Hello
I was working on a perl program to check if a filter expression is ok.
During the tests I found a problem in the pcap-library.
It occurs if you check filters not only once. If you check a good filter
expression after a wrong filter expression you get an error.
Attached is a file for reproducing the problem.
Maybe someone of you know what to do to solve the problem.
The tests were done on a linux SuSE 7.2 kernel 2.4.4 with libpcap 0.6.2
Thorsten Zachmann
------------- test file starts here --------------------
#include <pcap.h>
#include <stdio.h>
int main () {
printf("%i\n", check_filter("host 192.168.2.1"));
printf("%i\n", check_filter("hott 192.168.2.1"));
printf("%i\n", check_filter("host 192.168.2.1"));
}
int check_filter (char* filter) {
char errbuf[PCAP_ERRBUF_SIZE];
static pcap_t *pd;
struct bpf_program fcode;
printf("Filter: %s\n", filter);
if ((pd = pcap_open_offline("ssh.trc", errbuf)) == NULL) {
printf("%s\n", errbuf);
return 1;
}
if (pcap_compile(pd, &fcode, filter, 0, 0) < 0){
printf("%s\n", pcap_geterr(pd));
pcap_close(pd);
return 2;
}
pcap_close(pd);
return 0;
}
------------- test file ends here ----------------------
Output:
---------------------------
Filter: host 192.168.2.1
0
Filter: hott 192.168.2.1
parse error
2
Filter: host 192.168.2.1
parse error <- error is here!
2
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
