Skip to content

Commit

Permalink
Assorted header changes.
Browse files Browse the repository at this point in the history 
Remove some stuff from <pcap/bpf.h> that code should, if it really needs
it, get from the system BPF header file or elsewhere.  Fix sf-pcap.c to
do that - the fallback buffer size if the snapshot length is bogus
shouldn't be based on the BPF buffer size.

Use Packet_WORDALIGN() in pcap-win32.c, as that's what the code that
puts the packet in the buffers uses.

Indicate why we don't move the pcap/bpf.h stuff into pcap/pcap.h.

Don't use BPF_MAJOR_VERSION to protect against collision with
<net/bpf.h>, as that causes problems on Linux with programs that include
<linux/filter.h>, either directly or indirectly, before including
pcap.h.
  • Loading branch information
@guyharris
guyharris committed Jan 12, 2011
1 parent 028204e commit e303edc
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 30 deletions.
2 changes: 1 addition & 1 deletion pcap-win32.c
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ pcap_read_win32_npf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
* XXX A bpf_hdr matches a pcap_pkthdr. * XXX A bpf_hdr matches a pcap_pkthdr.
*/ */
(*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen); (*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen);
bp += BPF_WORDALIGN(caplen + hdrlen); bp += Packet_WORDALIGN(caplen + hdrlen);
if (++n >= cnt && cnt > 0) { if (++n >= cnt && cnt > 0) {
p->bp = bp; p->bp = bp;
p->cc = ep - bp; p->cc = ep - bp;
Expand Down
50 changes: 24 additions & 26 deletions pcap/bpf.h
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -48,10 +48,28 @@
* "pcap-bpf.c" will include the native OS version, as it deals with * "pcap-bpf.c" will include the native OS version, as it deals with
* the OS's BPF implementation. * the OS's BPF implementation.
* *
* XXX - should this all just be moved to "pcap.h"? * At least two programs found by Google Code Search explicitly includes
* <pcap/bpf.h> (even though <pcap.h>/<pcap/pcap.h> includes it for you),
* so moving that stuff to <pcap/pcap.h> would break the build for some
* programs.
*/ */


#ifndef BPF_MAJOR_VERSION /*
* If we've already included <net/bpf.h>, don't re-define this stuff.
* We assume BSD-style multiple-include protection in <net/bpf.h>,
* which is true of all but the oldest versions of FreeBSD and NetBSD,
* or Tru64 UNIX-style multiple-include protection (or, at least,
* Tru64 UNIX 5.x-style; I don't have earlier versions available to check).
*
* We do not check for BPF_MAJOR_VERSION, as that's defined by
* <linux/filter.h>, which is directly or indirectly included in some
* programs that also include pcap.h, and <linux/filter.h> doesn't
* define stuff we need.
*
* This also provides our own multiple-include protection.
*/
#if !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(lib_pcap_bpf_h)
#define lib_pcap_bpf_h


#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
Expand All @@ -70,7 +88,9 @@ typedef u_int bpf_u_int32;


/* /*
* Alignment macros. BPF_WORDALIGN rounds up to the next * Alignment macros. BPF_WORDALIGN rounds up to the next
* even multiple of BPF_ALIGNMENT. * even multiple of BPF_ALIGNMENT.
*
* Tcpdump's print-pflog.c uses this, so we define it here.
*/ */
#ifndef __NetBSD__ #ifndef __NetBSD__
#define BPF_ALIGNMENT sizeof(bpf_int32) #define BPF_ALIGNMENT sizeof(bpf_int32)
Expand All @@ -79,9 +99,6 @@ typedef u_int bpf_u_int32;
#endif #endif
#define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1))


#define BPF_MAXBUFSIZE 0x8000
#define BPF_MINBUFSIZE 32

/* /*
* Structure for "pcap_compile()", "pcap_setfilter()", etc.. * Structure for "pcap_compile()", "pcap_setfilter()", etc..
*/ */
Expand All @@ -90,25 +107,6 @@ struct bpf_program {
struct bpf_insn *bf_insns; struct bpf_insn *bf_insns;
}; };


/*
* Struct return by BIOCVERSION. This represents the version number of
* the filter language described by the instruction encodings below.
* bpf understands a program iff kernel_major == filter_major &&
* kernel_minor >= filter_minor, that is, if the value returned by the
* running kernel has the same major number and a minor number equal
* equal to or less than the filter being downloaded. Otherwise, the
* results are undefined, meaning an error may be returned or packets
* may be accepted haphazardly.
* It has nothing to do with the source code version.
*/
struct bpf_version {
u_short bv_major;
u_short bv_minor;
};
/* Current version number of filter architecture. */
#define BPF_MAJOR_VERSION 1
#define BPF_MINOR_VERSION 1

/* /*
* Data-link level type codes. * Data-link level type codes.
* *
Expand Down Expand Up @@ -1096,4 +1094,4 @@ extern u_int bpf_filter();
} }
#endif #endif


#endif #endif /* !defined(_NET_BPF_H_) && !defined(_BPF_H_) && !defined(lib_pcap_bpf_h) */
2 changes: 1 addition & 1 deletion pcap/pcap.h
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -451,4 +451,4 @@ int pcap_get_selectable_fd(pcap_t *);
} }
#endif #endif


#endif #endif /* lib_pcap_pcap_h */
8 changes: 6 additions & 2 deletions sf-pcap.c
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -271,8 +271,12 @@ pcap_check_header(pcap_t *p, bpf_u_int32 magic, FILE *fp, char *errbuf)
* Allocate a buffer for the packet data. * Allocate a buffer for the packet data.
*/ */
p->bufsize = p->snapshot; p->bufsize = p->snapshot;
if (p->bufsize <= 0) if (p->bufsize <= 0) {
p->bufsize = BPF_MAXBUFSIZE; /*
* Bogus snapshot length; use 64KiB as a fallback.
*/
p->bufsize = 65536;
}
p->buffer = malloc(p->bufsize); p->buffer = malloc(p->bufsize);
if (p->buffer == NULL) { if (p->buffer == NULL) {
snprintf(errbuf, PCAP_ERRBUF_SIZE, "out of memory"); snprintf(errbuf, PCAP_ERRBUF_SIZE, "out of memory");
Expand Down

0 comments on commit e303edc

Please sign in to comment.