tcpdump mailing list archives
cap_compile() generates strange code with DLT_RAW
From: Anton Yuzhaninov <citrin () rambler-co ru>
Date: Wed, 30 May 2007 20:59:20 +0400
Hello.
When libpcap build with -DINET6 pcap_compile() generates strange pbf
code with DLT_RAW
cap_compile_nopcap(65535, DLT_RAW, &bp, "udp", 1, 0)
generates this code:
# (000) ld #0x0
{ code=0 jt=0 jf=0 k=0 }
# (001) ldb [6]
{ code=48 jt=0 jf=0 k=6 }
# (002) jeq #0x11 jt 5 jf 3
{ code=21 jt=2 jf=0 k=17 }
# (003) ldb [9]
{ code=48 jt=0 jf=0 k=9 }
# (004) jeq #0x11 jt 5 jf 6
{ code=21 jt=0 jf=1 k=17 }
# (005) ret #65535
{ code=6 jt=0 jf=0 k=65535 }
# (006) ret #0
{ code=6 jt=0 jf=0 k=0 }
It seems to be wrong.
(000) - seems to be nop, why it here?
(001), (002) - check that byte with offset 6 (4 bits from flags filed
and 4 bits from fragment offset) equal 17 (protocol number for udp)
It seems to be wrong
(003), (004) - correct commands for check Protocol filed in IP header
to be equal 17 (udp).
When libpcap compiled without INET6 it generates correct code:
# (000) ld #0x0
{ code=0 jt=0 jf=0 k=0 }
# (001) ldb [9]
{ code=48 jt=0 jf=0 k=9 }
# (002) jeq #0x11 jt 3 jf 4
{ code=21 jt=0 jf=1 k=17 }
# (003) ret #65535
{ code=6 jt=0 jf=0 k=65535 }
# (004) ret #0
{ code=6 jt=0 jf=0 k=0 }
(but firs command still unnecessary)
I use libpcap 0.9.4 under FreeBSD, but in Changelog I don't found
related changes in 0.9.5
--
WBR,
Anton Yuzhaninov
P. S. code used to test in attach.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- cap_compile() generates strange code with DLT_RAW Anton Yuzhaninov (May 30)
- Re: cap_compile() generates strange code with DLT_RAW Guy Harris (May 30)
- Re: cap_compile() generates strange code with DLT_RAW Anton Yuzhaninov (May 30)
- Re: cap_compile() generates strange code with DLT_RAW Guy Harris (May 30)
- Re: cap_compile() generates strange code with DLT_RAW Anton Yuzhaninov (May 30)
- Re: cap_compile() generates strange code with DLT_RAW Guy Harris (May 30)