Re: [tcpdump-workers] Libpcap-1.4.0 BPF_AND not filtering as exected
There seems to be a bug in libpcap version 1.4.0 . The same code works
good in 1.6.2 :)
Thanks a lot.
Aparna N
On 6 November 2014 13:56, Aparna Nagarajan wrote:
> Hi Guy Harris,
>
> Here is the translated code.
>
> /*initialization*/
> static u_int off_didx = 5;
> bpf_u_int32 didx_mask = 0x0ffc;
> didx = didx<<18;
> b0 = gen_ncmp(OR_MACPL, off_didx, BPF_W, didx_mask, BPF_JEQ, 0,
> (bpf_int32)didx);
>
> the i/p value of didx is 0x40.
>
> here is what 'gen_ncmp' generates:
> gen_load_a(offrel, offset, size); ==> { 0x20, 0, 0, 0x0013 }
> load one word at offset 0x13 into accumulator(A)
> new_stmt(BPF_ALU|BPF_AND|BPF_K); ===> { 0x54, 0, 0, 0x0ffc }
> AND the mask entered with the value in A.
> new_block(JMP(jtype)); ===> { 0x15, 0, 1,0x0100 } a jump
> statement to compare value in didx with value in A.
>
> Thanks and Regards,
> Aparna
>
>
> On 6 November 2014 13:04, Guy Harris wrote:
>>
>> On Nov 5, 2014, at 10:41 PM, Aparna Nagarajan
>> wrote:
>>
Hi All,
I am trying to add some BPF code for capture filters.
I am basically trying to load data into accumilator from some offset,
Mask it and them match it with some value.
Here is the OPcode:
{ 0x20, 0, 0, 0x0013 }, { 0x54, 0, 0, 0x0ffc }, { 0x15, 0, 1,
0x0100 }, { 0x6, 0, 0, 0x }, { 0x6, 0, 0, 0x },
>>
>> Please translate that to BPF assembler language; I'm too busy to translate
>> it myself.
>>
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Tcpdump not showing packets while the TX counter increments.
List, I hope this is a good place to ask this question as quite a bit of googling didn't return anything useful. I have an unprovisioned ethernet interface showing some TX packets: # ifconfig -a eth1 eth1: flags=4163 mtu 1500 inet6 fe80::224:e8ff:fe80:9258 prefixlen 64 scopeid 0x20 ether 00:24:e8:80:92:58 txqueuelen 1000 (Ethernet) RX packets 1334743 bytes 124150467 (118.3 MiB) RX errors 0 dropped 128753314 overruns 0 frame 0 TX packets 81 bytes 6380 (6.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 48 memory 0xd800-d8012800 But those aren't showing up with: # tcpdump -i eth1 -n -e -Q out Anyone know what this traffic could be? Why on earth would there by any TX packets on this interface when it doesn't have an IP, and why don't they show up in tcpdump? Thanks, schu ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Tcpdump not showing packets while the TX counter increments.
On Nov 10, 2014, at 2:17 PM, Matthew Schumacher wrote: > I have an unprovisioned ethernet interface showing some TX packets: > > # ifconfig -a eth1 > eth1: flags=4163 mtu 1500 >inet6 fe80::224:e8ff:fe80:9258 prefixlen 64 scopeid 0x20 >ether 00:24:e8:80:92:58 txqueuelen 1000 (Ethernet) >RX packets 1334743 bytes 124150467 (118.3 MiB) >RX errors 0 dropped 128753314 overruns 0 frame 0 >TX packets 81 bytes 6380 (6.2 KiB) >TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >device interrupt 48 memory 0xd800-d8012800 > > But those aren't showing up with: > > # tcpdump -i eth1 -n -e -Q out On what operating system is this? ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
