brcm_tag_if_print()
brcm_tag_prepend_if_print()
dsa_if_print()
edsa_if_print()
ether_if_print()
netanalyzer_if_print()
netanalyzer_transparent_if_print()
Update ether_print(), ether_common_print() and ether_switch_tag_print()
to void functions.
Add a flag parameter to ether_print(), ether_common_print() and
ether_switch_tag_print() to increment the link-layer header length field
of the netdissect_options when needed.
The calls use TRUE when the return value of the funtions was used.
The calls with FALSE avoid increments when the calls are nested.
Moreover:
Remove trailing "_if" from some protocol names.
Moreover:
Merge ppi_if_print() and ppi_print() in one function.
Remove two useless ND_TCHECK_ tests (GET_ used).
Remove a no longer used 'trunc' label.
Moreover:
Remove trailing "_if" from protocol name.
Remove a useless ND_TCHECK_4 test (GET_HE_U_4 used).
Remove a no longer used 'trunc' label.
Use uint32_t type for family in null_hdr_print().
Currently the return value of link-layer dissectors is supposed to be
the length of the link-layer header, so that it can be skipped for -x
and -X.
If a link-layer dissector or a called function throws an exception, it
returns no value, so that length isn't available.
The goal is to change all the link-layer dissectors to be void functions
and dissectors should update a new field of the netdissect_options
structure "link-layer header length" rather than returning it as a value.
In this transition process, the link-layer dissectors will be moved, when
updated, from the uint_printers[] array (named before printers[]) to the
void_printers[] array.
In this transition process, a new field of the netdissect_options
structure, ndo_void_printer (TRUE/FALSE), set in the updated function
lookup_printer(), will permit to choose between the old and new way to
update the link-layer header length.
If we have an Ethernet packet where the last 2 octets of the header are
a length rather than an Ethernet type, and it's less than the remaining
length of the packet, shorten the length and captured length, update the
snapshot end.
Turn the buffer stack into a "packet information" stack, so that, if we
*do* update the snapshot end, we push the old end onto the stack, and
pop it off as soon as we're done dissecting the Ethernet packet, in case
there's more data in the packet after the Ethernet packet.
Use the stack when we use the IPv4 and IPv6 length fields as well.
2019-04-22 23:49:02 -07:00
alexandr nedvedicky - Sun Microsystems - Prague Czech Republic
InfiniBand support for tcpdump.
This is an in-house patch. Sent upstream for potential inclusion in future
versions of tcpdump.
(also adding print-ipoib.c to CMakeLists.txt, asked by @guyharris)
(s/u_int16_t/uint16_t asked by @guyharris)
Similarly to commit 6eaebfe adding support for the Broadcom tagging
format supported by the DSA kernel subsystem, this commit adds support
for the Marvell DSA and Ethertype DSA (EDSA) tagging formats.
Marvell DSA is a 4-byte proprietary tag placed between the ether source
address and the ether length/type. It contains data such as the switch
device and port IDs from which a frame came from, or to which port
a frame is targetting. It also contains additional FPri and IEEE bits.
EDSA is a 8-byte variant including a programmable ethertype, two null
bytes and a standard DSA tag.
If a dissector has to process its input - decryption, decompression,
etc. - rather than dissect the raw input, it should push the processed
input onto the buffer stack. As soon as the dissection is done, the
stack should be popped, to free the buffer into which the processing was
done, and restore the "pointer to packet data" and "pointer to end of
packet data" members of the netdissect_options structure, so the code
can go back to dissecting the original data.
The stack will get everything popped off it when dissection is done.
Use this mechanism in the ESP decryption code rather than scribbling on
top of the input packet data.
Add GET_{BE|HE|LE}_, GET_U_1, GET_S_1, GET_IPV4_TO_HOST_ORDER,
GET_IPV4_TO_NETWORK_ORDER macros and
get_{be|he|le}_, get_u_1, get_s_1, get_ipv4_to_host_order,
get_ipv4_to_network_order inline functions,
with setjmp/longjmp logic to do better and easier data fetch with
bounds checking.
Based on Guy Harris's idea and code.
This adds support for decoding the Broadcom Ethernet switches tags which
are are 4byte in length and are located between the Ethernet MAC SA and
the Type/Length field (DSA_TAG_BRCM) as well as the pre-pended Broadcom
tag (DSA_TAG_BRCM_PREPEND) which are located in front of the standard
Ethernet header.
This makes use of the recently introduced ether_print_hdr_len() to allow
specifying the non-standard Ethernet header length of 12 + 4 + 2 bytes.
Using seconds offset from GMT to local time to compute local time give
errors when printing times outside the same daylight saving time period.
Use the localtime() function for default and -tttt cases.
Use the gmtime() function for -ttt and -ttttt cases.
Rename ts_hmsfrac_print() to ts_date_hmsfrac_print().
Remove some variables now useless.
Update some comments.
If we're building with an old version of libpcap that doesn't include
pcap_datalink_val_to_name(), we incorporate our own version, but we need
to have it declared before we use it.
The packet length must be <= MAXIMUM_SNAPLEN.
Currently, there is no D-Bus printer, thus no need for a bigger length.
Now a pachet is valid if:
capture length != 0,
packet length != 0,
capture length <= MAXIMUM_SNAPLEN,
packet length <= MAXIMUM_SNAPLEN,
packet length >= capture length.
Moreover:
Fix the packet header lengths of some fuzzed pcap files:
If the lengths are > MAXIMUM_SNAPLEN, set them to MAXIMUM_SNAPLEN.
Thus they will be always usable with this new sanity check.
Because we now stop decoding packet when header length(s) is/are invalid,
there is no more need to keep the invalid header flag out of
pretty_print_packet function.
