tcpdump mailing list archives
Re: IPv6 with optional header filtering bug
From: Guy Harris <guy () alum mit edu>
Date: Wed, 30 Nov 2011 18:11:04 -0800
On Nov 30, 2011, at 4:17 AM, Shalom Kramer wrote:
This will show you how the packet looks when tcpdump doesn't try to apply any filters.
*The* packet? Those are two different packets; the filter "tcp" is, for some reason, failing to match the first packet, but it's matching a subsequent packet. Part of the problem is the extension headers - handling extension headers in IPv6 requires a loop in the BPF program, and that's not supported in the kernel BPFs used when capturing, so it's not the default. However, even with the filter that *does* handle extension headers - "ip6 protochain \tcp" (which has to be quoted so that the shell passes the backslash on to tcpdump) - it *still* isn't matching the first packet, so there's a bug of some sort in the filter code it's generating for "ip6 protochain XXX". - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- IPv6 with optional header filtering bug Shalom Kramer (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)