptions so far remain:
* addrtoname.c
* missing/datalinks.c
* missing/dlnames.c
* tcpdump.c
tcpdump used to print an empty line for a Loopback (CTP) packet, which
many Cisco switches send by default every 10 seconds. This commit adds
a decoder for the protocol and a test case, which uses the sample
capture from Wireshark wiki (configuration_test_protocol_aka_loop.pcap).
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
