Approved by:	emaste (mentor)

importance.

commit: cab33b7a0acba7d2268a23c4383be6167106e549

Update ND_TTEST2 to fix issue 443

Add IS_NOT_NEGATIVE macro.
Avoid these warnings:
- comparison of unsigned expression >= 0 is always true [-Wtype-limits],
- comparison is always true due to limited range of data type [-Wtype-limits].

Approved by: jmallett (mentor)

Approved by: jmallett (mentor)

- Fix length checking.

Check both the captured length and the on-the-wire length (the latter
*should* be greater than or equal to the former, but that's not
guaranteed).

Add some additional length checks, so neither caplen nor length
underflow.

If we stop dissecting because the packet is too short, return 1, not 0,
as we've "dissected" what we can; 0 means "this is LLC+SNAP with an OUI
of 0 and an unknown Ethertype".

commit:	743bcecdc92f88b118ec7aac4f68b606601205cc

- Clean up length checks.

Check only the amount of length that matters at any given point; yes,
this means we do multiple checks, but so it goes.

We don't need to check for LLC+SNAP - llc_print() does that for us.  We
do, however, need to check to make sure we can safely skip the Fore
header.

commit:	5c65e7532fa16308e01299988852b0dc5b027559

Check whether the version field is available before looking at it.
While we're at it, use ND_TCHECK(), rather than a hand-rolled check, to
check whether we have the full fixed-length portion of the IPv4 header.

commit c67afe913011138a2504ec4d3d423b48e73b12f3

Do more length checking. From OpenBSD.

commit d7516761f9c4877bcb05bb6543be3543e165249

commit 772d6fbcf592209aa1ab1b61714e8ae72a5b1698
Author: Dmitrij Tejblum <tejblum@yandex-team.ru>
Date:   Sun Jun 2 13:48:44 2013 +0400

    Convert some versions of EXTRACT_{16,32,64}BITS() to inline functions.

    It removes the vast majority of strict-aliasing warnings from GCC.

our version as discussed with upstream.

Changes:

Thu.    April 1, 2010.  guy@alum.mit.edu.
  Summary for 4.1.1 tcpdump release
        Fix build on systems with PF, such as FreeBSD and OpenBSD.
        Don't blow up if a zero-length link-layer address is passed to
          linkaddr_string().

Thu.    March 11, 2010.  ken@netfunctional.ca/guy@alum.mit.edu.
  Summary for 4.1.0 tcpdump release
        Fix printing of MAC addresses for VLAN frames with a length
          field
        Add some additional bounds checks and use the EXTRACT_ macros
          more
        Add a -b flag to print the AS number in BGP packets in ASDOT
          notation rather than ASPLAIN notation
        Add ICMPv6 RFC 5006 support
        Decode the access flags in NFS access requests
        Handle the new DLT_ for memory-mapped USB captures on Linux
        Make the default snapshot (-s) the maximum
        Print name of device (when -L is used)
        Support for OpenSolaris (and SXCE build 125 and later)
        Print new TCP flags
        Add support for RPL DIO
        Add support for TCP User Timeout (UTO)
        Add support for non-standard Ethertypes used by 3com PPPoE gear
        Add support for 802.11n and 802.11s
        Add support for Transparent Ethernet Bridge ethertype in GRE
        Add 4 byte AS support for BGP printer
        Add support for the MDT SAFI 66 BG printer
        Add basic IPv6 support to print-olsr
        Add USB printer
        Add printer for ForCES
        Handle frames with an FCS
        Handle 802.11n Control Wrapper, Block Acq Req and Block Ack frames
        Fix TCP sequence number printing
        Report 802.2 packets as 802.2 instead of 802.3
        Don't include -L/usr/lib in LDFLAGS
        On x86_64 Linux, look in lib64 directory too
        Lots of code clean ups
        Autoconf clean ups
        Update testcases to make output changes
        Fix compiling with/out smi (--with{,out}-smi)
        Fix compiling without IPv6 support (--disable-ipv6)

Security:	FreeBSD-SA-07:06.tcpdump
Security:	CVE-2007-3798
Obtained from:	tcpdump.org
Approved by:	re (security blanket)

to vendor branch since this is already in their depot

Approved by:	re (scottl)

Security:	FreeBSD-SA-05:10.tcpdump
Security:	CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280
Obtained from:	tcpdump.org

Jonathan Heusser <jonny@drugphish.ch>

Przemyslaw Frasunek on bugtraq list.

http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz

import) to stop a segfault on ia64.  Add a #include to get missing
prototypes, particularly malloc().

Approved by: fenner

 http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz

 to replace freebsd.org's rev 1.2.

Obtained from: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z on 19-Aug-1996.