Make the "ah", "esp", "pim", "sctp", "tcp" and "udp" abbreviations
compile exactly the same as what they expand into (as far as
pcap-filter(7) defines it).
Before commit
2ae1134 gen_proto_abbrev_internal() always generated the
IPv4 leg last; when IPv6 was enabled, it generated the IPv6 leg first
and ORed the two together; gen_proto() always generated the IPv4 leg
first; when IPv6 was enabled, it generated the IPv6 leg last and ORed
the two together. This way, with IPv6 enabled "ah" and "proto \ah"
produced different (although effectively equivalent) sequences of
statements.
After commit
2ae1134 the difference became unconditional and respective
code in gen_proto_abbrev_internal() effectively duplicated the code in
gen_proto(). Address that by calling the latter properly from the
former, so whatever the full syntax produces in the current revision,
the abbreviation always produces exactly the same.
The difference made it unnecessarily convoluted to compare compiled
filters when one filter used an abbreviation and the other used the full
syntax. For example, without the source code and an up to date man page
trying to tell whether "sctp" and "proto \sctp" have the same effect is
as simple as the following:
$ tcpdump -y EN10MB -d 'proto \sctp'
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 4
(002) ldb [23]
(003) jeq #0x84 jt 10 jf 11
(004) jeq #0x86dd jt 5 jf 11
(005) ldb [20]
(006) jeq #0x84 jt 10 jf 7
(007) jeq #0x2c jt 8 jf 11
(008) ldb [54]
(009) jeq #0x84 jt 10 jf 11
(010) ret #262144
(011) ret #0
$ tcpdump -y EN10MB -d 'sctp' # before this change
(000) ldh [12]
(001) jeq #0x86dd jt 2 jf 7
(002) ldb [20]
(003) jeq #0x84 jt 10 jf 4
(004) jeq #0x2c jt 5 jf 11
(005) ldb [54]
(006) jeq #0x84 jt 10 jf 11
(007) jeq #0x800 jt 8 jf 11
(008) ldb [23]
(009) jeq #0x84 jt 10 jf 11
(010) ret #262144
(011) ret #0
$ tcpdump -y EN10MB -d 'sctp' # after this change
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 4
(002) ldb [23]
(003) jeq #0x84 jt 10 jf 11
(004) jeq #0x86dd jt 5 jf 11
(005) ldb [20]
(006) jeq #0x84 jt 10 jf 7
(007) jeq #0x2c jt 8 jf 11
(008) ldb [54]
(009) jeq #0x84 jt 10 jf 11
(010) ret #262144
(011) ret #0
Packet filtering:
Add support for Block Ack Req and Block Ack frame types (pull
request #1039).
+ Expand abbreviations into "proto X" properly.
Savefiles:
Reject pcap files where one of the reserved fields in the
"link-layer type plus other stuff" is non-zero.
switch (proto) {
case Q_SCTP:
- b1 = gen_proto(cstate, IPPROTO_SCTP, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_SCTP, Q_DEFAULT, Q_DEFAULT);
break;
case Q_TCP:
- b1 = gen_proto(cstate, IPPROTO_TCP, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_TCP, Q_DEFAULT, Q_DEFAULT);
break;
case Q_UDP:
- b1 = gen_proto(cstate, IPPROTO_UDP, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_UDP, Q_DEFAULT, Q_DEFAULT);
break;
case Q_ICMP:
#endif
case Q_PIM:
- b1 = gen_proto(cstate, IPPROTO_PIM, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT);
break;
#ifndef IPPROTO_VRRP
#define IPPROTO_AH 51
#endif
case Q_AH:
- b1 = gen_proto(cstate, IPPROTO_AH, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_AH, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT);
break;
#ifndef IPPROTO_ESP
#define IPPROTO_ESP 50
#endif
case Q_ESP:
- b1 = gen_proto(cstate, IPPROTO_ESP, Q_IP, Q_DEFAULT);
- b0 = gen_proto(cstate, IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
- gen_or(b0, b1);
+ b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT);
break;
case Q_ISO:
projects / libpcap / commitdiff
