tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 with optional header filtering bug

From: Guy Harris <guy () alum mit edu>
Date: Mon, 16 Jan 2012 11:59:13 -0800

On Jan 16, 2012, at 5:55 AM, Shalom Kramer wrote:


But I seem not to be able to filter by the underlying tcp properties. For
instance:

*tcpdump ** -r http_over_ipv6_with_options.pcap* *"ip6 protochain \tcp and
port 80"

*Will return only the packets without the optional IPv6 headers.

How do I filter by the properties of the TCP header which comes after
optional IPv6 headers?


By modifying libpcap's code generator to note that "ip6 protochain" was used and therefore that all subsequent protocol 
checks, such as the ones that "port 80" has to do (to determine whether the packet is TCP or UDP; the optimizer is 
turned off when "ip6 protochain" is used, as the optimizer can't handle loops, and "ip6 protochain" generates a loop, 
which means that it doesn't know that it can skip the check for TCP vs. UDP), should also do protocol chain chasing.

Unfortunately, that's a lot more work than fixing the earlier bug.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: