From nobody@FreeBSD.org  Fri Nov  6 23:35:50 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 93BFD106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Nov 2009 23:35:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 82D898FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  6 Nov 2009 23:35:50 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id nA6NZopX073704
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 6 Nov 2009 23:35:50 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id nA6NZnWn073703;
	Fri, 6 Nov 2009 23:35:49 GMT
	(envelope-from nobody)
Message-Id: <200911062335.nA6NZnWn073703@www.freebsd.org>
Date: Fri, 6 Nov 2009 23:35:49 GMT
From: Alan Amesbury <amesbury@umn.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] libpcap's parser doesn't recognize newer TCP flags
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         140349
>Category:       kern
>Synopsis:       [libpcap] [patch] libpcap's parser doesn't recognize newer TCP flags
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    hiren
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 06 23:40:04 UTC 2009
>Closed-Date:    
>Last-Modified:  Thu May 16 05:20:00 UTC 2013
>Originator:     Alan Amesbury
>Release:        FreeBSD 7.2-RELEASE-p4/amd64
>Organization:
University of Minnesota
>Environment:
FreeBSD turbo.oitsec.umn.edu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Wed Oct 21 19:28:10 CDT 2009     root@turbo.oitsec.umn.edu:/usr/obj/usr/src/sys/OITSEC-7-A  amd64
>Description:
tcpdump(1) lists some human-recognizable symbols that can be used to construct filters based on TCP flags.  These include symbols for flags like SYN ("tcp-syn"), URGent ("tcp-urg"), etc., but not the more recently created ECE and CWR flags used for some types of congestion control.  This appears to be an omission in libpcap, and the attached patch to scanner.l adds the missing functionality.
>How-To-Repeat:
Run 'tcpdump' with an appropriate argument, e.g.:

# tcpdump 'tcp[tcpflags] & ( tcp-cwr | tcp-syn ) != 0'
>Fix:
Apply the attached patch to ${SOURCE}.

Patch attached with submission follows:

--- contrib/libpcap/scanner.l.orig	2009-11-06 16:58:52.000000000 -0600
+++ contrib/libpcap/scanner.l	2009-11-06 17:00:01.000000000 -0600
@@ -353,6 +353,8 @@
 tcp-push		{ yylval.i = 0x08; return NUM; }
 tcp-ack			{ yylval.i = 0x10; return NUM; }
 tcp-urg			{ yylval.i = 0x20; return NUM; }
+tcp-ece			{ yylval.i = 0x40; return NUM; }
+tcp-cwr			{ yylval.i = 0x80; return NUM; }
 [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
 			 yylval.s = sdup((char *)yytext); return ID; }
 "\\"[^ !()\n\t]+	{ yylval.s = sdup((char *)yytext + 1); return ID; }


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->hiren 
Responsible-Changed-By: hiren 
Responsible-Changed-When: Tue May 14 19:28:17 UTC 2013 
Responsible-Changed-Why:  
Grab 

http://www.freebsd.org/cgi/query-pr.cgi?pr=140349 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/140349: commit references a PR
Date: Thu, 16 May 2013 05:17:11 +0000 (UTC)

 Author: hiren
 Date: Thu May 16 05:16:56 2013
 New Revision: 250693
 URL: http://svnweb.freebsd.org/changeset/base/250693
 
 Log:
   Add tcp header flags ECE and CWR defined in RFC 3168.
   
   PR:	140349
   Submitted by:	Alan Amesbury <amesbury@umn.edu> (earlier version)
   Reviewed by:	delphij
   Approved by:	sbruno (mentor)
 
 Modified:
   head/contrib/libpcap/pcap-filter.manmisc
   head/contrib/libpcap/pcap-filter.manmisc.in
   head/contrib/libpcap/scanner.l
 
 Modified: head/contrib/libpcap/pcap-filter.manmisc
 ==============================================================================
 --- head/contrib/libpcap/pcap-filter.manmisc	Thu May 16 03:51:00 2013	(r250692)
 +++ head/contrib/libpcap/pcap-filter.manmisc	Thu May 16 05:16:56 2013	(r250693)
 @@ -783,7 +783,8 @@ The following ICMP type field values are
  
  The following TCP flags field values are available: \fBtcp-fin\fP,
  \fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP,
 -\fBtcp-ack\fP, \fBtcp-urg\fP.
 +\fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP,
 +\fBtcp-cwr\fP.
  .LP
  Primitives may be combined using:
  .IP
 
 Modified: head/contrib/libpcap/pcap-filter.manmisc.in
 ==============================================================================
 --- head/contrib/libpcap/pcap-filter.manmisc.in	Thu May 16 03:51:00 2013	(r250692)
 +++ head/contrib/libpcap/pcap-filter.manmisc.in	Thu May 16 05:16:56 2013	(r250693)
 @@ -783,7 +783,8 @@ The following ICMP type field values are
  
  The following TCP flags field values are available: \fBtcp-fin\fP,
  \fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP,
 -\fBtcp-ack\fP, \fBtcp-urg\fP.
 +\fBtcp-ack\fP, \fBtcp-urg\fP, \fBtcp-ece\fP,
 +\fBtcp-cwr\fP.
  .LP
  Primitives may be combined using:
  .IP
 
 Modified: head/contrib/libpcap/scanner.l
 ==============================================================================
 --- head/contrib/libpcap/scanner.l	Thu May 16 03:51:00 2013	(r250692)
 +++ head/contrib/libpcap/scanner.l	Thu May 16 05:16:56 2013	(r250693)
 @@ -385,6 +385,8 @@ tcp-rst			{ yylval.i = 0x04; return NUM;
  tcp-push		{ yylval.i = 0x08; return NUM; }
  tcp-ack			{ yylval.i = 0x10; return NUM; }
  tcp-urg			{ yylval.i = 0x20; return NUM; }
 +tcp-ece			{ yylval.i = 0x40; return NUM; }
 +tcp-cwr			{ yylval.i = 0x80; return NUM; }
  [A-Za-z0-9]([-_.A-Za-z0-9]*[.A-Za-z0-9])? {
  			 yylval.s = sdup((char *)yytext); return ID; }
  "\\"[^ !()\n\t]+	{ yylval.s = sdup((char *)yytext + 1); return ID; }
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
