[Ntop-dev] struct ns_pcap doesn't match struct pcap_pkthdr

Thu, 24 Feb 2011 06:39:13 -0800 

Hi list,

I've been experimenting with the latest libpfring/pcap (well, svn commit
4483), and it doesn't work correctly here: when I try to run some code
for checking packets' contents on debian lenny/amd64, the packet lengths
reported are broken.
This happens because struct timeval, which is present in pcap_pkthdr, is
12 bytes long (tv_sec is a long int), as opposed to the 8 bytes which
are reserved in the ns_pcap header.

The following patch solves my problems, can you apply this?

|diff --git a/libpcap-1.1.1-ring/pcap-linux.c
b/libpcap-1.1.1-ring/pcap-linux.c
index ca3fd5e..4d8f307 100644
--- a/libpcap-1.1.1-ring/pcap-linux.c
+++ b/libpcap-1.1.1-ring/pcap-linux.c
@@ -1704,7 +1704,8 @@ pcap_read_packet(pcap_t *handle, pcap_handler
callback, u_char *userdata)
     {
       struct ns_pcaphdr myhdr;
      
-      myhdr.tv_sec = pcap_header.ts.tv_sec, myhdr.tv_usec =
pcap_header.ts.tv_usec;
+      myhdr.ts.tv_sec = pcap_header.ts.tv_sec;
+      myhdr.ts.tv_usec = pcap_header.ts.tv_usec;
       myhdr.caplen = pcap_header.caplen, myhdr.len = pcap_header.len;
       myhdr.ns = pcap_header.extended_hdr.timestamp_ns;
 
@@ -3670,7 +3671,8 @@ pcap_read_linux_mmap(pcap_t *handle, int
max_packets, pcap_handler callback,
         {
           struct ns_pcaphdr myhdr;
 
-          myhdr.tv_sec = pcaphdr.ts.tv_sec, myhdr.tv_usec =
pcaphdr.ts.tv_usec;
+          myhdr.ts.tv_sec = pcaphdr.ts.tv_sec;
+          myhdr.ts.tv_usec = pcaphdr.ts.tv_usec;
           myhdr.caplen = pcaphdr.caplen, myhdr.len = pcaphdr.len;
 
           if(handle->ring != NULL) {
diff --git a/libpcap-1.1.1-ring/pcap/pcap.h b/libpcap-1.1.1-ring/pcap/pcap.h
index 9e2290c..a5edfac 100644
--- a/libpcap-1.1.1-ring/pcap/pcap.h
+++ b/libpcap-1.1.1-ring/pcap/pcap.h
@@ -167,7 +167,9 @@ struct pcap_pkthdr {
 #ifdef HAVE_PF_RING
 /* Nanosecond accuracy */
 struct ns_pcaphdr {
-  u_int32_t tv_sec, tv_usec, caplen, len;
+  struct timeval ts;
+  bpf_u_int32 caplen;
+  bpf_u_int32 len;
   u_int64_t ns;
 };
 #endif
|

Cheers,
Jasper

-- 
Ir. Jasper Spaans
Fox-IT Experts in IT Security!
T: +31 (0) 15 284 79 99
KvK Haaglanden 27301624

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev

Reply via email to