Date: Thu, 17 Apr 1997 17:57:26 -0700 (PDT) From: Chris Timmons <skynyrd@opus.cts.cwu.edu> To: freebsd-current@freebsd.org Subject: libpcap problem? Message-ID: <Pine.BSF.3.95.970417173628.2934B-100000@opus.cts.cwu.edu>
next in thread | raw e-mail | index | archive | help
I've been doing some work on tcpdump locally to merge lbl-3.3 into what we presently have in -current. Before merging libpcap-0.3 I stopped to do some testing with tcpdump and found an odd problem with stock tcpdump/libpcap. Casting aside my work, CVSupping -current at about 1400pdt today and remaking world & kernel (heading the public advice from polstra and dyson) I still see a problem in the stock -current tcpdump/libpcap. The problem is that if you specify a port symbolically, it is not correctly translated into BPF code. Consider port 37, used for time, from my apparantly normal (i.e. not the source of the problem) /etc/services: # grep time /etc/services daytime 13/tcp daytime 13/udp time 37/tcp timserver time 37/udp timserver xns-time 52/tcp #XNS Time Protocol xns-time 52/udp #XNS Time Protocol appleqtc 458/tcp #apple quick time appleqtc 458/udp #apple quick time utime 519/tcp unixtime utime 519/udp unixtime timed 525/tcp timeserver timed 525/udp timeserver timeflies 1362/tcp timeflies 1362/udp mmcc 5050/tcp #multimedia conference control tool mmcc 5050/udp #multimedia conference control tool You would expect that 0x25 should be generated in the BPF codes to match against this port, and it is - as shown on lines 8 and 10 below: # tcpdump -d udp port 37 (000) ldh [12] (001) jeq #0x800 jt 2 jf 12 (002) ldb [23] (003) jeq #0x11 jt 4 jf 12 (004) ldh [20] (005) jset #0x1fff jt 12 jf 6 (006) ldxb 4*([14]&0xf) (007) ldh [x + 14] (008) jeq #0x25 jt 11 jf 9 (009) ldh [x + 16] (010) jeq #0x25 jt 11 jf 12 (011) ret #68 (012) ret #0 now look what happens when we specify our port symbolically: # tcpdump -d udp port time (000) ldh [12] (001) jeq #0x800 jt 2 jf 12 (002) ldb [23] (003) jeq #0x11 jt 4 jf 12 (004) ldh [20] (005) jset #0x1fff jt 12 jf 6 (006) ldxb 4*([14]&0xf) (007) ldh [x + 14] (008) jeq #0x2500 jt 11 jf 9 (009) ldh [x + 16] (010) jeq #0x2500 jt 11 jf 12 (011) ret #68 (012) ret #0 0x25 becomes 0x2500 and tcpdump doesn't match udp port time, it matches udp port 0x2500 :( Any ideas? I am a gdb novice but managed to compile libpcap with -g and link it in; I could see that the getservbyname() wasn't the problem, but also kept getting a lot of 'illegal address' errors, probably something normal that I never have encountered before. Ideas? -Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970417173628.2934B-100000>