From: sfd <stephen.donnelly@emulex.com>
Date: Mon, 25 Aug 2014 22:55:56 +0000 (+1200)
Subject: dag-pcap was not correctly handling ERF records with extension headers.
X-Git-Tag: libpcap-1.7.2^2~77^2~2
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/62f4d9e78cd48722a6c83726c6fc598bb9597979

dag-pcap was not correctly handling ERF records with extension headers.

It was subtracting the extension header count from caplen after reducing it to packet_len, resulting in truncated records.
---

diff --git a/pcap-dag.c b/pcap-dag.c
index d41acfd8..c1d5b8f1 100644
--- a/pcap-dag.c
+++ b/pcap-dag.c
@@ -435,6 +435,9 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 					caplen = rlen - dag_record_size - 4;
 					dp+=4;
 				}
+				/* Skip over extension headers */
+				caplen -= (8 * num_ext_hdr);
+
 				if (header->type == TYPE_ATM) {
 					caplen = packet_len = ATM_CELL_SIZE;
 				}
@@ -466,6 +469,8 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 				packet_len = ntohs(header->wlen);
 				packet_len -= (pd->dag_fcs_bits >> 3);
 				caplen = rlen - dag_record_size - 2;
+				/* Skip over extension headers */
+				caplen -= (8 * num_ext_hdr);
 				if (caplen > packet_len) {
 					caplen = packet_len;
 				}
@@ -479,6 +484,8 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 				packet_len = ntohs(header->wlen);
 				packet_len -= (pd->dag_fcs_bits >> 3);
 				caplen = rlen - dag_record_size;
+				/* Skip over extension headers */
+				caplen -= (8 * num_ext_hdr);
 				if (caplen > packet_len) {
 					caplen = packet_len;
 				}
@@ -489,6 +496,8 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 				packet_len = ntohs(header->wlen);
 				packet_len -= (pd->dag_fcs_bits >> 3);
 				caplen = rlen - dag_record_size - 4;
+				/* Skip over extension headers */
+				caplen -= (8 * num_ext_hdr);
 				if (caplen > packet_len) {
 					caplen = packet_len;
 				}
@@ -514,6 +523,8 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 			case TYPE_IPV6:
 				packet_len = ntohs(header->wlen);
 				caplen = rlen - dag_record_size;
+				/* Skip over extension headers */
+				caplen -= (8 * num_ext_hdr);
 				if (caplen > packet_len) {
 					caplen = packet_len;
 				}
@@ -534,9 +545,6 @@ dag_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 				continue;
 			} /* switch type */
 
-			/* Skip over extension headers */
-			caplen -= (8 * num_ext_hdr);
-
 		} /* ERF encapsulation */
 		
 		if (caplen > p->snapshot)