Now all the macros have a name meaning a count in bytes.
With _S_: signed, _U_: unsigned
e.g.:
EXTRACT_BE_32BITS -> EXTRACT_BE_U_4
EXTRACT_LE_32BITS -> EXTRACT_LE_U_4
...
EXTRACT_BE_INT32 -> EXTRACT_BE_S_4
and have:
EXTRACT_8BITS -> EXTRACT_U_1
EXTRACT_INT8 -> EXTRACT_S_1
Get rid of casts to (int) that aren't needed or wanted.
If a field is unsigned, use an unsigned variable for it, print it with
%u, not %d, and don't cast it to int.
Replace a static variable in print-dvmrp.c with a local variable in
dvmrp_print() and a parameter to print_neighbors2().
Use uintN_t and intN_t types rather than u_short and u_int.
Use uint32_t rather than unsigned long, as that's what's intended.
Most fields in RX are unsigned, according to the OpenAFS source; make it
so. Use EXTRACT_BE_INT32() to extract the one field that isn't.
The length and port numbers passed in from the UDP dissector are
unsigned; make the arguments unsigned.
Use ND_TTEST2 rather than a hand-rolled test.
Use ND_TCHECK_nBITS() rather than ND_TCHECK2() in some cases.
Most printer entry functions are based on the file name (without print-).
Do the same for SUNRPC (sunrpcrequest_print -> sunrpc_print).
This change allows easier update by script.
Most printer entry functions are based on the file name (without print-).
Do the same for DNS (ns_print -> domain_print)
This change allows easier update by script.
This fixes a buffer over-read discovered by Kamil Frankowicz.
Don't pass the remaining caplen - that's too hard to get right, and we
were getting it wrong in at least one case; just use ND_TTEST().
Add a test using the capture file supplied by the reporter(s).
Handle attributes for function pointers the same way we handle
attributes for functions, by explicitly checking for the compiler
version with #if rather than with a configure script check. That's one
fewer thing that, if you're not using autoconf, has to be done in some
other fashion.
While we're at it, put NORETURN in the right place to have it work with
Microsoft Visual Studio as well as various UN*X compilers.
Yes, the behavior of an access with an improperly-aligned pointer is
undefined according to the C standard, but if we're doing that in an
EXTRACT_ function/macro, we're doing it because we know it's safe and
because it's faster than picking the bytes out one by one and assembling
them, so suppress those warnings.
Pull over libpcap's funcattrs.h and use it to do a bunch of checks for
various function attributes; that defines __has_attribute(), so we can
use it to check for the "suppress sanitizer warnings" attribute.
While we're at it, use other things it defines to specify "this function
never returns", "this function is printf-like", and "this function
argument is a printf-style format argument", rather than using various
configure-script checks. That should let us declare some function
attributes with Microsoft Visual Studio's compilers.
That leaves it up to libpcap to choose an appropriate snapshot length,
which it'll do. With upcoming versions, it'll choose, when capturing on
a D-Bus interface, a very large snapshot length, to handle the maximum
D-Bus message size of 128MB.
(For older versions, we still use 262144, as those versions won't pick a
default value.)
The code in medsa_print() assumed that the MEDSA packet always follows
an Ethernet header that is inside the allocated memory buffer. But
this is not always the case, see commit 6bc4429 for rationale.
Eliminate the Ethernet header pointer and just pass on the struct
lladdr_info arguments provided.
Have separate routines for signed and unsigned relative time stamps.
Have the routine for signed time stamps handle the case of -2^31, where
you can't negate it and have the result fit in a 32-bit signed integer.
There are currently no users of the signed relative time stamp routine,
but it's there in case anybody needs it (and is passing 32-bit
quantitites, so that there's a risk that a packet might contain -2^31 as
the time stamp).
Fixes an array overflow found with American Fuzzy Lop by Hanno Böck.
It can't be told to stop at the end of the packet data. Add a
fn_printztn() that prints null-terminated strings, with a length check,
and which returns the number of bytes processed, or 0 if we ran out of
data. That means it does the scanning we need, but safely.
Use it in the TFTP and BOOTP printers.
Fixes a heap overflow found with American Fuzzy Lop by Hanno Böck.
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
Have the call to smiLoadModule() be in a nd_load_smi_module() routine.
Have it set a *global* flag indicating whether a module has been loaded;
that's not per-netdissect_options. Use that global flag in print-snmp.c
- and don't test it once per loop iteration, it's not going to change
while the loop is running.
Have a routine to return the version of the library if we're built with
it or NULL if we're not.
That removes the last of the code that tests USE_LIBSMI or uses libsmi
from tcpdump.c.
Move stuff to initialize and clean up libraries that are used by
netdissect code into nd_init() and nd_cleanup() routines in
libnetdissect; this includes Winsock (which is used on Windows by, for
example, the code to get names for IP addresses) and libsmi.
Call nd_init() when tcpdump starts up, and call nd_cleanup() when it
exits.
Move util.c routines to tcpdump.c, and make them static.
Use ndo->ndo_error to report a failure to open a file in print-esp.c.
This commit adds support for RESP as defined in: http://redis.io/topics/protocol.
It also supports inline commands and pipelining. Due to the popularity of RESP,
numerous services are emerging that use this protocol. You may decode RESP packets
on arbitrary ports using the "-T resp" option.
Example captures can be found in tests/resp_*.
A simple way to test this parser is to start redis-server and then run
redis-cli commands such as "redis-cli set key value".
Traditionally, redis-cli monitor is used to debug redis. Unfortunately,
the "monitor" command can cause significant load on a redis-server in
production. This parser may be used as a non-invasive alternative to
redis-cli monitor.
If we have a routing header, instead of overwriting the packet's IPv6
destination address in the packet with the final destination, so that
the next protocol's checksum routine can use it, we do as we do for
IPv4, and, in the "next protocol checksum" routine, scan the headers
looking for a routing header and, if we find one, copy the final
destination from it.
While we're at it, clean up a few things.
Define them in netdissect.h.
Use them in ip.h, and *don't* mark the structures as UNALIGNED; that
should no longer be necessary.
Add a new nd_ipv4 type to use as an IPv4 address; it represents the 4
bytes of IPv4 address as an array of unsigned chars, so that its natural
alignment is only on a byte boundary.
Those changes found some places where we weren't using
UNALIGNED_MEMCPY() to extract IPv4 addresses from packets; use it.
Fixing Travis CI build for LISP commit
Adding testcases for lisp notify and register
Fixing build warnings
Added ND_TCHECK for relevant headers
Fixing ND_TCHECK2 issues
Adding support for multiple LOC records for same EID entry
Fixing review issues, adding detailed tests
Adding support for verbose outputs
Adding RFC information for UDP PORT defination
Removing Spaces in type names
Print EID record related flags in verbose mode
Using tok2str
Fixing -Wpedantic issues
Negative testcases, Packet structure comments, verbose mode flag printing
Printing Map Version
Print auth_data, decouple type and xtr_present extraction, handle malformed packets correctly
Tests for latest code changes
Printing useful info incase not built with IPv6 support
Have our own routines to convert between IPv4/IPv6 addresses and
strings; that helps if, for example, we want to build binary versions of
tcpdump for Windows that can run both on NT 5 (W2K/WXP), which doesn't
have inet_ntop() or inet_pton(), and NT 6 (Vista/7/8/10), which do. It
also means that we don't require IPv6 library support on UN*X to print
addresses (if somebody wants to build tcpdump for older UN*Xes lacking
IPv6 support in the system library or in add-on libraries).
Get rid of files in the missing directory that we don't need, and
various no-longer-necessary autoconf tests.
Remove 'ndo_dlt' and 'ndo_dltname' from netdissect_options, only
used is frontend.
Use instead 'yflag_dlt' and 'yflag_dlt_name' variables in frontend.
Moreover:
Fix style
The structure 'netdissect_options' can hold if_printer.
Thus the structure 'print_info' is useless now.
Moreover:
Delete useless blank lines
Fix indent
Even if frontend/backend separation is ongoing, keep coherence between
option name and flag name at the moment.
Option name is 'm', thus s/ndo_sflag/ndo_mflag/.
