tcpdump mailing list archives

Re: Signed/Unsigned Frag Offset Issue?

From: Joshua Krage <jkrage () guisarme net>
Date: Wed, 10 Dec 2003 14:52:28 -0500

On Wed, Dec 10, 2003 at 02:32:45AM -0800, Guy Harris wrote:

What does
      tcpdump -d 'ip[6:2] & 0x1fff > 0'
print?


$ tcpdump -d ip[6:2] & 0x1fff > 0
(000) ldh       [12]
(001) jeq       #0x800           jt 2    jf 5
(002) ldh       [20]
(003) jset      #0x1fff          jt 5    jf 4
(004) ret       #96
(005) ret       #0

"= 0" results in the same output.

Using "< 0" and "!= 0" swap (003) jt 5/4:
(003) jset      #0x1fff          jt 4    jf 5

-- 
Paranoia is a way of life.  With or without the Thorazine.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

Signed/Unsigned Frag Offset Issue? Joshua Krage (Dec 09)
- Re: Signed/Unsigned Frag Offset Issue? Guy Harris (Dec 10)
  - Re: Signed/Unsigned Frag Offset Issue? Joshua Krage (Dec 10)
    - Re: Signed/Unsigned Frag Offset Issue? Guy Harris (Dec 10)