From owner-freebsd-bugs@FreeBSD.ORG  Fri Nov  6 23:40:04 2009
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CE3F71065670
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  6 Nov 2009 23:40:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 91EC68FC14
	for <freebsd-bugs@hub.freebsd.org>;
	Fri,  6 Nov 2009 23:40:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA6Ne4vp088581
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 6 Nov 2009 23:40:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA6Ne4s4088580;
	Fri, 6 Nov 2009 23:40:04 GMT (envelope-from gnats)
Resent-Date: Fri, 6 Nov 2009 23:40:04 GMT
Resent-Message-Id: <200911062340.nA6Ne4s4088580@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Alan Amesbury <amesbury@umn.edu>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 93BFD106566B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  6 Nov 2009 23:35:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 82D898FC13
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri,  6 Nov 2009 23:35:50 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nA6NZopX073704
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 6 Nov 2009 23:35:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nA6NZnWn073703;
	Fri, 6 Nov 2009 23:35:49 GMT (envelope-from nobody)
Message-Id: <200911062335.nA6NZnWn073703@www.freebsd.org>
Date: Fri, 6 Nov 2009 23:35:49 GMT
From: Alan Amesbury <amesbury@umn.edu>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: misc/140349: [patch] libpcap's parser doesn't recognize newer TCP
	flags
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2009 23:40:04 -0000


>Number:         140349
>Category:       misc
>Synopsis:       [patch] libpcap's parser doesn't recognize newer TCP flags
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 06 23:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Alan Amesbury
>Release:        FreeBSD 7.2-RELEASE-p4/amd64
>Organization:
University of Minnesota
>Environment:
FreeBSD turbo.oitsec.umn.edu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Wed Oct 21 19:28:10 CDT 2009     root@turbo.oitsec.umn.edu:/usr/obj/usr/src/sys/OITSEC-7-A  amd64
>Description:
tcpdump(1) lists some human-recognizable symbols that can be used to construct filters based on TCP flags.  These include symbols for flags like SYN ("tcp-syn"), URGent ("tcp-urg"), etc., but not the more recently created ECE and CWR flags used for some types of congestion control.  This appears to be an omission in libpcap, and the attached patch to scanner.l adds the missing functionality.
>How-To-Repeat:
Run 'tcpdump' with an appropriate argument, e.g.:

# tcpdump 'tcp[tcpflags] & ( tcp-cwr | tcp-syn ) != 0'
>Fix:
Apply the attached patch to ${SOURCE}.

Patch attached with submission follows:

--- contrib/libpcap/scanner.l.orig	2009-11-06 16:58:52.000000000 -0600
+++ contrib/libpcap/scanner.l	2009-11-06 17:00:01.000000000 -0600
@@ -353,6 +353,8 @@
 tcp-push		{ yylval.i = 0x08; return NUM; }
 tcp-ack			{ yylval.i = 0x10; return NUM; }
 tcp-urg			{ yylval.i = 0x20; return NUM; }
+tcp-ece			{ yylval.i = 0x40; return NUM; }
+tcp-cwr			{ yylval.i = 0x80; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval.s = sdup((char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval.s = sdup((char *)yytext + 1); return ID; }


>Release-Note:
>Audit-Trail:
>Unformatted: