Date: Wed, 30 Jan 2013 10:20:01 GMT From: Gleb Smirnoff <glebius@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/175645: tcpdump incorrectly decodes pflog'ged UDP packet as ATALK Message-ID: <201301301020.r0UAK1gj071122@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/175645; it has been noted by GNATS. From: Gleb Smirnoff <glebius@FreeBSD.org> To: Dmitry Dvoinikov <dmitry@targeted.org> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/175645: tcpdump incorrectly decodes pflog'ged UDP packet as ATALK Date: Wed, 30 Jan 2013 14:15:11 +0400 On Mon, Jan 28, 2013 at 09:09:27AM +0000, Dmitry Dvoinikov wrote: D> >Environment: D> FreeBSD foo 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #1: Wed Dec 12 23:29:24 YEKT 2012 admin@foo:/opt/obj/opt/src/sys/FOO i386 D> >Description: D> Some UDP packet, saved by pflog, is decoded incorrectly as ATALK. D> D> tcpdump output: D> D> # tcpdump -r packet.pcap D> reading from file packet.pcap, link-type PFLOG (OpenBSD pflog file) D> 11:22:11.296532 IP 115.61.0.254 > 143.12.228.91: at-#100 5 D> D> whereas the (presumably correct) wireshark output: D> D> Frame 1: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) D> PF Log IPv4 pass on ifc by rule 0 D> Internet Protocol Version 4, Src: 172.30.0.11 (172.30.0.11), Dst: 193.120.212.22 (193.120.212.22) D> User Datagram Protocol, Src Port: 55573 (55573), Dst Port: 16605 (16605) D> Data (18 bytes) D> D> D> >How-To-Repeat: D> openssl base64 -d > packet.pcap << EOF D> 1MOyoQIABAAAAAAAAAAAAHQAAAB1AAAAAwsGUVSGBABuAAAAbgAAAD0CAABpZmMA D> AAAAAAAAAAAAAAAAYW5jaG9yX25hbWUAAAAAAAAAABwAAAAC/////6CGAQAAAAAA D> ggUAAAEAAABFAAAuAABAAEAR+QasHgALwXjUFtkVQN0AGrhGUxUCmI8Mcz3kAFv+ D> ZGyAi27Z D> EOF Was this packet recorded on FreeBSD or on OpenBSD system? -- Totus tuus, Glebius.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301301020.r0UAK1gj071122>