diff --git a/net_common.c b/net_common.c index 0214216..fdbb2fa 100644 --- a/net_common.c +++ b/net_common.c @@ -155,6 +155,12 @@ static int ipv4_jump_to_layer(const char *raw_data, int raw_layer_type, int exp if(raw_layer_type == expect_layer_type){ return 0; } + + /* IP分片不再继续跳转 */ + unsigned short *iphdr_off = (unsigned short *)&p_ip_hdr->ip_off[0]; + if((htons(*iphdr_off) & IP_MF) || (htons(*iphdr_off) & IP_OFFMASK)){ + return -1; + } switch(p_ip_hdr->ip_p){ case IPPROTO_TCP: @@ -262,8 +268,9 @@ static int ipv6_jump_to_layer(const char *raw_data, int raw_layer_type, int exp goto done; break; - case 44:///NEXTHDR_FRAGMENT: - offset_to_ip6 = 8; // 8 == sizeof(struct ipv6_frag_hdr); + case 44:///NEXTHDR_FRAGMENT: + /* IP分片不再继续跳转 */ + return -1; break; case 50://NEXTHDR_ESP: @@ -642,6 +649,11 @@ const void *MESA_net_jump_to_layer_greedy(const void *raw_data, int raw_layer_ty case __ADDR_TYPE_IP_PAIR_V4: { const struct mesa_ip4_hdr *ip4hdr = (const struct mesa_ip4_hdr *)expect_layer; + if((ntohs(ip4hdr->ip_off) & IP_MF ) || (ntohs(ip4hdr->ip_off) & IP_OFFMASK)){ + /* IP分片不再继续向内层跳转 */ + goto done; + } + if(IPPROTO_UDP == ip4hdr->ip_p){ new_next_layer_data = (char *)expect_layer + ip4hdr->ip_hl * 4; new_raw_layer_type = ADDR_TYPE_UDP; /* IP层如果继续向下一层偏移, 只支持UDP, IPIP, GRE, L2TPv3. */ diff --git a/print-ether.c b/print-ether.c index 823b23d..5583fc6 100644 --- a/print-ether.c +++ b/print-ether.c @@ -137,18 +137,6 @@ ether_print(netdissect_options *ndo, int llc_hdrlen; ep = (const struct ether_header *)p; - - /* 2017-01-06 lijia add, 非常规Ethernet包不显示 */ - switch(ntohs(ep->ether_length_type)){ - case ETHERTYPE_IP: - case ETHERTYPE_IPV6: - case ETHERTYPE_8021Q: - case ETHERTYPE_ARP: - break; - - default: - return; - } if (caplen < ETHER_HDRLEN) { ND_PRINT((ndo, "[|ether]")); diff --git a/print.c b/print.c index 9c4a33e..20e62fe 100644 --- a/print.c +++ b/print.c @@ -336,7 +336,7 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, */ ndo->ndo_snapend = sp + h->caplen; - hdrlen = (ndo->ndo_if_printer)(ndo, h, sp); /* 此函数指针实际指向 ether_if_print() */ + hdrlen = (ndo->ndo_if_printer)(ndo, h, sp); /* 此函数指针实际指向 ether_if_print() */ /* * Restore the original snapend, as a printer might have diff --git a/tcpdump.c b/tcpdump.c index 06562b8..9057ece 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -2177,7 +2177,10 @@ main(int argc, char **argv) if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0){ error("%s", pcap_geterr(pd)); }else{ - has_bpf_filter_flag = 1; + /* 不一定有bpf filter, 此处判断一下 */ + if(cmdbuf){ + has_bpf_filter_flag = 1; + } } if (dflag) {