Re: IPv6 with optional header filtering bug

[Guy Harris <guy () alum mit edu>]

On Nov 30, 2011, at 6:11 PM, Guy Harris wrote:

> However, even with the filter that *does* handle extension headers - "ip6 protochain \tcp" (which has to be quoted so 
> that the shell passes the backslash on to tcpdump) - it *still* isn't matching the first packet, so there's a bug of 
> some sort in the filter code it's generating for "ip6 protochain XXX".

OK, I've checked into the trunk and 1.2 branches a fix for the bad "ip6 protochain" code, as well as a fix for another 
bug that would cause misfiltering of packets in pcap-NG files (but not pcap files).

You'll still have to use "ip6 protochain \tcp" to filter for TCP packets in packets with IPv6 extension headers - and 
in a C program, that'd be "ip6 protochain \\tcp" so that it doesn't think that's "<TAB>cp".


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.