tcpdump mailing list archives
Re: IPv6 with optional header filtering bug
From: Shalom Kramer <kpeace1 () gmail com>
Date: Mon, 16 Jan 2012 15:55:57 +0200
I checked out the new 1.2.1 release and yes, it's working. Thanks! But I seem not to be able to filter by the underlying tcp properties. For instance: *tcpdump ** -r http_over_ipv6_with_options.pcap* *"ip6 protochain \tcp and port 80" *Will return only the packets without the optional IPv6 headers. How do I filter by the properties of the TCP header which comes after optional IPv6 headers? On Thu, Dec 1, 2011 at 5:08 AM, Guy Harris <guy () alum mit edu> wrote:
On Nov 30, 2011, at 6:11 PM, Guy Harris wrote:However, even with the filter that *does* handle extension headers -"ip6 protochain \tcp" (which has to be quoted so that the shell passes the backslash on to tcpdump) - it *still* isn't matching the first packet, so there's a bug of some sort in the filter code it's generating for "ip6 protochain XXX". OK, I've checked into the trunk and 1.2 branches a fix for the bad "ip6 protochain" code, as well as a fix for another bug that would cause misfiltering of packets in pcap-NG files (but not pcap files). You'll still have to use "ip6 protochain \tcp" to filter for TCP packets in packets with IPv6 extension headers - and in a C program, that'd be "ip6 protochain \\tcp" so that it doesn't think that's "<TAB>cp". - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: IPv6 with optional header filtering bug Shalom Kramer (Jan 16)
- Re: IPv6 with optional header filtering bug Guy Harris (Jan 16)