Re: IP length vs IP6 length inconsistency (fwd)

[Pekka Savola <pekkas () netcore fi>]

On Thu, 13 Sep 2007, Guy Harris wrote:
> > There are differences as to how next-headers are chained in v4 vs v6. but 
> > I'd be tempted to argue that a uniform representation would be helpful.
> >
> > Is this inconsistency intentional?
>
> If the intent is to display the raw value of the length fields in the 
> headers, then, yes, it is, as the meanings of the length fields differ.

Well, I guess someone needs to decide what the intent is :-).  If the 
intent is to print the raw contents, it'd be helpful if the names of 
the fields printed were different.

Another related problem: tcpdump expressions such as 'less 100' cause 
similar inconsistency confusion.  It seems the length there includes 
the L2 headers as well, even though the man page speaks of 'packet 
length' (instead of say, frame length).  I wonder if this also is 
intentional?

E.g.:  I have router advertisements whose IP length (header+payload) 
is 104 bytes (with -e, ethernet length is 118 bytes).  The first value 
I can see them is with 'less 118' (instead of 'less 104').  So there 
seems to be an offset of about 14 bytes here.  Second example are ARP 
requests/replies whose L2 length is 60 bytes.  They can be seen with 
'less 60' but no longer with 'less 59'.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.