Add some additional checks to bpf_validate(), from OpenBSD.
Use bpf_validate() in install_bpf_program(), so we validate programs
even when they're being processed by userland filters; we make
bpf_validate() not reject backward branches, as we use them for the
protochain operator.
For BPF, don't assume that, just because no_optimize was set, we have a
program that we can't hand to the kernel; the user of the application
might have specified no optimization (e.g., tcpdump with -O), or we
might have generated code to handle 802.11 headers (the optimizer can't
handle that code). Instead, try handing the filter to the kernel and,
if that fails, try it in userland.
Get rid of BPF_MAXINSNS - we don't have a limit on program size in
libpcap.
icode_to_fcode() by having it free the bpf_insn array before returning a
pointer to it. Add a comment to icode_to_fcode() explaining why this is
not a leak in icode_to_fcode(), it's a leak in their program, and
indicating how to fix the leak.
several files:
date: 2006/02/27 15:53:24; author: drochner; state: Exp;
avoid shadowing globals, for WARNS=2
date: 2006/02/27 15:55:30; author: drochner; state: Exp;
minor constification, good for WARNS=3 now
date: 2006/02/27 15:57:17; author: drochner; state: Exp;
NetBSD adaption:
...
-const pcap_strerror() for consistency
gencode.c:
date: 2006/04/26 09:24:33; author: tron; state: Exp;
Add missing "const" keywords to match declarations in "pcap.h".
date: 2006/10/15 19:27:21; author: christos; state: Exp;
add a volatile variable to prevent vfork/longjmp clobbering.
optimize.c:
date: 2006/05/17 17:48:36; author: drochner; state: Exp;
Make the optimizer use unsigned numbers as the kernel does.
While it is not agreed on that purely unsigned arithmetics is nice,
different behaviour of optimized and unoptimized code is less desirable.
pcap-bpf.c:
date: 2006/02/27 15:51:38; author: drochner; state: Exp;
pull in from NetBSD's libpcap: use cloning bpf device on NetBSD
Have the configure script check for paths.h, so that we can include it
only if we have it, and use the cloning BPF device only if we're on
NetBSD *and* _PATH_BPF is defined (hopefully this will keep us from
using it on versions of NetBSD that don't have a cloning BPF device; if,
in the future, other OSes with BPF get cloning BPF devices, we can make
this work for them as well).
definitions for register atoms together.
A conditional jump uses the X register as well as the A register if it's
comparing the A register against the X register rather than a constant;
handle that case when computing the set of registers used by a block.
with jeq #x and that don't have a subsequent block that uses the value
the block leaves in the A register; make sure we only do them if the
last operation is a jeq with a constant operand and if nothing uses this
block's A register value. (Some were being done with jeq x, and some
were done regardless of the branch that terminated the block and
regardless of whether the block's A register value is being used.)
Fix a hairy optimizer bug that causes the expression:
'ip and ((icmp and dst host 1.1.1.1 and not host 2.2.2.2) or (host 1.1.1.1 and src host 3.3.3.3))'
to compile incorrectly. Details about to be mailed to LBL.
counting any extra jumps required by a flowgraph node (the conditional
jump instructions have an 8-bit offset; if the target is more than 256
instructions away, we generate a nearby "jump always" to the target, and
jump to that instead).
filter, always attach a copy, as "pcap-linux.c" does; that way, after a
program uses "pcap_setfilter()", it can safely use "pcap_freecode()" to
free up the BPF instructions allocated by "pcap_compile()". Also,
always free it up when the "pcap_t" is closed.
Get rid of the "pcap_t *" argument to "pcap_freecode()", as it's not
necessary.
Document "pcap_freecode()", for the benefit of programs that might
repeatedly compile filter programs and attach them, so that they can
free them up after attaching them and avoid leaking memory for them.
./configure --enable-ipv6 (requires getaddrinfo(3) and getnameinfo(3)).
TODO: make it work even without getaddrinfo(3) or getnameinfo(3)
(or, tcpdump/configure.in should provide alternative version by
AC_REPLACE_FUNCS)
TODO: make IPv6 filtering code work by default
TODO: make "protochain" friendly with optimization