tcpdump(1) lists some human-recognizable symbols that can be used to construct filters based on TCP flags. These include symbols for flags like SYN ("tcp-syn"), URGent ("tcp-urg"), etc., but not the more recently created ECE and CWR flags used for some types of congestion control. This appears to be an omission in libpcap, and the attached patch to scanner.l adds the missing functionality. Fix: Apply the attached patch to ${SOURCE}. Patch attached with submission follows: How-To-Repeat: Run 'tcpdump' with an appropriate argument, e.g.: # tcpdump 'tcp[tcpflags] & ( tcp-cwr | tcp-syn ) != 0'
Responsible Changed From-To: freebsd-bugs->hiren Grab
Author: hiren Date: Thu May 16 05:16:56 2013 New Revision: 250693 URL: http://svnweb.freebsd.org/changeset/base/250693 Log: Add tcp header flags ECE and CWR defined in RFC 3168. PR: 140349 Submitted by: Alan Amesbury <amesbury@umn.edu> (earlier version) Reviewed by: delphij Approved by: sbruno (mentor) Modified: head/contrib/libpcap/pcap-filter.manmisc head/contrib/libpcap/pcap-filter.manmisc.in head/contrib/libpcap/scanner.l Modified: head/contrib/libpcap/pcap-filter.manmisc ============================================================================== --- head/contrib/libpcap/pcap-filter.manmisc Thu May 16 03:51:00 2013 (r250692) +++ head/contrib/libpcap/pcap-filter.manmisc Thu May 16 05:16:56 2013 (r250693) @@ -783,7 +783,8 @@ The following ICMP type field values are The following TCP flags field values are available: \fBtcp-fin\fP, \fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, -\fBtcp-ack\fP, \fBtcp-urg\fP. +\fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP, +\fBtcp-cwr\fP. .LP Primitives may be combined using: .IP Modified: head/contrib/libpcap/pcap-filter.manmisc.in ============================================================================== --- head/contrib/libpcap/pcap-filter.manmisc.in Thu May 16 03:51:00 2013 (r250692) +++ head/contrib/libpcap/pcap-filter.manmisc.in Thu May 16 05:16:56 2013 (r250693) @@ -783,7 +783,8 @@ The following ICMP type field values are The following TCP flags field values are available: \fBtcp-fin\fP, \fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, -\fBtcp-ack\fP, \fBtcp-urg\fP. +\fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP, +\fBtcp-cwr\fP. .LP Primitives may be combined using: .IP Modified: head/contrib/libpcap/scanner.l ============================================================================== --- head/contrib/libpcap/scanner.l Thu May 16 03:51:00 2013 (r250692) +++ head/contrib/libpcap/scanner.l Thu May 16 05:16:56 2013 (r250693) @@ -385,6 +385,8 @@ tcp-rst { yylval.i = 0x04; return NUM; tcp-push { yylval.i = 0x08; return NUM; } tcp-ack { yylval.i = 0x10; return NUM; } tcp-urg { yylval.i = 0x20; return NUM; } +tcp-ece { yylval.i = 0x40; return NUM; } +tcp-cwr { yylval.i = 0x80; return NUM; } [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? { yylval.s = sdup((char *)yytext); return ID; } "\\"[^ !()\n\t]+ { yylval.s = sdup((char *)yytext + 1); return ID; } _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"