tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "not vlan" filter expression broken catastrophically!

From: Bill Fenner <fenner () gmail com>
Date: Mon, 4 Feb 2013 17:38:53 -0500
On Fri, Feb 1, 2013 at 8:07 PM, Michael Richardson <mcr () sandelman ca> wrote:



"Ani" == Ani Sinha <ani () aristanetworks com> writes:

    Ani> hello folks :

    Ani> As you guys have been aware, I am hacking libpcap for a
    Ani> while. Me and Bill noticed something seriously broken for any
    Ani> filter expression that has a "not vlan" in it. For example,
    Ani> take a look at the filter code generated by libpcap with an
    Ani> expression like "not vlan and tcp port 80" :

    Ani> BpfExpression '(not vlan and tcp port 80)' { 0x28, 0, 0,

Do we have any way to test libpcap expression outputs other than -d
options to tcpdump?  I'm thinking regression tests here.



All the bits are there inside libpcap, they just need to be plumbed together.

   pcap = pcap_open_dead(link, snaplen);
   /* todo: hook together argv to a single string */
   prog = argv[0];
   if (pcap_compile(pcap, &p, prog, optimize, 0) < 0) {
      fprintf(stderr, pcap_geterr(pcap));
      exit(1);
   }
   bpf_dump(&p, option);
   pcap_freecode(&p);
   pcap_close(pcap);

add some command-line arguments to set link, snaplen, optimize and
option and you've got part of a regression test engine! :-)

  Bill
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: