On Dec 5, 2007, at 5:18 AM, Andy Howell wrote:
I'm using pcap_dispatch to call my callback. Inside the callback, I
may set a new filter. This results in a core dump in bpf_filter.c,
line 239. Its calling abort because of a bad filter code. This will
only happen with a live capture.
The bug is actually in pcap-dlpi.c. It keeps a pointer to the filter
code. Unfortunately the pointer never gets reset as long as there
are packets to read. Adding:
fcode = p->fcode.bf_insns;
after the callback returns takes care of the issue. I've attached a
patch and posted it as 1844245.
The same problem exists in some other pcap-XXX.c files. I fixed it by
getting rid of the fcode variable, and just passing the fcode.bf_insns
member of the structure.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
