tcpdump looks broken

e9hack e9hack at gmail.com
Thu Sep 8 04:36:49 PDT 2022 

Hi,

the size is increased by few bytes only. The 64k is between tcpdump mini 4.9.3 and 4.99.1.
The output contains two new values. Adblock must be update too to generate reports:

diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh
index 0c6efc648..0e1b5154a 100755
--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@@ -1670,7 +1670,7 @@ f_report()
  		for file in "${adb_reportdir}/adb_report.pcap"*
  		do
  			(
-				"${adb_dumpcmd}" "${resolve}" -tttt -r "${file}" 2>/dev/null | \
+				"${adb_dumpcmd}" "${resolve}" -tttt -r "${file}" 2>/dev/null | "${adb_awk}" '{ $3=$4=""; print $0 }' | \
  					"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\? ]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt $7;sub(/\*$/,"",d);
  					e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf "%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >> "${report_raw}"
  			)&


Regards,
Hartmut



Am 06.09.2022 um 16:47 schrieb e9hack:
> Hi,
> 
> it looks like "sll2_if_print" must be activated. It increases the size of tcpdump-mini by 64k.
> 
> diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
> index ad7c3feb4e..9ba2fb3fa0 100644
> --- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
> +++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
> @@ -850,7 +850,19 @@
>    #ifdef DLT_IPV4
>        { raw_if_print,        DLT_IPV4 },
>    #endif
> -@@ -243,6 +256,7 @@ static const struct printer printers[] =
> +@@ -224,9 +237,11 @@ static const struct printer printers[] =
> + #ifdef DLT_LINUX_SLL
> +     { sll_if_print,        DLT_LINUX_SLL },
> + #endif
> ++#endif
> + #ifdef DLT_LINUX_SLL2
> +     { sll2_if_print,    DLT_LINUX_SLL2 },
> + #endif
> ++#ifndef TCPDUMP_MINI
> + #ifdef DLT_SUNATM
> +     { sunatm_if_print,    DLT_SUNATM },
> + #endif
> +@@ -243,6 +258,7 @@ static const struct printer printers[] =
>    #ifdef DLT_VSOCK
>        { vsock_if_print,    DLT_VSOCK },
>    #endif
> 
> 
> Regards,
> Hartmut

More information about the openwrt-devel mailing list