IP length vs IP6 length inconsistency (fwd)

[Pekka Savola <pekkas () netcore fi>]

Hi,

In tcpdump 3.9.7 (Fedora 7) but seeing the same on FreeBSD, I noticed that on a 
similarly generated TCP packet, IPv4 output differs from IPv6 in that "length" 
in v4 includes the IP header length, but in v6 it does not.

There are differences as to how next-headers are chained in v4 vs v6. but I'd 
be tempted to argue that a uniform representation would be helpful.

Is this inconsistency intentional?

Is the length intended to print out the whole IP packet length (which in the 
case of v6 would probably require chasing down the extension header chain) or 
whatever IP header's "next header length" reports?

I believe users are looking for the whole IP packet length.

15:48:59.011531 IP (tos 0x10, ttl 64, id 2928, offset 0, flags [DF], proto TCP 
(6), length 60) 193.166.2.166.48849 > 193.94.160.1.26: S, cksum 0xa1ba 
(correct), 3306383735:3306383735(0) win 5840 <mss 1460,sackOK,timestamp 
441344519 0,nop,wscale 4>
         0x0000:  4510 003c 0b70 4000 4006 0990 c1a6 02a6
         0x0010:  c15e a001 bed1 001a c513 6977 0000 0000
         0x0020:  a002 16d0 a1ba 0000 0204 05b4 0402 080a
         0x0030:  1a4e 6207 0000 0000 0103 0304

15:49:06.442127 IP6 (hlim 64, next-header: TCP (6), length: 40) 
2001:708:10:10:209:6bff:fea0:47de.38549 > 2001:708::1.26: S, cksum 0xf9d5 
(correct), 2146010385:2146010385(0) win 5760 <mss 1440,sackOK,timestamp 
441351950 0,nop,wscale 4>
         0x0000:  6000 0000 0028 0640 2001 0708 0010 0010
         0x0010:  0209 6bff fea0 47de 2001 0708 0000 0000
         0x0020:  0000 0000 0000 0001 9695 001a 7fe9 8511
         0x0030:  0000 0000 a002 1680 f9d5 0000 0204 05a0
         0x0040:  0402 080a 1a4e 7f0e 0000 0000 0103 0304

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.