tcpdump mailing list archives
Re: Printing of TCP flags seems incorrect
From: grarpamp <grarpamp () gmail com>
Date: Fri, 4 Jul 2008 01:33:02 -0400
once a connection is established, there should not be any packets with no flags set ... not sure when you'd ever see a TCP segment with no flags set
"Packets Found on an Internet" :) The net's full of physical packets that make no logical sense to the viewer. Still have to print them correctly anyways.
it's a "none" argument passed to bittok2str_nosep() plus the bittok2str_internal() /* bummer - lets print the "unknown" message as advised in the fmt
My guess is that back in the day before that octet had all its bits defined 'unknown' was the correct word for bits not found in: struct tok tcp_flag_values[] How 'none' crept in there as a word I don't know.
it does not appear to be excercised
Is the return at line 352 of util.c in the right place given how
that function is called by bittok2str_nosep() from print-tcp.c
regarding this?
If flags == 0, calling bittok2str_nosep() from print-tcp.c is excess
right? Why not if-else test and printf("Flags [none]") or short
circuit in bittok2str_internal() ?
Maybe I'm confused, I do that often :)
I assume by "naming" you are referring not only to the bits used to print the flags in tcpdump but also the flag values used in libpcap for filters.
Yes.
Perhaps a name using the "psh" abbreviation ... should be *one of* the names allowed for that flag ... because people might already have filters using "tcp-push".
It just seemed weird for things to not match up exactly between rfc/code/man. Probably just an initial coding oversight or whatever. Release notes and changelogs can help with addressing various legacy things if desired. The patch is a proposed way to make it all consistent. Of course feel free to use it in whole or part as deemed fit :) Thanks for the pointer on tcpreplay, I first found it in the tcpdump.org cvs checkout. Turns out I have a use for it too. I meant in its makefile, not tcpdump.org's makefiles :) Need to find a packet generator and make myself a 'none' packet to replay :) - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Printing of TCP flags seems incorrect grarpamp (Jul 01)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)