Hi,
There is a bug in egp_print fonction from print-egp.c
tcpdump don't print correct egp packet smaller than 32bytes, because their
size was inferior to egp struct size.
Here you'll find the patch.
I have posted it on sourceforge. But i don't know how sf patch submitting
system works.
So I send it to this mailing list.
I hope it's the appropriate place...
Does the patch will be integrated to the next version of tcpdump?
Nicolas FERRERO
diff -urN tcpdump-3.8.3/interface.h tcpdump/interface.h
--- tcpdump-3.8.3/interface.h 2004-03-17 20:47:48.000000000 +0100
+++ tcpdump/interface.h 2004-12-23 03:48:12.796318448 +0100
@@ -216,7 +216,7 @@
extern void default_print(const u_char *, u_int);
extern void default_print_unaligned(const u_char *, u_int);
extern void dvmrp_print(const u_char *, u_int);
-extern void egp_print(const u_char *);
+extern void egp_print(const u_char *, u_int);
extern u_int enc_if_print(const struct pcap_pkthdr *, const u_char *);
extern u_int pflog_if_print(const struct pcap_pkthdr *, const u_char *);
extern u_int arcnet_if_print(const struct pcap_pkthdr *, const u_char *);
diff -urN tcpdump-3.8.3/print-egp.c tcpdump/print-egp.c
--- tcpdump-3.8.3/print-egp.c 2003-11-16 09:51:18.000000000 +0100
+++ tcpdump/print-egp.c 2004-12-23 04:51:21.991273256 +0100
@@ -214,7 +214,7 @@
}
void
-egp_print(register const u_int8_t *bp)
+egp_print(register const u_int8_t *bp, register u_int length)
{
register const struct egp_packet *egp;
register int status;
@@ -222,7 +222,7 @@
register int type;
egp = (struct egp_packet *)bp;
- if (!TTEST(*egp)) {
+ if (!TTEST2(*egp, length)) {
printf("[|egp]");
return;
}
diff -urN tcpdump-3.8.3/print-ip.c tcpdump/print-ip.c
--- tcpdump-3.8.3/print-ip.c 2004-03-24 10:01:39.000000000 +0100
+++ tcpdump/print-ip.c 2004-12-23 03:47:18.108632240 +0100
@@ -551,7 +551,7 @@
break;
case IPPROTO_EGP:
- egp_print(cp);
+ egp_print(cp, len);
break;
case IPPROTO_OSPF:
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
