tcpdump mailing list archives
Re: Libpcap: BPF filter for ipv6 tunnel
From: Chris Maynard <Christopher.Maynard () gtech com>
Date: Mon, 1 Aug 2011 01:54:31 +0000 (UTC)
Guy Harris <guy <at> alum.mit.edu> writes:
On Jul 31, 2011, at 4:26 PM, ramkumar.paranandi <at> gmail.com wrote:I have smtp traffic over ipv6 tunneled in ipv4. .ip->ipv6->tcp->smtp How can we set bpf to filter smtp in ipv6 in ipv4 tunnel traffic? I have
tried with ip protochain 0x06 it is not working.
"ip protochain" doesn't support "shifting gears" from IPv4 to IPv6; it only
supports AH.
There is, unfortunately, currently no way to ask for the type of filtering you
need - libpcap doesn't know
about IP protocol 41 (which I assume is what's being used here). Time
permitting, I'll look at
implementing something.
Would something like this (untested) filter work in a pinch? (ip[9]==41) and (ip[((ip[0]&0x0f)<<2)+6]==6) and ((ip[(((ip[0]&0x0f)<<2)+16):2]==25) or (ip[(((ip[0]&0x0f)<<2)+18):2]==25)) - Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Libpcap: BPF filter for ipv6 tunnel ramkumar . paranandi (Jul 31)
- Re: Libpcap: BPF filter for ipv6 tunnel Guy Harris (Jul 31)
- Re: Libpcap: BPF filter for ipv6 tunnel Chris Maynard (Jul 31)
- Re: Libpcap: BPF filter for ipv6 tunnel Chris Maynard (Jul 31)
- Re: Libpcap: BPF filter for ipv6 tunnel Guy Harris (Jul 31)