tcpdump mailing list archives

Re: rpcap support on non-windows

From: Joerg Mayer <jmayer () loplof de>
Date: Thu, 2 Mar 2017 20:04:35 +0100

Hello,

On Wed, Mar 01, 2017 at 05:50:57AM +0100, Joerg Mayer wrote:

I'm trying to get libpcap working on macOS.

...

Trying to understand the problem it looks like accessing struct pcap_md (the
rpcap specific stuff) is broken on non-win32 platforms (or at least on bpf
platforms).

The intended memory layout seems to be:

struct pcap_t (containing a pointer to priv if it exits)
priv:
struct pcap_<platform>
struct pcap_md (if compiling with HAVE_REMOTE)

The current implementation seems to

a) only allocate the memory for pcap_md on win (pcap_create_interface() in
   pcap-win32.c), thus causing an out of bounds access on other platforms.
b) the access to pcap_md is calculated as priv + sizeof(struct pcap_win)
   on all platforms which gets redeclared in pcap-new.c and pcap-rpcap.c
   for just this purpose. This looks wrong to me but I'm not sure.


OK, I think I managed to fix this one. Please see attached patch.

Now it fails (i.e. it no longer crashes!) with:
jmayer@newegg:~/worktmp/libpcap/build(master)$ dumpcap -i rpcap://10.122.4.11/wifi0
Capturing on 'rpcap://10.122.4.11/wifi0'
dumpcap: Invalid capture filter "(null)" for interface 'rpcap://10.122.4.11/wifi0'.

That string isn't a valid capture filter (not-yet-activated pcap_t passed to pcap_compile).
See the User's Guide for a description of the capture filter syntax.

jmayer@newegg:~/worktmp/libpcap/build(master)$ dumpcap -i rpcap://10.122.4.11/wifi0 -L
Data link types of interface rpcap://10.122.4.11/wifi0 (use option -y to set):
  DLT -3 (not supported)

Both of which seem to be libpcap problems (or symptoms of the same problem).

Kind regards
   JÖrg
-- 
Joerg Mayer                                           <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Attachment: 0002-Fix-access-to-struct-pcap_md.patch
Description:

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

rpcap support on non-windows Joerg Mayer (Feb 28)
- Re: rpcap support on non-windows Joerg Mayer (Mar 02)
  - Re: rpcap support on non-windows Guy Harris (Mar 07)