| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a protocol that runs under a link-layer protocol would print the
link-layer addresses for the packet as source and destination addresses
for the packet, don't have it blithely assume those link-layer addresses
are present or are at a particular offset from the beginning of that
protocol's data; Ethertypes, for example, are used by a number of
protocols, not all of which have Ethernet headers and not all of which
have any MAC headers.
Instead, pass the printers for those protocols structures with a pointer
to the address data and a pointer to a routine that prints the address.
Fixes some heap overflows found with American Fuzzy Lop by Hanno Böck.
|
| |
|
|
|
|
|
|
| |
with the tag '\summary:' for greping.
Remark: Currently some printers have no summary line.
Moreover:
Summarize all printers with a single line in INSTALL.txt
|
| |
|
|
|
|
|
|
|
|
| |
Call it that, to indicate that it's not necessarily a type field.
While we're at it, get rid of references to "DEC/Intel/Xerox" and
"802.3" Ethernet headers in comments; since 802.3y, the 802.3 standard
supports both "DIX" frames, with a type field, and earlier 802.3 frames,
with a length field, so there's only one version of Ethernet, 802.3,
which supports frames with type fields and frames with length fields.
|
| |
|
|
|
|
|
|
|
|
| |
Reference: IEEE Std 802.3-2012
"If the value of this field is less than or equal to 1500 decimal
(05DC hexadecimal), then the Length/Type field indicates the number
of MAC client data octets contained in the subsequent MAC Client Data
field of the basic frame (Length interpretation)."
Update the output of a test accordingly.
|
| |
|
|
|
| |
Moreover:
Fix mixed spaces/tabs.
|
| |
|
|
| |
Get the full log via: git log --follow netdissect-stdinc.h
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This header can be used with Marvell switches to direct packets in/out
of a specific port in a tree of interconnected switches. The header
uses its own Ethertype of 0xdada.
By default, only brief output is printed, showing the switch device,
port, and vlan the packet is to/from. However if -e is given, to print
the link-level header, all fields are printed.
|
| |
|
|
|
|
|
| |
Have llc_print() return the length of the LLC header, plus the length of
the SNAP header, if available - or, if it couldn't dissect the payload,
return the *negative* of that sum. Use that return value in link-layer
printers.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't print LLC header information for SNAP packets; if we have a SNAP
header, just call snap_print() and return its return value, regardless
of whether it's 1 or 0, don't fall into the code to print raw LLC header
information - and don't print it with -e, either.
If llc_print() returns 0, just call the default packet printer, don't
print the MAC-layer header or the extracted ethertype - llc_print() will
print the source and destination MAC addresses and whatever type
information is in the LLC or SNAP headers.
If we don't know the DSAP/LSAP, and it's an information frame (numbered
or not) and not an XID frame, return 0, so that we give a hex dump of
the raw payload.
In addition, print the length when printing SNAP header information with
-e.
|
| |
|
|
|
|
|
| |
The purpose of this macro was to enable the file-by-file switch to NDO,
after which only tcpdump.c had a use of it and the definitions guarded
by it. Update tcpdump.c not to require them any more and dismiss the
unused definitions.
|
| |
|
|
|
| |
Factor the common code out to a new function and rename the CFI bit to
DEI to match the terminology in Clause 9.6 of IEEE 802.1Q-2011.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Always define and declare ip6_print(), always compile print-ip6.c, and
always call it if we recognize a payload as IPv6. If INET6 isn't
defined, ip6_print() will just print the length and note that printing
isn't supported.
That way, we don't do weird dissection of IPv6 packets on systems
without IPv6 support, due to, for example, ethertype_print() returning 0
("not dissected") for IPv6 packets on those systems (IPv6-over-Frame
Relay was dissected weirdly due to this).
|
| |
|
|
|
| |
not a full decoder, uses default print
reference: http://standards.ieee.org/develop/regauth/ethertype/eth.txt
|
| |
|
|
|
|
|
| |
The sample capture was produced with two Linux hosts (aoetools version
36, kernel module version 85, vblade version 21). One of the hosts
exported a 1MB block device containing a freshly created filesystem and
the other mounted it, wrote a small file and then unmounted.
|
| |
|
|
|
|
|
|
|
| |
And, as we require at least autoconf 2.61, and as autoconf 2.61 and
later have AC_TYPE_UINTn_T and AC_TYPE_INTn_T macros, we use them to
define the uintN_t and intN_t macros if the system doesn't define them
for us.
This lets us get rid of bitypes.h as well.
|
| |
|
|
|
|
|
|
| |
Have them take a netdissect_options * argument, and get the "no name
resolution" flag from it.
Move the declaration of dnaddr_string to addrtoname.h, along with the
other XXX-to-string routines.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Eliminate a number of fputs(), putchar() and fflush() uses. Justify
preprocessor directives. Don't typecast ND_PRINT() to void and fix some
indentation.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
This change converts ZeroMQ, IPX, MPLS, IPv6 options, PPPoE, RIPng,
PFLOG and Sun RPC decoders.
|
| |
|
|
|
|
|
|
|
|
| |
Both interface.h and netdissect.h include <pcap.h>, thus most files
should not include it regardless if these need it or not. The only
exceptions so far remain:
* addrtoname.c
* missing/datalinks.c
* missing/dlnames.c
* tcpdump.c
|
| |
|
|
|
|
|
| |
tcpdump used to print an empty line for a Loopback (CTP) packet, which
many Cisco switches send by default every 10 seconds. This commit adds
a decoder for the protocol and a test case, which uses the sample
capture from Wireshark wiki (configuration_test_protocol_aka_loop.pcap).
|
| |
|
|
|
|
| |
Remove lots of $Header's and a few $Id's that all belong to the former
CVS repository of tcpdump itself. These keywords have been frozen since
the migration to git in late 2008.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The protocol is undocumented but Wireshark extracts some useful bits of
info from the packet, so it was used as a reference.
|
| |
|
|
| |
Reviewed-and-much-modified-by: Guy Harris <guy@alum.mit.edu>
|
| |
|
|
|
| |
That makes the names a bit shorter, and mentions the specific Hilscher
product to which they apply.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of having the Ethernet-type handler process the VLAN and Alteon
jumbo frame Ethernet type values, process them in the Ethernet (and
Linux cooked-mode) dissectors. This makes it easier for the right MAC
addresses to be printed for those packets.
As part of that, rename ether_encap_print() to ethertype_print() - it
doesn't print encapsulated Ethernet frames, it prints payloads whose
packet type is indicated by an Ethernet type field value - and remove
the no-longer-needed "extracted Ethernet type" argument. That also lets
us eliminate it from the SNAP print routine.
Make ether_print() take a function, and an argument to pass to that
function, as parameters, so that, for example, the ATM LANE printer can
use it and put the LEC ID into the link-layer headeer printout.
|
| |
|
|
|
|
|
|
| |
Use the EXTRACT_ macros to extract multi-byte integral values from
packets, rather than just dereferencing pointers into the packet; there
is no guarantee that the packet data will be aligned on the right
boundary, and there is no guarantee that, if they're not, a direct
access will work correctly.
|
| |
|
|
| |
3Com hardware uses.
|
| |
|
|
| |
ethertype in GRE.
|
| |
|
|
| |
OpenRRCP.org.ru for details).
|
| | |
|
