From anderson@hawaii.conterra.com  Sun Nov 24 19:10:40 1996
Received: from hawaii.conterra.com (hawaii.conterra.com [206.30.180.3])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA00115
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 24 Nov 1996 19:10:37 -0800 (PST)
Received: (from root@localhost) by hawaii.conterra.com (8.7.5/8.6.9) id WAA19362; Sun, 24 Nov 1996 22:07:58 -0500 (EST)
Message-Id: <199611250307.WAA19362@hawaii.conterra.com>
Date: Sun, 24 Nov 1996 22:07:58 -0500 (EST)
From: anderson@conterra.com
Reply-To: anderson@conterra.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: tcpdump improvement/bug
X-Send-Pr-Version: 3.2

>Number:         2095
>Category:       bin
>Synopsis:       tcpdump doesn't display ip-in-ip correctly
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Nov 24 19:20:07 PST 1996
>Closed-Date:    Mon Nov 25 19:46:34 PST 1996
>Last-Modified:  Mon Nov 25 19:50:12 PST 1996
>Originator:     Stuart Anderson
>Release:        FreeBSD 2.1-STABLE i386
>Organization:
Conterra Communications
>Environment:

	ISP server debugging MBONE traffic

>Description:

	tcpdump doesn't match the ip-in-ip protocol used by MBONE traffic.
	in.h defines IPPROTO_ENCAP as 98, while IPPROTO_IPIP (4) is actually
	used by mrouted. tcpdump is checking for IPPROTO_ENCAP so it doesn't
	match the IPPROTO_IPIP which is used.


>How-To-Repeat:

	Just use tcpdump to monitor mbone traffic.

>Fix:

*** print-ip.c.orig	Sun Nov 24 21:59:39 1996
--- print-ip.c	Sun Nov 24 21:57:18 1996
***************
*** 389,394 ****
--- 389,395 ----
  #define IPPROTO_ENCAP 4
  #endif
  		case IPPROTO_ENCAP:
+ 		case IPPROTO_IPIP:
  			/* ip-in-ip encapsulation */
  			if (vflag)
  				(void)printf("%s > %s: ",
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: fenner 
State-Changed-When: Mon Nov 25 19:46:34 PST 1996 
State-Changed-Why:  
Different solution applied in print-ip.c rev 1.4 . 
(The code in tcpdump will *not* dump proto 98 packets 
as defined by RFC1241, it should only ever be called 
for proto 4) 
>Unformatted:
