DNS: Use ND_TCHECK_LEN() instead of a custom bounds check

[tcpdump] / print-macsec.c

diff --git a/print-macsec.c b/print-macsec.c
index cf172811df50f83c66fb572fb3240bbb70c4d8e1..0c9ea05f133510f50a5c61bb5fa9fe06c2602e80 100644 (file)
--- a/print-macsec.c
+++ b/print-macsec.c
@@ -21,17 +21,12 @@
 
 /* \summary: MACsec printer */
 
-#ifdef HAVE_CONFIG_H
 #include <config.h>
-#endif
 
-#include <netdissect-stdinc.h>
-
-#include <string.h>
+#include "netdissect-stdinc.h"
 
 #include "netdissect.h"
 #include "addrtoname.h"
-#include "ethertype.h"
 #include "extract.h"
 
 #define MACSEC_DEFAULT_ICV_LEN 16
@@ -108,7 +103,7 @@ static void macsec_print_header(netdissect_options *ndo,
        ND_PRINT(", ");
 }
 
-/* returns < 0 if the packet can be decoded completely */
+/* returns < 0 iff the packet can be decoded completely */
 int macsec_print(netdissect_options *ndo, const u_char **bp,
                 u_int *lengthp, u_int *caplenp, u_int *hdrlenp,
                 const struct lladdr_info *src, const struct lladdr_info *dst)
@@ -219,6 +214,13 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
        }
        *lengthp -= MACSEC_DEFAULT_ICV_LEN;
        *caplenp -= MACSEC_DEFAULT_ICV_LEN;
+       /*
+        * Update the snapend thus the ICV field is not in the payload for
+        * the caller.
+        * The ICV (Integrity Check Value) is at the end of the frame, after
+        * the secure data.
+        */
+       ndo->ndo_snapend -= MACSEC_DEFAULT_ICV_LEN;
 
        /*
         * If the SL field is non-zero, then it's the length of the