Guy Harris <guy <at> alum.mit.edu> writes: > On Jul 31, 2011, at 4:26 PM, ramkumar.paranandi <at> gmail.com wrote: > > > I have smtp traffic over ipv6 tunneled in ipv4. .ip->ipv6->tcp->smtp > > How can we set bpf to filter smtp in ipv6 in ipv4 tunnel traffic? I have tried with ip protochain 0x06 it is not working. > > "ip protochain" doesn't support "shifting gears" from IPv4 to IPv6; it only supports AH. > > There is, unfortunately, currently no way to ask for the type of filtering you need - libpcap doesn't know > about IP protocol 41 (which I assume is what's being used here). Time permitting, I'll look at > implementing something.
Would something like this (untested) filter work in a pinch? (ip[9]==41) and (ip[((ip[0]&0x0f)<<2)+6]==6) and ((ip[(((ip[0]&0x0f)<<2)+16):2]==25) or (ip[(((ip[0]&0x0f)<<2)+18):2]==25)) - Chris - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
