Re: libpcap changes required for BPF on Solaris

[Guy Harris <guy () alum mit edu>]

On Apr 10, 2009, at 8:23 PM, Darren Reed wrote:

> The URL below contains the necessary changes for BPF on Solaris to
> "just work". To summarise, Solaris needs a few extra includes

@ -37,6 +37,12 @@ static const char rcsid[] _U_ =
 #include <sys/file.h>
 #include <sys/ioctl.h>
 #include <sys/utsname.h>
+#ifdef HAVE_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+#ifdef HAVE_SYS_IOCCOM_H
+#include <sys/ioccom.h>
+#endif

 #ifdef HAVE_ZEROCOPY_BPF
 #include <machine/atomic.h>

I presume fcntl.h is being included to define O_RDONLY and O_RDWR and  
to declare open().  If so, is there a reason not to include <fcntl.h>,  
which I think is the "standard" path, rather than including <sys/ 
fcntl.h>?

Why is <sys/ioccom.h> needed?  If Solaris-with-BPF defines the ioctls  
in <net/bpf.h>, then <net/bpf.h> should include <sys/ioccom.h> -  
speaking as its creator, back in the SunOS 4.0 days, I can say that  
<sys/ioccom.h> was never intended to be included directly, but was  
intended to be included by other files that defined ioctls.  (And,  
yes, the fact that <net/bpf.h> doesn't include <sys/ioccom.h> on  
various flavors of BSD is, indeed, a bug; I'll file bugs on whatever  
OSes don't have it include <sys/ioccom.h>.  You should not have to  
include <sys/ioctl.h> before including <net/bpf.h>.)

> and for BPF to be checked before DLPI.
>
> http://www.opensolaris.org/os/community/networking/files/libpcap.diff.gz

There are some other changes:

@@ -725,6 +730,7 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler  
callback, u_char *user)
 #ifdef PCAP_FDDIPAD
        register int pad;
 #endif
+       struct bpf_hdr *bhp;
 #ifdef HAVE_ZEROCOPY_BPF
        int i;
 #endif


@@ -827,7 +833,7 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler  
callback, u_char *user)
        /*
         * Loop through each packet.
         */
-#define bhp ((struct bpf_hdr *)bp)
+#define bhpe ((struct bpf_hdr *)bp)
        ep = bp + cc;
 #ifdef PCAP_FDDIPAD
        pad = p->fddipad;
@@ -856,6 +862,7 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler  
callback, u_char *user)
                        }
                }

+               bhp = (struct bpf_hdr *)bp;
                caplen = bhp->bh_caplen;
                hdrlen = bhp->bh_hdrlen;
                datap = bp + hdrlen;

What are those changes for?  ("bhpe" is never used.)

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.