Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-28 Thread Mike Belopuhov
Still looking for OK's. On Wed, Nov 26, 2014 at 17:18 +0100, Mike Belopuhov wrote: > > > > better diff. the problem is that dissectors use packetp and > > snapend pointers themselves therefore they should be pointing > > to the newly allocated structure. we can restore them once > > we're done

Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-27 Thread Mike Belopuhov
On 27 November 2014 at 03:12, Theo de Raadt wrote: >> On Tue, Nov 25, 2014 at 18:42 +0100, Mike Belopuhov wrote: >> > On Mon, Nov 24, 2014 at 19:04 +0100, Mike Belopuhov wrote: >> > > Hi, >> > > >> > > IP header is not always aligned since bpf copies out the mbuf >> > > chain into the contigous bu

Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-26 Thread Theo de Raadt
> On Tue, Nov 25, 2014 at 18:42 +0100, Mike Belopuhov wrote: > > On Mon, Nov 24, 2014 at 19:04 +0100, Mike Belopuhov wrote: > > > Hi, > > > > > > IP header is not always aligned since bpf copies out the mbuf > > > chain into the contigous buffer provided by the userland. I've > > > seen this with

Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-26 Thread Mike Belopuhov
On Tue, Nov 25, 2014 at 18:42 +0100, Mike Belopuhov wrote: > On Mon, Nov 24, 2014 at 19:04 +0100, Mike Belopuhov wrote: > > Hi, > > > > IP header is not always aligned since bpf copies out the mbuf > > chain into the contigous buffer provided by the userland. I've > > seen this with large packet

Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-25 Thread Mike Belopuhov
On Mon, Nov 24, 2014 at 19:04 +0100, Mike Belopuhov wrote: > Hi, > > IP header is not always aligned since bpf copies out the mbuf > chain into the contigous buffer provided by the userland. I've > seen this with large packet sizes on VLANs. ip_print will then > copy the packet but the Ethernet

Re: tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-24 Thread Mike Belopuhov
On Nov 24, 2014 7:10 PM, "Mike Belopuhov" wrote: > > Hi, > > IP header is not always aligned since bpf copies out the mbuf > chain into the contigous buffer provided by the userland. I've > seen this with large packet sizes on VLANs. ip_print will then > copy the packet but the Ethernet header i

tcpdump: Ethernet header is not dumped with -xX if IP header is unaligned

2014-11-24 Thread Mike Belopuhov
Hi, IP header is not always aligned since bpf copies out the mbuf chain into the contigous buffer provided by the userland. I've seen this with large packet sizes on VLANs. ip_print will then copy the packet but the Ethernet header into the internal buffer so that it can cast it to the IP header