tcpdump looks broken

e9hack e9hack at gmail.com
Tue Sep 6 07:47:53 PDT 2022 

Hi,

it looks like "sll2_if_print" must be activated. It increases the size of tcpdump-mini by 64k.

diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
index ad7c3feb4e..9ba2fb3fa0 100644
--- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
+++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
@@ -850,7 +850,19 @@
   #ifdef DLT_IPV4
   	{ raw_if_print,		DLT_IPV4 },
   #endif
-@@ -243,6 +256,7 @@ static const struct printer printers[] =
+@@ -224,9 +237,11 @@ static const struct printer printers[] =
+ #ifdef DLT_LINUX_SLL
+ 	{ sll_if_print,		DLT_LINUX_SLL },
+ #endif
++#endif
+ #ifdef DLT_LINUX_SLL2
+ 	{ sll2_if_print,	DLT_LINUX_SLL2 },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_SUNATM
+ 	{ sunatm_if_print,	DLT_SUNATM },
+ #endif
+@@ -243,6 +258,7 @@ static const struct printer printers[] =
   #ifdef DLT_VSOCK
   	{ vsock_if_print,	DLT_VSOCK },
   #endif


Regards,
Hartmut

Am 05.09.2022 um 09:05 schrieb Alexandru Ardelean:
> On Fri, Sep 2, 2022 at 5:35 PM e9hack <e9hack at gmail.com> wrote:
>>
>> Hi,
>>
>> it looks like, that tcpdump (mini) is broken. It is used by adblock to generate reports.
>>
>> tcpdump -nn -p -s0 -i any port 53
>>
>> version 4.99.1
>> 16:11:26.070312 UNSUPPORTED
>>          0x0000:  0800 0000 0000 0020 0001 0306 f8e4 e37c  ...............|
> 
> Looks like some VLAN 0 in-there?
> Maybe tcpdump (mini) doesn't know VLANs?
> 
>>          0x0010:  4db3 0000 4500 0047 8910 0000 8011 6241  M...E..G......bA
>>          0x0020:  c0a8 0102 c0a8 0101 d6f9 0035 0033 f8cf  ...........5.3..
>>          0x0030:  0002 0100 0001 0000 0000 0000 0377 7777  .............www
>>          0x0040:  0568 6569 7365 0264 6508 xxxx xxxx xxxx  .heise.de.xxxxxx
>>          0x0050:  xxxx 036c 616e 0000 0100 01              xx.lan.....
>>
>> version 4.9.3
>> 16:11:47.879165 IP 192.168.1.2.57308 > 192.168.1.1.53: 2+ A? www.heise.de.xxxxxxxx.lan. (43)
>>
>> Adblock doesn't generate reports anymore.
>>
>> Regards,
>> Hartmut
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list