tcpdump mailing list archives
Re: TCP Header Flags
From: Francois-Xavier Le Bail <devel.fx.lebail () orange fr>
Date: Mon, 27 Feb 2023 03:31:27 +0100
On 26/02/2023 22:45, Denis Ovsienko wrote:
On Sun, 26 Feb 2023 15:46:56 +0100 Francois-Xavier Le Bail <devel.fx.lebail () orange fr> wrote: [...]I wonder if there would be any other incurred future maintenance.The proposed patch is: diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in index 10aeb42d..864cd238 100644 --- a/pcap-filter.manmisc.in +++ b/pcap-filter.manmisc.in @@ -1027,7 +1027,7 @@ The following ICMPv6 type field values are available: .BR \%icmp6-multicastrouterterm . .IP The following TCP flags field values are available: \fBtcp-fin\fP, -\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, +\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-psh\fP (or \fBtcp-push\fP), \fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP, \fBtcp-cwr\fP. .LP diff --git a/scanner.l b/scanner.l index 85fe395a..7cc39f77 100644 --- a/scanner.l +++ b/scanner.l @@ -475,6 +475,7 @@ tcp-fin { yylval->h = 0x01; return NUM; } tcp-syn { yylval->h = 0x02; return NUM; } tcp-rst { yylval->h = 0x04; return NUM; } tcp-push { yylval->h = 0x08; return NUM; } +tcp-psh { yylval->h = 0x08; return NUM; } tcp-ack { yylval->h = 0x10; return NUM; } tcp-urg { yylval->h = 0x20; return NUM; } tcp-ece { yylval->h = 0x40; return NUM; } (the tcpdump man page will need an update too.)Obviously, the change would be easy to make. But what comes to my mind is next 5 or 10 years of answering the same question: "Why tcp-psh is in the man page/my new book/stackoverflow/whatever and it works in my development environment, but some production servers reject the syntax? These are on a very expensive long term support contract, so everything is supposed just to work, right? Right?"
There are already some doc/site with bad use of "tcp-psh" instead of "tcp-push" like: https://packetlife.net/media/library/12/tcpdump.pdf https://github.com/the-tcpdump-group/tcpdump/issues/846 https://github.com/tcpdump-examples/how-to-use-tcpdump https://blog.codefarm.me/2018/12/29/tcpdump-examples/ https://twitter.com/dc9221/status/1254154374143754241/photo/1 https://github.com/marciopocebon/TCPDUMP-1 ... Thus, the problem already exists in reverse. _______________________________________________ tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
Current thread:
- TCP Header Flags Francois-Xavier Le Bail (Feb 18)
- Re: TCP Header Flags Denis Ovsienko (Feb 18)
- Re: TCP Header Flags Francois-Xavier Le Bail (Feb 19)
- Re: TCP Header Flags Francois-Xavier Le Bail (Feb 26)
- Re: TCP Header Flags Denis Ovsienko (Feb 26)
- Re: TCP Header Flags Francois-Xavier Le Bail (Feb 26)
- Re: TCP Header Flags Denis Ovsienko (Feb 27)
- Re: TCP Header Flags Francois-Xavier Le Bail (Feb 19)
- Re: TCP Header Flags Denis Ovsienko (Feb 18)
- Re: TCP Header Flags Francois-Xavier Le Bail (Feb 26)