extern void lwapp_data_print(netdissect_options *, const u_char *, u_int);
extern void lwres_print(netdissect_options *, const u_char *, u_int);
extern void m3ua_print(netdissect_options *, const u_char *, const u_int);
- extern void medsa_print(netdissect_options *, const u_char *, u_int, u_int, const struct lladdr_info *, const struct lladdr_info *);
- extern u_int mfr_print(netdissect_options *, register const u_char *, u_int);
+extern int macsec_print(netdissect_options *, const u_char **,
+ u_int *, u_int *, u_int *,
+ u_short *);
+ extern u_int mfr_print(netdissect_options *, const u_char *, u_int);
extern void mobile_print(netdissect_options *, const u_char *, u_int);
extern int mobility_print(netdissect_options *, const u_char *, const u_char *);
extern void mpcp_print(netdissect_options *, const u_char *, u_int);
return (length);
}
- if (ndo->ndo_eflag) {
- if (print_encap_header != NULL)
- (*print_encap_header)(ndo, encap_header_arg);
- ether_hdr_print(ndo, p, length);
- }
- orig_length = length;
+ if (print_encap_header != NULL)
+ (*print_encap_header)(ndo, encap_header_arg);
- length -= ETHER_HDRLEN;
- caplen -= ETHER_HDRLEN;
- ep = (const struct ether_header *)p;
- p += ETHER_HDRLEN;
- hdrlen = ETHER_HDRLEN;
+ orig_length = length;
- src.addr = ESRC(ep);
+ /*
+ * Get the source and destination addresses, skip past them,
+ * and print them if we're printing the link-layer header.
+ */
+ ehp = (const struct ether_header *)p;
+ src.addr = ehp->ether_shost;
src.addr_string = etheraddr_string;
- dst.addr = EDST(ep);
+ dst.addr = ehp->ether_dhost;
dst.addr_string = etheraddr_string;
- length_type = EXTRACT_16BITS(&ep->ether_length_type);
+ length -= 2*MAC_ADDR_LEN;
+ caplen -= 2*MAC_ADDR_LEN;
+ p += 2*MAC_ADDR_LEN;
+ hdrlen = 2*MAC_ADDR_LEN;
+
+ if (ndo->ndo_eflag)
+ ether_addresses_print(ndo, src.addr, dst.addr);
+
+ /*
+ * Print the switch tag, if we have one, and skip past it.
+ */
+ if (print_switch_tag != NULL)
+ (*print_switch_tag)(ndo, p);
+
+ length -= switch_tag_len;
+ caplen -= switch_tag_len;
+ p += switch_tag_len;
+ hdrlen += switch_tag_len;
+
+ /*
+ * Get the length/type field, skip past it, and print it
+ * if we're printing the link-layer header.
+ */
recurse:
+ length_type = GET_BE_U_2(p);
+
+ length -= 2;
+ caplen -= 2;
+ p += 2;
+ hdrlen += 2;
+
++ if (length_type == ETHERTYPE_MACSEC) {
++ /*
++ * MACsec, aka IEEE 802.1AE-2006
++ * Print the header, and try to print the payload if it's not encrypted
++ */
++ int ret = macsec_print(ndo, &p, &length, &caplen, &hdrlen, &length_type);
++
++ if (ret == 0)
++ goto raw;
++ else if (ret > 0)
++ return ret;
++ }
++
/*
- * Is it (gag) an 802.3 encapsulation?
+ * Process VLAN tag types.
*/
- if (length_type <= ETHERMTU) {
- /* Try to print the LLC-layer header & higher layers */
- llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
- if (llc_hdrlen < 0) {
- /* packet type not known, print raw packet */
- if (!ndo->ndo_suppress_default_print)
- ND_DEFAULTPRINT(p, caplen);
- llc_hdrlen = -llc_hdrlen;
- }
- hdrlen += llc_hdrlen;
- } else if (length_type == ETHERTYPE_8021Q ||
- length_type == ETHERTYPE_8021Q9100 ||
- length_type == ETHERTYPE_8021Q9200 ||
- length_type == ETHERTYPE_8021QinQ) {
+ printed_length = 0;
+ while (length_type == ETHERTYPE_8021Q ||
+ length_type == ETHERTYPE_8021Q9100 ||
+ length_type == ETHERTYPE_8021Q9200 ||
+ length_type == ETHERTYPE_8021QinQ) {
/*
+ * It has a VLAN tag.
* Print VLAN information, and then go back and process
* the enclosed type field.
*/
llc_hdrlen = -llc_hdrlen;
}
hdrlen += llc_hdrlen;
+ } else if (length_type == ETHERTYPE_ARISTA) {
+ if (caplen < 2) {
+ ND_PRINT("[|arista]");
+ return (hdrlen + caplen);
+ }
+ if (length < 2) {
+ ND_PRINT("[|arista]");
+ return (hdrlen + length);
+ }
+ ether_type_print(ndo, length_type);
+ ND_PRINT(", length %u: ", orig_length);
+ int bytesConsumed = arista_ethertype_print(ndo, p, length);
+ if (bytesConsumed > 0) {
+ p += bytesConsumed;
+ length -= bytesConsumed;
+ caplen -= bytesConsumed;
+ hdrlen += bytesConsumed;
+ goto recurse;
+ } else {
+ /* subtype/version not known, print raw packet */
+ if (!ndo->ndo_eflag && length_type > MAX_ETHERNET_LENGTH_VAL) {
+ ether_addresses_print(ndo, src.addr, dst.addr);
+ ether_type_print(ndo, length_type);
+ ND_PRINT(", length %u: ", orig_length);
+ }
+ if (!ndo->ndo_suppress_default_print)
+ ND_DEFAULTPRINT(p, caplen);
+ }
} else {
+ /*
+ * It's a type field with some other value.
+ */
+ if (ndo->ndo_eflag) {
+ ether_type_print(ndo, length_type);
+ if (!printed_length)
+ ND_PRINT(", length %u: ", orig_length);
+ else
+ ND_PRINT(", ");
+ }
if (ethertype_print(ndo, length_type, p, length, caplen, &src, &dst) == 0) {
+raw:
/* type not known, print raw packet */
if (!ndo->ndo_eflag) {
- if (print_encap_header != NULL)
- (*print_encap_header)(ndo, encap_header_arg);
- ether_hdr_print(ndo, (const u_char *)ep, orig_length);
+ /*
+ * We didn't print the full link-layer
+ * header, as -e wasn't specified, so
+ * print only the source and destination
+ * MAC addresses and the final Ethernet
+ * type.
+ */
+ ether_addresses_print(ndo, src.addr, dst.addr);
+ ether_type_print(ndo, length_type);
+ ND_PRINT(", length %u: ", orig_length);
}
if (!ndo->ndo_suppress_default_print)
# RTP tests
# fuzzed pcap
- rtp-seg-fault-1 rtp-seg-fault-1.pcap rtp-seg-fault-1.out -t -v -T rtp
- rtp-seg-fault-2 rtp-seg-fault-2.pcap rtp-seg-fault-2.out -t -v -T rtp
+ rtp-seg-fault-1 rtp-seg-fault-1.pcapng rtp-seg-fault-1.out -v -T rtp
+ rtp-seg-fault-2 rtp-seg-fault-2.pcapng rtp-seg-fault-2.out -v -T rtp
- # NFS tests
- # fuzzed pcap
- nfs-seg-fault-1 nfs-seg-fault-1.pcap nfs-seg-fault-1.out -t
+ # SSH tests
+ ssh ssh.pcap ssh.out
+# MACsec
+macsec-encrypted macsec-encrypted.pcap macsec-encrypted.out -t -e
+macsec-changed macsec-changed.pcap macsec-changed.out -t -e
+macsec-integonly macsec-integonly.pcap macsec-integonly.out -t -e
+macsec-snap macsec-snap.pcap macsec-snap.out -t -e
+macsec-short-shorter macsec-short-shorter.pcap macsec-short-shorter.out -t -e
+macsec-short-longer macsec-short-longer.pcap macsec-short-longer.out -t -e
+macsec-short-valid macsec-short-valid.pcap macsec-short-valid.out -t -e
++
+ # NFS tests
++# fuzzed pcap
+ nfs-write-verf-cookie nfs-write-verf-cookie.pcapng nfs-write-verf-cookie.out -vv
+
+ # NFS fuzzed
+ nfs-seg-fault-1 nfs-seg-fault-1.pcapng nfs-seg-fault-1.out
+ # NFS invalid
+ nfs-cannot-pad-32-bit nfs-cannot-pad-32-bit.pcap nfs-cannot-pad-32-bit.out
+
+ # DNS infinite loop tests
+ #
+ # See http://marc.info/?l=tcpdump-workers&m=95552439022555
+ #
+ dns-zlip-1 dns-zlip-1.pcap dns-zlip-1.out
+ dns-zlip-2 dns-zlip-2.pcap dns-zlip-2.out
+ dns-zlip-3 dns-zlip-3.pcap dns-zlip-3.out
+
+ # NTP tests
+ ntp ntp.pcap ntp.out
+ ntp-v ntp.pcap ntp-v.out -v
+ ntp-time ntp-time.pcap ntp-time.out
+ ntp-time--v ntp-time.pcap ntp-time--v.out -v
+ ntp-time--vv ntp-time.pcap ntp-time--vv.out -vv
+ ntp-time--vvv ntp-time.pcap ntp-time--vvv.out -vvv
+ ntp-control ntp-control.pcap ntp-control.out
+ ntp-control--v ntp-control.pcap ntp-control--v.out -v
+ ntp-control--vv ntp-control.pcap ntp-control--vv.out -vv
+ ntp-control--vvv ntp-control.pcap ntp-control--vvv.out -vvv
+ ntp-mode7 ntp-mode7.pcap ntp-mode7.out
+ ntp-mode7--v ntp-mode7.pcap ntp-mode7--v.out -v
+ ntp-mode7--vv ntp-mode7.pcap ntp-mode7--vv.out -vv
+ ntp-mode7--vvv ntp-mode7.pcap ntp-mode7--vvv.out -vvv
+
+ # RX/AFS
+ rx afs.pcap rx.out
+ rx-v afs.pcap rx-v.out -v
+
+ # Empty pcap/pcapng tests
+ empty-pcap empty.pcap empty.out
+ empty-pcapng empty.pcapng empty.out
+
+ # DNS Extended rcode tests
+ dns-badcookie dns-badcookie.pcap dns-badcookie.out
+ dns-badvers dns-badvers.pcap dns-badvers.out
+
+ # LLDP
+ lldp-app-priority lldp-app-priority.pcap lldp-app-priority.out -v
+
+ # DNS URI RR support tests
+ dns-uri dns-uri.pcap dns-uri.out
+
+ # AF_VSOCK tests
+ vsock-1 vsock-1.pcapng vsock-1.out
+ vsock-1-v vsock-1.pcapng vsock-1-v.out -v
+ vsock-1-vv vsock-1.pcapng vsock-1-vv.out -vv
+ #IP over infinband (ipoib)
+ ipoib ipoib.pcap ipoib.out
+ ipoib-e ipoib.pcap ipoib-e.out -e
+
+ # BFD multihop and lag (RFC5883 & 7130)
+ bfd-multihop bfd-multihop.pcap bfd-multihop.out
+ bfd-multihop-v bfd-multihop.pcap bfd-multihop-v.out -v
+ bfd-lag bfd-lag.pcap bfd-lag.out
+ bfd-lag-v bfd-lag.pcap bfd-lag-v.out -v
+
+ # Arista Vendor Specific Tests
+ arista-ether arista_ether.pcap arista_ether.out
+ arista-ether-e arista_ether.pcap arista_ether-e.out -e
+ arista-ether-ev arista_ether.pcap arista_ether-ev.out -ev
+
+ # TIPC length field test
+ huge-tipc-messages huge-tipc-messages.pcap huge-tipc-messages.out
+
+ # CVE-2018-10105 bad packets from Luis Rocha
+ sflow_print-segv sflow_print-segv.pcap sflow_print-segv.out -v
+ smb_data_print-oobr smb_data_print-oobr.pcapng smb_data_print-oobr.out -vv
+ smb_data_print-segv smb_data_print-segv.pcapng smb_data_print-segv.out -vv
+ #ptp tests
+ ptp ptp.pcap ptp.out
+ ptp_ethernet ptp_ethernet.pcap ptp_ethernet.out -e
+
+ # bad packets from Jason Xiaole
+ ldp_tlv_print-oobr ldp_tlv_print-oobr.pcap ldp_tlv_print-oobr.out -v
+
+ #someip tests
+ someip1 someip1.pcap someip1.out
+ someip2 someip2.pcap someip2.out
+
+ # EDNS Options
+ edns-opts edns-opts.pcap edns-opts.out
+ edns-opts-v edns-opts.pcap edns-opts-v.out -v
+ edns-opts-vv edns-opts.pcap edns-opts-vv.out -vv
projects / tcpdump / commitdiff
