Some old email I just unearthed, FYI.
------- Forwarded Message
Date: Wed, 8 Dec 1999 10:30:12 -0800 (PST)
From: Dan Frasnelli <[EMAIL PROTECTED]>
Subject: fix for libpcap and tcpdump (fwd)
To: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed; BOUNDARY=8vCeF2GUdMpe9ZbK
Content-ID: <[EMAIL PROTECTED]>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to [EMAIL PROTECTED] for more info.
- --8vCeF2GUdMpe9ZbK
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <[EMAIL PROTECTED]>
Vern, I realize you probably no longer maintain libpcap, but
thought you might appreciate the following message.
Mark Abene (yes, good old Phiber Optik himself) attacked
the issue of libpcap incompatibilities under Linux on the Alpha
platform, and - more importantly - explains where the problems
occurred. It's probably not worth rolling these patches into
the main source tree, but it is interesting to see what the
cause of these problems was.
Best regards,
- --
Dan Frasnelli
Security analyst
- ---------- Forwarded message ----------
Date: Wed, 8 Dec 1999 10:06:47 -0500
From: Mark Abene <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: fix for libpcap and tcpdump
Resent-Date: 8 Dec 1999 14:59:55 -0000
Resent-From: [EMAIL PROTECTED]
Resent-cc: recipient list not shown: ;
Dan Frasnelli et al:
Please accept the attached patches for libpcap and tcpdump.
My changes fix some general 64-bit uncleanness, as well as a major portability
issue stemming from the use of packet timestamps based on struct timeval.
On Alpha, a time_t is a 64-bit long, unlike everybody else. This made packet
dumps made on the Alpha incompatible with, well, everybody. We couldn't read
dumps made on other systems either. I basically override the use of timeval
with a "mytimeval" which is a struct containing two ints, instead of two
longs, and do some typecasting where appropriate. So now we're totally
compatible with everyone else! The only downside is that any app, like tcpdump
for example, which prints timestamps *also* has to override the native timeval,
hence my little patches to tcpdump. Nothing major, a small sacrifice in favor
of portability in a heterogeneous networking environment (like the kind us
security weenies are used to). If you're looking to adapt a util that uses
timestamps from libpcap, just look at my tcpdump changes, they're pretty
straightforward.
Cheers
- -Mark
- --8vCeF2GUdMpe9ZbK
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <[EMAIL PROTECTED]>
Content-Description:
Content-Disposition: ATTACHMENT; FILENAME="libpcap-0.4a6.diff"
- --- gencode.c.orig Tue Dec 7 13:22:26 1999
+++ gencode.c Tue Dec 7 13:23:09 1999
@@ -158,7 +158,7 @@
int k, size;
/* XXX Round up to nearest long. */
- - n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
+ n = (n + sizeof(int) - 1) & ~(sizeof(int) - 1);
cp = &chunks[cur_chunk];
if (n > cp->n_left) {
@@ -966,7 +966,7 @@
#endif
case Q_IGRP:
b0 = gen_linktype(ETHERTYPE_IP);
- - b1 = gen_cmp(off_nl + 9, BPF_B, (long)IPPROTO_IGRP);
+ b1 = gen_cmp(off_nl + 9, BPF_B, (int)IPPROTO_IGRP);
gen_and(b0, b1);
break;
- --- pcap-int.h.orig Tue Dec 7 13:20:20 1999
+++ pcap-int.h Tue Dec 7 13:21:23 1999
@@ -53,11 +53,11 @@
struct pcap_stat stat;
/*XXX*/
int use_bpf;
- - u_long TotPkts; /* can't oflow for 79 hrs on ether */
- - u_long TotAccepted; /* count accepted by filter */
- - u_long TotDrops; /* count of dropped packets */
- - long TotMissed; /* missed by i/f during this run */
- - long OrigMissed; /* missed by i/f before this run */
+ u_int TotPkts; /* can't oflow for 79 hrs on ether */
+ u_int TotAccepted; /* count accepted by filter */
+ u_int TotDrops; /* count of dropped packets */
+ int TotMissed; /* missed by i/f during this run */
+ int OrigMissed; /* missed by i/f before this run */
#ifdef linux
int pad;
int skip;
- --- pcap-linux.c.orig Wed Dec 8 09:03:24 1999
+++ pcap-linux.c Wed Dec 8 09:46:42 1999
@@ -73,6 +73,7 @@
register u_char *bp;
struct sockaddr from;
int fromlen;
+ struct timeval tmpts;
bp = p->buffer + p->offset;
bufsize = p->bufsize;
@@ -124,11 +125,13 @@
++p->md.stat.ps_recv;
/* Get timestamp */
- - if (ioctl(p->fd, SIOCGSTAMP, &h.ts) < 0) {
+ if (ioctl(p->fd, SIOCGSTAMP, &tmpts) < 0) {
sprintf(p->errbuf, "SIOCGSTAMP: %s",
pcap_strerror(errno));
return (-1);
}
+ h.ts.tv_sec = (int)tmpts.tv_sec;
+ h.ts.tv_usec = (int)tmpts.tv_usec;
h.len = cc;
h.caplen = caplen;
(*callback)(user, &h, bp);
- --- pcap-pf.c.orig Tue Dec 7 13:24:36 1999
+++ pcap-pf.c Tue Dec 7 13:25:11 1999
@@ -131,7 +131,7 @@
return (-1);
}
#ifdef LBL_ALIGN
- - if ((long)bp & 3) {
+ if ((int)bp & 3) {
sp = &stamp;
memcpy((char *)sp, (char *)bp, sizeof(*sp));
} else
- --- pcap.h.orig Wed Dec 8 09:03:17 1999
+++ pcap.h Wed Dec 8 09:12:42 1999
@@ -81,8 +81,13 @@
* This gets around the problem of different headers for different
* packet interfaces.
*/
+struct mytimeval {
+ int tv_sec;
+ int tv_usec;
+};
+
struct pcap_pkthdr {
- - struct timeval ts; /* time stamp */
+ struct mytimeval ts; /* time stamp */
bpf_u_int32 caplen; /* length of portion present */
bpf_u_int32 len; /* length this packet (off wire) */
};
- --8vCeF2GUdMpe9ZbK
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <[EMAIL PROTECTED]>
Content-Description:
Content-Disposition: ATTACHMENT; FILENAME="tcpdump-3.4a6.diff"
- --- interface.h.orig Wed Dec 8 09:30:15 1999
+++ interface.h Wed Dec 8 09:37:05 1999
@@ -131,7 +131,8 @@
struct timeval;
#endif
- -extern void ts_print(const struct timeval *);
+#include <pcap.h>
+extern void ts_print(const struct mytimeval *);
extern int fn_print(const u_char *, const u_char *);
extern int fn_printn(const u_char *, u_int, const u_char *);
- --- util.c.orig Wed Dec 8 09:30:22 1999
+++ util.c Wed Dec 8 09:31:20 1999
@@ -122,7 +122,7 @@
* Print the timestamp
*/
void
- -ts_print(register const struct timeval *tvp)
+ts_print(register const struct mytimeval *tvp)
{
register int s;
- --8vCeF2GUdMpe9ZbK--
------- End of Forwarded Message
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
