Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

filter 'type XXX subtype YYY' does not work anymore #989

Closed
solsticedhiver opened this issue Jan 21, 2021 · 6 comments
Closed

filter 'type XXX subtype YYY' does not work anymore #989

solsticedhiver opened this issue Jan 21, 2021 · 6 comments

Comments

@solsticedhiver
Copy link

Either with tcpdump 4.99 or libpcap 1.10, a (bpf) filter of type mgt subtype probe-req gives the error:

unknown 802.11 type

Previous versions of the tool did not give such error.

As a work-around, one have to use subtype probe-req only as filter
@mcr
Copy link
Member

mcr commented Jan 22, 2021

Hmm. Clearly we need a test case for this. Ideally it would include a pcap file that contains a packet of the type that you want to match. It's probably a libpcap regression.

@solsticedhiver
Copy link
Author

libpcap bails out when running pcap_compile. I can post a working C file for this, but I thought the bug is clear enough

and for tcpdump, it is as simple as running:

# tcpdump -i wlan0mon 'type mgt subtype prob-req'
tcpdump: unknown 802.11 type

I think tcpdump does not even try to filter anything, and errors out like pcap_compile so a pcap file is not relevant.

@guyharris
Copy link
Member

  1. The bug is easy to reproduce using the filtertest test program in the testprogs directory (testprogs/filtertest IEEE802_11 type mgt subtype prob-req).
  2. Tcpdump prints that message because there's a bug in libpcap - this bug.
  3. Fix incoming.

@guyharris guyharris transferred this issue from the-tcpdump-group/tcpdump Jan 22, 2021
guyharris added a commit that referenced this issue Jan 22, 2021
@guyharris
Fix bug #989, introduced in 81d760f.
6ff5d20
@guyharris
Copy link
Member

Fixed in 6ff5d20.

guyharris added a commit that referenced this issue Jan 22, 2021
@guyharris
Fix bug #989, introduced in 81d760f.
d2d0570 
(cherry picked from commit 6ff5d20)
@guyharris guyharris changed the title filter 'type mgt subtype probe-req' does not work anymore filter 'type XXX subtype YYY' does not work anymore Jan 22, 2021
@solsticedhiver solsticedhiver mentioned this issue Mar 10, 2021
Open
@solsticedhiver solsticedhiver mentioned this issue Mar 25, 2021
Closed
@SkypLabs SkypLabs mentioned this issue Mar 20, 2022
Open
tenarchits pushed a commit to tenarchits/libpcap that referenced this issue Mar 4, 2023
@guyharris @tenarchits
Fix bug the-tcpdump-group#989, introduced in 81d760f.
e85e41a
@linxcow
Copy link

linxcow commented Apr 16, 2023
edited
Loading

  1. The bug is easy to reproduce using the filtertest test program in the testprogs directory (testprogs/filtertest IEEE802_11 type mgt subtype prob-req).

    1. Tcpdump prints that message because there's a bug in libpcap - this bug.

    2. Fix incoming.

In which release of libpcap is this fix incorporated?

@fxlb
Copy link
Member

fxlb commented Apr 16, 2023

In which release of libpcap is this fix incorporated?

libpcap 1.10.1 or later.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mcr @solsticedhiver @fxlb @guyharris @linxcow and others