6 years agoMerge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7 tcpdump-4.7.2
Michael Richardson [Mon, 9 Mar 2015 19:16:11 +0000 (15:16 -0400)] 
Merge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7

6 years agoprotected osi_print_cksum is more general fashion
Michael Richardson [Mon, 9 Mar 2015 19:15:52 +0000 (15:15 -0400)] 
protected osi_print_cksum is more general fashion

6 years agoannotate kday packets with CVE numbers
Michael Richardson [Mon, 9 Mar 2015 19:15:31 +0000 (15:15 -0400)] 
annotate kday packets with CVE numbers

6 years agoMerge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7
Michael Richardson [Mon, 9 Mar 2015 19:07:32 +0000 (15:07 -0400)] 
Merge remote-tracking branch 'origin/tcpdump_4_7_cve' into tcpdump-4.7

6 years agoupdate cve-2015-0261 test packets with expected output
Michael Richardson [Mon, 9 Mar 2015 18:35:53 +0000 (14:35 -0400)] 
update cve-2015-0261 test packets with expected output

6 years agoupdate kday test packets with expected output
Michael Richardson [Mon, 9 Mar 2015 18:35:12 +0000 (14:35 -0400)] 
update kday test packets with expected output

6 years agomake sure that EXIT code is appended to results file
Michael Richardson [Mon, 9 Mar 2015 18:35:02 +0000 (14:35 -0400)] 
make sure that EXIT code is appended to results file

6 years agoND_TEST2 should validate that l is non-negative
Michael Richardson [Mon, 9 Mar 2015 18:23:25 +0000 (14:23 -0400)] 
ND_TEST2 should validate that l is non-negative

6 years agoadded notes about CVEs that were fixed
Michael Richardson [Wed, 18 Feb 2015 01:15:22 +0000 (20:15 -0500)] 
added notes about CVEs that were fixed

6 years agosome patches to deal with kday pcap files
Michael Richardson [Mon, 16 Feb 2015 19:49:11 +0000 (14:49 -0500)] 
some patches to deal with kday pcap files

6 years agoenumerate F_OP values explicitely, provide reference to where they are defined.
Michael Richardson [Mon, 16 Feb 2015 18:25:25 +0000 (13:25 -0500)] 
enumerate F_OP values explicitely, provide reference to where they are defined.
guard against case where ops->print is nil

6 years agotest case for cve2015-0261 -- corrupted IPv6 mobility header
Michael Richardson [Mon, 16 Feb 2015 02:22:11 +0000 (21:22 -0500)] 
test case for cve2015-0261 -- corrupted IPv6 mobility header

6 years agoin some cases we expect tcpdump to fail with an error code
Michael Richardson [Mon, 16 Feb 2015 02:21:29 +0000 (21:21 -0500)] 
in some cases we expect tcpdump to fail with an error code

6 years agobroken packets from Kevin Day
Michael Richardson [Sun, 15 Feb 2015 20:29:52 +0000 (15:29 -0500)] 
broken packets from Kevin Day

6 years agoAdd a #define for the short options and put it above the long options.
Guy Harris [Sun, 8 Mar 2015 22:55:47 +0000 (15:55 -0700)] 
Add a #define for the short options and put it above the long options.

That puts all the option lists together; hopefully this encourages
developers who want to add a new flag to read the big "don't use these
options, other tcpdumps use them for their own purposes" command and
thus *dis*courages them from using one of those options.

6 years agoDo the dump file Capsicum stuff in a common routine. 440/head
Guy Harris [Thu, 5 Mar 2015 23:32:01 +0000 (15:32 -0800)] 
Do the dump file Capsicum stuff in a common routine.

We were doing the same stuff in two places and *almost* the same stuff
in a third place, which should have been doing the same stuff.  Put that
stuff into a common routine and just use that.

(What a mess.  If you pour a bottle of Capsicum on your OS, it seeps all
throughout the system; might as well admit it and, at least, extend the
standard I/O library to handle it a bit better.)

6 years agoMerge pull request #433 from wxsBSD/cap_fix
Guy Harris [Thu, 5 Mar 2015 22:51:51 +0000 (14:51 -0800)] 
Merge pull request #433 from wxsBSD/cap_fix

Add CAP_FCNTL and use cap_fcntls_limit().

6 years agoadd/update some references in comments
Denis Ovsienko [Thu, 5 Mar 2015 12:50:39 +0000 (12:50 +0000)] 
add/update some references in comments

6 years agoclean K&R style up in function declarations a bit
Denis Ovsienko [Thu, 5 Mar 2015 10:33:43 +0000 (10:33 +0000)] 
clean K&R style up in function declarations a bit

The function body should have its opening brace on the next line.

6 years agoFix the pointer tests in the non-ndoified TTEST2() macro as well. 349/head
Guy Harris [Mon, 2 Mar 2015 21:46:29 +0000 (13:46 -0800)] 
Fix the pointer tests in the non-ndoified TTEST2() macro as well.

6 years agoC compilers can, and some do, optimize away pointer underflow checks.
Guy Harris [Mon, 2 Mar 2015 21:25:12 +0000 (13:25 -0800)] 
C compilers can, and some do, optimize away pointer underflow checks.

Cast the pointers to uintptr_t; use AC_TYPE_UINTPTR_T to get uintptr_t
defined on older platforms that don't define it themselves.

6 years agoDon't run past the snaplength when printing a packet with a too-short LI.
Guy Harris [Sun, 1 Mar 2015 19:00:21 +0000 (11:00 -0800)] 
Don't run past the snaplength when printing a packet with a too-short LI.

Fixes GitHub issue #437.

6 years agoUpdate config.{sub,guess}, timestamp='2015-02-2[23]'
Francois-Xavier Le Bail [Sun, 1 Mar 2015 11:37:06 +0000 (12:37 +0100)] 
Update config.{sub,guess}, timestamp='2015-02-2[23]'

6 years agoUpdate config.{sub,guess}, timestamp='2015-01-01'
Francois-Xavier Le Bail [Fri, 20 Feb 2015 14:11:29 +0000 (15:11 +0100)] 
Update config.{sub,guess}, timestamp='2015-01-01'

6 years agoMerge pull request #435 from wolfgangkarall/sigusr1-man
Michael Richardson [Tue, 24 Feb 2015 14:03:33 +0000 (09:03 -0500)] 
Merge pull request #435 from wolfgangkarall/sigusr1-man

document SIGUSR1 in manual page

6 years agodocument SIGUSR1 in manual page 435/head
Wolfgang Karall [Tue, 24 Feb 2015 11:36:51 +0000 (12:36 +0100)] 
document SIGUSR1 in manual page

6 years agoOpenFlow 1.0: address a Coverity warning
Denis Ovsienko [Sat, 21 Feb 2015 22:12:52 +0000 (22:12 +0000)] 
OpenFlow 1.0: address a Coverity warning

6 years agogitattributes: Update the attributes for tests/*.out
Francois-Xavier Le Bail [Sat, 21 Feb 2015 13:25:35 +0000 (14:25 +0100)] 
gitattributes: Update the attributes for tests/*.out

The actual status for good conditions of tests in Windows are:

Sources from    autocrlf    *.out ending    sed stuff
git             true        CRLF            no
git             input       LF              yes
git             false       LF              yes
archive         N/A         LF              yes

We need to have the sed stuff for sources archives.
Thus we need that the endings of tests/*.out files be always LF only.
We don't want to depend on user config.
Thus this changes.
Advantage: This config is under version control, it applies to all users.

Get rid of legacy config 'core.autocrlf=true'

6 years agogitattributes: cleanup unused patterns
Francois-Xavier Le Bail [Wed, 18 Feb 2015 13:37:53 +0000 (14:37 +0100)] 
gitattributes: cleanup unused patterns

6 years agoAdd CAP_FCNTL and use cap_fcntls_limit(). 433/head
Wesley Shields [Wed, 18 Feb 2015 22:07:18 +0000 (17:07 -0500)] 
Add CAP_FCNTL and use cap_fcntls_limit().

Without these changes pcap_dump_ftell() will return -1 and set errno to

This allows you to do:

tcpdump -C 1 -W 5 -w foo.pcap

Without these changes it will never rotate to foo.pcap1 and continue writing
to foo.pcap0 forever.

Discussed at:

6 years agoCheck for pcap_dump_ftell() failing.
Guy Harris [Wed, 18 Feb 2015 21:18:21 +0000 (13:18 -0800)] 
Check for pcap_dump_ftell() failing.

That way, we don't just keep writing if it fails (which it can when
using Capsicum, for example).

6 years agoOpenFlow 1.0: improve BSN extensions support
Denis Ovsienko [Sun, 1 Feb 2015 21:34:38 +0000 (21:34 +0000)] 
OpenFlow 1.0: improve BSN extensions support

Improve decoding of BSN vendor commands: update printing of commands
that set/get mirror port reporting flag, add decoding of shell exec
commands. Introduce decoding of vendor-specific actions with BSN as the
first such vendor and "mirror" as the first such BSN action.

Add a new test case based on a packet capture produced using Trema
controller and an Arista 7050SX-64 switch in Arista Networks' test lab.
Besides the structures above the capture contains the following items:

* OFPT_QUEUE_GET_CONFIG_REPLY with 0 queues (a valid edge case)
* OFPT_FEATURES_REPLY with ports 21 and 23 having bogus "config" field
  (a violation of the protocol, which required temporary patching of the
  controller to avoid the session shutdown)
* a set of IP mask manipulation BSN-specific commands

6 years agoFix issues with the setting of libcap-ng capabilities. 431/head
Tommy Beadle [Wed, 18 Feb 2015 16:38:56 +0000 (11:38 -0500)] 
Fix issues with the setting of libcap-ng capabilities.

- Only set the SETUID/SETGID capabilities if required (i.e. we'll be changing
  the effective UID).
- Only set the CAP_DAC_OVERRIDE capability if writing out to a file (i.e. the -w
  flag was provided).
- Fix the calls to capng_clear to pass CAPNG_SELECT_BOTH so that the traditional
  and bounding capabilities are set.
- Only remove CAP_DAC_OVERRIDE from the permitted set after opening the write
  file if neither -G nor -C flag was provided.  We always drop it from the
  effective set immediately after opening the write file.  During file rotation,
  we reacquire it immediately before and drop it immediately after opening the

6 years agominor changes to detect core dumps better
Michael Richardson [Sun, 15 Feb 2015 20:20:08 +0000 (15:20 -0500)] 
minor changes to detect core dumps better

6 years agoAdd additional test cases for Geneve.
Jesse Gross [Wed, 4 Feb 2015 00:00:32 +0000 (16:00 -0800)] 
Add additional test cases for Geneve.

The test cases exercise both more varied traffic and new libpcap

6 years agoDECNET: Fix segmentation fault
Francois-Xavier Le Bail [Mon, 16 Feb 2015 19:41:55 +0000 (20:41 +0100)] 
DECNET: Fix segmentation fault

If the 'dnet_htoa' function return NULL, '(strdup(dnet_htoa(&dna)))'
gives a segmentation fault.

- libdnet-dev installed (Thus HAVE_DNET_HTOA defined)
- Missing /etc/decnet.conf

6 years agoTravis: add 'make install' in the build script
Francois-Xavier Le Bail [Mon, 16 Feb 2015 14:57:13 +0000 (15:57 +0100)] 
Travis: add 'make install' in the build script

6 years agoTravis: install libcap-ng-dev lib
Francois-Xavier Le Bail [Sun, 15 Feb 2015 14:42:35 +0000 (15:42 +0100)] 
Travis: install libcap-ng-dev lib

6 years agoconfigure: add support for cap-ng package
Francois-Xavier Le Bail [Sun, 15 Feb 2015 14:32:23 +0000 (15:32 +0100)] 
configure: add support for cap-ng package

It uses '--with-cap-ng', for using libcap-ng [default=yes, if available]

6 years agoMerge pull request #429 from mkirkhart/inverse-arp-print-fix
Guy Harris [Thu, 12 Feb 2015 20:07:34 +0000 (12:07 -0800)] 
Merge pull request #429 from mkirkhart/inverse-arp-print-fix

Fixed bug in arp_print() in handling of inverse arp responses

6 years agoUse immediate mode if available.
Guy Harris [Tue, 10 Feb 2015 22:55:43 +0000 (14:55 -0800)] 
Use immediate mode if available.

If libpcap has pcap_set_immediate_mode(), then default to immediate mode
if we're printing packets to a terminal, and use immediate mode if
--immediate-mode is specified.

6 years agoMove pcap function checks to
Guy Harris [Tue, 10 Feb 2015 21:52:51 +0000 (13:52 -0800)] 
Move pcap function checks to

It was doing some of the function checks; move the remaining ones out of
AC_LBL_LIBPCAP(), which is now solely responsible for finding libpcap,
making sure it'll work, and setting compiler and linker flags
appropriately.  Checks for functions that were introduced in later
versions of libpcap, which we use if available, are all done in

6 years agoThis is the trunk, and there's a 4.7.x branch, so call it 4.8.0-PRE-GIT.
Guy Harris [Tue, 10 Feb 2015 21:38:31 +0000 (13:38 -0800)] 
This is the trunk, and there's a 4.7.x branch, so call it 4.8.0-PRE-GIT.

6 years agodroproot(): always print to stderr (GH #425)
Denis Ovsienko [Mon, 9 Feb 2015 01:21:51 +0000 (01:21 +0000)] 
droproot(): always print to stderr (GH #425)

Otherwise it interferes with the output of "tcpdump -w -".

6 years agoSquelch a Coverity warning.
Guy Harris [Fri, 6 Feb 2015 19:42:00 +0000 (11:42 -0800)] 
Squelch a Coverity warning.

For unknown PDU types, we return 0 whether print_unknown_data() succeeds
or fails; don't bother checking whether it succeeds, Just Do It.

6 years agoFixed bug in arp_print() in handling of inverse arp responses - the target's hardware... 429/head
mkirkhart [Wed, 4 Feb 2015 23:55:58 +0000 (18:55 -0500)] 
Fixed bug in arp_print() in handling of inverse arp responses - the target's hardware and protocol address were being printed instead of the sender's hardware and protocol address

6 years agoOpenFlow 1.0: add missing items to bsn_subtype_str
Denis Ovsienko [Fri, 30 Jan 2015 14:31:14 +0000 (14:31 +0000)] 
OpenFlow 1.0: add missing items to bsn_subtype_str

6 years agorefine 802.1Q VLAN TCI decoding
Denis Ovsienko [Thu, 29 Jan 2015 19:48:25 +0000 (19:48 +0000)] 
refine 802.1Q VLAN TCI decoding

Factor the common code out to a new function and rename the CFI bit to
DEI to match the terminology in Clause 9.6 of IEEE 802.1Q-2011.

6 years agoMerge pull request #422 from tbeadle/capng_changes
Guy Harris [Tue, 27 Jan 2015 19:38:31 +0000 (11:38 -0800)] 
Merge pull request #422 from tbeadle/capng_changes

Make sure to init capng before dropping root.

capng_clear needs to be called before capng_change_id can be called within
droproot. Otherwise, an (unusable) error message is output: "error : ret -1" and it fails to drop root privileges.

This also fixes the dropping of the CAP_SETGID capability. Previously,
CAP_SETUID was being dropped twice.

6 years agoMake sure to init capng before dropping root. 422/head
Tommy Beadle [Tue, 27 Jan 2015 18:32:14 +0000 (13:32 -0500)] 
Make sure to init capng before dropping root.

capng_clear needs to be called before capng_change_id can be called within
droproot.  Otherwise, an (unusable) error message is output: "error : ret -1".

This also fixes the dropping of the CAP_SETGID capability.  Previously,
CAP_SETUID was being dropped twice.

6 years agoFix a warning for 'strsep' function on Solaris
Francois-Xavier Le Bail [Mon, 26 Jan 2015 09:58:04 +0000 (10:58 +0100)] 
Fix a warning for 'strsep' function on Solaris

The warning was:
./missing/strsep.c:54:1: warning: no previous prototype for 'strsep' [-Wmissing-prototypes]

7 years agomkdep: It uses now the build environment PATH
Francois-Xavier Le Bail [Sun, 18 Jan 2015 11:22:47 +0000 (12:22 +0100)] 
mkdep: It uses now the build environment PATH

7 years agoTravis: avoid useless lines from 'brew' command in the logs
Francois-Xavier Le Bail [Fri, 9 Jan 2015 17:08:44 +0000 (18:08 +0100)] 
Travis: avoid useless lines from 'brew' command in the logs

7 years agocondition DOS/UNIX newline styles for Windows test
Gisle Vanem [Fri, 9 Jan 2015 13:39:39 +0000 (13:39 +0000)] 
condition DOS/UNIX newline styles for Windows test

7 years agoMerge remote-tracking branch 'bpf/master'
Denis Ovsienko [Thu, 8 Jan 2015 21:59:34 +0000 (21:59 +0000)] 
Merge remote-tracking branch 'bpf/master'

7 years agoNo OPER-TLV are "empty TLVs".
Guy Harris [Thu, 8 Jan 2015 21:22:13 +0000 (13:22 -0800)] 
No OPER-TLV are "empty TLVs".

As section 7 of RFC 5810 says, an OPER-TLV is 1*PATH-DATA-TLV, so it
always has at least one PATH-DATA-TLV.  Remove the ZERO_TTLV check - the
old one was bogus ((!ops->flags & ZERO_TTLV) means ((!ops->flags) &
ZERO_TTLV), and if ops->flags is non-zero, !ops->flags is zero, and the
test fails), and the new one causes tests to fail, revealing that the
whole "empty TLVs like COMMIT and TRCOMMIT are empty, we stop here"
think is wrong, so we remove it.

7 years agoProperly test ZERO_TTLV flag in otlv_print().
Guy Harris [Thu, 8 Jan 2015 01:11:55 +0000 (17:11 -0800)] 
Properly test ZERO_TTLV flag in otlv_print().

If that flag is set, the TLV in question is empty, so don't process
anything further - and if it's *not* empty, report an error.

Thanks to Maks Naumov for finding this.

7 years agoTravis: set git clone for libpcap to be faster and quieter
Francois-Xavier Le Bail [Thu, 8 Jan 2015 14:20:46 +0000 (15:20 +0100)] 
Travis: set git clone for libpcap to be faster and quieter

7 years agoTravis: use the new 'quiet' option for git
Francois-Xavier Le Bail [Thu, 8 Jan 2015 14:18:10 +0000 (15:18 +0100)] 
Travis: use the new 'quiet' option for git

This change allows to avoid many useless lines in the logs:
Receiving objects:...
Resolving deltas:...

7 years agoupdate an e-mail address in CREDITS
Denis Ovsienko [Thu, 8 Jan 2015 11:55:43 +0000 (11:55 +0000)] 
update an e-mail address in CREDITS

7 years agoamend recent changes to fix tests on Solaris
Denis Ovsienko [Thu, 8 Jan 2015 11:02:30 +0000 (11:02 +0000)] 
amend recent changes to fix tests on Solaris

Solaris /bin/sh does not support the "!" operator, I forgot about it
again (see commits 9ac4b76 and f4252a1). Now should be OK.

7 years agoCheck not just the capture length but the on-the-network length.
Guy Harris [Tue, 6 Jan 2015 08:44:11 +0000 (00:44 -0800)] 
Check not just the capture length but the on-the-network length.

7 years agoupdate the LMP test case for a Windows build
Denis Ovsienko [Sun, 4 Jan 2015 12:42:10 +0000 (12:42 +0000)] 
update the LMP test case for a Windows build

This is a side trip of GH #418.

7 years agoICMPv6: fix RPL DAGID printing (GH #418)
Denis Ovsienko [Sat, 3 Jan 2015 07:24:12 +0000 (07:24 +0000)] 
ICMPv6: fix RPL DAGID printing (GH #418)

Allow an extra byte in the buffer for snprintf()'s null character,
otherwise it does not work as intended (issue spotted by Gisle Vanem on
Windows, where snprintf() behaviour seems to be different). Update the

7 years agoadd a comment to print-openflow-1.0.c
Denis Ovsienko [Thu, 1 Jan 2015 15:09:25 +0000 (15:09 +0000)] 
add a comment to print-openflow-1.0.c

7 years agoskip some tests when compiled with Capsicum
Denis Ovsienko [Tue, 30 Dec 2014 20:29:57 +0000 (20:29 +0000)] 
skip some tests when compiled with Capsicum

When compiled with Capsicum, tcpdump -E 'file filename' fails to read
the secret from the file with the "Not permitted in capability mode"
error and exits with code 3. Skip respective tests until this logic is
handled in a better way.

7 years agofix compilation on FreeBSD 10.1
Denis Ovsienko [Mon, 29 Dec 2014 11:02:17 +0000 (11:02 +0000)] 
fix compilation on FreeBSD 10.1

Commit 05d7191 fixed detection of Capsicum availability and the
Capsicum-specific code in tcpdump made it into the compilation process
on respective FreeBSD systems. However, it would fail to compile at
least on FreeBSD 10.1-RELEASE as quoted below. This commit fixes it.

In file included from ./tcpdump.c:89:
/usr/include/net/bpf.h:65:8: error: redefinition of 'bpf_program'
struct bpf_program {
../libpcap/pcap/bpf.h:106:8: note: previous definition is here
struct bpf_program {
In file included from ./tcpdump.c:89:
/usr/include/net/bpf.h:1206:8: error: redefinition of 'bpf_insn'
struct bpf_insn {
../libpcap/pcap/bpf.h:1466:8: note: previous definition is here
struct bpf_insn {
2 errors generated.

7 years agoAssume non-buggy getaddrinfo() when cross-compiling.
Guy Harris [Fri, 19 Dec 2014 21:44:21 +0000 (13:44 -0800)] 
Assume non-buggy getaddrinfo() when cross-compiling.

The cross target is probably some flavor of Linux (this includes
Android) or *BSD (or maybe iOS if you're building for a jailbroken
system), and those should have non-buggy getaddrinfo().

If somebody's cross-compiling for a target with a buggy getaddrinfo(),
and tcpdump incorrectly converting IPv6 addresses to host names causes
the universe to collapse into a giant black hole or something equally
horrible, too bad.

Expand a comment while we're at it.

7 years agoRegenerate configure script.
Guy Harris [Fri, 19 Dec 2014 21:38:54 +0000 (13:38 -0800)] 
Regenerate configure script.

7 years agoDon't check for cap_rights_init().
Guy Harris [Fri, 19 Dec 2014 21:26:03 +0000 (13:26 -0800)] 
Don't check for cap_rights_init().

It's a macro, wrapping another function, in at least some versions of
FreeBSD, and AC_CHECK_FUNCS() doesn't handle that.

7 years agoClean up bounds checking.
Guy Harris [Fri, 19 Dec 2014 20:12:54 +0000 (12:12 -0800)] 
Clean up bounds checking.

Fix link-layer header length for Cisco-style encapsulation while we're
at it.

7 years agoupdate a comment: TCP Fast Open is now an RFC
Denis Ovsienko [Fri, 19 Dec 2014 18:06:35 +0000 (18:06 +0000)] 
update a comment: TCP Fast Open is now an RFC

7 years agoOnly print the incorporated IP packet if there is one.
Guy Harris [Fri, 19 Dec 2014 09:58:26 +0000 (01:58 -0800)] 
Only print the incorporated IP packet if there is one.

Check for the ICMP types that *do* include an IP packet, rather than
checking for a set that doesn't.  This does a better job of handling
unknown ICMP types.

7 years agoDissect the IPv4 header if the version is wrong, but fix the messages.
Guy Harris [Fri, 19 Dec 2014 09:56:04 +0000 (01:56 -0800)] 
Dissect the IPv4 header if the version is wrong, but fix the messages.

7 years agoDon't dissect a header with a version field != 4.
Guy Harris [Fri, 19 Dec 2014 06:21:23 +0000 (22:21 -0800)] 
Don't dissect a header with a version field != 4.

Also, clean up the message printed when it's 6.

7 years agoAlways fill in the buffer on a successful return from decode_rt_routing_info().
Guy Harris [Fri, 19 Dec 2014 06:19:10 +0000 (22:19 -0800)] 
Always fill in the buffer on a successful return from decode_rt_routing_info().

7 years agoClean up length checks.
Guy Harris [Thu, 18 Dec 2014 23:56:27 +0000 (15:56 -0800)] 
Clean up length checks.

Check only the amount of length that matters at any given point; yes,
this means we do multiple checks, but so it goes.

We don't need to check for LLC+SNAP - llc_print() does that for us.  We
do, however, need to check to make sure we can safely skip the Fore

7 years agoFix length checking.
Guy Harris [Thu, 18 Dec 2014 23:51:11 +0000 (15:51 -0800)] 
Fix length checking.

Check both the captured length and the on-the-wire length (the latter
*should* be greater than or equal to the former, but that's not

Add some additional length checks, so neither caplen nor length

If we stop dissecting because the packet is too short, return 1, not 0,
as we've "dissected" what we can; 0 means "this is LLC+SNAP with an OUI
of 0 and an unknown Ethertype".

7 years agoDo more length checking. From OpenBSD.
Guy Harris [Thu, 18 Dec 2014 22:48:08 +0000 (14:48 -0800)] 
Do more length checking.  From OpenBSD.

7 years agoCheck whether the version field is available before looking at it.
Guy Harris [Thu, 18 Dec 2014 22:43:29 +0000 (14:43 -0800)] 
Check whether the version field is available before looking at it.

While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.

7 years agoTravis: minor update
Francois-Xavier Le Bail [Wed, 17 Dec 2014 20:53:11 +0000 (21:53 +0100)] 
Travis: minor update

add date command
add quiet option for apt-get
change Coverity token

7 years agoFix some typos
Francois-Xavier Le Bail [Wed, 17 Dec 2014 14:46:09 +0000 (15:46 +0100)] 
Fix some typos

7 years agoForCES: update reference from draft to RFC5810 416/head
Francois-Xavier Le Bail [Wed, 17 Dec 2014 13:35:23 +0000 (14:35 +0100)] 
ForCES: update reference from draft to RFC5810

Acked-by: Jamal Hadi Salim
7 years agoOpenFlow: handle 5 more BSN subtypes
Denis Ovsienko [Mon, 15 Dec 2014 04:22:37 +0000 (04:22 +0000)] 
OpenFlow: handle 5 more BSN subtypes

7 years agoOpenFlow: improve vendor message decoding
Denis Ovsienko [Fri, 12 Dec 2014 23:34:20 +0000 (23:34 +0000)] 
OpenFlow: improve vendor message decoding

Introduce a new function that tries to dispatch an OFPT_VENDOR message
to a vendor-specific printer function. Add such a function for Big
Switch Networks vendor with about as little decoding as necessary to
cover the existing 7050Q OF1.0 capture.

7 years agoOpenFlow: add vendor name printing
Denis Ovsienko [Thu, 11 Dec 2014 23:49:30 +0000 (23:49 +0000)] 
OpenFlow: add vendor name printing

The new function goes into print-openflow.c as vendor name decoding is
the same in all versions of OpenFlow (although in 1.0 it is "vendor"
and in subsequent versions it is "experimenter"). The mapping is from:

7 years agoFix a typo
Francois-Xavier Le Bail [Thu, 11 Dec 2014 19:51:05 +0000 (20:51 +0100)] 
Fix a typo

7 years agoBOOTP/DHCP: fix "Unchecked return value" found by Coverity
Francois-Xavier Le Bail [Tue, 9 Dec 2014 18:42:31 +0000 (19:42 +0100)] 
BOOTP/DHCP: fix "Unchecked return value" found by Coverity

Add a bounds check
Fix spaces

7 years agoOLSR: fix "Unchecked return value" found by Coverity
Francois-Xavier Le Bail [Mon, 8 Dec 2014 21:18:16 +0000 (22:18 +0100)] 
OLSR: fix "Unchecked return value" found by Coverity

The bounds check is already done before by ND_TCHECK2(*msg_data, addr_size +
name_entry_len + name_entry_padding).
So we are deliberately ignoring the return values of fn_printn with last
argument NULL (no bounds check).

7 years agoCDP: fix "Unchecked return value" found by Coverity
Francois-Xavier Le Bail [Mon, 8 Dec 2014 20:24:59 +0000 (21:24 +0100)] 
CDP: fix "Unchecked return value" found by Coverity

The bounds check is already done before by ND_TCHECK2(*tptr, len).
So we are deliberately ignoring the return values of fn_printn with last
argument NULL (no bounds check).

7 years agoDHCP: decoder for the TFTP Server Address option (RFC5859)
Francois-Xavier Le Bail [Mon, 1 Dec 2014 15:56:30 +0000 (16:56 +0100)] 
DHCP: decoder for the TFTP Server Address option (RFC5859)

7 years agoBOOTP/DHCP: fix some spaces/tabs and indentation
Francois-Xavier Le Bail [Mon, 1 Dec 2014 13:17:39 +0000 (14:17 +0100)] 
BOOTP/DHCP: fix some spaces/tabs and indentation

7 years agoMerge remote-tracking branch 'github/master'
Michael Richardson [Sun, 30 Nov 2014 17:00:29 +0000 (12:00 -0500)] 
Merge remote-tracking branch 'github/master'

7 years agoDHCP: decoder for the User Class option (RFC3004)
Francois-Xavier Le Bail [Fri, 28 Nov 2014 10:10:24 +0000 (11:10 +0100)] 
DHCP: decoder for the User Class option (RFC3004)

7 years agoDHCP: do not print the option and the length twice in some error cases
Francois-Xavier Le Bail [Thu, 27 Nov 2014 10:27:29 +0000 (11:27 +0100)] 
DHCP: do not print the option and the length twice in some error cases

7 years agoBGP: fix a typo
Francois-Xavier Le Bail [Mon, 24 Nov 2014 19:35:55 +0000 (20:35 +0100)] 
BGP: fix a typo

7 years agoMerge git://
Guy Harris [Mon, 24 Nov 2014 01:42:21 +0000 (17:42 -0800)] 
Merge git://

7 years agoCHANGES: add the DCCP update
Francois-Xavier Le Bail [Thu, 20 Nov 2014 15:12:06 +0000 (16:12 +0100)] 
CHANGES: add the DCCP update

7 years agotests/dccp_partial_csum_v*.out: update according two previous changes
Francois-Xavier Le Bail [Thu, 20 Nov 2014 15:02:00 +0000 (16:02 +0100)] 
tests/dccp_partial_csum_v*.out: update according two previous changes

7 years agoDCCP: fix printing and indentation
Francois-Xavier Le Bail [Thu, 20 Nov 2014 14:56:03 +0000 (15:56 +0100)] 
DCCP: fix printing and indentation

- print missing protocol name
- print parentheses around generic header values in verbose mode
- fix indentation