I'm using pcap_dispatch to call my callback. Inside the callback, I may
set a new filter. This results in a core dump in bpf_filter.c, line 239.
Its calling abort because of a bad filter code. This will only happen
with a live capture.
The bug is actually in pcap-dlpi.c. It keeps a pointer to the filter
code. Unfortunately the pointer never gets reset as long as there are
packets to read. Adding:
fcode = p->fcode.bf_insns;
after the callback returns takes care of the issue. I've attached a
patch and posted it as 1844245.
Regards,
Andy
*** pcap-dlpi.c.orig Sun Dec 2 01:23:37 2007
--- pcap-dlpi.c Sun Dec 2 01:25:39 2007
***************
*** 359,364 ****
--- 359,365 ----
if (pkthdr.caplen > p->snapshot)
pkthdr.caplen = p->snapshot;
(*callback)(user, &pkthdr, pk);
+ fcode = p->fcode.bf_insns;
if (++n >= cnt && cnt >= 0) {
p->cc = ep - bp;
p->bp = bp;
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
