Re: IPv6 with optional header filtering bug

[Guy Harris <guy () alum mit edu>]

On Nov 30, 2011, at 4:17 AM, Shalom Kramer wrote:

> This will show you how the packet looks when tcpdump doesn't try to apply
> any filters.

*The* packet?

Those are two different packets; the filter "tcp" is, for some reason, failing to match the first packet, but it's 
matching a subsequent packet.

Part of the problem is the extension headers - handling extension headers in IPv6 requires a loop in the BPF program, 
and that's not supported in the kernel BPFs used when capturing, so it's not the default.

However, even with the filter that *does* handle extension headers - "ip6 protochain \tcp" (which has to be quoted so 
that the shell passes the backslash on to tcpdump) - it *still* isn't matching the first packet, so there's a bug of 
some sort in the filter code it's generating for "ip6 protochain XXX".

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.