This patch fixes two problems firstly, the tcpdump capture device only sets the packet flags once. This isn't a problem assuming no decode layers inside the packet change the flags variable later on, but sll does. secondly, the sll decode layer doesn't ever set packet flags due to a bitwise logic error. John. -- GPG: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047 URL: http://www.johnleach.co.uk
diff -ur firestorm-snapshot/capdev_plugins/tcpdump.c firestorm-snapshot-fixed/capdev_plugins/tcpdump.c --- firestorm-snapshot/capdev_plugins/tcpdump.c 2004-02-07 22:47:52.000000000 +0000 +++ firestorm-snapshot-fixed/capdev_plugins/tcpdump.c 2004-02-17 14:01:59.000000000 +0000 @@ -225,8 +225,6 @@ if ( !p ) return; - p->pkt.flags=FP_PROMISC; - while(c->state == CAP_STATE_CAPTURE) { /* Make sure a packet header is present */ if ( p->cur+p->phsiz > p->end ) { @@ -253,6 +251,7 @@ p->pkt.base=p->cur; p->pkt.end=p->cur+p->pkt.caplen; p->pkt.alert = NULL; + p->pkt.flags=FP_PROMISC; /* advance the file pointer */ p->cur+=p->pkt.caplen; diff -ur firestorm-snapshot/decode_plugins/sll.c firestorm-snapshot-fixed/decode_plugins/sll.c --- firestorm-snapshot/decode_plugins/sll.c 2004-02-07 20:35:06.000000000 +0000 +++ firestorm-snapshot-fixed/decode_plugins/sll.c 2004-02-17 14:02:35.000000000 +0000 @@ -136,7 +136,7 @@ * If this is the first layer, then perhaps * we should set the packet type */ - if ( p->llen==0 && !(p->flags|FP_PKTTYPE) ) { + if ( p->llen==0 && !(p->flags & FP_PKTTYPE) ) { p->flags&=~FPMASK_PKTTYPE; p->flags|=FP_PKTTYPE; switch(htons(l->h.sll->sll_pkttype))
Attachment:
signature.asc
Description: This is a digitally signed message part