misc/140349: [patch] libpcap's parser doesn't recognize newer TCP flags

Alan Amesbury amesbury at umn.edu
Fri Nov 6 23:40:04 UTC 2009


>Number:         140349
>Category:       misc
>Synopsis:       [patch] libpcap's parser doesn't recognize newer TCP flags
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 06 23:40:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Alan Amesbury
>Release:        FreeBSD 7.2-RELEASE-p4/amd64
>Organization:
University of Minnesota
>Environment:
FreeBSD turbo.oitsec.umn.edu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Wed Oct 21 19:28:10 CDT 2009     root at turbo.oitsec.umn.edu:/usr/obj/usr/src/sys/OITSEC-7-A  amd64
>Description:
tcpdump(1) lists some human-recognizable symbols that can be used to construct filters based on TCP flags.  These include symbols for flags like SYN ("tcp-syn"), URGent ("tcp-urg"), etc., but not the more recently created ECE and CWR flags used for some types of congestion control.  This appears to be an omission in libpcap, and the attached patch to scanner.l adds the missing functionality.
>How-To-Repeat:
Run 'tcpdump' with an appropriate argument, e.g.:

# tcpdump 'tcp[tcpflags] & ( tcp-cwr | tcp-syn ) != 0'
>Fix:
Apply the attached patch to ${SOURCE}.

Patch attached with submission follows:

--- contrib/libpcap/scanner.l.orig	2009-11-06 16:58:52.000000000 -0600
+++ contrib/libpcap/scanner.l	2009-11-06 17:00:01.000000000 -0600
@@ -353,6 +353,8 @@
 tcp-push		{ yylval.i = 0x08; return NUM; }
 tcp-ack			{ yylval.i = 0x10; return NUM; }
 tcp-urg			{ yylval.i = 0x20; return NUM; }
+tcp-ece			{ yylval.i = 0x40; return NUM; }
+tcp-cwr			{ yylval.i = 0x80; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval.s = sdup((char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval.s = sdup((char *)yytext + 1); return ID; }


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list