Commit 4533b6d8 authored by Gordon Tetlow's avatar Gordon Tetlow
Browse files

Vendor import of tcpdump 4.9.2.

Approved by:	emaste (mentor)
parent d79b843c
Sunday September 3, 2017
Summary for 4.9.2 tcpdump release
Do not use getprotobynumber() for protocol name resolution. Do not do
any protocol name resolution if -n is specified.
Improve errors detection in the test scripts.
Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
Clean up IS-IS printing.
Fix buffer overflow vulnerabilities:
CVE-2017-11543 (SLIP)
CVE-2017-13011 (bittok2str_internal)
Fix infinite loop vulnerabilities:
CVE-2017-12989 (RESP)
CVE-2017-12990 (ISAKMP)
CVE-2017-12995 (DNS)
CVE-2017-12997 (LLDP)
Fix buffer over-read vulnerabilities:
CVE-2017-11541 (safeputs)
CVE-2017-11542 (PIMv1)
CVE-2017-12893 (SMB/CIFS)
CVE-2017-12894 (lookup_bytestring)
CVE-2017-12895 (ICMP)
CVE-2017-12896 (ISAKMP)
CVE-2017-12897 (ISO CLNS)
CVE-2017-12898 (NFS)
CVE-2017-12899 (DECnet)
CVE-2017-12900 (tok2strbuf)
CVE-2017-12901 (EIGRP)
CVE-2017-12902 (Zephyr)
CVE-2017-12985 (IPv6)
CVE-2017-12986 (IPv6 routing headers)
CVE-2017-12987 (IEEE 802.11)
CVE-2017-12988 (telnet)
CVE-2017-12991 (BGP)
CVE-2017-12992 (RIPng)
CVE-2017-12993 (Juniper)
CVE-2017-11542 (PIMv1)
CVE-2017-11541 (safeputs)
CVE-2017-12994 (BGP)
CVE-2017-12996 (PIMv2)
CVE-2017-12998 (ISO IS-IS)
CVE-2017-12999 (ISO IS-IS)
CVE-2017-13000 (IEEE 802.15.4)
CVE-2017-13001 (NFS)
CVE-2017-13002 (AODV)
CVE-2017-13003 (LMP)
CVE-2017-13004 (Juniper)
CVE-2017-13005 (NFS)
CVE-2017-13006 (L2TP)
CVE-2017-13007 (Apple PKTAP)
CVE-2017-13008 (IEEE 802.11)
CVE-2017-13009 (IPv6 mobility)
CVE-2017-13010 (BEEP)
CVE-2017-13012 (ICMP)
CVE-2017-13013 (ARP)
CVE-2017-13014 (White Board)
CVE-2017-13015 (EAP)
CVE-2017-11543 (SLIP)
CVE-2017-13016 (ISO ES-IS)
CVE-2017-13017 (DHCPv6)
CVE-2017-13018 (PGM)
CVE-2017-13019 (PGM)
CVE-2017-13020 (VTP)
CVE-2017-13021 (ICMPv6)
CVE-2017-13022 (IP)
CVE-2017-13023 (IPv6 mobility)
CVE-2017-13024 (IPv6 mobility)
CVE-2017-13025 (IPv6 mobility)
CVE-2017-13026 (ISO IS-IS)
CVE-2017-13027 (LLDP)
CVE-2017-13028 (BOOTP)
CVE-2017-13029 (PPP)
CVE-2017-13030 (PIM)
CVE-2017-13031 (IPv6 fragmentation header)
CVE-2017-13032 (RADIUS)
CVE-2017-13033 (VTP)
CVE-2017-13034 (PGM)
CVE-2017-13035 (ISO IS-IS)
CVE-2017-13036 (OSPFv3)
CVE-2017-13037 (IP)
CVE-2017-13038 (PPP)
CVE-2017-13039 (ISAKMP)
CVE-2017-13040 (MPTCP)
CVE-2017-13041 (ICMPv6)
CVE-2017-13042 (HNCP)
CVE-2017-13043 (BGP)
CVE-2017-13044 (HNCP)
CVE-2017-13045 (VQP)
CVE-2017-13046 (BGP)
CVE-2017-13047 (ISO ES-IS)
CVE-2017-13048 (RSVP)
CVE-2017-13049 (Rx)
CVE-2017-13050 (RPKI-Router)
CVE-2017-13051 (RSVP)
CVE-2017-13052 (CFM)
CVE-2017-13053 (BGP)
CVE-2017-13054 (LLDP)
CVE-2017-13055 (ISO IS-IS)
CVE-2017-13687 (Cisco HDLC)
CVE-2017-13688 (OLSR)
CVE-2017-13689 (IKEv1)
CVE-2017-13690 (IKEv2)
CVE-2017-13725 (IPv6 routing headers)
Sunday July 23, 2017
Summary for 4.9.1 tcpdump release
CVE-2017-11108/Fix bounds checking for STP.
Make assorted documentation updates and fix a few typos in tcpdump output.
Fixup -C for file size >2GB (GH #488).
Show AddressSanitizer presence in version output.
Fix a bug in test scripts (exposed in GH #613).
On FreeBSD adjust Capsicum capabilities for netmap.
On Linux fix a use-after-free when the requested interface does not exist.
Wednesday January 18, 2017
Summary for 4.9.0 tcpdump release
General updates:
Improve separation frontend/backend (tcpdump/libnetdissect)
Don't require IPv6 library support in order to support IPv6 addresses
Introduce data types to use for integral values in packet structures
Fix display of timestamps with -tt, -ttt and -ttttt options
Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
(More information in the log with CVE-2016-* and CVE-2017-*)
Change the way protocols print link-layer addresses (Fix heap overflows
......@@ -35,14 +144,6 @@ Wednesday January 18, 2017
Don't drop CAP_SYS_CHROOT before chrooting
Fixes issue where statistics not reported when -G and -W options used
New printers supporting:
Generic Protocol Extension for VXLAN (VXLAN-GPE)
Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
Marvell Extended Distributed Switch Architecture header (MEDSA)
Network Service Header (NSH)
REdis Serialization Protocol (RESP)
Updated printers:
802.11: Beginnings of 11ac radiotap support
802.11: Check the Protected bit for management frames
......@@ -61,7 +162,6 @@ Wednesday January 18, 2017
ATM: Fix an incorrect bounds check
BFD: Update specification from draft to RFC 5880
BFD: Update to print optional authentication field
BGP: Add decoding of ADD-PATH capability
BGP: Add support for the AIGP attribute (RFC7311)
BGP: Print LARGE_COMMUNITY Path Attribute
BGP: Update BGP numbers from IANA; Print minor values for FSM notification
......@@ -78,7 +178,6 @@ Wednesday January 18, 2017
DTP: Improve packet integrity checks
EGP: Fix bounds checks
ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
ESP: Handle OpenSSL 1.1.x
Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
Ethernet: Print the Length/Type field as length when needed
FDDI: Fix -e output for FDDI
......@@ -87,7 +186,6 @@ Wednesday January 18, 2017
Geneve: Fix error message with invalid option length; Update list option classes
HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
IGMP: Add a length check
IP: Add a bounds check (Fix a heap overflow)
IP: Check before fetching the protocol version (Fix a heap overflow)
......@@ -115,7 +213,6 @@ Wednesday January 18, 2017
MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
MPLS: "length" is now the *remaining* packet length
MPLS: Add bounds and length checks (Fix a heap overflow)
NFS: Add a test that makes unaligned accesses
NFS: Don't assume the ONC RPC header is nicely aligned
NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
NFS: Don't run past the end of an NFSv3 file handle
......@@ -130,7 +227,6 @@ Wednesday January 18, 2017
PGM: Print the formatted IP address, not the raw binary address, as a string
PIM: Add some bounds checking (Fix a heap overflow)
PIMv2: Fix checksumming of Register messages
PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
PPP: Add some bounds checks (Fix a heap overflow)
PPP: Report invalid PAP AACK/ANAK packets
Q.933: Add a missing bounds check
......@@ -171,16 +267,46 @@ Wednesday January 18, 2017
UDLD: Fix an infinite loop
UDP: Add a bounds check (Fix a heap overflow)
UDP: Check against the packet length first
UDP: Don't do the DDP-over-UDP heuristic check up front
VAT: Add some bounds checks
VTP: Add a test on Mgmt Domain Name length
VTP: Add bounds checks and filter out non-printable characters
VXLAN: Add a bound check and a test case
ZeroMQ: Fix an infinite loop
Tuesday April 14, 2015
Summary for 4.8.0 tcpdump release
Tuesday October 25, 2016
Summary for 4.8.1 tcpdump release
Fix "-x" for Apple PKTAP and PPI packets
Improve separation frontend/backend (tcpdump/libnetdissect)
Fix display of timestamps with -tt, -ttt and -ttttt options
Add support for the Marvell Extended Distributed Switch Architecture header
Use PRIx64 to print a 64-bit number in hex.
Printer for HNCP (RFCs 7787 and 7788).
dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
RSVP: Add bounds and length checks
OSPF: Do more bounds checking
Handle OpenSSL 1.1.x.
Initial support for the REdis Serialization Protocol known as RESP.
Add printing function for Generic Protocol Extension for VXLAN
Network Service Header: draft-ietf-sfc-nsh-01
Don't recompile the filter if the new file has the same DLT.
Pass an adjusted struct pcap_pkthdr to the sub-printer.
Add three test cases for already fixed CVEs
CVE-2014-8767: OLSR
CVE-2014-8768: Geonet
CVE-2014-8769: AODV
Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
Use the new debugging routines in libpcap.
Harmonize TCP source or destination ports tests with UDP ones
Introduce data types to use for integral values in packet structures.
RSVP: Fix an infinite loop
Support of Type 3 and Type 4 LISP packets.
Don't require IPv6 library support in order to support IPv6 addresses.
Many many changes to support libnetdissect usage.
Add a test that makes unaligned accesses: GitHub issue #478.
add a DNSSEC test case: GH #445 and GH #467.
BGP: add decoding of ADD-PATH capability
fixes to LLC header printing, and RFC948-style IP packets
Friday April 10, 2015
Summary for 4.7.4 tcpdump release
......@@ -3,6 +3,44 @@ Some Information for Contributors
You want to contribute to Tcpdump, Thanks!
Please, read these lines.
How to report bugs and other problems
To report a security issue (segfault, buffer overflow, infinite loop, arbitrary
code execution etc) please send an e-mail to, do not use
the bug tracker!
To report a non-security problem (failure to compile, incorrect output in the
protocol printout, missing support for a particular protocol etc) please check
first that it reproduces with the latest stable release of tcpdump and the latest
stable release of libpcap. If it does, please check that the problem reproduces
with the current git master branch of tcpdump and the current git master branch of
libpcap. If it does (and it is not a security-related problem, otherwise see
above), please navigate to
and check if the problem has already been reported. If it has not, please open
a new issue and provide the following details:
* tcpdump and libpcap version (tcpdump --version)
* operating system name and version and any other details that may be relevant
(uname -a, compiler name and version, CPU type etc.)
* configure flags if any were used
* statement of the problem
* steps to reproduce
Please note that if you know exactly how to solve the problem and the solution
would not be too intrusive, it would be best to contribute some development time
and open a pull request instead as discussed below.
Still not sure how to do? Feel free to [subscribe](
to the mailing list and ask!
How to add new code and to update existing code
0) Check that there isn't a pull request already opened for the changes you
intend to make.
1) Fork the Tcpdump repository on GitHub from
......@@ -12,8 +50,11 @@ Please, read these lines.
on Linux and OSX before sending pull requests.
3) Clone your repository
3) Setup your git working copy
git clone<username>/tcpdump.git
cd tcpdump
git remote add upstream
git fetch upstream
4) Do a 'touch .devel' in your working directory.
Currently, the effect is
......@@ -47,19 +88,26 @@ Please, read these lines.
7) Test with 'make check'
Don't send a pull request if 'make check' gives failed tests.
8) Rebase your commits against upstream/master
(To keep linearity)
8) Try to rebase your commits to keep the history simple.
git rebase upstream/master
(If the rebase fails and you cannot resolve, issue "git rebase --abort"
and ask for help in the pull request comment.)
9) Initiate and send a pull request
9) Once 100% happy, put your work into your forked repository.
git push
10) Initiate and send a pull request
Some remarks
Code style and generic remarks
a) A thorough reading of some other printers code is useful.
b) Put the normative reference if any as comments (RFC, etc.).
c) Put the format of packets/headers/options as comments.
c) Put the format of packets/headers/options as comments if there is no
published normative reference.
d) The printer may receive incomplete packet in the buffer, truncated at any
random position, for example by capturing with '-s size' option.
......@@ -5,7 +5,7 @@ The current maintainers:
Denis Ovsienko <denis at ovsienko dot info>
Fulvio Risso <risso at polito dot it>
Guy Harris <guy at alum dot mit dot edu>
Hannes Gredler <hannes at juniper dot net>
Hannes Gredler <hannes at gredler dot at>
Michael Richardson <mcr at sandelman dot ottawa dot on dot ca>
Francois-Xavier Le Bail <fx dot lebail at yahoo dot com>
......@@ -39,6 +39,7 @@ Additional people who have contributed patches:
Bjoern A. Zeeb <bzeeb at Zabbadoz dot NeT>
Bram <tcpdump at mail dot wizbit dot be>
Brent L. Bates <blbates at vigyan dot com>
Brian Carpenter <brian dot carpenter at gmail dot com>
Brian Ginsbach <ginsbach at cray dot com>
Bruce M. Simpson <bms at spc dot org>
Carles Kishimoto Bisbe <ckishimo at ac dot upc dot es>
......@@ -54,6 +55,7 @@ Additional people who have contributed patches:
Craig Rodrigues <rodrigc at mediaone dot net>
Crist J. Clark <cjclark at alum dot mit dot edu>
Daniel Hagerty <hag at ai dot mit dot edu>
Daniel Lee <Longinus00 at gmail dot com>
Darren Reed <darrenr at reed dot wattle dot id dot au>
David Binderman <d dot binderman at virgin dot net>
David Horn <dhorn2000 at gmail dot com>
......@@ -85,6 +87,7 @@ Additional people who have contributed patches:
Greg Stark <gsstark at mit dot edu>
Hank Leininger <tcpdump-workers at progressive-comp dot com>
Hannes Viertel <hviertel at juniper dot net>
Hanno Böck <hanno at hboeck dot de>
Harry Raaymakers <harryr at connect dot com dot au>
Heinz-Ado Arnolds <Ado dot Arnolds at dhm-systems dot de>
Hendrik Scholz <hendrik at scholz dot net>
......@@ -111,6 +114,7 @@ Additional people who have contributed patches:
Juliusz Chroboczek <jch at pps dot jussieu dot fr>
Kaarthik Sivakumar <kaarthik at torrentnet dot com>
Kaladhar Musunuru <kaladharm at sourceforge dot net>
Kamil Frankowicz <kontakt at frankowicz dot me>
Karl Norby <karl-norby at sourceforge dot net>
Kazushi Sugyo <sugyo at pb dot jp dot nec dot com>
Kelly Carmichael <kcarmich at ipapp dot com>
......@@ -123,7 +127,6 @@ Additional people who have contributed patches:
Larry Lile <lile at stdio dot com>
Lennert Buytenhek <buytenh at gnu dot org>
Loganaden Velvindron <logan at elandsys dot com>
Daniel Lee <Longinus00 at gmail dot com>
Loris Degioanni <loris at netgroup-serv dot polito dot it>
Love Hörnquist-Åstrand <lha at stacken dot kth dot se>
Lucas C. Villa Real <lucasvr at us dot ibm dot com>
......@@ -166,6 +169,7 @@ Additional people who have contributed patches:
Paolo Abeni <paolo dot abeni at email dot it>
Pascal Hennequin <pascal dot hennequin at int-evry dot fr>
Pasvorn Boonmark <boonmark at juniper dot net>
Patrik Lundquist <patrik dot lundquist at gmail dot com>
Paul Ferrell <pflarr at sourceforge dot net>
Paul Mundt <lethal at linux-sh dot org>
Paul S. Traina <pst at freebsd dot org>
......@@ -37,6 +37,7 @@ Please see "PLATFORMS" for notes about tested platforms.
CHANGES - description of differences between releases
CONTRIBUTING - guidelines for contributing
CREDITS - people that have helped tcpdump along
INSTALL.txt - this file
LICENSE - the license under which tcpdump is distributed
......@@ -263,6 +263,7 @@ HDR = \
ether.h \
ethertype.h \
extract.h \
funcattrs.h \
getopt_long.h \
gmpls.h \
gmt2local.h \
== Tested platforms ==
NetBSD 5.1/i386 (mcr - 2012/4/1)
Debian Linux (squeeze/i386) (mcr - 2012/4/1)
RedHat Linux 6.1/i386 (assar)
FreeBSD 2.2.8/i386 (itojun)
In many operating systems tcpdump is available as a native package or port,
which simplifies installation of updates and long-term maintenance. However,
the native packages are sometimes a few versions behind and to try a more
recent snapshot it will take to compile tcpdump from the source code.
tcpdump compiles and works on at least the following platforms:
* FreeBSD
* HP-UX 11i
* Linux (any) with glibc (usually just works)
* Linux (any) with musl libc (sometimes fails to compile, please report any bugs)
* Mac OS X / macOS
* NetBSD
* OpenWrt
* Solaris
......@@ -3,25 +3,21 @@
Now maintained by "The Tcpdump Group"
To report a security issue please send an e-mail to
Please send inquiries/comments/reports to:
To report bugs and other problems, contribute patches, request a
feature, provide generic feedback etc please see the file
CONTRIBUTING in the tcpdump source tree root.
Now maintained by "The Tcpdump Group"
Anonymous Git is available via:
git clone git://
Please submit patches by forking the branch on GitHub at:
and issuing a pull request.
formerly from Lawrence Berkeley National Laboratory
formerly from Lawrence Berkeley National Laboratory
Network Research Group <> (3.4)
......@@ -71,20 +67,6 @@ It is a program that can be used to extract portions of tcpdump binary
trace files. See the above distribution for further details and
Problems, bugs, questions, desirable enhancements, etc. should be sent
to the address "". Bugs, support
requests, and feature requests may also be submitted on the GitHub issue
tracker for tcpdump at:
Source code contributions, etc. should be sent to the email address
above or submitted by forking the branch on GitHub at:
and issuing a pull request.
Current versions can be found at
- The TCPdump team
......@@ -655,7 +655,7 @@ AC_DEFUN(AC_LBL_LIBPCAP,
[Report this to, and include the
[This is a bug, please follow the guidelines in CONTRIBUTING and include the
config.log file in your report. If you have downloaded libpcap from, and built it yourself, please also include the config.log
file from the libpcap source directory, the Makefile from the libpcap
......@@ -145,13 +145,23 @@ struct enamemem {
u_short e_addr2;
const char *e_name;
u_char *e_nsap; /* used only for nsaptable[] */
#define e_bs e_nsap /* for bytestringtable */
struct enamemem *e_nxt;
static struct enamemem enametable[HASHNAMESIZE];
static struct enamemem nsaptable[HASHNAMESIZE];
static struct enamemem bytestringtable[HASHNAMESIZE];
struct bsnamemem {
u_short bs_addr0;
u_short bs_addr1;
u_short bs_addr2;
const char *bs_name;
u_char *bs_bytes;
unsigned int bs_nbytes;
struct bsnamemem *bs_nxt;
static struct bsnamemem bytestringtable[HASHNAMESIZE];
struct protoidmem {
uint32_t p_oui;
......@@ -321,7 +331,7 @@ getname6(netdissect_options *ndo, const u_char *ap)
return (p->name);
static const char hex[] = "0123456789abcdef";
static const char hex[16] = "0123456789abcdef";
/* Find the hash node that corresponds the ether address 'ep' */
......@@ -359,11 +369,11 @@ lookup_emem(netdissect_options *ndo, const u_char *ep)
* with length 'nlen'
static inline struct enamemem *
static inline struct bsnamemem *
lookup_bytestring(netdissect_options *ndo, register const u_char *bs,
const unsigned int nlen)
struct enamemem *tp;
struct bsnamemem *tp;
register u_int i, j, k;
if (nlen >= 6) {
......@@ -378,26 +388,28 @@ lookup_bytestring(netdissect_options *ndo, register const u_char *bs,
i = j = k = 0;
tp = &bytestringtable[(i ^ j) & (HASHNAMESIZE-1)];
while (tp->e_nxt)
if (tp->e_addr0 == i &&
tp->e_addr1 == j &&
tp->e_addr2 == k &&
memcmp((const char *)bs, (const char *)(tp->e_bs), nlen) == 0)
while (tp->bs_nxt)
if (nlen == tp->bs_nbytes &&
tp->bs_addr0 == i &&
tp->bs_addr1 == j &&
tp->bs_addr2 == k &&
memcmp((const char *)bs, (const char *)(tp->bs_bytes), nlen) == 0)
return tp;
tp = tp->e_nxt;
tp = tp->bs_nxt;
tp->e_addr0 = i;
tp->e_addr1 = j;
tp->e_addr2 = k;
tp->bs_addr0 = i;
tp->bs_addr1 = j;
tp->bs_addr2 = k;
tp->e_bs = (u_char *) calloc(1, nlen + 1);
if (tp->e_bs == NULL)
tp->bs_bytes = (u_char *) calloc(1, nlen);
if (tp->bs_bytes == NULL)
(*ndo->ndo_error)(ndo, "lookup_bytestring: calloc");
memcpy(tp->e_bs, bs, nlen);
tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
if (tp->e_nxt == NULL)
memcpy(tp->bs_bytes, bs, nlen);
tp->bs_nbytes = nlen;
tp->bs_nxt = (struct bsnamemem *)calloc(1, sizeof(*tp));
if (tp->bs_nxt == NULL)
(*ndo->ndo_error)(ndo, "lookup_bytestring: calloc");
return tp;
......@@ -424,11 +436,11 @@ lookup_nsap(netdissect_options *ndo, register const u_char *nsap,
tp = &nsaptable[(i ^ j) & (HASHNAMESIZE-1)];
while (tp->e_nxt)
if (tp->e_addr0 == i &&
if (nsap_length == tp->e_nsap[0] &&
tp->e_addr0 == i &&
tp->e_addr1 == j &&
tp->e_addr2 == k &&
tp->e_nsap[0] == nsap_length &&
memcmp((const char *)&(nsap[1]),
memcmp((const char *)nsap,
(char *)&(tp->e_nsap[1]), nsap_length) == 0)
return tp;
......@@ -528,12 +540,12 @@ le64addr_string(netdissect_options *ndo, const u_char *ep)
const unsigned int len = 8;
register u_int i;
register char *cp;
register struct enamemem *tp;
register struct bsnamemem *tp;
char buf[BUFSIZE];
tp = lookup_bytestring(ndo, ep, len);
if (tp->e_name)
return (tp->e_name);
if (tp->bs_name)
return (tp->bs_name);
cp = buf;
for (i = len; i > 0 ; --i) {
......@@ -545,11 +557,11 @@ le64addr_string(netdissect_options *ndo, const u_char *ep)
*cp = '\0';
tp->e_name = strdup(buf);
if (tp->e_name == NULL)
tp->bs_name = strdup(buf);
if (tp->bs_name == NULL)
(*ndo->ndo_error)(ndo, "le64addr_string: strdup(buf)");
return (tp->e_name);
return (tp->bs_name);
const char *
......@@ -558,7 +570,7 @@ linkaddr_string(netdissect_options *ndo, const u_char *ep,
register u_int i;
register char *cp;
register struct enamemem *tp;
register struct bsnamemem *tp;
if (len == 0)
return ("<empty>");
......@@ -570,11 +582,11 @@ linkaddr_string(netdissect_options *ndo, const u_char *ep,
return (q922_string(ndo, ep, len));
tp = lookup_bytestring(ndo, ep, len);
if (tp->e_name)
return (tp->e_name);
if (tp->bs_name)
return (tp->bs_name);
tp->e_name = cp = (char *)malloc(len*3);
if (tp->e_name == NULL)
tp->bs_name = cp = (char *)malloc(len*3);
if (tp->bs_name == NULL)
(*ndo->ndo_error)(ndo, "linkaddr_string: malloc");
*cp++ = hex[*ep >> 4];
*cp++ = hex[*ep++ & 0xf];
......@@ -584,7 +596,7 @@ linkaddr_string(netdissect_options *ndo, const u_char *ep,
*cp++ = hex[*ep++ & 0xf];
*cp = '\0';
return (tp->e_name);
return (tp->bs_name);
const char *
......@@ -33,7 +33,8 @@ enum {