Better IPv6 support for higher level protocols

[smutt]

I use pcap-filter(7) to capture TLS ClientHellos and ServerHellos. It works for both IPv4 and IPv6, but for IPv6 I cannot be as specific as I would like to be.

IPV4_TLS_CLIENTHELLOS
(tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16) and (dst port 443)

IPV4_TLS_SERVERHELLOS
tcp and src port 443 and (tcp[tcpflags] & tcp-ack = 16) and (tcp[tcpflags] & tcp-syn != 2) and
(tcp[tcpflags] & tcp-fin != 1) and (tcp[tcpflags] & tcp-rst != 1)

IPV6_TLS_CLIENTHELLOS
ip6 and tcp and dst port 443

IPV6_TLS_SERVERHELLOS
ip6 and tcp and src port 443

I would like to be more specific with my IPv6 filters so that I don't have to deal with so many extraenous packets in user space. In order to do this I believe we would need better support in pcap-filter for IPv6 higher level protocols.

I note that the man page for pcap-filter(7) has the following to say about it.
"Note that tcp, udp and other upper-layer protocol types only apply to IPv4, not IPv6 (this will be fixed in the future)."

https://www.tcpdump.org/manpages/pcap-filter.7.html

Thanks!

[infrastation]

Yes, you have identified the reason correctly. Let's close this as a duplicate of #600, which stands for the same problem and was opened much earlier.