Bill Fenner

Also, an "ifindex N" filter was implemented in 014e6a0. I got foiled in implementing "ifname foo0" because of the existing implementation's tight linkage with PF - (maybe I should have...

Do you see the same behavior if you disable the optimizer? ``` --no-optimize Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in...

The bug exists in the program whether there are 8 or 9 copies, it's just that once you get to 9, you happen to get to offset 51 looking for...

I converted the tcp packet's ethertype to MPLS, and that makes it clear that the filter is even more buggy - it moves past the BOS bit on (what would...

I recommend using `ether[-4052]=100` - note that the code that libpcap uses `ldb` and your examples use `ldh`. The negative offset is simply a flag, I suspect that *any* load...

> > This makes it harder to create a corpus > You can maybe use tshark I ended up using scapy and a short python script to take the existing...

> Looks great. Can you share these scripts ? Sorry, I thought I had posted a link. https://github.com/fenner/tcpdump/tree/fuzz/fuzz I still want to move some of the build.sh to the tcpdump...

I rebased to get past the travis failure that was present in master.

Interestingly, libpcap subtracts `SLL2_HDR_LEN` from constant loads on LINUX_SLL2 sockets, so you have to use `ether[-4068:4]' to get it to install `ether[-4088:4]` in the kernel to access the ifIndex. Presumably...

I’ve also implemented the `ifindex` filter keyword at https://github.com/fenner/libpcap/tree/ifindex . Using this, `tcpdump -y linux_sll2 -i any ifindex 2 or ifindex 4 or ifindex 6` works to capture on 3...