Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Patch] Add fragment summary info #212

Open
guyharris opened this issue Apr 16, 2013 · 2 comments
Open

[Patch] Add fragment summary info #212

guyharris opened this issue Apr 16, 2013 · 2 comments
Labels
feature request found in 3.9 w/patch

Comments

@guyharris
Copy link
Member

Converted from SourceForge issue 1257271, submitted by rayharris

This patch adds the fragment summary information to the
end of fragmented packets and adds DF and rsvd flag
information to the end of all packets. An example would be:

(frag 1282:1126@1480+) (DF, RES)

This information is suppressed by the -q flag.

The college I teach at has tcpdump labs based on this
information being present. We just switched to Fedora
Core 4 and noticed this info was now missing from
tcpdump output. It was easier to patch tcpdump than to
rewrite the labs.

Ray
@guyharris
Copy link
Member Author

Submitted by guy_harris

Logged In: YES
user_id=541179

See the thread starting at

http://www.tcpdump.org/lists/workers/2003/04/msg00334.html

for the discussion that led up to the change. You might want to raise this issue
on tcpdump-workers.

@infrastation
Copy link
Member

The suggested change:

*** tcpdump-3.9.3/print-ip.c    2005-08-11 22:41:36.000000000 -0400
--- tcpdump-3.9.3-frag/print-ip.c   2005-08-11 23:17:22.000000000 -0400
***************
*** 347,353 ****
--- 347,355 ----
  #ifndef IP_DF
  #define IP_DF 0x4000
  #endif /* IP_DF */
+ #ifndef IP_RES
  #define IP_RES 0x8000
+ #endif /* IP_RES */

  static struct tok ip_frag_values[] = {
          { IP_MF,        "+" },
***************
*** 689,694 ****
--- 691,726 ----
            (void)printf(" ip-proto-%d", ipds->ip->ip_p);
        } 
    }
+ 
+         /*
+          * For fragmented datagrams, print id:size@offset. On all
+          * but the last fragment add a "+".
+          */
+ 
+   if (qflag) return; /* if quiet, don't print frag info */
+ 
+         if(ipds->off & 0x3fff) { /* MF is set or offset is non-zero */
+             (void)printf(" (frag %u:%u@%d",
+                 EXTRACT_16BITS(&ipds->ip->ip_id),
+                 EXTRACT_16BITS(&ipds->ip->ip_len),
+                 (ipds->off & 0x1fff) * 8);
+             if(ipds->off & IP_MF) { /* MF flag is set */
+                 (void)printf("+");
+             }
+             (void)printf(")");
+         }
+ 
+   /* For all packets, note if the DF or rsvd flag is set */
+ 
+         if(ipds->off & (IP_DF | IP_RES) == (IP_DF | IP_RES) ) {
+             /* rsvd and DF flag is set */
+             (void)printf(" (DF, RES)");
+         } else if(ipds->off & IP_DF) { /* DF flag is set */
+             (void)printf(" (DF)");
+         } else if(ipds->off * IP_RES) { /* rsvd flag is set */
+             (void)printf(" (RES)");
+         }
+ 
  }

  void

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request found in 3.9 w/patch
Milestone
No milestone
Development

No branches or pull requests
2 participants
@infrastation @guyharris