Re: [tcpdump-workers] pcap_inject() on loopback (FreeBSD)

2014-06-16 Thread Fernando Gont 
Hi, Guy,

First of all, thanks so much for your help and detailed explanation! --
I really appreciate it...

On 06/15/2014 08:07 PM, Guy Harris wrote:
> 
>> which would seem to indicate that pcap_inject() is overwriting the
>> value I set with something else (pseudo_AF_HDRCMPLT?).
> 
> It indicates that *some* piece of code is overwriting that value.

Yep. Apologies for being sloppy


[]
> /* BPF writes need to be handled specially. */ if (dst->sa_family ==
> pseudo_AF_HDRCMPLT || dst->sa_family == AF_UNSPEC) 
> bcopy(dst->sa_data, &af, sizeof(af)); else af = dst->sa_family;
> 
> As the person who came across this bug, you should file a bug on
> this; if you can, CC me on it, or, if not, let me know what bug ID it
> gets assigned so that I can try to CC myself on it.

I will certainly file a bug report, and CC you. My understanding is that
this should be filled in most (if not all) of the BSD variants? (because
besides the error message one obtains, it seems that in several flavors
of them, pcap_inject() fails for the same reason).

Thanks!

Best regards,
-- 
Fernando Gont
e-mail: ferna...@gont.com.ar || fg...@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1



___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

[tcpdump-workers] print vlan number

2014-06-16 Thread richard lucassen 
Hello list,

Just a simple question: I have eth1 with some VLAN's. When tcpdumping
with:

# tcpdump -h
tcpdump version 3.9.8
libpcap version 0.9.8

the vlan tags are printed using "tcpdump -ni eth1":

10:16:12.068967 vlan 65, p 0, IP 10.65.0.196.49189 > 10.2.131.14.2598

But using a newer version, the tags have disappeared:

# tcpdump -h
tcpdump version 4.3.0
libpcap version 1.3.0

10:48:41.551598 IP 192.168.206.188 > 192.168.206.1

I'd expect:

10:48:41.551598 vlan 259, p 0, IP 192.168.206.188 > 192.168.206.1

Is this a bug or has this been changed?

R.

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
+--+
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] pcap_inject() on loopback (FreeBSD)

2014-06-16 Thread Guy Harris 

On Jun 15, 2014, at 1:56 PM, Fernando Gont  wrote:

> I will certainly file a bug report, and CC you. My understanding is that
> this should be filled in most (if not all) of the BSD variants? (because
> besides the error message one obtains, it seems that in several flavors
> of them, pcap_inject() fails for the same reason).

NetBSD, OpenBSD, and Dragonfly BSD appear not to even have the

/* BPF writes need to be handled specially. */
if (dst->sa_family == AF_UNSPEC)
bcopy(dst->sa_data, &af, sizeof(af));
else
af = dst->sa_family;

code, so

/* BPF writes need to be handled specially. */
if (dst->sa_family == pseudo_AF_HDRCMPLT)
bcopy(dst->sa_data, &af, sizeof(af));
else
af = dst->sa_family;

code needs to be added, and the subsequent switch needs to be changed from

switch (dst->sa_family) {

to

switch (af) {

with a

u_int32_t af;

added to looutput().

Darwin's code path is very different, and I haven't followed the twisty little 
maze of code paths into xnu:bsd/net/dlil.c and through if_loop.c to see whether 
this bug exists or not (and haven't written code to test it).
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Tcpdump 4.6 delayed

2014-06-16 Thread Romain Francoise 
Michael Richardson  writes:

> Yeah, my bad; was sick that weekend, and stuff... happened.

No problem.

> How about July 1?

So -rc1 on July 1, then release a week later? Or -rc1 in the meantime,
and release on July 1? (Works for me either way.)
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] print vlan number

2014-06-16 Thread Guy Harris 

On Jun 16, 2014, at 1:53 AM, richard lucassen  wrote:

> Just a simple question: I have eth1 with some VLAN's. When tcpdumping
> with:
> 
> # tcpdump -h
> tcpdump version 3.9.8
> libpcap version 0.9.8
> 
> the vlan tags are printed using "tcpdump -ni eth1":
> 
> 10:16:12.068967 vlan 65, p 0, IP 10.65.0.196.49189 > 10.2.131.14.2598

I can find nothing in the standard tcpdump 3.9.8 code that would cause the VLAN 
tags to be printed if you haven't specified the -e flag to tcpdump.

Is this standard tcpdump 3.9.8, downloaded in source form from tcpdump.org, and 
compiled, or is it some version of tcpdump provided by the supplier of your OS? 
 If it's the latter, what OS is that (for Linux, as I suspect this is from 
"eth1", what distribution is it), and what version (for Linux, what's the 
version of the distribution, not of the kernel)?

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] pcap_inject() on loopback (FreeBSD)

2014-06-16 Thread Guy Harris 

On Jun 16, 2014, at 2:50 AM, Guy Harris  wrote:

> On Jun 15, 2014, at 1:56 PM, Fernando Gont  wrote:
> 
>> I will certainly file a bug report, and CC you. My understanding is that
>> this should be filled in most (if not all) of the BSD variants? (because
>> besides the error message one obtains, it seems that in several flavors
>> of them, pcap_inject() fails for the same reason).
> 
> NetBSD, OpenBSD, and Dragonfly BSD appear not to even have the ...

...and OpenBSD may need to do

/* BPF writes need to be handled specially. */
if (dst->sa_family == pseudo_AF_HDRCMPLT) {
bcopy(dst->sa_data, &af, sizeof(af));
af = ntohl(af);
} else
af = dst->sa_family;

as its loopback device has a DLT_ of DLT_LOOP rather than DLT_NULL and, with 
DLT_LOOP, the 4-byte AF_ header of the packet is in *network* byte order rather 
than *host* byte order.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] print vlan number

2014-06-16 Thread richard lucassen 
On Mon, 16 Jun 2014 13:11:22 +0200
Romain Francoise  wrote:

> richard lucassen  writes:
> 
> > Is this a bug or has this been changed?
> 
> Are you using Debian or a derivative like Ubuntu? The tcpdump package
> used to have a patch to reverse the meaning of the -e flag, but it was
> dropped a few years ago. If you want to see the vlan id, you need to
> use -e.

That's it. The tcpdump printing VLANs was Ubuntu-8.04, the other a
Debian Squeeze. The -e does the job, thnx for your answer. Thnx to Guy
as well for his reply.

R.

-- 
___
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.

+--+
| Richard Lucassen, Utrecht|
+--+
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Tcpdump 4.6 delayed

2014-06-16 Thread Michael Richardson 

Romain Francoise  wrote:
>> Yeah, my bad; was sick that weekend, and stuff... happened.

> No problem.

>> How about July 1?

> So -rc1 on July 1, then release a week later? Or -rc1 in the meantime,
> and release on July 1? (Works for me either way.)

-rc1 on July 1.
Release a week later, yes.


___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers