I have IPv6 with Next header == 0x29(41). I want to filter packets by the destination address and port of IPv6/TCP frame inside the main IPv6 frame.
tcpdump -B 1000000 -pnni any "ip6[6] == 0x29"
00:24:33.461496 IP6 xxxx > yyyy: IP6 zzzz.45388 > hhhh.443: Flags [.], ack 809205, win 2636, options [nop,nop,TS val 1395182923 ecr 142811329], length 0
00:24:33.461505 IP6 xxxx > yyyy: IP6 zzzz.45388 > hhhh.443: Flags [.], ack 809205, win 2636, options [nop,nop,TS val 1395182923 ecr 142811329], length 0
Is it possible to do this with tcpdump? I can't find any information in pcap library documentation.
The solution noted by Alexander in the notes is the best that you can do today. The problem is that you cannot reference TCP ports using the tcp macro with IPv6 under tcpdump/BPF today.
It is not necessary to base all of your offsets from the Ethernet frame header, however. You can use the IPv6 header as your starting point. Bear in mind that you could have routing, fragmentation, or other headers between the IPv6 header and the TCP header, which makes this all very challenging.
Frankly, it would be easier to write a Python (or similar) script with either Scapy or libpcap bindings to open the packet capture, filtering for IPv6, and to write the selection logic for the TCP ports at that higher level.