> On Tue, Nov 25, 2014 at 18:42 +0100, Mike Belopuhov wrote: > > On Mon, Nov 24, 2014 at 19:04 +0100, Mike Belopuhov wrote: > > > Hi, > > > > > > IP header is not always aligned since bpf copies out the mbuf > > > chain into the contigous buffer provided by the userland. I've > > > seen this with large packet sizes on VLANs. ip_print will then > > > copy the packet but the Ethernet header into the internal buffer > > > so that it can cast it to the IP header structure and update > > > global packetp and snapend pointers hence preventing the -Xx > > > dumping code from printing out the Ethernet header itself. > > > > > > Diff below fixes it. OK? > > > > > > > better diff. the problem is that dissectors use packetp and > > snapend pointers themselves therefore they should be pointing > > to the newly allocated structure. we can restore them once > > we're done with the inner content and go back to the caller > > to see if we need to hexdump the contents. > > > > i'll see if i can cook and test the ipv6 version. > > > > OK? > > > > now with an ip6 version and i've made sure that this fixes > dumping unaligned ipv6 packets as well. in the meantime > jsg@ has lured me into looking at the afl crash in the same > code and it looks like the check from ip6_print is useful > here: if we haven't got enough data for a header, don't > bother with anything else and just bail. > > ok?
Did you test on a strict alignment machine?