tcpdump mailing list archives
Signed/Unsigned Frag Offset Issue?
From: Joshua Krage <jkrage () guisarme net>
Date: Tue, 9 Dec 2003 16:15:40 -0500
On another list, somone was asking about the following behavior:
tcpdump -n 'ip[6:2] & 0x1fff = 0' yields unfragmented or 1st fragment
tcpdump -n 'ip[6:2] & 0x1fff != 0' yields non-first fragments
tcpdump -n 'ip[6:2] & 0x1fff > 0' yields ALL packets
In verifying, I added:
tcpdump -n 'ip[6:2] & 0x1fff < 0' yields non-first fragments
Checking the libpcap bug database, something possibly close was
[ 693263 ] signed/unsigned comparisons.
My test environment was Debian Linux 2.4.20, tcpdump 3.7.1 and libpcap 0.7.
I can't reconcile my results with Guy's bug followup that the bpf driver's
he has checked treated both the accumulator and constant as unsigned.
Any ideas?
--
Paranoia is a way of life. With or without the Thorazine.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Signed/Unsigned Frag Offset Issue? Joshua Krage (Dec 09)
- Re: Signed/Unsigned Frag Offset Issue? Guy Harris (Dec 10)
- Re: Signed/Unsigned Frag Offset Issue? Joshua Krage (Dec 10)
- Re: Signed/Unsigned Frag Offset Issue? Guy Harris (Dec 10)
- Re: Signed/Unsigned Frag Offset Issue? Joshua Krage (Dec 10)
- Re: Signed/Unsigned Frag Offset Issue? Guy Harris (Dec 10)