Guy Harris [Fri, 14 Oct 2011 04:59:57 +0000 (21:59 -0700)]
Redo length checks in ospf6_print_lsa().
Check to make sure we haven't run past the end of the LSA by doing
length checks - and be a bit fussier about length checks. Do more
end-of-packet checks as well.
Guy Harris [Fri, 14 Oct 2011 03:03:29 +0000 (20:03 -0700)]
Clean up option-walking code.
Loop as long as the remaining option list length is not zero, even if
that means we try to process the remaining options if the remaining
length is 1, so that if the option length is bogus, we'll report it.
Check for a valid ESIS_OPTION_ES_CONF_TIME length - it's supposed to be
2.
Guy Harris [Sat, 3 Sep 2011 04:31:09 +0000 (21:31 -0700)]
Handle systems with getrpcbynumber() but no header file for it.
Glibc 2.14 doesn't install the ONC RPC headers, but it installs the ONC
RPC routines, presumably for binary compatibility. Don't use
getrpcbynumber() unless we have it *and* the header file to declare it.
Jamal Hadi Salim [Tue, 28 Jun 2011 20:23:35 +0000 (16:23 -0400)]
Fwd: pcap files
On Tue, Jun 28, 2011 at 3:52 PM, Michael Richardson <[email protected]> wrote:
> I'm not aware of a new file.
The email i responded to had 4 attachments sent by Evangelos.
Those were supposed to replace the files with those exact names.
> Please send github tree, ideally.
You mentioned github to me last time and offered to get me to
learn it in 5 minutes;-> I havent had time and the old school stuff i do
still works.
How about i send you patch #1 to delete the old files (as attached)
and another to re-add with new ones.
Alternatively: I could send one that overrides the existing ones.
cheers,
jamal
> --
> ] He who is tired of Weird Al is tired of life! | firewalls [
> ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
> ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
> Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
> then sign the petition.
>
Guy Harris [Wed, 22 Jun 2011 01:15:50 +0000 (18:15 -0700)]
Use "-H", not "-h", for the 802.11s option, and improve error reporting.
I was rudely surprised to find that "tcpdump -h" wasn't printing a usage
message, and I'm the person who *added* the "-h" option. Make it "-H",
and add an explicit "-h" option to print a usage message, so nobody else
makes the same mistake. Also, don't clear opterr, so that if you give
an illegal command-line option, you get an explanatory error message.
Guy Harris [Fri, 17 Jun 2011 08:17:47 +0000 (01:17 -0700)]
Handle ICMP6 checksums more like TCP checksums.
Instead of printing the result of icmp6_cksum() if it's non-zero, print
the checksum field value and the value it should have had. That means
that what we print is the same regardless of whether we're running on a
big-endian or little-endian machine.
Guy Harris [Fri, 17 Jun 2011 05:10:36 +0000 (22:10 -0700)]
Handle UDP checksums more like TCP checksums.
Instead of printing the result of udp_cksum() if it's non-zero, print
the checksum field value and the value it should have had. That means
that what we print is the same regardless of whether we're running on a
big-endian or little-endian machine.
Also, just as we did with TCP:
Check -v and -K, and the fragmented flag, up front; then check the IP
version etc.. Don't check for IPv6 if we already know it's IPv4. Fetch
the checksum field only once.
Guy Harris [Fri, 17 Jun 2011 04:50:26 +0000 (21:50 -0700)]
Clean up the checksum checking.
Check -v and -K, and the fragmented flag, up front; then check the IP
version etc.. Don't check for IPv6 if we already know it's IPv4. Fetch
the checksum field only once.
Guy Harris [Mon, 13 Jun 2011 21:08:51 +0000 (14:08 -0700)]
Go with Wireshark's Internet checksum routine.
The Wireshark routine is based on the BSD in-kernel portable checksum
routine (thus BSD-licensed); it takes a vector of pointers and lengths
and checksums the concatenation of the buffers in question (just as the
BSD in-kernel routine checksums a chain of mbufs).
This simplifies the "with a pseudo-header" checksums; hopefully it'll
fix up the problems being seen on some big-endian platforms, which might
be due to hand-calculating some or all of the checksum and doing so
incorrectly. It also gets rid of some code that might be dereferencing
unaligned pointers.
Guy Harris [Mon, 13 Jun 2011 01:08:55 +0000 (18:08 -0700)]
Fix some problems with the tests.
Get rid of some no-longer-necessary uudecodes (Git can store binary
files such as pcap files, so we no longer need to uuencode them, and the
uuencoded files are no longer around), and handle the "-X" and "-XX"
flag tests (where we had to rename the "should be" output files to avoid
collisions on case-insensitive file systems such as the default local
file system on the desktop UN*X with the biggest market share).
Rick Jones [Thu, 2 Jun 2011 17:56:08 +0000 (10:56 -0700)]
The ifSpeed field of a generic interface counter in sFlow is 64 bits.
The "overlay" definition in print-sflow.c is correct, but the actual
extract for printing is using EXTRACT_32BITS rather than EXTRACT_64BITS,
which leads to an incorrect report for speed.
Guy Harris [Thu, 5 May 2011 09:25:42 +0000 (02:25 -0700)]
Don't use "struct netdissect_options" in interface.h.
Use it in netdissect.h, where it's defined; otherwise, we get a bunch of
warnings when compiling modules that include interface.h but don't yet
include netdissect.h.
Added support for DCB Exchange protocol (DCBX) version 1.01.
http://www.ieee802.org/1/files/public/docs2008/az-wadekar-dcbx-capability-exchange-discovery-protocol-1108-v1.01.pdf
DCBX protocol exchanges control state machine and generic feature state
machine parameters as Organizationally specific TLVs. The OUI used for
the DCBX TLV 1.01 is 0x001B21. Following TLVs are decoded:
- Control state
- Priority Groups (PG)
- Priority-based Flow Control (PFC)
- Application Protocol (APP)
From me:
Add a bunch of additional error checking, and sort the main switch
statement by TLV code (and thus by the order in the specification).
Also update/add indications of what standards document what items.
Guy Harris [Wed, 27 Apr 2011 22:15:09 +0000 (15:15 -0700)]
Try to handle radiotap Rate values > 127 better.
Use the same heuristic Wireshark uses, i.e. assume that FreeBSD only
reports MCS indices between 0 and 15, and that any other values with the
0x80 bit set are rate values. (Yes, those do exist.)
Also note, as I did in Wireshark, that it might be possible to extract
from the XChannel and Flags field the additional information to convert
an MCS index from the Rate field into a rate. (Whether that's possible
depends on what platforms using the FreeBSD convention do with the
channel width and guard interval information.)
Guy Harris [Wed, 27 Apr 2011 19:08:27 +0000 (12:08 -0700)]
Support RX flags, MCS and the vendor namespace, and fix Rate.
Based on patches from an anonymous donor, support the radiotap RX flags and
MCS fields, and the vendor namespace, and, if Channel and XChannel are
both present, use XChannel, not Channel.
Do not try to look up a rate for an MCS value from the Rate field; you
cannot map an MCS value to a rate without also knowing the channel width
and guard interval length.
Rick Jones [Fri, 15 Apr 2011 17:01:02 +0000 (10:01 -0700)]
Handle the enterprise field of the sflow flow and counter record format.
Thanks to some traces sent my way by Gavin McCullagh, and a comparison
against the output of inMon's sflowtool, I can confidently say "Yes
Virginia, there is an enterprise other than zero." Which means lest we
start trying to decode something as what it is not, we best actually
look at the enterprise field and make sure it is one we recognize.
Rick Jones [Thu, 14 Apr 2011 18:32:08 +0000 (11:32 -0700)]
To enable printing of non-expanded samples I've shuffled a bunch of code
around and created a bunch of smaller routines to more easily support
printing of both expanded and non-expanded counter and flow samples.
I've done simple testing of non-expanded counter and flow, and expanded
counter, but I don't have expanded flow at present with which to test.
So, that part of the change is only compile/eyeball tested.
Guy Harris [Tue, 5 Apr 2011 16:53:57 +0000 (09:53 -0700)]
Fix the handling of unknown tagged parameters in management frames.
Fetch the element length early in the process, rather than fetching it
each time we need it - even after we've advanced the pointer we are
using to fetch it (doing the latter means we fetch the wrong value when
we subtract it from the remaining length).
Guy Harris [Tue, 5 Apr 2011 04:32:58 +0000 (21:32 -0700)]
Process the flags even if parsing the full radiotap header fails.
If we were able to get the flags, we should process them, so we know
whether there's Atheros padding after the 802.11 header or if there's an
FCS at the end of the packet, and properly process them; if we weren't
able to get the flags, they're 0, so we're not doing anything
differently, and that's the best we can do.
Guy Harris [Tue, 5 Apr 2011 02:03:56 +0000 (19:03 -0700)]
Check the sample, flow, and counter lengths.
When dissecting a sample, or a flow or counter within the sample, make
sure we don't run past the length in the sample/flow/counter header.
This also means we count the sample length down as we process the
contents of the sample, so we only add what, if anything, remains of the
sample to the pointer into the packet, and subtract that from the
remaining data length in the packet, which means we properly handle
packets with multiple samples.
Guy Harris [Mon, 4 Apr 2011 19:02:02 +0000 (12:02 -0700)]
Properly define {u_}intN_t types when testing pcap/*.h headers.
pcap/bluetooth.h and pcap/usb.h require those types, so we check for
those types before checking those headers, and we include
"tcpdump-stdinc.h" in the tests, so the appropriate headers to define
those types get pulled in.
Guy Harris [Mon, 4 Apr 2011 08:18:04 +0000 (01:18 -0700)]
Have empty.uu explicitly be a uuencoding of /dev/null.
That way, uudecode will write the decoded output there, rather than to a
file named "empty" that gets left around. That also means we don't need
to redirect the output of uudecode to /dev/null, so don't do that.
Guy Harris [Mon, 4 Apr 2011 07:44:41 +0000 (00:44 -0700)]
Check for uudecode at make time by uudecoding a uuencoded empty file.
Doing it at make time means you don't have to re-run the configure
script if you add uudecode to your system, and doing it by uudecoding a
uuencoded empty file means we don't depend on uudecode supporting
"--help".
Guy Harris [Sun, 3 Apr 2011 22:43:21 +0000 (15:43 -0700)]
Don't assume uudecode supports a --help option; not all uudecodes do.
Instead, check for uudecode in the configure script, and set the
CHECK_UUDECODE configuration variable to "true" if we find it and to a
command that prints an error message and exits with 1 if we don't find
it, and substitute that variable into the Makefile as the first command
for "make check".
jamal [Wed, 16 Mar 2011 13:10:17 +0000 (09:10 -0400)]
RESEND: [PATCH 1/1] ForCES fix SCTP TML port
The old ports for SCTP TML ports were replaced at RFC editor
publication time. Caught by folks preparing for an Interop
tommorow.
While we could add a backward compat support it seems meaningless
if those ports will never ever be used in production.
I will send new test/pcaps at a later point and remove the existing
ones once this patch goes in.
Guy Harris [Tue, 8 Mar 2011 17:11:25 +0000 (09:11 -0800)]
Fix plurals in packet count messages.
Based on a patch from [email protected], but with a macro
PLURAL_SUFFIX() defined to return either "s" or "" (rather than possibly
printing a NUL character with %c), and with that macro used in a couple
of cases where the equivalent had been done by hand, and with one case
the patch missed fixed as well.
Guy Harris [Wed, 2 Mar 2011 00:38:24 +0000 (16:38 -0800)]
Don't clear stuff we'll be overwriting in its entirety.
We only need to clear out the tha structure if we support IPv6, so that
the addresses are IPv6 addresses, but we only have IPv4 addresses, so
that the rest of the address bytes need to be set somehow.
Also, explain what we're doing, so people don't ask why we're not
zeroing it if we don't support IPv6.
Guy Harris [Tue, 1 Feb 2011 10:08:41 +0000 (02:08 -0800)]
Get rid of unnecessary configure script tests and missing/XXX.h headers.
This also fixes configure-script problems on OSes that have IPv6 support
but don't have <netinet6/in6.h> - no standard I could find requires that
header for IPv6 support (the Single UNIX Specification speaks of
<netinet/in.h> for both IPv4 and IPv6, and RFCs 2292 and 3542 don't
mention <netinet6/in6.h>, just <netinet/in.h> and <netinet6/ip6.h>).
projects / tcpdump / log
