X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/65a0c47dc8103f3794e07dc35bd72b52a67a76c7..82cfcd4391f9f6c748634bfd7b48a44f42e6a53d:/print-macsec.c

diff --git a/print-macsec.c b/print-macsec.c
index 431ae42c..8b4b318b 100644
--- a/print-macsec.c
+++ b/print-macsec.c
@@ -25,9 +25,7 @@
 #include <config.h>
 #endif
 
-#include <netdissect-stdinc.h>
-
-#include <string.h>
+#include "netdissect-stdinc.h"
 
 #include "netdissect.h"
 #include "addrtoname.h"
@@ -89,9 +87,10 @@ static const struct tok macsec_flag_values[] = {
 	{ 0, NULL }
 };
 
-static void macsec_print_header(netdissect_options *ndo,
-				const struct macsec_sectag *sectag,
-				u_int short_length)
+static void
+macsec_print_header(netdissect_options *ndo,
+		    const struct macsec_sectag *sectag,
+		    u_int short_length)
 {
 	ND_PRINT("an %u, pn %u, flags %s",
 		 GET_U_1(sectag->tci_an) & MACSEC_AN_MASK,
@@ -104,14 +103,15 @@ static void macsec_print_header(netdissect_options *ndo,
 
 	if (GET_U_1(sectag->tci_an) & MACSEC_TCI_SC)
 		ND_PRINT(", sci " SCI_FMT, GET_BE_U_8(sectag->secure_channel_id));
-		
+
 	ND_PRINT(", ");
 }
 
 /* returns < 0 iff the packet can be decoded completely */
-int macsec_print(netdissect_options *ndo, const u_char **bp,
-		 u_int *lengthp, u_int *caplenp, u_int *hdrlenp,
-		 const struct lladdr_info *src, const struct lladdr_info *dst)
+int
+macsec_print(netdissect_options *ndo, const u_char **bp,
+	     u_int *lengthp, u_int *caplenp, u_int *hdrlenp,
+	     const struct lladdr_info *src, const struct lladdr_info *dst)
 {
 	const char *save_protocol;
 	const u_char *p = *bp;
@@ -123,7 +123,7 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 	u_int short_length;
 
 	save_protocol = ndo->ndo_protocol;
-	ndo->ndo_protocol = "MACsec";
+	ndo->ndo_protocol = "macsec";
 
 	/* we need the full MACsec header in the capture */
 	if (caplen < MACSEC_SECTAG_LEN_NOSCI) {
@@ -152,7 +152,7 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 	} else
 		sectag_len = MACSEC_SECTAG_LEN_NOSCI;
 
-	if ((GET_U_1(sectag->short_length) & ~MACSEC_SL_MASK) != 0 || 
+	if ((GET_U_1(sectag->short_length) & ~MACSEC_SL_MASK) != 0 ||
 	    GET_U_1(sectag->tci_an) & MACSEC_TCI_VERSION) {
 		nd_print_invalid(ndo);
 		ndo->ndo_protocol = save_protocol;
@@ -219,6 +219,13 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 	}
 	*lengthp -= MACSEC_DEFAULT_ICV_LEN;
 	*caplenp -= MACSEC_DEFAULT_ICV_LEN;
+	/*
+	 * Update the snapend thus the ICV field is not in the payload for
+	 * the caller.
+	 * The ICV (Integrity Check Value) is at the end of the frame, after
+	 * the secure data.
+	 */
+	ndo->ndo_snapend -= MACSEC_DEFAULT_ICV_LEN;
 
 	/*
 	 * If the SL field is non-zero, then it's the length of the
@@ -245,7 +252,7 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 		if (*caplenp > short_length)
 			*caplenp = short_length;
 	}
-		
+
 	ndo->ndo_protocol = save_protocol;
 	return -1;
 }