Re: code available: netmap support for libpcap

[Guy Harris <guy () alum mit edu>]

On Feb 15, 2014, at 1:44 PM, Michael Richardson <mcr () sandelman ca> wrote:

> where do those headers come from?  Would it make sense to just include
> those headers with libpcap?  That way netmap would always be available.

There's "netmap", which is available only if the kernel includes netmap support; as long as all systems with a kernel 
with netmap also provide the headers (at least if you have a "developer package" for the OS installed if necessary), 
the headers aren't an issue for the availability of netmap.

There's also "netmap support in libpcap", which would only be available if the headers are available on the system on 
which libpcap is built; that's also the case for some other OS features libpcap can use.  If the OS kernel doesn't 
include netmap support by default, and we want the user to be able to add it to the kernel *and* have libpcap 
automatically be able to use it without having to rebuild libpcap, the headers *are* an issue.

> Are there any issues if someone makes tcpdump (or wireshark, or some other
> libpcap using program) setuid?  (I don't see any call to popen()...)

(I.e., is there any code in the netmap support that could be tricked into doing Bad Things, including handing off 
privileges to arbitrary programs if the program using libpcap is privileged?)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers