On 2013/05/23 07:15, Theo de Raadt wrote: > > what about teduing bpf_timeval from net/bpf.h > > Sounds like you don't read commit logs. > > bpf_timeval exists so that pcap files can be portable between > machines, and hopefully between systems too. > > Unfortunately the upstream tcpdump people did not adopt it > because they have no vision for doing things right. >
Upstream used a different method to get portable save files; they changed the file handling routines but continued using timevals internally. The version we have in our tree has an unused "struct pcap_sf_pkthdr" which is the first step of this. Diff below should have no actual change at present but would allow for later switching pcap_pkthdr back to timeval if wanted. https://github.com/the-tcpdump-group/libpcap/commit/56c33c01be6cfd5dd1cde7ce715d8ad6dd45815a Index: savefile.c =================================================================== RCS file: /cvs/src/lib/libpcap/savefile.c,v retrieving revision 1.10 diff -u -p -r1.10 savefile.c --- savefile.c 25 May 2012 01:58:08 -0000 1.10 +++ savefile.c 23 May 2013 13:32:34 -0000 @@ -212,20 +212,26 @@ pcap_fopen_offline(FILE *fp, char *errbu static int sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen) { + struct pcap_sf_pkthdr sf_hdr; FILE *fp = p->sf.rfile; /* read the stamp */ - if (fread((char *)hdr, sizeof(struct pcap_pkthdr), 1, fp) != 1) { + if (fread(&sf_hdr, sizeof(struct pcap_sf_pkthdr), 1, fp) != 1) { /* probably an EOF, though could be a truncated packet */ return (1); } if (p->sf.swapped) { /* these were written in opposite byte order */ - hdr->caplen = SWAPLONG(hdr->caplen); - hdr->len = SWAPLONG(hdr->len); - hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); - hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); + hdr->caplen = SWAPLONG(sf_hdr.caplen); + hdr->len = SWAPLONG(sf_hdr.len); + hdr->ts.tv_sec = SWAPLONG(sf_hdr.ts.tv_sec); + hdr->ts.tv_usec = SWAPLONG(sf_hdr.ts.tv_usec); + } else { + hdr->caplen = sf_hdr.caplen; + hdr->len = sf_hdr.len; + hdr->ts.tv_sec = sf_hdr.ts.tv_sec; + hdr->ts.tv_usec = sf_hdr.ts.tv_usec; } /* * We interchanged the caplen and len fields at version 2.3, @@ -334,10 +340,15 @@ void pcap_dump(u_char *user, const struct pcap_pkthdr *h, const u_char *sp) { register FILE *f; + struct pcap_sf_pkthdr sf_hdr; f = (FILE *)user; + sf_hdr.ts.tv_sec = h->ts.tv_sec; + sf_hdr.ts.tv_usec = h->ts.tv_usec; + sf_hdr.caplen = h->caplen; + sf_hdr.len = h->len; /* XXX we should check the return status */ - (void)fwrite((char *)h, sizeof(*h), 1, f); + (void)fwrite(&sf_hdr, sizeof(sf_hdr), 1, f); (void)fwrite((char *)sp, h->caplen, 1, f); }
