Date: Mon, 11 Feb 2002 14:55:13 -0500 (EST) From: Alan Bawden <Alan@LCS.MIT.EDU> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/34843: `tcpdump port echo' filters for port 4 instead of 7 Message-ID: <200202111955.g1BJtDm42834@achilles.linearity.org>
next in thread | raw e-mail | index | archive | help
>Number: 34843 >Category: bin >Synopsis: `tcpdump port echo' filters for port 4 instead of 7 >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Feb 11 12:00:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alan Bawden >Release: FreeBSD 4.3-RELEASE i386 >Organization: ITS Preservation Society >Environment: System: FreeBSD achilles.linearity.org 4.3-RELEASE FreeBSD 4.3-RELEASE #3: Tue Oct 2 16:54:42 EDT 2001 bawden@achilles.linearity.org:/usr/src/sys/compile/ACHILLES i386 >Description: If you do: tcpdump port echo and send some traffic to TCP or UDP port 7 on your machine, tcpdump won't report seeing any packets at all. >How-To-Repeat: If you do `tcpdump -d port echo' and read the BPF assembly listing, you will see that it is looking for packets with port 4 in the header instead of port 7. This is because /etc/services contains the line: echo 4/ddp #AppleTalk Echo Protocol and the author of pcap_nametoport() in contrib/libpcap/nametoaddr.c clearly never contemplated this possibility! >Fix: Depends on where you think the problem is. Note that this is the -only- instance of this problem in /etc/services, so a simple fix is to declare that services with the same name MUST always have the same number and then fix that one entry. But perhaps you think the "ddp" protocol is entitled to call its own echo service by its proper name in /etc/services, in which case pcap_nametoport() needs to be fixed. The easiest fix here is to just have it call getservbyname() twice, once with "tcp" as the second argument and once with "udp" as the second argument. That way the "ddp" entries will be totally ignored. (The logic of what you do if you find that the "tcp" port doesn't match the "udp" port is another matter, but the existing code is already choking on that problem.) If somebody thinks the solution I outline in the previous paragraph sounds like the way to go, I'd be happy to test and submit a patch. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202111955.g1BJtDm42834>