Printing of TCP flags seems incorrect

[grarpamp <grarpamp () gmail com>]

Hi. Surely it is not possible to have both 'no flags' and
<any_other_flags> present at the same time? The man page has a few
references to the dot, particularly in the 'OUTPUT FORMAT - TCP
Packets' example near 'means no flags'.


#CVS, the most recent commit I have is: 20080624
#tcpdump version 3.9-PRE-CVS_2008_06_30
#libpcap version 0.9-PRE-CVS

./tcpdump_cvs -ns0 -i fxp0 'tcp[tcpflags] != 0' | egrep '\[[CEUAPRSF]+\.]'
... Flags [R.], ... <=== flag and no flag


#tcpdump version 3.9.8
#libpcap version 0.9.8

./tcpdump_398 -ns0 -i fxp0 'tcp[tcpflags] != 0' | egrep -v ': [CEUAPRSF.] '
... <nothing> ...



Also, shouldn't asking to print only ACK packets display the ACK
'A' instead of the 'no flags' '.' in the flag display field? I
printed them with -XX to verify the bitfield.

./tcpdump_cvs -ns0 -i fxp0 'tcp[13] == 16'
./tcpdump_398 -ns0 -i fxp0 'tcp[13] == 16'



I'm compiled against and running on the current FreeBSD RELENG_4.

Note that when using --with-crypto, I have to add -L to find
unresolved libraries. Seems that is also a bug that could be
addressed. I think it's in both CVS and 3.9.8.

CPPFLAGS=-static LDFLAGS=-static \
 ./configure --prefix=/tmp/lpc

CPPFLAGS=-static LDFLAGS="-static -L/usr/local/openssl098g/lib" \
 ./configure --prefix=/tmp/tcp --with-crypto=/usr/local/openssl098g
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.