protochain userspace filtering fails on linux

[dhoskin-fortinet]

Hello, I have been having trouble trying to use the protochain filter.

$ sudo ./tcpdump -i any -c 2 'ip6 protochain 58'
Warning: Kernel filter failed: Invalid argument
tcpdump: can't remove kernel filter: No such file or directory
$

In pcap-linux.c: reset_kernel_filter(), we call setsockopt with SO_DETACH_FILTER,
which corresponds to Linux's net/core/filter.c: sk_detach_filter().
In the case where no filter is established, sk_detach_filter returns -ENOENT.

Patching reset_kernel_filter to succeed when errno == ENOENT, userspace filtering works:

$ sudo ./tcpdump -i any -c 2 'ip6 protochain 58'
Warning: Kernel filter failed: Invalid argument
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
18:11:42.954710 IP6 localhost.localdomain > localhost.localdomain: ICMP6, echo request, seq 1, length 64
18:11:42.954723 IP6 localhost.localdomain > localhost.localdomain: ICMP6, echo reply, seq 1, length 64
2 packets captured
148 packets received by filter
0 packets dropped by kernel

Both the bug and the fix were reproduced on:

$ uname -mrs
Linux 4.7.2-1-ARCH x86_64
$ ./tcpdump1 --version
tcpdump version 4.9.0-PRE-GIT_2016_10_04
libpcap version 1.7.4
OpenSSL 1.0.2h 3 May 2016
$ ./tcpdump2 --version
tcpdump version 4.9.0-PRE-GIT_2016_10_04
libpcap version 1.9.0-PRE-GIT_2016_10_05
OpenSSL 1.0.2h 3 May 2016

[fschneiderairbus]

could you submit the patch?

[dhoskin-fortinet]

@fschneiderairbus It wound up being fixed later in these commits in response to #549.

791213e
c62ae94