[tcpdump-workers] Patch to add human-friendly names for some common header fields

Fri, 23 Feb 2001 14:37:51 -0800 

Attached is a patch which adds human-friendly names for some commonly-used
packet header fields.  Here is the commit message for the change as it
appears in the NetBSD source tree:

----------------------------
revision 1.12
date: 2000/12/28 22:12:07;  author: thorpej;  state: Exp;  lines: +26 -2
Add names for some ICMP and TCP protocol header offsets:
        - icmptype (offset of ICMP type field)
        - icmpcode (offset of ICMP code field)
        - tcpflags (offset of TCP flags field)
and field values:
        - icmp-echoreply, icmp-unreach, icmp-sourcequench,
          icmp-redirect, icmp-echo, icmp-routeradvert,
          icmp-routersolicit, icmp-timxceed, icmp-paramprob,
          icmp-tstamp, icmp-tstampreply, icmp-ireq, icmp-ireqreply,
          icmp-maskreq, icmp-maskreply
        - tcp-fin, tcp-syn, tcp-rst, tcp-push, tcp-ack, tcp-urg

This allows expressions like the following:

        icmp[0] = 3
        (tcp[13] & 0x02) != 0

to be written as:

        icmp[icmptype] = icmp-unreach
        (tcp[tcpflags] & tcp-syn) != 0

which is a bit more user-friendly for e.g. writing packet filter rules.
----------------------------

-- 
        -- Jason R. Thorpe <[EMAIL PROTECTED]>

Index: scanner.l
===================================================================
RCS file: /cvsroot/basesrc/lib/libpcap/scanner.l,v
retrieving revision 1.11
retrieving revision 1.12
diff -c -r1.11 -r1.12
*** scanner.l   2000/05/04 13:08:25     1.11
--- scanner.l   2000/12/28 22:12:07     1.12
***************
*** 258,263 ****
--- 258,287 ----
  #endif /*INET6*/
                        }
  {B}:+({B}:+)+         { bpf_error("bogus ethernet address %s", yytext); }
+ icmptype              { yylval.i = 0; return NUM; }
+ icmpcode              { yylval.i = 1; return NUM; }
+ icmp-echoreply                { yylval.i = 0; return NUM; }
+ icmp-unreach          { yylval.i = 3; return NUM; }
+ icmp-sourcequench     { yylval.i = 4; return NUM; }
+ icmp-redirect         { yylval.i = 5; return NUM; }
+ icmp-echo             { yylval.i = 8; return NUM; }
+ icmp-routeradvert     { yylval.i = 9; return NUM; }
+ icmp-routersolicit    { yylval.i = 10; return NUM; }
+ icmp-timxceed         { yylval.i = 11; return NUM; }
+ icmp-paramprob                { yylval.i = 12; return NUM; }
+ icmp-tstamp           { yylval.i = 13; return NUM; }
+ icmp-tstampreply      { yylval.i = 14; return NUM; }
+ icmp-ireq             { yylval.i = 15; return NUM; }
+ icmp-ireqreply                { yylval.i = 16; return NUM; }
+ icmp-maskreq          { yylval.i = 17; return NUM; }
+ icmp-maskreply                { yylval.i = 18; return NUM; }
+ tcpflags              { yylval.i = 13; return NUM; }
+ tcp-fin                       { yylval.i = 0x01; return NUM; }
+ tcp-syn                       { yylval.i = 0x02; return NUM; }
+ tcp-rst                       { yylval.i = 0x04; return NUM; }
+ tcp-push              { yylval.i = 0x08; return NUM; }
+ tcp-ack                       { yylval.i = 0x10; return NUM; }
+ tcp-urg                       { yylval.i = 0x20; return NUM; }
  [A-Za-z0-9][-_.A-Za-z0-9]*[.A-Za-z0-9] {
                         yylval.s = sdup((char *)yytext); return ID; }
  "\\"[^ !()\n\t]+      { yylval.s = sdup((char *)yytext + 1); return ID; }

PGP signature

Reply via email to