Re: [tcpdump-workers] Problem found for linux applications that use libpcap

[Guy Harris <gharris () sonic net>]

On Sat, Dec 08, 2001 at 02:45:32PM -0700, Phil Wood wrote:
> I discovered an intermittent problem with pcap_stats which was the result
> of an incorrect length value.  Actually, I think it was related to what
> gcc/libc combo was in effect when pcap was built.  'cause it worked on
> some boxes, and failed others.
>
> The symptom was potential bad drop info (normally none) 'cause the system call
> would fail and the code would fall through to setting the received value from
> the one accumulated in the packet receive code.  The failure was because the
> length value was incorrect (most likely 0?)
>
> I've attached a diff (to the current as of 2001.12.08) of pcap-linux.c.

I've checked in a modified versoin of that fix - I left out the check
for "handle->fd" being -1 (currently, "pcap_stats()" can't return
anything for savefiles, as savefiles don't contain any statistics; if we
ever change that, we should probably move "pcap_stats()" to "pcap.c",
have it do the work for savefiles, and have it call platform-dependent
routines for live captures), and made it return -1 if the "getsockopt()"
fails for any reason *other* than EOPNOTSUPP and fall through to the "no
kernel support" code if it fails with EOPNOTSUPP (so that if it's built
on a system with the kernel statistics support and run on a system
without it, it behaves the same as if it were built on a system without
it).

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users