tcpdump mailing list archives
Problems with removing alignment stuff in IP dissector
From: Guy Harris <guy () netapp com>
Date: Mon, 21 Oct 2002 15:24:48 -0700
On Fri, Oct 18, 2002 at 05:10:20AM -0400, Automatic cvs log generator /tcpdump/bin/makelog wrote:
CVS log entries from 17.10.2002 (Thu) 09:07:08 - 18.10.2002 (Fri) 09:07:22 GMT ===================================================== Summary by authors =====================================================
...
Author: itojun
File: tcpdump/print-ip.c; Revisions: 1.116
File: tcpdump/print-ip6.c; Revisions: 1.27
File: tcpdump/print-atalk.c; Revisions: 1.75
=====================================================
Combined list of identical log entries
=====================================================
...
Description:
remove buffer move in LBL_ALIGN case, which does more bad things than good things.
(if there's unaligned access, they must be converted to EXTRACT_xx)
Modified files:
File: tcpdump/print-atalk.c; Revision: 1.75;
Date: 2002/10/18 04:40:02; Author: itojun; Lines: (+1 -16)
File: tcpdump/print-ip.c; Revision: 1.116;
Date: 2002/10/18 04:40:03; Author: itojun; Lines: (+1 -25)
File: tcpdump/print-ip6.c; Revision: 1.27;
Date: 2002/10/18 04:40:03; Author: itojun; Lines: (+1 -20)
There are plenty of unaligned accesses, e.g. every access in
"print-ip.c" and "print-udp.c" is potentially unaligned, and probably
every other access to a more-than-1-byte field in a structure unless
EXTRACT_xx is being used.
I ran the current CVS version of tcpdump on a token-ring capture on a
SPARC/Solaris machine, and it crashed on one packet with an alignment
fault.
"pcap_open_offline()" attempts to put the buffer into which packets are
read on a memory boundary so that the link-layer payload is aligned on a
4-byte boundary; however:
1) it does so only for Ethernet and FDDI;
2) it's not possible to do so for Token Ring, as the link-layer
header on Token Ring is variable length, and the source
routing information is only guaranteed to be a multiple of 2
bytes in length, not a multiple of 4 bytes, so the correct
alignment could be packet-dependent.
Similar problems exist for live captures.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Automatic report from sources (tcpdump libpcap htdocs) between 17.10.2002 - 18.10.2002 GMT Automatic cvs log generator /tcpdump/bin/makelog (Oct 18)
- Problems with removing alignment stuff in IP dissector Guy Harris (Oct 21)
- Re: Problems with removing alignment stuff in IP dissector Guy Harris (Nov 04)
- Re: Problems with removing alignment stuff in IP dissector Jun-ichiro itojun Hagino (Nov 05)
- Re: Problems with removing alignment stuff in IP dissector Guy Harris (Nov 05)
- Re: Problems with removing alignment stuff in IP dissector Guy Harris (Nov 04)
- Problems with removing alignment stuff in IP dissector Guy Harris (Oct 21)