Bug appneta#835 - proper 802.3 (Ethernet I) handling

We can only support IPv4 and IPv6. Suppress warning for other protocols. Also add extra checks for invalid types and lengths.
fxlb · Jun 9, 2024 · 887077e · 887077e
1 parent d7f5bfe
commit 887077e
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 16 deletions.
diff --git a/docs/CHANGELOG b/docs/CHANGELOG
@@ -11,6 +11,7 @@
     - incorrect checksum for certain IPv4 packets - fixed by #846 (#844)
     - add check for IPv6 extension header length (#827 #842)
     - GitHub template for pull requests (#839)
+    - improved 802.3 (Ethernet I) handling and warning messages (#835)
     - handle IPv6 fragment extension header (#832 #837)
     - Linux tap interfaces fail intermittently (#828)
     - Infinite loop in tcprewrite at get.c (#827 #842)

diff --git a/src/common/get.c b/src/common/get.c
@@ -347,10 +347,11 @@ get_l2len_protocol(const u_char *pktdata,
         uint16_t ether_type;
         uint32_t l2_net_off = sizeof(*eth_hdr) + *l2offset;
 
-        if (datalen <= l2_net_off) {
-            warnx("%s (0x%x): Need at least 4 bytes for DLT_EN10MB but only %u available",
+        if (datalen <= l2_net_off + 4) {
+            warnx("%s (0x%x): Need at least %u bytes for DLT_EN10MB but only %u available",
                   pcap_datalink_val_to_description(datalink),
                   datalink,
+                  l2_net_off + 4,
                   datalen);
             return -1;
         }
@@ -361,23 +362,19 @@ get_l2len_protocol(const u_char *pktdata,
             return -1;
 
         *l2len = l2_net_off;
-        if (ether_type > 1500) {
+        if (ether_type >= 1536) {
             /* Ethernet II frame - return in host order */
             *protocol = ether_type;
+        } else if (ether_type > 1500) {
+            warnx("%s (0x%x): unsupported 802.3 length %u",
+                  pcap_datalink_val_to_description(datalink),
+                  datalink,
+                  ether_type);
+            return -1;
         } else {
             /* 803.3 frame */
-            if ((pktdata[l2_net_off] >> 4) == 4) {
-                *protocol = ETHERTYPE_IP;
-            } else if ((pktdata[l2_net_off] >> 4) == 6) {
-                *protocol = ETHERTYPE_IP6;
-            } else {
-                /* unsupported 802.3 protocol */
-                warnx("%s (0x%x): unsupported 802.3 protocol %u",
-                      pcap_datalink_val_to_description(datalink),
-                      datalink,
-                      ether_type);
-                return -1;
-            }
+            /* we don't modify 802.3 protocols */
+            return -1;
         }
         break;
     }

diff --git a/src/tcpedit/tcpedit.c b/src/tcpedit/tcpedit.c
@@ -94,7 +94,7 @@ tcpedit_packet(tcpedit_t *tcpedit, struct pcap_pkthdr **pkthdr, u_char **pktdata
     ipflags = 0;
     /* not everything has a L3 header, so check for errors.  returns proto in network byte order */
     if ((l2proto = tcpedit_dlt_proto(tcpedit->dlt_ctx, src_dlt, packet, (int)(*pkthdr)->caplen)) < 0) {
-        dbgx(2, "Packet has no L3+ header: %s", tcpedit_geterr(tcpedit));
+        dbgx(2, "Packet " COUNTER_SPEC " has no L3+ header: %s", tcpedit->runtime.packetnum, tcpedit_geterr(tcpedit));
         return TCPEDIT_SOFT_ERROR;
     } else {
         dbgx(2, "Layer 3 protocol type is: 0x%04x", ntohs(l2proto));