Index | Thread | Search

From:
Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject:
Re: tcpdump(8): let DLT_RAW handle both ipv6 and ipv4 packets
To:
David Gwynne <david@gwynne.id.au>
Cc:
tech@openbsd.org
Date:
Thu, 5 Jun 2025 08:18:33 +0200

Download raw body.

Thread 
On Thu, Jun 05, 2025 at 03:51:08PM +1000, David Gwynne wrote:
> https://www.tcpdump.org/linktypes.html say that DLT_RAW can contain both
> types of ip, you just need to peek at the first nibble to figure out
> which one it is.
> 
> seems reasonable to me.
> 
> ok?

Sure.
 
> Index: print-raw.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/tcpdump/print-raw.c,v
> diff -u -p -r1.9 print-raw.c
> --- print-raw.c	1 Dec 2021 18:28:46 -0000	1.9
> +++ print-raw.c	5 Jun 2025 05:45:50 -0000
> @@ -56,6 +56,7 @@ raw_if_print(u_char *user, const struct 
>  {
>  	u_int length = h->len;
>  	u_int caplen = h->caplen;
> +	uint8_t v;
>  
>  	ts_print(&h->ts);
>  
> @@ -67,10 +68,27 @@ raw_if_print(u_char *user, const struct 
>  	packetp = p;
>  	snapend = p + caplen;
>  
> -	if (eflag)
> -		printf("ip: ");
> +	if (caplen >= sizeof(v)) {
> +		v = *p >> 4;
> +		switch (v) {
> +		case 4:
> +			if (eflag)
> +				printf("ip: ");
>  
> -	ip_print(p, length);
> +			ip_print(p, length);
> +			break;
> +		case 6:
> +			if (eflag)
> +				printf("ip6: ");
> +
> +			ip6_print(p, length);
> +			break;
> +		default:
> +			if (eflag)
> +				printf("v%u: ", v);
> +			break;
> +		}
> +	}
>  
>  	if (xflag)
>  		default_print(p, caplen);
> 

-- 
:wq Claudio