From: Guy Harris <gharris@sonic.net>
Date: Thu, 28 May 2020 04:57:31 +0000 (-0700)
Subject: Leave it up to the caller to process the data after the MACsec header.
X-Git-Tag: tcpdump-4.99-bp~359^2~7
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/482813ea2a392607c2d3702dfead2280f18dc4c9

Leave it up to the caller to process the data after the MACsec header.

Don't do it ourselves - it's not part of the MACsec header.
---

diff --git a/print-macsec.c b/print-macsec.c
index 757d6ed4..917c1c7e 100644
--- a/print-macsec.c
+++ b/print-macsec.c
@@ -163,25 +163,29 @@ int macsec_print(netdissect_options *ndo, const u_char **bp,
 	}
 
 	len = ieee8021ae_sectag_len(ndo, sectag);
-	*length_type = GET_BE_U_2(*bp + len);
-	if (ndo->ndo_eflag && *length_type > ETHERMTU && !(GET_U_1(sectag->tci_an) & MACSEC_TCI_E))
-		ND_PRINT("ethertype %s, ", tok2str(ethertype_values,"0x%04x", *length_type));
 
-	if ((GET_U_1(sectag->tci_an) & MACSEC_TCI_CONFID)) {
-		*bp += len;
-		*hdrlenp += len;
+	/* Skip the MACsec header. */
+	*bp += len;
+	*hdrlenp += len;
+
+	/* Remove it from the lengths, as it's been processed. */
+	*lengthp -= len;
+	*caplenp -= len;
 
-		*lengthp -= len;
-		*caplenp -= len;
+	if ((GET_U_1(sectag->tci_an) & MACSEC_TCI_CONFID)) {
+		/*
+		 * The payload is encrypted.  Tell our
+		 * caller it can't be dissected.
+		 */
 		return 0;
 	} else {
-		len += 2;
-		*bp += len;
-		*hdrlenp += len;
-
-		len += MACSEC_DEFAULT_ICV_LEN;
-		*lengthp -= len;
-		*caplenp -= len;
+		/*
+		 * The payload isn't encrypted; remove the
+		 * ICV length from the lengths, so our caller
+		 * doesn't treat it as payload.
+		 */
+		*lengthp -= MACSEC_DEFAULT_ICV_LEN;
+		*caplenp -= MACSEC_DEFAULT_ICV_LEN;
 		return -1;
 	}
 }