Re: tcpdump looks broken
Hi,
the size is increased by few bytes only. The 64k is between tcpdump mini 4.9.3
and 4.99.1.
The output contains two new values. Adblock must be update too to generate
reports:
diff --git a/net/adblock/files/adblock.sh b/net/adblock/files/adblock.sh
index 0c6efc648..0e1b5154a 100755
--- a/net/adblock/files/adblock.sh
+++ b/net/adblock/files/adblock.sh
@@ -1670,7 +1670,7 @@ f_report()
for file in "${adb_reportdir}/adb_report.pcap"*
do
(
- "${adb_dumpcmd}" "${resolve}" - -r "${file}"
2>/dev/null | \
+ "${adb_dumpcmd}" "${resolve}" - -r "${file}" 2>/dev/null |
"${adb_awk}" '{ $3=$4=""; print $0 }' | \
"${adb_awk}" -v cnt="${cnt}" '!/\.lan\. |PTR\? | SOA\? /&&/ A[\?
]+|NXDomain|0\.0\.0\.0/{a=$1;b=substr($2,0,8);c=$4;sub(/\.[0-9]+$/,"",c);gsub(/[^[:alnum:]\.:-]/,"",c);d=cnt
$7;sub(/\*$/,"",d);
e=$(NF-1);sub(/[0-9]\/[0-9]\/[0-9]|0\.0\.0\.0/,"NX",e);sub(/\.$/,"",e);sub(/([0-9]{1,3}\.){3}[0-9]{1,3}/,"OK",e);gsub(/[^[:alnum:]\.-]/,"",e);if(e==""){e="err"};printf
"%s\t%s\t%s\t%s\t%s\n",d,e,a,b,c}' >> "${report_raw}"
)&
Regards,
Hartmut
Am 06.09.2022 um 16:47 schrieb e9hack:
Hi,
it looks like "sll2_if_print" must be activated. It increases the size of
tcpdump-mini by 64k.
diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
index ad7c3feb4e..9ba2fb3fa0 100644
--- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
+++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
@@ -850,7 +850,19 @@
#ifdef DLT_IPV4
{ raw_if_print, DLT_IPV4 },
#endif
-@@ -243,6 +256,7 @@ static const struct printer printers[] =
+@@ -224,9 +237,11 @@ static const struct printer printers[] =
+ #ifdef DLT_LINUX_SLL
+ { sll_if_print, DLT_LINUX_SLL },
+ #endif
++#endif
+ #ifdef DLT_LINUX_SLL2
+ { sll2_if_print, DLT_LINUX_SLL2 },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_SUNATM
+ { sunatm_if_print, DLT_SUNATM },
+ #endif
+@@ -243,6 +258,7 @@ static const struct printer printers[] =
#ifdef DLT_VSOCK
{ vsock_if_print, DLT_VSOCK },
#endif
Regards,
Hartmut
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: tcpdump looks broken
Hi,
it looks like "sll2_if_print" must be activated. It increases the size of
tcpdump-mini by 64k.
diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
index ad7c3feb4e..9ba2fb3fa0 100644
--- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
+++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
@@ -850,7 +850,19 @@
#ifdef DLT_IPV4
{ raw_if_print, DLT_IPV4 },
#endif
-@@ -243,6 +256,7 @@ static const struct printer printers[] =
+@@ -224,9 +237,11 @@ static const struct printer printers[] =
+ #ifdef DLT_LINUX_SLL
+ { sll_if_print, DLT_LINUX_SLL },
+ #endif
++#endif
+ #ifdef DLT_LINUX_SLL2
+ { sll2_if_print,DLT_LINUX_SLL2 },
+ #endif
++#ifndef TCPDUMP_MINI
+ #ifdef DLT_SUNATM
+ { sunatm_if_print, DLT_SUNATM },
+ #endif
+@@ -243,6 +258,7 @@ static const struct printer printers[] =
#ifdef DLT_VSOCK
{ vsock_if_print, DLT_VSOCK },
#endif
Regards,
Hartmut
Am 05.09.2022 um 09:05 schrieb Alexandru Ardelean:
On Fri, Sep 2, 2022 at 5:35 PM e9hack wrote:
Hi,
it looks like, that tcpdump (mini) is broken. It is used by adblock to generate
reports.
tcpdump -nn -p -s0 -i any port 53
version 4.99.1
16:11:26.070312 UNSUPPORTED
0x: 0800 0020 0001 0306 f8e4 e37c ...|
Looks like some VLAN 0 in-there?
Maybe tcpdump (mini) doesn't know VLANs?
0x0010: 4db3 4500 0047 8910 8011 6241 M...E..G..bA
0x0020: c0a8 0102 c0a8 0101 d6f9 0035 0033 f8cf ...5.3..
0x0030: 0002 0100 0001 0377 .www
0x0040: 0568 6569 7365 0264 6508 .heise.de.xx
0x0050: 036c 616e 0100 01 xx.lan.
version 4.9.3
16:11:47.879165 IP 192.168.1.2.57308 > 192.168.1.1.53: 2+ A?
www.heise.de..lan. (43)
Adblock doesn't generate reports anymore.
Regards,
Hartmut
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: tcpdump looks broken
On Fri, Sep 2, 2022 at 5:35 PM e9hack wrote: > > Hi, > > it looks like, that tcpdump (mini) is broken. It is used by adblock to > generate reports. > > tcpdump -nn -p -s0 -i any port 53 > > version 4.99.1 > 16:11:26.070312 UNSUPPORTED > 0x: 0800 0020 0001 0306 f8e4 e37c ...| Looks like some VLAN 0 in-there? Maybe tcpdump (mini) doesn't know VLANs? > 0x0010: 4db3 4500 0047 8910 8011 6241 M...E..G..bA > 0x0020: c0a8 0102 c0a8 0101 d6f9 0035 0033 f8cf ...5.3.. > 0x0030: 0002 0100 0001 0377 .www > 0x0040: 0568 6569 7365 0264 6508 .heise.de.xx > 0x0050: 036c 616e 0100 01 xx.lan. > > version 4.9.3 > 16:11:47.879165 IP 192.168.1.2.57308 > 192.168.1.1.53: 2+ A? > www.heise.de..lan. (43) > > Adblock doesn't generate reports anymore. > > Regards, > Hartmut > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
tcpdump looks broken
Hi, it looks like, that tcpdump (mini) is broken. It is used by adblock to generate reports. tcpdump -nn -p -s0 -i any port 53 version 4.99.1 16:11:26.070312 UNSUPPORTED 0x: 0800 0020 0001 0306 f8e4 e37c ...| 0x0010: 4db3 4500 0047 8910 8011 6241 M...E..G..bA 0x0020: c0a8 0102 c0a8 0101 d6f9 0035 0033 f8cf ...5.3.. 0x0030: 0002 0100 0001 0377 .www 0x0040: 0568 6569 7365 0264 6508 .heise.de.xx 0x0050: 036c 616e 0100 01 xx.lan. version 4.9.3 16:11:47.879165 IP 192.168.1.2.57308 > 192.168.1.1.53: 2+ A? www.heise.de..lan. (43) Adblock doesn't generate reports anymore. Regards, Hartmut ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
