Check -v and -K, and the fragmented flag, up front; then check the IP
version etc.. Don't check for IPv6 if we already know it's IPv4. Fetch
the checksum field only once.
The Wireshark routine is based on the BSD in-kernel portable checksum
routine (thus BSD-licensed); it takes a vector of pointers and lengths
and checksums the concatenation of the buffers in question (just as the
BSD in-kernel routine checksums a chain of mbufs).
This simplifies the "with a pseudo-header" checksums; hopefully it'll
fix up the problems being seen on some big-endian platforms, which might
be due to hand-calculating some or all of the checksum and doing so
incorrectly. It also gets rid of some code that might be dereferencing
unaligned pointers.
We only need to clear out the tha structure if we support IPv6, so that
the addresses are IPv6 addresses, but we only have IPv4 addresses, so
that the rest of the address bytes need to be set somehow.
Also, explain what we're doing, so people don't ask why we're not
zeroing it if we don't support IPv6.
Use the EXTRACT_ macros to extract multi-byte integral values from
packets, rather than just dereferencing pointers into the packet; there
is no guarantee that the packet data will be aligned on the right
boundary, and there is no guarantee that, if they're not, a direct
access will work correctly.
RFC 5482 specifies a new TCP option -- the TCP User Timeout
Option (UTO) -- that allows one end of a TCP connection to
advertise its current user timeout value. The Kind of UTO
option is 28 and the Length is 4. The tcpdump currently does
not recognize UTO option.
The shared secret is passed using the already existing -M option which is
used for TCP-MD5 checking.
add initial supoort for RSVP Integrity object verification.
items in the RPC header.
When dissecting NFS over TCP, fetch the fragment header length, use it
to limit the dissection of the request or reply (in case there's more
than one request or reply in the packet), and do the same
direction-plus-port checks that are done for NFS over UDP. Also
eliminate the bounds check for the RPC header in the TCP dissector code,
and do checks for the fields it looks at (other checks are done by the
NFS dissector).
- seperate fields by comma
- use [] for flags and options sets
- print a trailing length field
make use of tok2str() and bitttok2str()
move port definitions into tcp.h
regions are =, < 0 if the first memory region is < the second, or > 0 if
the first memory region is > the second, so to check whether two memory
regions are equal, check whether memcmp()'s return value is == 0.
the wire; the definitions in many systems use u_long, which is 64 bits
long on many platforms - that's OK for in-memory structures, but it
doesn't match what's on the wire. Use headers based on the Sun ones,
but use u_int32_t for fields, and otherwise make the structures match
what's on the wire, and change some names to avoid collision with
<rpc/rpc.h>, which print-sunrpc.c includes to declare "getrpcbynumber()"
and the structure it returns.
Record whether "getrpcbynumber()" is found, and use it only if it's
found, rather than basing the decisison on whether we're building for
Win32 or not.
run past the end of that payload.
Check that the IPv4 total length isn't less than the header length.
Use "%u", not "%d", to print unsigned values.
Properly update "len" in the header-processing loop for IPv6.
Doing so means we can trust the length passed to the TCP and UDP
dissectors when constructing the IPv6 pseudo-header; do so (but fix the
length we pass to the UDP-over-IPv6 checksum routine).
That length is unsigned; make the corresponding arguments to the TCP and
UDP checksum routines unsigned.
appropriately, and that GNUmakefile and the MSVC++ project file define
it apppriately, as we do with libpcap, rather than defining it in
"interface.h".
Undo the rcsid-shuffling and addition of extra #includes, as we no
longer need to arrange that "interface.h" be included before using _U_
in an RCS ID or copyright.
use "_U_" in the definitions of "rcsid[]", to eliminate
complaints about those variables being unused;
move the definitions after the include of "interface.h", or add
an include of "interface.h", so that "_U_" is defined.
Include "config.h" before including "tcpdump-stdinc.h" in
"missing/datalinks.c".
values. Use that rather than private definitions in various files.
Add "gmpls.h" to the list of files in FILES, and add it and "ipfc.h" to
the list of files in INSTALL.
compile with Sun C, as "interface.h" isn't being included before the
structures are being declared.
Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun
C to generate code that's safe with unaligned accesses, as
"__attribute__" is defined as a do-nothing macro with compilers that
don't support it.
Therefore, we get rid of that tag on the structures to which it was
added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch
16-bit and 32-bit big-endian quantities from packets. We also fix some
other references to multi-byte quantities to get rid of code that tries
to do unaligned loads on platforms that don't support them.
We also throw in a hack that makes those macros use
"__attribute__((packed))" on structures containing only one 16-bit or
32-bit integer to get the compiler to generate unaligned-safe code
rather than doing it by hand. (GCC on SPARC produces the same code that
doing it by hand does; I don't know if GCC on any other big-endian
strict-alignment processor generates better code for that case. On
little-endian processors, as "ntohs()" and "ntohl()" might be functions,
that might actually produce worse code.)
Fix some places to use "%u" rather than "%d" to print unsigned
quantities.
unused-parameter problems reported by GCC. Add an _U_ tag to label
parameters as unused if the function is called through a pointer (so
that you can't change its signature by removing parameters) or if there
are unused parameters only because the function isn't complete.
Add some additional bounds checks the necessity for which was revealed
while cleaning up unused-parameter problems.
Make some routines static.
"lcp_print()", defined in "print-lcp.c", isn't called anywhere -
"print-ppp.c" has the code to dissect LCP. Get rid of "print-lcp.c".
From Neil T. Spring: fixes for many of those warnings:
addrtoname.c, configure.in: Linux needs netinet/ether.h for
ether_ntohost
print-*.c: change char *foo = "bar" to const char *foo = "bar"
to appease -Wwrite-strings; should affect no run-time behavior.
print-*.c: make some variables unsigned.
print-bgp.c: plen ('prefix len') is unsigned, no reason to
validate by comparing to zero.
print-cnfp.c, print-rx.c: use intoa, provided by addrtoname,
instead of inet_ntoa.
print-domain.c: unsigned int l; (l=foo()) < 0 is guaranteed to
be false, so check for (u_int)-1, which represents failure,
explicitly.
print-isakmp.c: complete initialization of attrmap objects.
print-lwres.c: "if(x); print foo;" seemed much more likely to be
intended to be "if(x) { print foo; }".
print-smb.c: complete initialization of some structures.
In addition, add some fixes for the signed vs. unsigned comparison
warnings:
extract.h: cast the result of the byte-extraction-and-combining,
as, at least for the 16-bit version, C's integral promotions
will turn "u_int16_t" into "int" if there are other "int"s
nearby.
print-*.c: make some more variables unsigned, or add casts to an
unsigned type of signed values known not to be negative, or add
casts to "int" of unsigned values known to fit in an "int", and
make other changes needed to handle the aforementioned variables
now being unsigned.
print-isakmp.c: clean up the handling of error/status indicators
in notify messages.
print-ppp.c: get rid of a check that an unsigned quantity is >=
0.
print-radius.c: clean up some of the bounds checking.
print-smb.c: extract the word count into a "u_int" to avoid the
aforementioned problems with C's integral promotions.
print-snmp.c: change a check that an unsigned variable is >= 0
to a check that it's != 0.
Also, fix some formats to use "%u" rather than "%d" for unsigned
quantities.
