| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8b27b64f-1448-cc87-1e2b-c57b45e4b443@tarent.de>
Date: Fri, 1 Jul 2022 23:41:39 +0200 (CEST)
From: Thorsten Glaser <t.glaser@...ent.de>
To: netdev@...r.kernel.org
Subject: skb->protocol 0x300?!
Hi,
I’m needing to introspect packets to get the TCP/UDP port and
am writing packet parsing code (as apparently there is no easy
API to use). So far, so well, but my code starts with this…
switch (skb->protocol) {
case htons(ETH_P_IP): {
…
}
case htons(ETH_P_IPV6): {
…
}
default:
// debug log
}
… to figure out whether it’s an IP packet in the first place.
Now I’m getting 0x300 in skb->protocol for what tcpdump -X makes
me believe is a fragmented IP packet.
Why? And where is that documented? What does 0x300 there even mean?
And how can I figure out properly if a packet is IP, Legacy IP, or
something else?
Thanks,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************
Powered by blists - more mailing lists