[patch] tcpdump - better BGP UPDATE AS_PATH size calculations

Adopt an updated version of the tcpdump.org ASN size calculation for BGP UPDATE message AS_PATHs. This corrects some bad behaviour due to incorrect ASN size calculations. I believe that the current way of calculating the ASN size for an UPDATE AS_PATH attribute is flawed. Currently, the ASN

Re: [patch] tcpdump - better BGP UPDATE AS_PATH size calculations

On Tue, Oct 27, 2015 at 12:59:20AM -0600, Kevin Reay wrote: > I did add an additional check for "zero" ASNs to the 2-byte default, > inspired by a quick glance at Wireshark's heuristics. I now flip > through each segment's ASNs inside of bgp_attr_get_as_size(), looking > fo

(patch) tcpdump cleanup stats format

Correct printf format for received/dropped packet counts in cleanup(). ps_recv and ps_drop (struct pcap_stat) are both type u_int. Index: tcpdump.c === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.75 diff -u

[patch] tcpdump print-ip print format tweaks

Change printf format strings to print unsigned values throughout print_ip.c. Precursor to future changes. Index: print-ip.c === RCS file: /cvs/src/usr.sbin/tcpdump/print-ip.c,v retrieving revision 1.44 diff -u -p -r1.44 print-ip.c ---

[patch] tcpdump print-ipsec length checks

Fix multiple possible segfaults in the IPsec printer that could occur when EH/ESP/IPCOMP data extends past the captured length. ah_print(), esp_print(), and ipcomp_print now check if their header length will fall beyond the snapend boundry before accessing its members. ah_print() also

[patch] tcpdump print-atalk segfaults

Fix multiple segfaults in the AppleTalk printer when a packet structs extend past the actual captured length. Also add "const" to a struct cast to maintain consistency. Other issues to be addressed in future patches. Index: print-atalk.c

Re: [patch] tcpdump print-atalk segfaults

On Sun, Nov 8, 2015 at 4:58 PM, Mike Belopuhov wrote: > Do you have a library of pcaps available somewhere? Just a small local set that I've built up for testing. Is there interest in having them online somewhere?

Re: [patch] tcpdump print-atalk segfaults

On Sun, Nov 08, 2015 at 11:44:48PM +0100, Christian Weisgerber wrote: > In my tree, I'm still lugging along the patch below. This is > strictly equivalent to mikeb@'s change "Catch up with the BPF_ALIGNMENT > switch to the uint32_t" to print-{ip,ip6}.c eleven months ago, but > he didn't want me

[patch] tcpdump print-tcp printf format tweaks

Change printf format to print unsigned values. Minor spacing change of casts to match file/style(9). Attempted to match printf formating of unsigned 32bits to rest of file. Index: print-tcp.c === RCS file:

[patch] hostapd iapp.h frame-type name array typo

Add a missing delimiter to the IEEE80211_IAPP_FRAME_TYPE_NAME array. The missing comma would cause the tcpdump IAPP printer to segfault when an i_command value of 15 was processed (as the array only contained 15 elements). The array definition doesn't appear to be used anywhere else in the tree.

[patch] tcpdump print-null AF_LINK segfault

Fixes a segfault (in tcpdump.c:default_print) when a printing a raw packet of family AF_LINK with an unknown ether_type with MALLOC_OPTIONS=S. The original version would print 4-bytes of d0 and occasionally segfault. With this change, default_print() receives a caplen that is reduced by

[patch] tcpdump gre sre segfault

Fix a segfault in the GRE printer when a GRE packet SRE length extends past the actual captured length (but not the packet's original length). gre_print() now checks if the length extends past snapend and, if so, uses the snapend to determine the usable length. Also includes a small change to

Re: [patch] tcpdump print-tcp printf format tweaks

> > Attempted to match printf formating of unsigned 32bits to rest of > > file. > > I don't think this is the good direction. "seq" and "length" are 32bits > integers. Why cast them to long, and then print them as unsigned long? > Let's just print them as unsigned int. That sounds good to me.

Re: [patch] tcpdump segfault on invalid DECnet packet

Thanks for the review and feedback. Updated patch with removed whitespace changes included. On Wed, Oct 14, 2015 at 11:55:58AM +0100, Stuart Henderson wrote: > unnecessary whitespace change (new one is wrong) Index: print-decnet.c

[patch] tcpdump segfault on invalid DECnet packet

Fix a tcpdump segfault when attempting to print an invalid DECnet packet. DECnet packet printing code could cause a segfault on an impossibly large packet from a specifically crafted packet. The segfault would occur in tcpdump.c:default_print() called by print-decnet.c:decnet_print(). Patch

[patch] tcpdump segfault on malformed nfs packet

Small fix to tcpdump nfs packet printing. Crash occurs when printing nfs request filename of malformed packet. parsefn() now passes snapend to filename print function (attempting to print packet data so NULL isn't right). Also check return value from fn_printn() and handle truncation. Behavior

[patch] regress test fix: libc/db

Implement max file size constant in libc/db/dbtest regression test. Some /bin files read for testing are larger than SIZE_MAX causing tests to fail. Also change error for file too large from E2BIG to EFBIG. Feedback is very appreciated. Index: dbtest.c

[patch] regress test fix: systrace/id

Attached is a patch for the systrace/id regress test: Updated the id.policy used to allow the new pledge syscall This is my first time working with the regress tests. I want to make sure I'm on the right track so any tips are appreciated. Is there interest in additional regress test work? I have

[patch] tcpdump segfault on malformed BGP AS_PATH update

Fix a segfault when printing a malformed BGP AS_PATH update due to ASN extraction. Better AS size extraction from AS paths: better heuristics (see bgp_attr_get_as_size). Also fixes output support for 4-byte ASNs. For example; (AS_PATH[T] {500.500 513.65211}) becomes: (AS_PATH[T] {500