On 2018/02/07 06:08, David Gwynne wrote:
> On Tue, Feb 06, 2018 at 05:19:57PM +1000, David Gwynne wrote:
> > if you're tcpdumping on a pppoe(4)s parent, you'll see stuff like this:
> >
> > 23:43:26.780560 PPPoE-Discovery
> > code Initiation, version 1, type 1, id 0x0000, length 12
> > tag Service-Name, length 0
> > tag Host-Uniq, length 4 d\023\205\030
> > ...
> > 23:43:29.205560 PPPoE-Session
> > code Session, version 1, type 1, id 0x0011, length 12
> > LCP: Configure-Request, Magic-Number=100455513, Vendor-Ext
> >
> > the diff below changes it to:
> >
> > 23:43:26.780560 PPPoE-Discovery Initiation sid=0x0000
> > tag Service-Name
> > tag Host-Uniq=d\023\205\030
> > ...
> > 23:43:29.205560 LCP Configure-Request Id=0x01: Magic-Number=100455513
> >
> > you can see more detail with -e:
> >
> > 23:43:26.780560 cc:05:0e:88:00:00 Broadcast 8863 60: PPPoE-Discovery
> > Initiation sid=0x0000
> > tag Service-Name
> > tag Host-Uniq=d\023\205\030
> > ...
> > 23:43:29.205560 cc:05:0e:88:00:00 ca:01:0e:88:00:06 8864 60: PPPoE
> > sid=0x0011: LCP Configure-Request Id=0x01: Magic-Number=100455513
> >
> > or the useless stuff with -v:
> >
> > 23:43:26.780560 cc:05:0e:88:00:00 Broadcast 8863 60: PPPoE-Discovery
> > Initiation ver=1 type=1 sid=0x0000 len=12
> > tag Service-Name
> > tag Host-Uniq=d\023\205\030
> > ...
> > 23:43:29.205560 cc:05:0e:88:00:00 ca:01:0e:88:00:06 8864 60: PPPoE ver=1
> > type=1 code=Session sid=0x0011 len=12: LCP Configure-Request Id=0x01:
> > Magic-Number=100455513
> >
> > the printer for pppoe interfaces now uses the printer for pppoe
> > session packets. by default you'll see nothing, but can make it
> > appear with -e.
> >
> > ok?
I like all the above on PPP_ETHER interfaces, but not so keen on how it
ends up printing ethers containing pppoe frames (i.e. pppoedev interfaces).
Before:
# tcpdump -tiem1
tcpdump: listening on em1, link-type EN10MB
PPPoE-Session
code Session, version 1, type 1, id 0x006a, length 105
IP: obsdcvsweb.cs.toronto.edu.https > symphytum.spacehopper.org.44230:
P 3370:3421(51) ack 290 win 271 <nop,nop,timestamp 3269252938 1756987829> (DF)
PPPoE-Session
code Session, version 1, type 1, id 0x006a, length 54
IP: symphytum.spacehopper.org.44230 > obsdcvsweb.cs.toronto.edu.https:
F 290:290(0) ack 3421 win 256 <nop,nop,timestamp 1756987829 3269252938> (DF)
Ugly but it's clear that these are encap'd packets.
# ./tcpdump.dlg -tiem1
tcpdump: listening on em1, link-type EN10MB
lhr35s03-in-f14.1e100.net.https > symphytum.spacehopper.org.46272: P
179:345(166) ack 1 win 811 <nop,nop,timestamp 698321545 4269509345>
lhr35s03-in-f14.1e100.net.https > symphytum.spacehopper.org.46272: P
345:417(72) ack 1 win 811 <nop,nop,timestamp 698321545 4269509345>
So with your diff you need -e to tell that these aren't normal ether:
# ./tcpdump.dlg -tiem1 -e
tcpdump: listening on em1, link-type EN10MB
10:e8:78:a7:e6:67 00:0d:b9:41:7e:49 8864 249: PPPoE sid=0x006a: IP
lhr35s03-in-f14.1e100.net.https > symphytum.spacehopper.org.46272: P
239:414(175) ack 1 win 811 <nop,nop,timestamp 698350405 4269509400>
10:e8:78:a7:e6:67 00:0d:b9:41:7e:49 8864 170: PPPoE sid=0x006a: IP
lhr35s03-in-f14.1e100.net.https > symphytum.spacehopper.org.46272: P
414:510(96) ack 1 win 811 <nop,nop,timestamp 698350406 4269509400>
Here's a diff on top of yours, it's not particularly elegant but makes
it work more how I'd expect - print "PPPoE sid=..." by default when it's
an ethernet interface, but skip on a pppoe interface unless -e is used.
# ./tcpdump.sthen -tiem1
tcpdump: listening on em1, link-type EN10MB
PPPoE sid=0x006a: natted.lan.spacehopper.org.53734 >
ctr-ams04.atlas.ripe.net.https: . 6840:8188(1348) ack 53 win 32044
<nop,nop,timestamp 1575627758 477558059> (DF) [tos 0x10]
PPPoE sid=0x006a: natted.lan.spacehopper.org.53734 >
ctr-ams04.atlas.ripe.net.https: . 8188:9536(1348) ack 53 win 32044
<nop,nop,timestamp 1575627758 477558059> (DF) [tos 0x10]
--- interface.h.dlg Wed Feb 7 00:33:06 2018
+++ interface.h Wed Feb 7 00:32:02 2018
@@ -183,7 +183,7 @@ extern int ether_encap_print(u_short, const u_char *,
extern int llc_print(const u_char *, u_int, u_int, const u_char *,
const u_char *);
extern void pppoe_disc_print(const u_char *, u_int, u_int);
-extern void pppoe_print(const u_char *, u_int, u_int);
+extern void pppoe_print(const u_char *, u_int, u_int, u_int);
extern void aarp_print(const u_char *, u_int);
extern void arp_print(const u_char *, u_int, u_int);
extern void atalk_print(const u_char *, u_int);
--- print-ether.c.dlg Wed Feb 7 00:31:24 2018
+++ print-ether.c Wed Feb 7 00:31:45 2018
@@ -252,7 +252,7 @@ recurse:
pppoe_disc_print(p, length, caplen);
return (1);
case ETHERTYPE_PPPOE:
- pppoe_print(p, length, caplen);
+ pppoe_print(p, length, caplen, 1);
return (1);
#endif
--- print-ppp.c.dlg Wed Feb 7 00:28:59 2018
+++ print-ppp.c Wed Feb 7 00:31:14 2018
@@ -1179,7 +1179,7 @@ ppp_ether_if_print(u_char *user, const struct pcap_pkt
ts_print(&h->ts);
- pppoe_print(p, length, l);
+ pppoe_print(p, length, l, 0);
if (xflag)
default_print(p, l);
@@ -1338,12 +1338,12 @@ trunc:
}
void
-pppoe_print(const u_char *p, u_int length, u_int l)
+pppoe_print(const u_char *p, u_int length, u_int l, u_int ether)
{
struct pppoe_header ph;
uint8_t ver, type;
- if (eflag)
+ if (ether || eflag)
printf("PPPoE ");
if (pppoe_header_read(&ph, p, l) == -1)
@@ -1365,7 +1365,7 @@ pppoe_print(const u_char *p, u_int length, u_int l)
return;
}
- if (eflag) {
+ if (ether || eflag) {
if (vflag)
printf("ver=%u type=%u code=Session ", ver, type);
printf("sid=0x%04x", ph.sessionid);
