tcpdump mailing list archives
IPv6 with optional header filtering bug
From: Shalom Kramer <kpeace1 () gmail com>
Date: Wed, 30 Nov 2011 14:17:21 +0200
Hi, I encountered a bug while trying to apply a filter to an ipv6 pcap which contains IPv6 optional headers. (link to pcap http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=http_over_ipv6_with_options.pcap ) To reproduce the bug simply run:
*tcpdump -xx -c 1 -s 0 -r http_over_ipv6_with_options.pcap*
0x0000: 0011 2513 ecdd 00e0 814c 26cc 86dd 6000 0x0010: 0000 0038 0040 1001 0000 0000 0000 0000 0x0020: 0000 0000 0133 1001 0000 0000 0000 0000 0x0030: 0000 0000 0140 3c00 0f02 0000 0200 0600 0x0040: 0f02 0000 0100 d941 0050 6e90 9103 0000 0x0050: 0000 a002 1680 ffed 0000 0204 05a0 0402 0x0060: 080a 5a1e dbed 0000 0000 0103 0307 This will show you how the packet looks when tcpdump doesn't try to apply any filters. But once you run:
*tcpdump -xx -c 1 -s 0 -r /root/pcap/http_over_ipv6_with_options.pcap
"tcp"* 0x0000: 00e0 814c 26cc 0011 2513 ecdd 86dd 6000 0x0010: 0000 0028 06ff 1001 0000 0000 0000 0000 0x0020: 0000 0000 0140 1001 0000 0000 0000 0000 0x0030: 0000 0000 0133 0050 d941 70c7 07c5 6e90 0x0040: 9104 a012 1650 14a3 0000 0204 05a0 0402 0x0050: 080a 00d0 720d 5a1e dbed 0103 0307 As you can see, applying the simple filter will wreck havoc on the poor innocent packet. The outcome will be the same if you will filter by "ip6 and tcp" or any such combinations. This bug doesn't affect IPv6 packets with no optional headers. I found this bug when trying to write a program which links with libpcap, so this is a libpcap bug and not a tcpdump bug. Anyone encountered this bug? knows how to fix it? Peace, Thanks! - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- IPv6 with optional header filtering bug Shalom Kramer (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)
- Re: IPv6 with optional header filtering bug Guy Harris (Nov 30)