tcpdump
14 hours agoCirrus CI: Use GCC 11 for FreeBSD. [skip appveyor] master
Denis Ovsienko [Thu, 20 Jan 2022 15:23:53 +0000 (15:23 +0000)] 
Cirrus CI: Use GCC 11 for FreeBSD. [skip appveyor]

14 hours agoman: Refer to pcap-filter(7) early. [skip ci]
Denis Ovsienko [Thu, 20 Jan 2022 15:22:21 +0000 (15:22 +0000)] 
man: Refer to pcap-filter(7) early. [skip ci]

15 hours agoReplace some 'if(' with 'if (' (style)
Francois-Xavier Le Bail [Thu, 20 Jan 2022 13:37:33 +0000 (14:37 +0100)] 
Replace some 'if(' with 'if (' (style)

[skip ci]

31 hours agoGet rid of the Windows ether_ntohost().
Guy Harris [Wed, 19 Jan 2022 22:38:39 +0000 (14:38 -0800)] 
Get rid of the Windows ether_ntohost().

We don't use it, and there's no Windows tradition of an "ethers file"
that I know of, so I'm not sure there's a reason to use it.

Fixes GitHub issue #971.

42 hours agoESP: Put static and int on the same line (style)
Francois-Xavier Le Bail [Wed, 19 Jan 2022 10:58:36 +0000 (11:58 +0100)] 
ESP: Put static and int on the same line (style)

[skip ci]

2 days agoUpdate tok2strbuf() to a static function
Francois-Xavier Le Bail [Tue, 18 Jan 2022 10:09:38 +0000 (11:09 +0100)] 
Update tok2strbuf() to a static function

It is only used in util-print.c.

3 days agoRename a pcapng test file to .pcapng
Francois-Xavier Le Bail [Mon, 17 Jan 2022 21:56:44 +0000 (22:56 +0100)] 
Rename a pcapng test file to .pcapng

3 days agoautoconf: Add the option to print functions names (entry and exit)
Francois-Xavier Le Bail [Mon, 10 Jan 2022 15:37:07 +0000 (16:37 +0100)] 
autoconf: Add the option to print functions names (entry and exit)

This should help some debugging processes.

Usage:
./configure --enable-instrument-functions

Generate instrumentation calls for entry and exit to functions.
Just after function entry and just before function exit, these
profiling functions are called and print the function names with
indentation and call level.

To instument a static function, remove temporarily the static specifier.

In case of truncation, the indentation level is reset currently to 1 in
pretty_print_packet(), main is level 0.

3 days agoAdd --print-sampling option to print every Nth packet
Nathan O'Sullivan [Mon, 17 Jan 2022 00:05:15 +0000 (10:05 +1000)] 
Add --print-sampling option to print every Nth packet

New option `--print-sampling=NTH` will parse and print every NTH packet,
with all other packets producing no output. This option enables
`--print` and `-S` flags.

Print sampling is useful for real-time inspection of an interface with
a high packet rate, or initial inspection of large capture files.

3 days agoMakefile.in: Sort the files in EXTRA_DIST
Francois-Xavier Le Bail [Mon, 17 Jan 2022 15:14:46 +0000 (16:14 +0100)] 
Makefile.in: Sort the files in EXTRA_DIST

3 days agoMemory allocator: Update nd_add_alloc_list() to a static function
Francois-Xavier Le Bail [Mon, 17 Jan 2022 14:31:53 +0000 (15:31 +0100)] 
Memory allocator: Update nd_add_alloc_list() to a static function

3 days agoautoconf: Use AS_HELP_STRING macro instead of AC_HELP_STRING
Francois-Xavier Le Bail [Mon, 17 Jan 2022 11:11:21 +0000 (12:11 +0100)] 
autoconf: Use AS_HELP_STRING macro instead of AC_HELP_STRING

Avoid the warning: The macro `AC_HELP_STRING' is obsolete.

3 days agolibsmi: Use AS_HELP_STRING macro in configure.ac
Francois-Xavier Le Bail [Mon, 17 Jan 2022 10:33:40 +0000 (11:33 +0100)] 
libsmi: Use AS_HELP_STRING macro in configure.ac

Update the help message: State that the default is yes *if available*.

3 days agoSMB: Use AS_HELP_STRING macro in configure.ac
Francois-Xavier Le Bail [Mon, 17 Jan 2022 09:52:51 +0000 (10:52 +0100)] 
SMB: Use AS_HELP_STRING macro in configure.ac

5 days agoIPv6: Remove an obsolete code in an always-false #if wrapper
Francois-Xavier Le Bail [Sat, 15 Jan 2022 13:47:15 +0000 (14:47 +0100)] 
IPv6: Remove an obsolete code in an always-false #if wrapper

RFC 1883 is obsolete.

Moreover:
Fix indentation.

6 days agoDCCP: Modernize packet parsing coverity_scan
Francois-Xavier Le Bail [Sat, 1 Jan 2022 11:40:59 +0000 (12:40 +0100)] 
DCCP: Modernize packet parsing

Enable ND_LONGJMP_FROM_TCHECK.
Use ND_ICHECK*() for length checks.
Fix some length checks.
Add and use standard "invalid" sections.
Remove the redundant ND_TCHECK*() instances.
Add a ND_TCHECK_1().
Factorize some codes.
Update default format for tok2str() calls.
Indicate better invalid packet types, invalid option types,
invalid reset codes and invalid features.
Fix process for DCCP_OPTION_CHANGE_L/DCCP_OPTION_CHANGE_R, not the
same that DCCP_OPTION_CONFIRM_L/DCCP_OPTION_CONFIRM_R process.
Remove spaces in some dccp_feature_num_str[] strings.
Update the output of a test accordingly.

6 days agoDCCP: Rename a variable
Francois-Xavier Le Bail [Thu, 30 Dec 2021 19:56:38 +0000 (20:56 +0100)] 
DCCP: Rename a variable

s/len/length/
This change allows to have a better error message in a next commit
with ND_ICHECK_U().

6 days agoDCCP: Factorize some code
Francois-Xavier Le Bail [Fri, 14 Jan 2022 16:19:24 +0000 (17:19 +0100)] 
DCCP: Factorize some code

All the code is in verbose mode.

6 days agoDCCP: Get rid of trailing commas in lists
Francois-Xavier Le Bail [Fri, 14 Jan 2022 14:02:52 +0000 (15:02 +0100)] 
DCCP: Get rid of trailing commas in lists

6 days agoWHOIS: Add its own printer source file and printer function
Francois-Xavier Le Bail [Fri, 14 Jan 2022 12:23:28 +0000 (13:23 +0100)] 
WHOIS: Add its own printer source file and printer function

Like all other text protocols.

This is a follow-up to 185b7ce04b182d2d7e490f23a3f0c7b9ea5916e4.

7 days agoENC: Lose an unused variable after commit 1de5051.
Denis Ovsienko [Thu, 13 Jan 2022 18:08:00 +0000 (18:08 +0000)] 
ENC: Lose an unused variable after commit 1de5051.

NetBSD 9.2/AArch64
clang version 13.0.0

./print-enc.c:103:8: error: variable 'caplen' set but not used
 [-Werror,-Wunused-but-set-variable]

10 days agobgp: Deprecate DPA, ADVERTISER and RCID_PATH path attributes
Donatas Abraitis [Sun, 9 Jan 2022 19:02:59 +0000 (21:02 +0200)] 
bgp: Deprecate DPA, ADVERTISER and RCID_PATH path attributes

rfc6938

Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
2 weeks agoThe new home of Npcap is npcap.com, not npcap.org.
Guy Harris [Thu, 6 Jan 2022 23:53:02 +0000 (15:53 -0800)] 
The new home of Npcap is npcap.com, not npcap.org.

(npcap.org redirects there.)

[skip ci]

2 weeks agoappveyor CI: update Npcap site, update to 1.12 SDK
Guy Harris [Thu, 6 Jan 2022 23:05:07 +0000 (15:05 -0800)] 
appveyor CI: update Npcap site, update to 1.12 SDK

As per the comments on https://github.com/nmap/npcap/issues/576, we
should go to npcap.com for Npcap-related stuff.

The current SDK is 1.12; use that.

[skip cirrus] [skip buildbot]

2 weeks agoDCCP: Rename a function parameter and simplify code
Francois-Xavier Le Bail [Thu, 6 Jan 2022 20:08:17 +0000 (21:08 +0100)] 
DCCP: Rename a function parameter and simplify code

s/option/bp/
Use new 'option' variable to store the option value.

Moreover:
Better indentation.

2 weeks agoOpenFlow: Refine more length checks.
Denis Ovsienko [Wed, 5 Jan 2022 22:57:45 +0000 (22:57 +0000)] 
OpenFlow: Refine more length checks.

In print-openflow-1.0.c and print-openflow-1.3.c replace the remaining
"goto invalid" checks with ND_ICHECK_U() and ND_ICHECKMSG_U().  Redo the
changes from commit 1ce16ea: use the same order of arguments and the
same comparison operators as before the change and lose the unsigned
compensation, which is no longer required.  Add another test case using
a malformed packet from Francois-Xavier.

2 weeks agoUse unified diff by default. [skip ci]
Denis Ovsienko [Tue, 4 Jan 2022 21:53:00 +0000 (21:53 +0000)] 
Use unified diff by default. [skip ci]

GNU/Linux (specifically, the GNU part), FreeBSD, NetBSD, OpenBSD,
illumos and even Solaris 9 and AIX 7.1 all have a diff that supports
"-u" for unified output format.  Let that be the default to make test
failures more intelligible for humans.  The old behaviour is available
with "DIFF_FLAGS= make check".

2 weeks agoCI: Disable shellcheck SC2006 in the Makefile. [skip ci]
Denis Ovsienko [Tue, 4 Jan 2022 12:24:52 +0000 (12:24 +0000)] 
CI: Disable shellcheck SC2006 in the Makefile. [skip ci]

Same as in tcpslice and libpcap.

2 weeks agoSCTP: Use ND_ICHECKMSG_U() and ND_ICHECKMSG_ZU()
Francois-Xavier Le Bail [Sat, 1 Jan 2022 13:09:43 +0000 (14:09 +0100)] 
SCTP: Use ND_ICHECKMSG_U() and ND_ICHECKMSG_ZU()

Moreover:
Update a comment.

3 weeks agoPut a space between type and '*' in pointer declarators (style)
Francois-Xavier Le Bail [Thu, 30 Dec 2021 19:07:18 +0000 (20:07 +0100)] 
Put a space between type and '*' in pointer declarators (style)

3 weeks agoCHANGES: Update macros names prefix from ND_LCHECK to ND_ICHECK
Francois-Xavier Le Bail [Thu, 30 Dec 2021 12:48:26 +0000 (13:48 +0100)] 
CHANGES: Update macros names prefix from ND_LCHECK to ND_ICHECK

3 weeks agoOpenFlow 1.0: Improve handling of some lengths.
Denis Ovsienko [Wed, 29 Dec 2021 21:06:25 +0000 (21:06 +0000)] 
OpenFlow 1.0: Improve handling of some lengths.

For OFPT_PACKET_OUT print "actions_len", as it is a part of the message
and should appear in its decoding (in other message types it is derived
from the message length).

ND_ICHECK_*() in of10_actions_print(), of10_flow_stats_reply_print() and
of10_packet_out_print() after printing at least some of the output.
This, compared to just "(invalid) (invalid)", makes it much easier to
understand  where and why the packet data was not fully decoded.  Define
OF_ACTION_MINLEN unsigned to squelch the induced compiler warnings.  A
number of similar checks still remain to be converted the same way.

3 weeks agoUpdate the ND_LCHECK*() macros to ND_ICHECK*() macros
Francois-Xavier Le Bail [Wed, 29 Dec 2021 13:38:08 +0000 (14:38 +0100)] 
Update the ND_LCHECK*() macros to ND_ICHECK*() macros

ICHECK like Invalid-Check.
Reminder: If the checked expression is true an error message is printed
and a 'goto invalid' is executed.

This change adds the parameter 'operator'.

Before this change, '<' comparison was hard coded.
We can do now:
ND_ICHECK_U(length, <, HEADER_LEN);
ND_ICHECK_U(length, ==, 24);
ND_ICHECK_U(length, !=, 8);
ND_ICHECK_ZU(length, <, sizeof(struct my_struct));
ND_ICHECKMSG_U("message length", msg_tlen, <, 4);
...
(Any comparison operator)

Remark: The change of names from ND_LCHECK*() to ND_ICHECK*() is
because something else than a length(L) can be checked.

Moreover:
Place the 'message' parameter at the beginning of ND_ICHECKMSG_U()
and ND_ICHECKMSG_ZU() paramaters lists.

3 weeks agoCirrus CI: Use the current FreeBSD releases. [skip appveyor]
Denis Ovsienko [Mon, 27 Dec 2021 17:15:10 +0000 (17:15 +0000)] 
Cirrus CI: Use the current FreeBSD releases. [skip appveyor]

Same as in tcpslice and libpcap.

3 weeks agoJuniper: Report invalid packets as invalid, not truncated
Francois-Xavier Le Bail [Mon, 27 Dec 2021 14:40:13 +0000 (15:40 +0100)] 
Juniper: Report invalid packets as invalid, not truncated

Update the output of a test accordingly.

3 weeks agoJuniper: Rename a variable
Francois-Xavier Le Bail [Mon, 27 Dec 2021 14:31:47 +0000 (15:31 +0100)] 
Juniper: Rename a variable

This change allows to have a better error message at the next commit
with ND_LCHECK_U().

3 weeks agoGRE: Print the protocol name before any ND_LCHECK_U()/GET_()
Francois-Xavier Le Bail [Sun, 26 Dec 2021 10:46:22 +0000 (11:46 +0100)] 
GRE: Print the protocol name before any ND_LCHECK_U()/GET_()

This change will print the protocol name even if the length is invalid
or if the packet is truncated at the beginning.
Use nd_print_protocol_caps().

Moreover:
Remove an useless variable.

3 weeks agoGRE: Modernize packet parsing
Francois-Xavier Le Bail [Sat, 25 Dec 2021 15:01:11 +0000 (16:01 +0100)] 
GRE: Modernize packet parsing

Enable ND_LONGJMP_FROM_TCHECK.
Use ND_LCHECK_U() for length checks.
Add and use many standard "invalid" sections.
Remove the redundant ND_TCHECK*() instances.
Add a bounds check before the addrtostr() call.
Remove two now useless comments.

3 weeks agoReword the current maintainer in README.md. [skip ci]
Denis Ovsienko [Sat, 25 Dec 2021 23:31:37 +0000 (23:31 +0000)] 
Reword the current maintainer in README.md. [skip ci]

Use the correct tense and subject (see tcpdump-htdocs commit feaf9ff).

3 weeks agoRemove an unused pcap file
Francois-Xavier Le Bail [Fri, 24 Dec 2021 15:34:22 +0000 (16:34 +0100)] 
Remove an unused pcap file

This is a follow-up to b51a0dafc7861eb31d21524ec067d7c529a664b8.

4 weeks agoFix OOB read while parsing QUIC SH packets.
Rui Paulo [Mon, 29 Nov 2021 19:46:01 +0000 (11:46 -0800)] 
Fix OOB read while parsing QUIC SH packets.

4 weeks agoForgot to update README.md as well. [skip ci]
Denis Ovsienko [Wed, 22 Dec 2021 14:41:39 +0000 (14:41 +0000)] 
Forgot to update README.md as well. [skip ci]

4 weeks agoReformat the installation notes in Markdown. [skip ci]
Denis Ovsienko [Wed, 22 Dec 2021 14:02:13 +0000 (14:02 +0000)] 
Reformat the installation notes in Markdown. [skip ci]

5 weeks agotests: Add a pcap test for BGP extended message capability
Donatas Abraitis [Sun, 31 Oct 2021 19:19:55 +0000 (21:19 +0200)] 
tests: Add a pcap test for BGP extended message capability

Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
5 weeks agobgp: Parse BGP extended message support capability
Donatas Abraitis [Sun, 31 Oct 2021 19:14:21 +0000 (21:14 +0200)] 
bgp: Parse BGP extended message support capability

Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
5 weeks agoKeep the link-layer dissectors names sorted
Francois-Xavier Le Bail [Wed, 15 Dec 2021 17:10:01 +0000 (18:10 +0100)] 
Keep the link-layer dissectors names sorted

5 weeks agodoc: Refine Markdown in README.Win32.md. [skip ci]
Denis Ovsienko [Sat, 11 Dec 2021 23:49:13 +0000 (23:49 +0000)] 
doc: Refine Markdown in README.Win32.md. [skip ci]

Simplify hyperlinks, make existing fencing blocks consistent and use
inline fencing for command line and path elements.

6 weeks agoRemove an unused script. [skip ci]
Denis Ovsienko [Tue, 7 Dec 2021 21:07:41 +0000 (21:07 +0000)] 
Remove an unused script. [skip ci]

There is a different solution in place, which is a superset of this.

6 weeks agoman: Punctuate "RFC" properly. [skip ci]
Denis Ovsienko [Mon, 6 Dec 2021 19:11:21 +0000 (19:11 +0000)] 
man: Punctuate "RFC" properly. [skip ci]

As far as I know, the nominal format is "RFC n", not "RFC-n" or "RFCn".

7 weeks agoTreat "msys" as Windows for test exit statuses. [skip ci]
Denis Ovsienko [Thu, 2 Dec 2021 20:31:34 +0000 (20:31 +0000)] 
Treat "msys" as Windows for test exit statuses. [skip ci]

As far as it was possible to tell in GH pull request #653, exit statuses
have the same semantics in "msys" as they do in "MSWin32".  Although
other OS-specific parts of TESTrun may require including or excluding
"msys" too, this would need to be established by running a current
revision of the script on the actual system.

7 weeks agoIPX: Add two length checks
Francois-Xavier Le Bail [Sat, 6 Nov 2021 15:58:42 +0000 (16:58 +0100)] 
IPX: Add two length checks

This change fixes some undefined behaviors at runtime.

The errors were like:
print-ipx.c:160:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
print-ipx.c:233:12: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'

7 weeks agoman: Update the date
Francois-Xavier Le Bail [Mon, 29 Nov 2021 12:58:49 +0000 (13:58 +0100)] 
man: Update the date

7 weeks agoman: Update the print interface for the packet count to stdout
Francois-Xavier Le Bail [Mon, 29 Nov 2021 11:07:03 +0000 (12:07 +0100)] 
man: Update the print interface for the packet count to stdout

This is a follow-up to commit a0e19c0caef95fdcbace674de91e7c181d3bc866.

7 weeks agoZEP: Add three length checks
Francois-Xavier Le Bail [Sun, 28 Nov 2021 09:57:14 +0000 (10:57 +0100)] 
ZEP: Add three length checks

8 weeks agoUse a sizeof() in bgp_rt_prefix_print(). [skip ci]
Denis Ovsienko [Wed, 24 Nov 2021 15:08:00 +0000 (15:08 +0000)] 
Use a sizeof() in bgp_rt_prefix_print(). [skip ci]

This way it is easier to see how the buffer is spent.

8 weeks agoEthernet: Add a length check
Francois-Xavier Le Bail [Fri, 5 Nov 2021 20:48:31 +0000 (21:48 +0100)] 
Ethernet: Add a length check

This fix some undefined behaviors at runtime.

The errors were like:

print-ether.c:241:11: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'
print-ether.c:242:11: runtime error: unsigned integer overflow:
  1 - 2 cannot be represented in type 'unsigned int'

Moreover:
Fix indentation.

8 weeks agoEthernet: Rework the length checks
Francois-Xavier Le Bail [Sun, 21 Nov 2021 14:33:24 +0000 (15:33 +0100)] 
Ethernet: Rework the length checks

Add a sanity check: packet length need to be >= capture length

(Like a sanity check in print.c, pretty_print_packet() function)

Remove a now useless test:
Because packet length (length) >= capture length (caplen), when
caplen >= ETHER_HDRLEN + switch_tag_len, length cannot
be < ETHER_HDRLEN + switch_tag_len.

2 months agoRefine INSTALL.txt. [skip ci]
Denis Ovsienko [Fri, 19 Nov 2021 14:33:22 +0000 (14:33 +0000)] 
Refine INSTALL.txt. [skip ci]

Say C99 instead of ANSI C and explain multiple versions better.

2 months ago802.15.4: fix some compiler warnings.
Guy Harris [Tue, 16 Nov 2021 07:52:08 +0000 (23:52 -0800)] 
802.15.4: fix some compiler warnings.

C's type conversion rules are a barrel of fun.  Did you know that if you
add "2" to an "unsigned short", the result has the type "int", even
though, at least on a machine where "unsigned int" is longer than
"unsigned short", the result is always >= 0?

Add "2U" instead, so that one of the operands is an "unsigned int",
making the result an "unsigned int".

2 months ago802.15.4: fix various length checks and other issues.
Guy Harris [Tue, 16 Nov 2021 07:42:04 +0000 (23:42 -0800)] 
802.15.4: fix various length checks and other issues.

Fix some length checks done before subtracting from a length value to
test whether the length value is < the full amount to be subtracted from
it, not just part of that amount.

Add some such checks where they were needed but not present.

Make some values unsigned if they're never negative.

This should fix some issues detected by undefined-behavior sanitizers.

2 months agoLISP: don't decrement count variables unless we know they're not zero.
Guy Harris [Tue, 16 Nov 2021 00:44:46 +0000 (16:44 -0800)] 
LISP: don't decrement count variables unless we know they're not zero.

This fixes some undefined behavior warnings.

2 months agoUpdate BGP tests for the new check we do.
Guy Harris [Tue, 16 Nov 2021 00:02:03 +0000 (16:02 -0800)] 
Update BGP tests for the new check we do.

2 months agoBGP: make sure the path attributes don't go past the end of the packet.
Guy Harris [Mon, 15 Nov 2021 22:33:10 +0000 (14:33 -0800)] 
BGP: make sure the path attributes don't go past the end of the packet.

This fixes some undefined behavior in which we subtract the remaining
length of the path attributes from the remaining length of the packet,
where the former is greater than the latter and they're both unsigned.

2 months agoUpdate eapon1-v.out to match the change to the EAP dissector.
Denis Ovsienko [Sun, 14 Nov 2021 13:25:47 +0000 (13:25 +0000)] 
Update eapon1-v.out to match the change to the EAP dissector.

The Buildbot workers build exactly what is in the tcpdump git repository
at the given revision, also every build (which consists of a single run
of build_matrix.sh) starts in a freshly cloned repository to keep any
effects of earlier builds out of the problem space.

So the only non-deterministic factors in a tcpdump build should be
libpcap revision, which is the latest master branch, and the host system
effects, such as network connectivity, disk space, RAM, compilers
randomly segfaulting for no reason, package updates and the likes.

In this case commit fd5f8f8 changed print-eap.c but not any tests, so
the build matrix failed at the first step that runs "make check", that
is, has BUILD_LIBPCAP=yes (for example, step 9 on linux-s390x and step 5
on openbsd-amd64).  That step had SMB=no, so the eapon1-v-nosmb test
failed. This was correctly addressed in commit 6841a40, so the
previously failed step passed, but the next step (step 10 on linux-s390x
and step 6 on openbsd-amd64) had SMB=yes and the eapon1-v test failed.
Update the latter and have the full matrix pass again.

A simple way not to make this feedback loop longer than it needs to be
is to run the full matrix locally before pushing the changes (the stdout
can be redirected to /dev/null to see the most important messages only):

./build_matrix.sh

2 months agoRevert "EAP: back out the two trailing-comma changes."
Denis Ovsienko [Sun, 14 Nov 2021 13:10:40 +0000 (13:10 +0000)] 
Revert "EAP: back out the two trailing-comma changes."

This reverts commit ab01750c1e454fdb9732c1a50671100b4f79070b.

2 months agoEAP: back out the two trailing-comma changes.
Guy Harris [Sun, 14 Nov 2021 06:20:08 +0000 (22:20 -0800)] 
EAP: back out the two trailing-comma changes.

Hopefully this provokes one more build on the buildbots, with a matching
print-eap.c and tests/eapon1-v-nosmb.out, so that "make check" succeeds.

Step 2 is to check the new versions back in, in one commit, in the hopes
that "make check" succeeds.

It appears that, on all the buildbots, print-esp.c is up to date but
tests/eapon1-v-nosmb.out isn't; I have *NO* idea how that happened, but
it again reminds me that I hate software.

2 months agoUpdate eapon1-v-nosmb.out to match the change to the EAP dissector.
Guy Harris [Sun, 14 Nov 2021 03:10:44 +0000 (19:10 -0800)] 
Update eapon1-v-nosmb.out to match the change to the EAP dissector.

2 months agoEAP: get rid of trailing commas in lists.
Guy Harris [Sun, 14 Nov 2021 03:08:26 +0000 (19:08 -0800)] 
EAP: get rid of trailing commas in lists.

Don't print a comma separator after items; print them before items if an
item has already been printed from which the new item needs to be
separated.

2 months agoEAP: clean up white space.
Guy Harris [Sun, 14 Nov 2021 02:50:53 +0000 (18:50 -0800)] 
EAP: clean up white space.

2 months agoEAP: add some more length checks.
Guy Harris [Sun, 14 Nov 2021 02:50:02 +0000 (18:50 -0800)] 
EAP: add some more length checks.

Check to make sure we don't go past the length value in the header.

Note that the string in an Identity message is optional (so we just
don't bother printing it if it's zero-length), but the string in a
notification message isn't (so report an error if it's zero-length).

2 months agoEAP: label length mismatch as a possible EAP fragment.
Guy Harris [Sun, 14 Nov 2021 02:44:57 +0000 (18:44 -0800)] 
EAP: label length mismatch as a possible EAP fragment.

In some cases, EAP fragmentation/reassembly is done at a layer above
EAP, e.g. when EAP messages are contained within a RADIUS message and
are broken up into multiple TLVs in the message.  In those cases, the
length handed to eap_print() will be different from the length in the
first fragment's header, and the remaining fragments won't *have* a
header, so the "length" will be garbage and thus unlikely to be equal to
the length handed to us.

2 months agoEAP: no need for the count variable to be signed.
Guy Harris [Sun, 14 Nov 2021 02:34:00 +0000 (18:34 -0800)] 
EAP: no need for the count variable to be signed.

Make it unsigned, and, while we're at it, make the loop a for loop.

2 months agoUpdate some comments with new RFC numbers.
Guy Harris [Sun, 14 Nov 2021 02:18:47 +0000 (18:18 -0800)] 
Update some comments with new RFC numbers.

2 months agoAdd a test case for QUIC retry packets.
Rui Paulo [Tue, 9 Nov 2021 21:06:18 +0000 (13:06 -0800)] 
Add a test case for QUIC retry packets.

2 months agoQUIC: Fix getting packet type in Long Header
Francois-Xavier Le Bail [Tue, 9 Nov 2021 19:13:01 +0000 (20:13 +0100)] 
QUIC: Fix getting packet type in Long Header

This change should fix the Coverity Scan issue CID 1493488:
178                             ND_PRINT(", handshake");
>>> CID 1493488:  Control flow issues  (DEADCODE)
>>> Execution cannot reach this statement: "if (packet_type == QUIC_LH_...".
179                     else if (packet_type == QUIC_LH_TYPE_RETRY)

2 months agoDocument "-T quic"
Francois-Xavier Le Bail [Tue, 9 Nov 2021 09:15:23 +0000 (10:15 +0100)] 
Document "-T quic"

2 months agoMerge pull request #943 from rpaulo/quic
fxlb [Tue, 9 Nov 2021 08:21:25 +0000 (08:21 +0000)] 
Merge pull request #943 from rpaulo/quic

Initial support to parse QUIC packets.

2 months agoInitial support to parse QUIC packets. 943/head
Rui Paulo [Fri, 1 Oct 2021 01:34:46 +0000 (18:34 -0700)] 
Initial support to parse QUIC packets.

2 months agoEAP: Fix some undefined behaviors at runtime
Francois-Xavier Le Bail [Thu, 4 Nov 2021 21:56:37 +0000 (22:56 +0100)] 
EAP: Fix some undefined behaviors at runtime

The errors were like:
print-eap.c:179:25: runtime error: unsigned integer overflow:
  2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:181:50: runtime error: unsigned integer overflow:
  2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:186:25: runtime error: unsigned integer overflow:
  2 - 5 cannot be represented in type 'unsigned int'
print-eap.c:188:50: runtime error: unsigned integer overflow:
  2 - 5 cannot be represented in type 'unsigned int'

2 months agoMerge pull request #954 from jiladahe1997/master
Denis Ovsienko [Thu, 4 Nov 2021 11:40:56 +0000 (11:40 +0000)] 
Merge pull request #954 from jiladahe1997/master

2 months ago[bugfix]configure: fix error when cross-compile 954/head
Mingrui [Thu, 4 Nov 2021 01:07:23 +0000 (09:07 +0800)] 
[bugfix]configure: fix error when cross-compile

While cross-compile, ./configure --host=xxx will output:
"checking whether printf(3) supports the z length modifier...
configure: error: in `/${path_to_tcpdump}/tcpdump':"

That is casued by AC_RUN_IFELSE, as describe in
"https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Runtime.html"
, if AC_RUN_IFELSE do not have cross-compile option, configure prints an error message and exits.

Signed-off-by: Mingrui Ren jiladahe1997@gmail.com
2 months agosFlow: Add a length check
Francois-Xavier Le Bail [Wed, 3 Nov 2021 09:18:24 +0000 (10:18 +0100)] 
sFlow: Add a length check

2 months agoVRRP: Add support for IPv6
Quentin Armitage [Sun, 31 Oct 2021 16:52:54 +0000 (16:52 +0000)] 
VRRP: Add support for IPv6

Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
2 months agolwres: Update a variable type
Francois-Xavier Le Bail [Tue, 2 Nov 2021 08:34:45 +0000 (09:34 +0100)] 
lwres: Update a variable type

This should address two AppVeyor/Visual Studio 2019/x64 warnings:
print-lwres.c(197,23): warning C4267: 'function': conversion from
 'size_t' to 'u_int', possible loss of data
print-lwres.c(201,14): warning C4267: 'return': conversion from
 'size_t' to 'unsigned int', possible loss of data

2 months agoAssign ndo->ndo_packetp in pretty_print_packet()
Francois-Xavier Le Bail [Mon, 1 Nov 2021 08:40:53 +0000 (09:40 +0100)] 
Assign ndo->ndo_packetp in pretty_print_packet()

Thus it can be used for debugging.

2 months agoUse __func__ from C99 in two function calls
Francois-Xavier Le Bail [Sun, 31 Oct 2021 12:27:20 +0000 (13:27 +0100)] 
Use __func__ from C99 in two function calls

2 months agoRename a pcapng test file to .pcapng
Francois-Xavier Le Bail [Wed, 27 Oct 2021 20:16:11 +0000 (22:16 +0200)] 
Rename a pcapng test file to .pcapng

3 months agoVRRP: Print the protocol name before any GET_()
Francois-Xavier Le Bail [Thu, 21 Oct 2021 14:25:57 +0000 (16:25 +0200)] 
VRRP: Print the protocol name before any GET_()

This change will print the protocol name even if the first octet is
truncated.
Use nd_print_protocol_caps().

3 months agoman: Fixup some formatting. [skip ci]
Denis Ovsienko [Wed, 20 Oct 2021 12:44:23 +0000 (13:44 +0100)] 
man: Fixup some formatting. [skip ci]

Use BSD style references and protect some refs from hyphenation.

3 months agoMerge pull request #941.
Denis Ovsienko [Sat, 9 Oct 2021 20:34:30 +0000 (21:34 +0100)] 
Merge pull request #941.

3 months agotests: Add a pcap test for BGP link-bandwidth extended community 941/head
Donatas Abraitis [Thu, 23 Sep 2021 07:56:24 +0000 (10:56 +0300)] 
tests: Add a pcap test for BGP link-bandwidth extended community

Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
3 months agobgp: Decode BGP link-bandwidth extended community properly
Donatas Abraitis [Wed, 22 Sep 2021 08:30:06 +0000 (11:30 +0300)] 
bgp: Decode BGP link-bandwidth extended community properly

First two bytes are reserved for AS.

Before:
```
  Extended Community (16), length: 8, Flags [OT]:
    link-BW (0x4004), Flags [non-transitive]: bandwidth: -308754489798474897524123005616128.000 Mbps
    0x0000:  4004 fde8 47f4 2400
  Updated routes:
    192.168.10.0/23
```

After:
```
  Extended Community (16), length: 8, Flags [OT]:
    link-BW (0x4004), Flags [non-transitive]: bandwidth: 1.000 Mbps
    0x0000:  4004 fde8 47f4 2400
  Updated routes:
    192.168.10.0/23
```

Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
3 months agoMerge pull request #889 from westermo/dsa-vid
Michael Richardson [Wed, 6 Oct 2021 18:38:09 +0000 (14:38 -0400)] 
Merge pull request #889 from westermo/dsa-vid

DSA: Correctly determine VID

3 months agoDSA: Correctly determine VID 889/head
Tobias Waldekranz [Tue, 5 Oct 2021 20:46:40 +0000 (22:46 +0200)] 
DSA: Correctly determine VID

The 4 MSBs of the VID is stored in the lower nibble of the tag's third
byte.

Previously the priority bits where folded into the VID space, e.g. a
packet with VID=1 and priority 6 was printed as having a VID of
1537 (0x601).

Add DSA test PCAPs with packets containing a high VID and non-zero
FPri values to make sure we catch any future regressions.

Signed-off-by: Tobias Waldekranz <tobias@waldekranz.com>
3 months agoMove the backported items to 4.99.2 in CHANGES. [skip ci]
Denis Ovsienko [Wed, 29 Sep 2021 14:26:15 +0000 (15:26 +0100)] 
Move the backported items to 4.99.2 in CHANGES. [skip ci]

3 months agolwres: Fix a length check
Francois-Xavier Le Bail [Mon, 27 Sep 2021 13:43:32 +0000 (15:43 +0200)] 
lwres: Fix a length check

This fix some inconsistent outputs clang versus gcc in 32 bits mode.

Add a test file.

4 months agoCI: Refine GCC identification. [skip appveyor]
Denis Ovsienko [Wed, 15 Sep 2021 08:54:11 +0000 (09:54 +0100)] 
CI: Refine GCC identification. [skip appveyor]

Same as in libpcap.

4 months agoMerge pull request #926 from gokulkumar792/print_Block_Ack_TA_field
Guy Harris [Mon, 13 Sep 2021 21:50:43 +0000 (14:50 -0700)] 
Merge pull request #926 from gokulkumar792/print_Block_Ack_TA_field

IEEE 802.11: include the "TA" field while printing Block Ack Control frame

4 months agoRemove last remaining trailing whitespace
a1346054 [Fri, 3 Sep 2021 21:18:14 +0000 (21:18 +0000)] 
Remove last remaining trailing whitespace

4 months agoMerge pull request #924 from gokulkumar792/print_meshid
Michael Richardson [Wed, 25 Aug 2021 15:44:08 +0000 (11:44 -0400)] 
Merge pull request #924 from gokulkumar792/print_meshid

IEEE 802.11: include the "Mesh ID" field while printing management frames