When you run tcpdump on a 64-bit arch and look at UDP traffic over
IPv6 (say NTP or DNS), you'll see preposterous packet sizes.
Packets are considered misaligned, copied into a new buffer, but
one of the pointer variables isn't updated. Fix below. IPv4 is
not affected, because the equivalent function doesn't use bp after
the packet has been copied.
As a separate issue, tcpdump wants packets to be aligned to
sizeof(long) bytes. I guess what it gets from pcap is 4-byte
aligned, so on LP64 archs all packets are treated as misaligned.
I strongly suspect it should just check for 4-byte alignment, but
haven't looked closely yet.
Index: print-ip6.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-ip6.c,v
retrieving revision 1.14
diff -u -p -r1.14 print-ip6.c
--- print-ip6.c 27 Jun 2011 16:54:14 -0000 1.14
+++ print-ip6.c 17 Sep 2011 15:36:26 -0000
@@ -81,7 +81,7 @@ ip6_print(register const u_char *bp, reg
}
memmove((char *)abuf, (char *)ip6, min(length, clen));
snapend = abuf + clen;
- packetp = abuf;
+ packetp = bp = abuf;
ip6 = (struct ip6_hdr *)abuf;
/* We really want libpcap to give us aligned packets */
if (!didwarn) {
--
Christian "naddy" Weisgerber [email protected]
