Re: TCP Header Flags

[Francois-Xavier Le Bail <devel.fx.lebail () orange fr>]

On 19/02/2023 13:34, Francois-Xavier Le Bail wrote:
> On 18/02/2023 21:51, Denis Ovsienko wrote:
> > On Sat, 18 Feb 2023 17:06:29 +0100
> > Francois-Xavier Le Bail <devel.fx.lebail () orange fr> wrote:
> >
> > > Hello,
> > >
> > > https://www.rfc-editor.org/rfc/rfc9293 states:
> > > "Control bits:
> > >
> > >     The control bits are also known as "flags". Assignment is managed
> > > by IANA from the "TCP Header Flags" registry [62]. The currently
> > > assigned control bits are CWR, ECE, URG, ACK, PSH, RST, SYN, and FIN."
> > >
> > > (All on three characters.)
> > >
> > > To be in sync with it, we could use 'tcp-psh' in addition to
> > > 'tcp-push' in libpcap scanner.l, and in pcap-filter.7 and tcpdump.1
> > > man pages.
> >
> > That's an interesting point.  Adding "tcp-psh" would certainly restore
> > consistency with the registry on one hand.  On the other, for backward
> > compatibility reasons "tcp-push" would have to remain a valid alias for
> > who knows how many years.
>
> We could keep "tcp-push" indefinitely...
>
> > I wonder if there would be any other incurred future maintenance.

The proposed patch is:

diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in
index 10aeb42d..864cd238 100644
--- a/pcap-filter.manmisc.in
+++ b/pcap-filter.manmisc.in
@@ -1027,7 +1027,7 @@ The following ICMPv6 type field values are available:
 .BR \%icmp6-multicastrouterterm .
 .IP
 The following TCP flags field values are available: \fBtcp-fin\fP,
-\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP,
+\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-psh\fP (or \fBtcp-push\fP),
 \fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP,
 \fBtcp-cwr\fP.
 .LP
diff --git a/scanner.l b/scanner.l
index 85fe395a..7cc39f77 100644
--- a/scanner.l
+++ b/scanner.l
@@ -475,6 +475,7 @@ tcp-fin                     { yylval->h = 0x01; return NUM; }
 tcp-syn                        { yylval->h = 0x02; return NUM; }
 tcp-rst                        { yylval->h = 0x04; return NUM; }
 tcp-push               { yylval->h = 0x08; return NUM; }
+tcp-psh                        { yylval->h = 0x08; return NUM; }
 tcp-ack                        { yylval->h = 0x10; return NUM; }
 tcp-urg                        { yylval->h = 0x20; return NUM; }
 tcp-ece                        { yylval->h = 0x40; return NUM; }

(the tcpdump man page will need an update too.)
_______________________________________________
tcpdump-workers mailing list -- tcpdump-workers () lists tcpdump org
To unsubscribe send an email to tcpdump-workers-leave () lists tcpdump org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s