You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Used alone, with optimizations on, (wlan[0] & 0xfc) == 0x40 and subtype probe-req produce the same bytecode. However if I examine the radiotap header via bpf different bytecode is generated. Please see samples below:
tcpdump version 4.99.4
libpcap version 1.10.4 (with TPACKET_V3)
OpenSSL 1.1.1t 7 Feb 2023
# tcpdump -d -y IEEE802_11_RADIO 'subtype probe-req'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'type mgt subtype probe-req'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and subtype probe-req'
# d459e763c9ae84f2b833b68c446a4081713552b0088ec21dbb65c3cae7eb5fa0
(000) ldb [16]
(001) jset #0x40 jt 6 jf 2
(002) ldb [0]
(003) and #0xfc
(004) jeq #0x40 jt 5 jf 6
(005) ret #262144
(006) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and type mgt subtype probe-req'
# d459e763c9ae84f2b833b68c446a4081713552b0088ec21dbb65c3cae7eb5fa0
(000) ldb [16]
(001) jset #0x40 jt 6 jf 2
(002) ldb [0]
(003) and #0xfc
(004) jeq #0x40 jt 5 jf 6
(005) ret #262144
(006) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and (wlan[0] & 0xfc) == 0x40'
# e1bd174a8c279e51d38e91fa3ad29f75900b84fed22c3c7fa969ca2fc2cae543
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[5]
(006) ldb [16]
(007) jset #0x40 jt 13 jf 8
(008) ldx M[5]
(009) ldb [x + 0]
(010) and #0xfc
(011) jeq #0x40 jt 12 jf 13
(012) ret #262144
(013) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'subtype probe-req and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'type mgt subtype probe-req and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40 and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'subtype probe-req'
# bff9f3ac881e404b3b2723610a6a809d578156aad9a1489adc692331cc2e2d7a
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 12
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'type mgt subtype probe-req'
# bff9f3ac881e404b3b2723610a6a809d578156aad9a1489adc692331cc2e2d7a
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 12
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40'
# 266fa82cc6260f4a08e5c389dde4b40d0dc9dd741ee4dd590c0db5c56eec8055
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[2]
(006) tax
(007) ld #0x0
(008) st M[0]
(009) ldx M[2]
(010) ld M[0]
(011) add x
(012) tax
(013) ldb [x + 0]
(014) st M[1]
(015) ld #0xfc
(016) st M[3]
(017) ldx M[3]
(018) ld M[1]
(019) and x
(020) st M[3]
(021) ld #0x40
(022) st M[4]
(023) ldx M[4]
(024) ld M[3]
(025) sub x
(026) jeq #0x0 jt 27 jf 28
(027) ret #262144
(028) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and subtype probe-req'
# 5663cbe6858797aa85a1962c1e99907bdfbac2e8477fa46e2e896080a3857dca
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[3]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 29
(024) ldx M[3]
(025) ldb [x + 0]
(026) and #0xfc
(027) jeq #0x40 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and type mgt subtype probe-req'
# 5663cbe6858797aa85a1962c1e99907bdfbac2e8477fa46e2e896080a3857dca
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[3]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 29
(024) ldx M[3]
(025) ldb [x + 0]
(026) and #0xfc
(027) jeq #0x40 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and (wlan[0] & 0xfc) == 0x40'
# 9f7a0c3d0457a1c19eba6f4b74404f13368f873ca771ecda907a5f26a6af72f8
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[5]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 45
(024) ld #0x0
(025) st M[3]
(026) ldx M[5]
(027) ld M[3]
(028) add x
(029) tax
(030) ldb [x + 0]
(031) st M[4]
(032) ld #0xfc
(033) st M[6]
(034) ldx M[6]
(035) ld M[4]
(036) and x
(037) st M[6]
(038) ld #0x40
(039) st M[7]
(040) ldx M[7]
(041) ld M[6]
(042) sub x
(043) jeq #0x0 jt 44 jf 45
(044) ret #262144
(045) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'subtype probe-req and (radio[16] & 0x40) == 0'
# cb22cf48f5315b1bb7a25debbc9ca3faead89f44640129cee2fda9ddafac3dcd
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 29
(011) ld #0x10
(012) st M[1]
(013) ldx M[1]
(014) ldb [x + 0]
(015) st M[2]
(016) ld #0x40
(017) st M[3]
(018) ldx M[3]
(019) ld M[2]
(020) and x
(021) st M[3]
(022) ld #0x0
(023) st M[4]
(024) ldx M[4]
(025) ld M[3]
(026) sub x
(027) jeq #0x0 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'type mgt subtype probe-req and (radio[16] & 0x40) == 0'
# cb22cf48f5315b1bb7a25debbc9ca3faead89f44640129cee2fda9ddafac3dcd
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 29
(011) ld #0x10
(012) st M[1]
(013) ldx M[1]
(014) ldb [x + 0]
(015) st M[2]
(016) ld #0x40
(017) st M[3]
(018) ldx M[3]
(019) ld M[2]
(020) and x
(021) st M[3]
(022) ld #0x0
(023) st M[4]
(024) ldx M[4]
(025) ld M[3]
(026) sub x
(027) jeq #0x0 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40 and (radio[16] & 0x40) == 0'
# b90d61fe8476f958050f069afb085797b1758ad13c5359418dab69b2dd442549
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[2]
(006) tax
(007) ld #0x0
(008) st M[0]
(009) ldx M[2]
(010) ld M[0]
(011) add x
(012) tax
(013) ldb [x + 0]
(014) st M[1]
(015) ld #0xfc
(016) st M[3]
(017) ldx M[3]
(018) ld M[1]
(019) and x
(020) st M[3]
(021) ld #0x40
(022) st M[4]
(023) ldx M[4]
(024) ld M[3]
(025) sub x
(026) jeq #0x0 jt 27 jf 45
(027) ld #0x10
(028) st M[4]
(029) ldx M[4]
(030) ldb [x + 0]
(031) st M[5]
(032) ld #0x40
(033) st M[6]
(034) ldx M[6]
(035) ld M[5]
(036) and x
(037) st M[6]
(038) ld #0x0
(039) st M[7]
(040) ldx M[7]
(041) ld M[6]
(042) sub x
(043) jeq #0x0 jt 44 jf 45
(044) ret #262144
(045) ret #0
I don't think this is an optimizer bug.
The text was updated successfully, but these errors were encountered:
I have problems filtering for probe request frames with:
sudo tcpdump -i wlp3s0 subtype probe-req
I do not receive any frames with this configuration and filter.
On other systems where I can disable the BPF_JIT with echo 0 > /proc/sys/net/core/bpf_jit_enable I can receive probe request frames.
I filed a bug in the ArchLinux bug tracker (https://bugs.archlinux.org/task/79573) but they directed me here. To me it seems that in my case the JIT does something wrong but I don't know what exactly.
@booo That seems like a kernel bug rather than a libpcap bug, and your problem appears to be unrelated to this issue, which is specifically about the BPF code libpcap generates for some specific filter expressions.
Used alone, with optimizations on,
(wlan[0] & 0xfc) == 0x40
andsubtype probe-req
produce the same bytecode. However if I examine the radiotap header via bpf different bytecode is generated. Please see samples below:I don't think this is an optimizer bug.
The text was updated successfully, but these errors were encountered: