From 8ce2c17fd359a758b08bd15a33a0deae872c8231 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 20 Apr 2015 13:47:28 +0200
Subject: [PATCH] bpf: increase snaplen if doing cooked mode userspace
filtering
This commit should address the issue when bpf_filter_with_auxdata returned 0 for valid
packets because offset in filter exceeded tp_snaplen as returned by kernel. If
we filter in cooked mode filter offsets are adjusted because sll_header, we
should do the same for snaplen.
---
pcap-linux.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/pcap-linux.c b/pcap-linux.c
index 95c94df..034bcd3 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -4186,6 +4186,7 @@ static int pcap_handle_packet_mmap(
unsigned char *bp;
struct sockaddr_ll *sll;
struct pcap_pkthdr pcaphdr;
+ unsigned int snaplen = tp_snaplen;
/* perform sanity check on internal offset. */
if (tp_mac + tp_snaplen > handle->bufsize) {
@@ -4246,11 +4247,13 @@ static int pcap_handle_packet_mmap(
hdrp->sll_halen = htons(sll->sll_halen);
memcpy(hdrp->sll_addr, sll->sll_addr, SLL_ADDRLEN);
hdrp->sll_protocol = sll->sll_protocol;
+
+ snaplen += sizeof(struct sll_header);
}
if (handlep->filter_in_userland && handle->fcode.bf_insns &&
(bpf_filter(handle->fcode.bf_insns, bp,
- tp_len, tp_snaplen) == 0))
+ tp_len, snaplen) == 0))
return 0;
if (!linux_check_direction(handle, sll))
--
2.3.4