Re: Re: -e vs. -x, revisited

[Guy Harris <guy () netapp com>]

On Tue, Dec 17, 2002 at 08:21:39AM -0500, Andrew Brown wrote:
> actually, it oughta be simpler than you think.  provided that all the
> functions that may end up being returned from lookup_printer() set
> packetp and snapend (as it seems they do), then one could simply
> change default_print_unaligned as follows:

Unfortunately, they don't all set "packetp" to the right value - to
quote the comment that appears in many print-XXX.c files:

        /*
         * Actually, the only printers that use packetp are print-arp.c
         * and print-bootp.c, and they assume that packetp points to an
         * Ethernet header.  The right thing to do is to fix them to know
         * which link type is in use when they excavate. XXX
         */

The claim in question is not, in fact, true of "print-arp.c", but it is
true of "print-bootp.c".  However, the value from "packetp" isn't
actually *used* in "print-bootp.c" - perhaps it was at one point, but it
now gets the client's Ethernet addrss from "bp->bp_chaddr", not from the
link-layer header of the packet.

So we could remove the stuff in "print-bootp.c" that uses "packetp",
remove all the code that currently sets "packetp", and set it in
"tcpdump.c" before calling the print function.

However, the PPPoE printer sets snapend itself.  This is, I suspect,
done to clip off the packet at the end of the PPPoE payload, so that
bounds checks are done against that and don't allow access to stuff past
the end of the PPPoE payload.  Arguably, other printers should do that
as well.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe