Permalink
Browse files

Assorted header changes.

Remove some stuff from <pcap/bpf.h> that code should, if it really needs
it, get from the system BPF header file or elsewhere.  Fix sf-pcap.c to
do that - the fallback buffer size if the snapshot length is bogus
shouldn't be based on the BPF buffer size.

Use Packet_WORDALIGN() in pcap-win32.c, as that's what the code that
puts the packet in the buffers uses.

Indicate why we don't move the pcap/bpf.h stuff into pcap/pcap.h.

Don't use BPF_MAJOR_VERSION to protect against collision with
<net/bpf.h>, as that causes problems on Linux with programs that include
<linux/filter.h>, either directly or indirectly, before including
pcap.h.
  • Loading branch information...
1 parent 028204e commit e303edcbd69c6a7329b1c05b29148231aa6a6648 @guyharris guyharris committed Jan 12, 2011
Showing with 32 additions and 30 deletions.
  1. +1 −1 pcap-win32.c
  2. +24 −26 pcap/bpf.h
  3. +1 −1 pcap/pcap.h
  4. +6 −2 sf-pcap.c
View
2 pcap-win32.c
@@ -237,7 +237,7 @@ pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
* XXX A bpf_hdr matches a pcap_pkthdr.
*/
(*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen);
- bp += BPF_WORDALIGN(caplen + hdrlen);
+ bp += Packet_WORDALIGN(caplen + hdrlen);
if (++n >= cnt && cnt > 0) {
p->bp = bp;
p->cc = ep - bp;
View
50 pcap/bpf.h
@@ -48,10 +48,28 @@
* "pcap-bpf.c" will include the native OS version, as it deals with
* the OS's BPF implementation.
*
- * XXX - should this all just be moved to "pcap.h"?
+ * At least two programs found by Google Code Search explicitly includes
+ * <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you),
+ * so moving that stuff to <pcap/pcap.h> would break the build for some
+ * programs.
*/
-#ifndef BPF_MAJOR_VERSION
+/*
+ * If we've already included <net/bpf.h>, don't re-define this stuff.
+ * We assume BSD-style multiple-include protection in <net/bpf.h>,
+ * which is true of all but the oldest versions of FreeBSD and NetBSD,
+ * or Tru64 UNIX-style multiple-include protection (or, at least,
+ * Tru64 UNIX 5.x-style; I don't have earlier versions available to check).
+ *
+ * We do not check for BPF_MAJOR_VERSION, as that's defined by
+ * <linux/filter.h>, which is directly or indirectly included in some
+ * programs that also include pcap.h, and <linux/filter.h> doesn't
+ * define stuff we need.
+ *
+ * This also provides our own multiple-include protection.
+ */
+#if !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(lib_pcap_bpf_h)
+#define lib_pcap_bpf_h
#ifdef __cplusplus
extern "C" {
@@ -70,7 +88,9 @@ typedef u_int bpf_u_int32;
/*
* Alignment macros. BPF_WORDALIGN rounds up to the next
- * even multiple of BPF_ALIGNMENT.
+ * even multiple of BPF_ALIGNMENT.
+ *
+ * Tcpdump's print-pflog.c uses this, so we define it here.
*/
#ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32)
@@ -79,9 +99,6 @@ typedef u_int bpf_u_int32;
#endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))
-#define BPF_MAXBUFSIZE 0x8000
-#define BPF_MINBUFSIZE 32
-
/*
* Structure for "pcap_compile()", "pcap_setfilter()", etc..
*/
@@ -91,25 +108,6 @@ struct bpf_program {
};
/*
- * Struct return by BIOCVERSION. This represents the version number of
- * the filter language described by the instruction encodings below.
- * bpf understands a program iff kernel_major == filter_major &&
- * kernel_minor >= filter_minor, that is, if the value returned by the
- * running kernel has the same major number and a minor number equal
- * equal to or less than the filter being downloaded. Otherwise, the
- * results are undefined, meaning an error may be returned or packets
- * may be accepted haphazardly.
- * It has nothing to do with the source code version.
- */
-struct bpf_version {
- u_short bv_major;
- u_short bv_minor;
-};
-/* Current version number of filter architecture. */
-#define BPF_MAJOR_VERSION 1
-#define BPF_MINOR_VERSION 1
-
-/*
* Data-link level type codes.
*
* Do *NOT* add new values to this list without asking
@@ -1096,4 +1094,4 @@ extern u_int bpf_filter();
}
#endif
-#endif
+#endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(lib_pcap_bpf_h) */
View
2 pcap/pcap.h
@@ -451,4 +451,4 @@ int pcap_get_selectable_fd(pcap_t *);
}
#endif
-#endif
+#endif /* lib_pcap_pcap_h */
View
8 sf-pcap.c
@@ -271,8 +271,12 @@ pcap_check_header(pcap_t *p, bpf_u_int32 magic, FILE *fp, char *errbuf)
* Allocate a buffer for the packet data.
*/
p->bufsize = p->snapshot;
- if (p->bufsize <= 0)
- p->bufsize = BPF_MAXBUFSIZE;
+ if (p->bufsize <= 0) {
+ /*
+ * Bogus snapshot length; use 64KiB as a fallback.
+ */
+ p->bufsize = 65536;
+ }
p->buffer = malloc(p->bufsize);
if (p->buffer == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "out of memory");

0 comments on commit e303edc

Please sign in to comment.