This patch fixes two problems firstly, the tcpdump capture device only sets the packet flags once. This isn't a problem assuming no decode layers inside the packet change the flags variable later on, but sll does. secondly, the sll decode layer doesn't ever set packet flags due to a bitwise logic error. John. -- GPG: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047 URL: http://www.johnleach.co.uk
diff -ur firestorm-snapshot/capdev_plugins/tcpdump.c firestorm-snapshot-fixed/capdev_plugins/tcpdump.c
--- firestorm-snapshot/capdev_plugins/tcpdump.c 2004-02-07 22:47:52.000000000 +0000
+++ firestorm-snapshot-fixed/capdev_plugins/tcpdump.c 2004-02-17 14:01:59.000000000 +0000
@@ -225,8 +225,6 @@
if ( !p ) return;
- p->pkt.flags=FP_PROMISC;
-
while(c->state == CAP_STATE_CAPTURE) {
/* Make sure a packet header is present */
if ( p->cur+p->phsiz > p->end ) {
@@ -253,6 +251,7 @@
p->pkt.base=p->cur;
p->pkt.end=p->cur+p->pkt.caplen;
p->pkt.alert = NULL;
+ p->pkt.flags=FP_PROMISC;
/* advance the file pointer */
p->cur+=p->pkt.caplen;
diff -ur firestorm-snapshot/decode_plugins/sll.c firestorm-snapshot-fixed/decode_plugins/sll.c
--- firestorm-snapshot/decode_plugins/sll.c 2004-02-07 20:35:06.000000000 +0000
+++ firestorm-snapshot-fixed/decode_plugins/sll.c 2004-02-17 14:02:35.000000000 +0000
@@ -136,7 +136,7 @@
* If this is the first layer, then perhaps
* we should set the packet type
*/
- if ( p->llen==0 && !(p->flags|FP_PKTTYPE) ) {
+ if ( p->llen==0 && !(p->flags & FP_PKTTYPE) ) {
p->flags&=~FPMASK_PKTTYPE;
p->flags|=FP_PKTTYPE;
switch(htons(l->h.sll->sll_pkttype))
Attachment:
signature.asc
Description: This is a digitally signed message part