On Fri, Dec 06, 2019 at 03:14:42PM +1000, David Gwynne wrote:
>
>
> > On 5 Dec 2019, at 21:14, Sebastian Benoit <[email protected]> wrote:
> >
> > Claudio Jeker([email protected]) on 2019.12.05 09:53:49 +0100:
> >> I would suggest to just pack most of the headers into one group of ().
> >>
> >> IPv4 ttl 1 [tos 0x20] 10.0.127.15 > 10.0.127.1
> >> would become
> >> IPv4 (ttl 1 tos 0x20) 10.0.127.15 > 10.0.127.1
> >> and
> >> IPv4 ttl 1 [tos 0x20] (id 39958, len 84) 10.0.127.15 > 10.0.127.1
> >> would become
> >> IPv4 (ttl 1 tos 0x20 id 39958 len 84) 10.0.127.15 > 10.0.127.1
> >>
> >> Maybe add the commas if that is easy to do.
> >
> > its more readable with commas, i think
>
> do you want me to come up with something in this space as part of the large
> diff, or is the large change generally ok and we can tinker with this stuff
> afterward?
>
> there's some concern that what i'm proposing is too radical and will break
> peoples muscle memory.
fyi, here's what stock (or apple tweaked) tcpdump looks like for a
similar set of packets:
dlg@fatmac Temp$ tcpdump -V
tcpdump: option requires an argument -- V
tcpdump version tcpdump version 4.9.2 -- Apple version 83.200.2
libpcap version 1.8.1 -- Apple version 79.250.1
LibreSSL 2.2.7
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
[ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
[ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z
postrotate-command ]
[ -g ] [ -k ] [ -o ] [ -P ] [ -Q met[ --time-zone-offset offset ]
[ -Z user ] [ expression ]
dlg@fatmac Temp$ tcpdump -nr ping.pcap
reading from file ping.pcap, link-type EN10MB (Ethernet)
16:31:18.836620 IP 10.0.127.15 > 10.0.127.1: ICMP echo request, id 46495, seq
0, length 64
16:31:18.837074 IP 10.0.127.1 > 10.0.127.15: ICMP echo reply, id 46495, seq 0,
length 64
dlg@fatmac Temp$ tcpdump -nr ping.pcap -v
reading from file ping.pcap, link-type EN10MB (Ethernet)
16:31:18.836620 IP (tos 0x20, ttl 1, id 39958, offset 0, flags [none], proto
ICMP (1), length 84)
10.0.127.15 > 10.0.127.1: ICMP echo request, id 46495, seq 0, length 64
16:31:18.837074 IP (tos 0x20, ttl 255, id 36919, offset 0, flags [none], proto
ICMP (1), length 84)
10.0.127.1 > 10.0.127.15: ICMP echo reply, id 46495, seq 0, length 64
dlg@fatmac Temp$ tcpdump -nr ipv6-udp-fragmented.pcap
reading from file ipv6-udp-fragmented.pcap, link-type EN10MB (Ethernet)
05:35:13.312348 IP6 2607:f010:3f9::11:0.6363 > 2607:f010:3f9::1001.6363: UDP,
length 118
05:35:13.549553 IP6 2607:f010:3f9::11:0.6363 > 2607:f010:3f9::1001.6363: UDP,
length 31
05:35:13.569339 IP6 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag (0|1448)
6363 > 6363: UDP, bad length 5379 > 1440
05:35:13.569345 IP6 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag (1448|1448)
05:35:13.569346 IP6 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag (2896|1448)
05:35:13.569349 IP6 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag (4344|1043)
dlg@fatmac Temp$ tcpdump -nr ipv6-udp-fragmented.pcap -v
reading from file ipv6-udp-fragmented.pcap, link-type EN10MB (Ethernet)
05:35:13.312348 IP6 (hlim 64, next-header UDP (17) payload length: 126)
2607:f010:3f9::11:0.6363 > 2607:f010:3f9::1001.6363: [udp sum ok] UDP, length
118
05:35:13.549553 IP6 (hlim 64, next-header UDP (17) payload length: 39)
2607:f010:3f9::11:0.6363 > 2607:f010:3f9::1001.6363: [udp sum ok] UDP, length 31
05:35:13.569339 IP6 (flowlabel 0x21289, hlim 64, next-header Fragment (44)
payload length: 1456) 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag
(0xf88eb466:0|1448) 6363 > 6363: UDP, bad length 5379 > 1440
05:35:13.569345 IP6 (flowlabel 0x21289, hlim 64, next-header Fragment (44)
payload length: 1456) 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag
(0xf88eb466:1448|1448)
05:35:13.569346 IP6 (flowlabel 0x21289, hlim 64, next-header Fragment (44)
payload length: 1456) 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag
(0xf88eb466:2896|1448)
05:35:13.569349 IP6 (flowlabel 0x21289, hlim 64, next-header Fragment (44)
payload length: 1051) 2607:f010:3f9::1001 > 2607:f010:3f9::11:0: frag
(0xf88eb466:4344|1043)
dlg@fatmac Temp$ tcpdump -nr udp-frag.pcap
reading from file udp-frag.pcap, link-type EN10MB (Ethernet)
20:34:42.184788 IP 10.0.127.15.20550 > 10.0.127.1.6363: UDP, bad length 6000 >
1472
20:34:42.184789 IP 10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184790 IP 10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184791 IP 10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184791 IP 10.0.127.15 > 10.0.127.1: ip-proto-17
dlg@fatmac Temp$ tcpdump -nr udp-frag.pcap -v
reading from file udp-frag.pcap, link-type EN10MB (Ethernet)
20:34:42.184788 IP (tos 0x0, ttl 64, id 44745, offset 0, flags [+], proto UDP
(17), length 1500)
10.0.127.15.20550 > 10.0.127.1.6363: UDP, bad length 6000 > 1472
20:34:42.184789 IP (tos 0x0, ttl 64, id 44745, offset 1480, flags [+], proto
UDP (17), length 1500)
10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184790 IP (tos 0x0, ttl 64, id 44745, offset 2960, flags [+], proto
UDP (17), length 1500)
10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184791 IP (tos 0x0, ttl 64, id 44745, offset 4440, flags [+], proto
UDP (17), length 1500)
10.0.127.15 > 10.0.127.1: ip-proto-17
20:34:42.184791 IP (tos 0x0, ttl 64, id 44745, offset 5920, flags [none], proto
UDP (17), length 108)
10.0.127.15 > 10.0.127.1: ip-proto-17
dlg@fatmac Temp$ tcpdump -c2 -nr gre-within-gre.pcap
reading from file gre-within-gre.pcap, link-type EN10MB (Ethernet)
07:13:44.204043 IP 72.205.54.70 > 86.106.164.150: GREv0, length 128: IP
10.10.11.2 > 10.10.13.2: GREv0, length 104: IP 10.10.25.1 > 192.168.1.2: ICMP
echo request, id 23, seq 7666, length 80
07:13:44.335000 IP 86.106.164.150 > 72.205.54.70: GREv0, length 128: IP
10.10.13.2 > 10.10.11.2: GREv0, length 104: IP 192.168.1.2 > 10.10.25.1: ICMP
echo reply, id 23, seq 7666, length 80
dlg@fatmac Temp$ tcpdump -c2 -nr gre-within-gre.pcap -v
reading from file gre-within-gre.pcap, link-type EN10MB (Ethernet)
07:13:44.204043 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto GRE
(47), length 148)
72.205.54.70 > 86.106.164.150: GREv0, Flags [none], length 128
IP (tos 0x0, ttl 254, id 10208, offset 0, flags [none], proto GRE (47),
length 124)
10.10.11.2 > 10.10.13.2: GREv0, Flags [none], length 104
IP (tos 0x0, ttl 255, id 9144, offset 0, flags [none], proto ICMP (1),
length 100)
10.10.25.1 > 192.168.1.2: ICMP echo request, id 23, seq 7666, length 80
07:13:44.335000 IP (tos 0x0, ttl 244, id 24206, offset 0, flags [none], proto
GRE (47), length 148)
86.106.164.150 > 72.205.54.70: GREv0, Flags [none], length 128
IP (tos 0x0, ttl 254, id 22814, offset 0, flags [none], proto GRE (47),
length 124)
10.10.13.2 > 10.10.11.2: GREv0, Flags [none], length 104
IP (tos 0x0, ttl 255, id 9144, offset 0, flags [none], proto ICMP (1),
length 100)
192.168.1.2 > 10.10.25.1: ICMP echo reply, id 23, seq 7666, length 80
dlg@fatmac Temp$ tcpdump -c2 -nr nsh-over-vxlan-gpe.pcap
reading from file nsh-over-vxlan-gpe.pcap, link-type EN10MB (Ethernet)
00:19:08.994912 IP 127.0.0.1.4790 > 127.0.0.1.4790: VXLAN-GPE, flags [IP], vni
16777215: NSH, flags [OC], service-path-id 0xffffff, service-index 0xff: IP
192.168.0.1.10000 > 192.168.0.2.20000: UDP, length 4
dlg@fatmac Temp$ tcpdump -c2 -nr nsh-over-vxlan-gpe.pcap -v
reading from file nsh-over-vxlan-gpe.pcap, link-type EN10MB (Ethernet)
00:19:08.994912 IP (tos 0x0, ttl 64, id 16419, offset 0, flags [DF], proto UDP
(17), length 92)
127.0.0.1.4790 > 127.0.0.1.4790: VXLAN-GPE, flags [IP], vni 16777215
NSH, flags [OC], service-path-id 0xffffff, service-index 0xff
IP (tos 0x0, ttl 255, id 54321, offset 0, flags [none], proto UDP (17),
length 32)
192.168.0.1.10000 > 192.168.0.2.20000: UDP, length 4
dlg@fatmac Temp$ tcpdump -c4 -nr vxlan.pcap
reading from file vxlan.pcap, link-type EN10MB (Ethernet)
01:20:32.675392 IP 192.168.56.11.39924 > 192.168.56.12.4789: VXLAN, flags [I]
(0x08), vni 123
ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
01:20:32.675732 IP 192.168.56.12.40908 > 192.168.56.11.4789: VXLAN, flags [I]
(0x08), vni 123
ARP, Reply 10.0.0.2 is-at 4a:7f:01:3b:a2:71, length 28
01:20:32.676047 IP 192.168.56.11.48134 > 192.168.56.12.4789: VXLAN, flags [I]
(0x08), vni 123
IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 3389, seq 1, length 64
01:20:32.676385 IP 192.168.56.12.38071 > 192.168.56.11.4789: VXLAN, flags [I]
(0x08), vni 123
IP 10.0.0.2 > 10.0.0.1: ICMP echo reply, id 3389, seq 1, length 64
dlg@fatmac Temp$ tcpdump -c4 -nr vxlan.pcap -v
reading from file vxlan.pcap, link-type EN10MB (Ethernet)
01:20:32.675392 IP (tos 0x0, ttl 64, id 55704, offset 0, flags [DF], proto UDP
(17), length 78)
192.168.56.11.39924 > 192.168.56.12.4789: VXLAN, flags [I] (0x08), vni 123
ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.2 tell 10.0.0.1,
length 28
01:20:32.675732 IP (tos 0x0, ttl 64, id 38782, offset 0, flags [DF], proto UDP
(17), length 78)
192.168.56.12.40908 > 192.168.56.11.4789: VXLAN, flags [I] (0x08), vni 123
ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.2 is-at 4a:7f:01:3b:a2:71,
length 28
01:20:32.676047 IP (tos 0x0, ttl 64, id 55705, offset 0, flags [DF], proto UDP
(17), length 134)
192.168.56.11.48134 > 192.168.56.12.4789: VXLAN, flags [I] (0x08), vni 123
IP (tos 0x0, ttl 64, id 12111, offset 0, flags [DF], proto ICMP (1), length 84)
10.0.0.1 > 10.0.0.2: ICMP echo request, id 3389, seq 1, length 64
01:20:32.676385 IP (tos 0x0, ttl 64, id 38783, offset 0, flags [DF], proto UDP
(17), length 134)
192.168.56.12.38071 > 192.168.56.11.4789: VXLAN, flags [I] (0x08), vni 123
IP (tos 0x0, ttl 64, id 36913, offset 0, flags [none], proto ICMP (1), length
84)
10.0.0.2 > 10.0.0.1: ICMP echo reply, id 3389, seq 1, length 64
