diff --git a/CHANGES b/CHANGES index b1c90ff1ab..3dd541e9c9 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.5-887 | 2018-08-21 14:54:12 -0500 + + * Change default snaplen to 9216 bytes to better accommodate jumbo frames + (Justin Azoff) + 2.5-884 | 2018-08-20 15:39:21 -0500 * Fix outdated documentation test baselines (Jon Siwek, Corelight) diff --git a/NEWS b/NEWS index d119befbb0..77e1c7007f 100644 --- a/NEWS +++ b/NEWS @@ -450,6 +450,9 @@ Removed Functionality - The node-specific ``site/local-*.bro`` scripts have been removed. +- The default value of ``Pcap::snaplen`` changed from 8192 to 9216 bytes + to better accommodate jumbo frames. + Deprecated Functionality ------------------------ diff --git a/VERSION b/VERSION index 4285fbbeff..6fb53ec497 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5-884 +2.5-887 diff --git a/aux/broctl b/aux/broctl index 336e719c33..57973e670e 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 336e719c33d64efebe65f11322e2fbc6d11c946b +Subproject commit 57973e670effe27a0b66bff75f35298b6066e469 diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index 5ac2527bae..70d59b30cf 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -4813,7 +4813,7 @@ export { module Pcap; export { ## Number of bytes per packet to capture from live interfaces. - const snaplen = 8192 &redef; + const snaplen = 9216 &redef; ## Number of Mbytes to provide as buffer space when capturing from live ## interfaces. diff --git a/testing/btest/Baseline/bifs.dump_current_packet/1.hex b/testing/btest/Baseline/bifs.dump_current_packet/1.hex new file mode 100644 index 0000000000..69fc169df6 --- /dev/null +++ b/testing/btest/Baseline/bifs.dump_current_packet/1.hex @@ -0,0 +1,9 @@ +00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................| +00000010 00 24 00 00 01 00 00 00 1f ad 83 4d 17 79 01 00 |.$.........M.y..| +00000020 57 00 00 00 57 00 00 00 01 00 5e 00 00 fb 00 30 |W...W.....^....0| +00000030 48 bd 3e c4 08 00 45 00 00 49 00 00 40 00 ff 11 |H.>...E..I..@...| +00000040 30 4f 8d 8e dc ca e0 00 00 fb 14 e9 14 e9 00 35 |0O.............5| +00000050 7f 62 00 00 00 00 00 01 00 00 00 00 00 00 06 67 |.b.............g| +00000060 65 6d 69 6e 69 09 5f 73 66 74 70 2d 73 73 68 04 |emini._sftp-ssh.| +00000070 5f 74 63 70 05 6c 6f 63 61 6c 00 00 21 00 01 |_tcp.local..!..| +0000007f diff --git a/testing/btest/Baseline/bifs.dump_current_packet/1.pcap b/testing/btest/Baseline/bifs.dump_current_packet/1.pcap deleted file mode 100644 index 786971a6cf..0000000000 Binary files a/testing/btest/Baseline/bifs.dump_current_packet/1.pcap and /dev/null differ diff --git a/testing/btest/Baseline/bifs.dump_current_packet/2.hex b/testing/btest/Baseline/bifs.dump_current_packet/2.hex new file mode 100644 index 0000000000..0753a3427f --- /dev/null +++ b/testing/btest/Baseline/bifs.dump_current_packet/2.hex @@ -0,0 +1,17 @@ +00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................| +00000010 00 24 00 00 01 00 00 00 1f ad 83 4d f4 7a 01 00 |.$.........M.z..| +00000020 d5 00 00 00 d5 00 00 00 33 33 00 00 00 fb 00 17 |........33......| +00000030 f2 d7 cf 65 86 dd 60 00 00 00 00 9f 11 ff fe 80 |...e..`.........| +00000040 00 00 00 00 00 00 02 17 f2 ff fe d7 cf 65 ff 02 |.............e..| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 fb 14 e9 |................| +00000060 14 e9 00 9f 44 e9 00 00 84 00 00 00 00 01 00 00 |....D...........| +00000070 00 04 06 67 65 6d 69 6e 69 09 5f 73 66 74 70 2d |...gemini._sftp-| +00000080 73 73 68 04 5f 74 63 70 05 6c 6f 63 61 6c 00 00 |ssh._tcp.local..| +00000090 21 80 01 00 00 00 78 00 0f 00 00 00 00 00 16 06 |!.....x.........| +000000a0 67 65 6d 69 6e 69 c0 22 c0 39 00 1c 80 01 00 00 |gemini.".9......| +000000b0 00 78 00 10 fe 80 00 00 00 00 00 00 02 17 f2 ff |.x..............| +000000c0 fe d7 cf 65 c0 39 00 01 80 01 00 00 00 78 00 04 |...e.9.......x..| +000000d0 8d 8e dc 32 c0 0c 00 2f 80 01 00 00 00 78 00 09 |...2.../.....x..| +000000e0 c0 0c 00 05 00 00 80 00 40 c0 39 00 2f 80 01 00 |........@.9./...| +000000f0 00 00 78 00 08 c0 39 00 04 40 00 00 08 |..x...9..@...| +000000fd diff --git a/testing/btest/Baseline/bifs.dump_current_packet/2.pcap b/testing/btest/Baseline/bifs.dump_current_packet/2.pcap deleted file mode 100644 index 6045568b4b..0000000000 Binary files a/testing/btest/Baseline/bifs.dump_current_packet/2.pcap and /dev/null differ diff --git a/testing/btest/Baseline/core.pcap.dumper/output b/testing/btest/Baseline/core.pcap.dumper/output index 1fef85cb6f..e547fcaf4f 100644 --- a/testing/btest/Baseline/core.pcap.dumper/output +++ b/testing/btest/Baseline/core.pcap.dumper/output @@ -1,4 +1,4 @@ 2c2 < 00000010 ff ff 00 00 01 00 00 00 1d a2 b2 4e 73 00 07 00 |...........Ns...| --- -> 00000010 00 20 00 00 01 00 00 00 1d a2 b2 4e 73 00 07 00 |. .........Ns...| +> 00000010 00 24 00 00 01 00 00 00 1d a2 b2 4e 73 00 07 00 |.$.........Ns...| diff --git a/testing/btest/bifs/dump_current_packet.bro b/testing/btest/bifs/dump_current_packet.bro index 61c96384e4..0a852037a4 100644 --- a/testing/btest/bifs/dump_current_packet.bro +++ b/testing/btest/bifs/dump_current_packet.bro @@ -1,6 +1,12 @@ # @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT -# @TEST-EXEC: btest-diff 1.pcap -# @TEST-EXEC: btest-diff 2.pcap +# @TEST-EXEC: hexdump -C 1.pcap >1.hex +# @TEST-EXEC: hexdump -C 2.pcap >2.hex +# @TEST-EXEC: btest-diff 1.hex +# @TEST-EXEC: btest-diff 2.hex + +# Note that the hex output will contain global pcap header information, +# including Bro's snaplen setting (so maybe check that out in the case +# you are reading this message due to this test failing in the future). global i: count = 0; diff --git a/testing/btest/core/pcap/dumper.bro b/testing/btest/core/pcap/dumper.bro index facb86a830..8f89987b37 100644 --- a/testing/btest/core/pcap/dumper.bro +++ b/testing/btest/core/pcap/dumper.bro @@ -2,4 +2,8 @@ # @TEST-EXEC: hexdump -C $TRACES/workshop_2011_browse.trace >1 # @TEST-EXEC: hexdump -C dump >2 # @TEST-EXEC: diff 1 2 >output || true + +# Note that we're diff'ing the diff because there is an expected +# difference in the pcaps: namely, the snaplen setting stored in the +# global pcap header. # @TEST-EXEC: btest-diff output