Date: Fri, 6 Nov 2009 23:35:49 GMT From: Alan Amesbury <amesbury@umn.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/140349: [patch] libpcap's parser doesn't recognize newer TCP flags Message-ID: <200911062335.nA6NZnWn073703@www.freebsd.org> Resent-Message-ID: <200911062340.nA6Ne4s4088580@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140349 >Category: misc >Synopsis: [patch] libpcap's parser doesn't recognize newer TCP flags >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Nov 06 23:40:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Alan Amesbury >Release: FreeBSD 7.2-RELEASE-p4/amd64 >Organization: University of Minnesota >Environment: FreeBSD turbo.oitsec.umn.edu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Wed Oct 21 19:28:10 CDT 2009 root@turbo.oitsec.umn.edu:/usr/obj/usr/src/sys/OITSEC-7-A amd64 >Description: tcpdump(1) lists some human-recognizable symbols that can be used to construct filters based on TCP flags. These include symbols for flags like SYN ("tcp-syn"), URGent ("tcp-urg"), etc., but not the more recently created ECE and CWR flags used for some types of congestion control. This appears to be an omission in libpcap, and the attached patch to scanner.l adds the missing functionality. >How-To-Repeat: Run 'tcpdump' with an appropriate argument, e.g.: # tcpdump 'tcp[tcpflags] & ( tcp-cwr | tcp-syn ) != 0' >Fix: Apply the attached patch to ${SOURCE}. Patch attached with submission follows: --- contrib/libpcap/scanner.l.orig 2009-11-06 16:58:52.000000000 -0600 +++ contrib/libpcap/scanner.l 2009-11-06 17:00:01.000000000 -0600 @@ -353,6 +353,8 @@ tcp-push { yylval.i = 0x08; return NUM; } tcp-ack { yylval.i = 0x10; return NUM; } tcp-urg { yylval.i = 0x20; return NUM; } +tcp-ece { yylval.i = 0x40; return NUM; } +tcp-cwr { yylval.i = 0x80; return NUM; } [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? { yylval.s = sdup((char *)yytext); return ID; } "\\"[^ !()\n\t]+ { yylval.s = sdup((char *)yytext + 1); return ID; } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911062335.nA6NZnWn073703>