From bawden@achilles.linearity.org  Mon Feb 11 11:55:20 2002
Return-Path: <bawden@achilles.linearity.org>
Received: from achilles.linearity.org (achilles.cs.brandeis.edu [129.64.3.120])
	by hub.freebsd.org (Postfix) with ESMTP id 5E89137B405
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Feb 2002 11:55:16 -0800 (PST)
Received: (from bawden@localhost)
	by achilles.linearity.org (8.11.3/8.11.3/Erasmus) id g1BJtDm42834;
	Mon, 11 Feb 2002 14:55:13 -0500 (EST)
	(envelope-from bawden)
Message-Id: <200202111955.g1BJtDm42834@achilles.linearity.org>
Date: Mon, 11 Feb 2002 14:55:13 -0500 (EST)
From: Alan Bawden <Alan@LCS.MIT.EDU>
Reply-To: Alan@LCS.MIT.EDU
To: FreeBSD-gnats-submit@freebsd.org
Subject: `tcpdump port echo' filters for port 4 instead of 7
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         34843
>Category:       bin
>Synopsis:       `tcpdump port echo' filters for port 4 instead of 7
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    fenner
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 11 12:00:01 PST 2002
>Closed-Date:    Sun Sep 11 16:52:06 GMT 2005
>Last-Modified:  Sun Sep 11 16:52:06 GMT 2005
>Originator:     Alan Bawden
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
ITS Preservation Society
>Environment:
System: FreeBSD achilles.linearity.org 4.3-RELEASE FreeBSD 4.3-RELEASE #3: Tue Oct 2 16:54:42 EDT 2001 bawden@achilles.linearity.org:/usr/src/sys/compile/ACHILLES i386

>Description:
	If you do:

	  tcpdump port echo

	and send some traffic to TCP or UDP port 7 on your machine, tcpdump
	won't report seeing any packets at all.

>How-To-Repeat:
	If you do `tcpdump -d port echo' and read the BPF assembly listing,
	you will see that it is looking for packets with port 4 in the
	header instead of port 7.  This is because /etc/services contains
	the line:

	  echo		  4/ddp	   #AppleTalk Echo Protocol

	and the author of pcap_nametoport() in contrib/libpcap/nametoaddr.c
	clearly never contemplated this possibility!

>Fix:
	Depends on where you think the problem is.

	Note that this is the -only- instance of this problem in
	/etc/services, so a simple fix is to declare that services with the
	same name MUST always have the same number and then fix that one
	entry.

	But perhaps you think the "ddp" protocol is entitled to call its
	own echo service by its proper name in /etc/services, in which case
	pcap_nametoport() needs to be fixed.  The easiest fix here is to
	just have it call getservbyname() twice, once with "tcp" as the
	second argument and once with "udp" as the second argument.  That
	way the "ddp" entries will be totally ignored.  (The logic of what
	you do if you find that the "tcp" port doesn't match the "udp" port
	is another matter, but the existing code is already choking on that
	problem.)

	If somebody thinks the solution I outline in the previous paragraph
	sounds like the way to go, I'd be happy to test and submit a patch.
>Release-Note:
>Audit-Trail:

From: Alan Bawden <Alan@LCS.MIT.EDU>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/34843: `tcpdump port echo' filters for port 4 instead of 7
Date: Mon, 11 Mar 2002 14:43:59 -0500 (EST)

 Here's a patch that fixes the problem.  (Assuming you think other protocols
 (e.g. "ddp") are entitled to call their own services by their own names in
 /etc/services.)  This does change the command line behavior of the tcpdump
 command, but only to the extent of improving its error checking.
 
 I've tested this on a FreeBSD 4.3 machine, but it looks like it should work
 fine in all subsequent releases.
 
 --- contrib/libpcap/nametoaddr.c.orig	Wed Jul 19 12:07:37 2000
 +++ contrib/libpcap/nametoaddr.c	Mon Mar 11 13:58:14 2002
 @@ -142,36 +142,38 @@
  pcap_nametoport(const char *name, int *port, int *proto)
  {
  	struct servent *sp;
 -	char *other;
 +	int tcp_port = -1;
 +	int udp_port = -1;
  
 -	sp = getservbyname(name, (char *)0);
 -	if (sp != NULL) {
 -		NTOHS(sp->s_port);
 -		*port = sp->s_port;
 -		*proto = pcap_nametoproto(sp->s_proto);
 -		/*
 -		 * We need to check /etc/services for ambiguous entries.
 -		 * If we find the ambiguous entry, and it has the
 -		 * same port number, change the proto to PROTO_UNDEF
 -		 * so both TCP and UDP will be checked.
 -		 */
 -		if (*proto == IPPROTO_TCP)
 -			other = "udp";
 -		else
 -			other = "tcp";
 -
 -		sp = getservbyname(name, other);
 -		if (sp != 0) {
 -			NTOHS(sp->s_port);
 +	/*
 +	 * We need to check /etc/services for ambiguous entries.
 +	 * If we find the ambiguous entry, and it has the
 +	 * same port number, change the proto to PROTO_UNDEF
 +	 * so both TCP and UDP will be checked.
 +	 */
 +	sp = getservbyname(name, "tcp");
 +	if (sp != NULL) tcp_port = ntohs(sp->s_port);
 +	sp = getservbyname(name, "udp");
 +	if (sp != NULL) udp_port = ntohs(sp->s_port);
 +	if (tcp_port >= 0) {
 +		*port = tcp_port;
 +		*proto = IPPROTO_TCP;
 +		if (udp_port >= 0) {
 +			if (udp_port == tcp_port)
 +				*proto = PROTO_UNDEF;
  #ifdef notdef
 -			if (*port != sp->s_port)
 +			else
  				/* Can't handle ambiguous names that refer
  				   to different port numbers. */
  				warning("ambiguous port %s in /etc/services",
  					name);
  #endif
 -			*proto = PROTO_UNDEF;
  		}
 +		return 1;
 +	}
 +	if (udp_port >= 0) {
 +		*port = udp_port;
 +		*proto = IPPROTO_UDP;
  		return 1;
  	}
  #if defined(ultrix) || defined(__osf__)
Responsible-Changed-From-To: freebsd-bugs->fenner 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Mon Mar 11 14:15:37 PST 2002 
Responsible-Changed-Why:  
I've assigned this PR to Bill Fenner, who's our tcpdump importer 
(and one of tcpdump's maintainers). However, it might be bette 
to report his back to the tcpdump people directly. 
(http://www.tcpdump.org should get them). 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34843 

From: Bill Fenner <fenner@research.att.com>
To: freebsd-gnats-submit@FreeBSD.org, Alan@LCS.MIT.EDU
Cc:  
Subject: Re: bin/34843: `tcpdump port echo' filters for port 4 instead of
 7
Date: Tue, 25 Feb 2003 14:13:00 -0800

 I've (quite belatedly) committed this patch to the tcpdump.org 
 repository.  The FreeBSD PR will stay open until the patch is in FreeBSD 
 (but this is the first step).
 
    Bill
 
State-Changed-From-To: open->patched 
State-Changed-By: bms 
State-Changed-When: Mon Jun 14 15:06:23 GMT 2004 
State-Changed-Why:  
Patvched in -CURRENT by last vendor branch import 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34843 
State-Changed-From-To: patched->closed 
State-Changed-By: rodrigc 
State-Changed-When: Sun Sep 11 16:50:43 GMT 2005 
State-Changed-Why:  
Patch applied. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=34843 
>Unformatted:
