Re: IPv6 with optional header filtering bug

[Shalom Kramer <kpeace1 () gmail com>]

I checked out the new 1.2.1 release and yes, it's working.
Thanks!

But I seem not to be able to filter by the underlying tcp properties. For
instance:

*tcpdump ** -r http_over_ipv6_with_options.pcap* *"ip6 protochain \tcp and
port 80"

*Will return only the packets without the optional IPv6 headers.

How do I filter by the properties of the TCP header which comes after
optional IPv6 headers?

On Thu, Dec 1, 2011 at 5:08 AM, Guy Harris <guy () alum mit edu> wrote:

> On Nov 30, 2011, at 6:11 PM, Guy Harris wrote:
>
> > However, even with the filter that *does* handle extension headers -
> "ip6 protochain \tcp" (which has to be quoted so that the shell passes the
> backslash on to tcpdump) - it *still* isn't matching the first packet, so
> there's a bug of some sort in the filter code it's generating for "ip6
> protochain XXX".
>
> OK, I've checked into the trunk and 1.2 branches a fix for the bad "ip6
> protochain" code, as well as a fix for another bug that would cause
> misfiltering of packets in pcap-NG files (but not pcap files).
>
> You'll still have to use "ip6 protochain \tcp" to filter for TCP packets
> in packets with IPv6 extension headers - and in a C program, that'd be "ip6
> protochain \\tcp" so that it doesn't think that's "<TAB>cp".
>
>
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.