From owner-freebsd-stable@FreeBSD.ORG Sat Nov 8 01:51:40 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED89416A4CE for ; Sat, 8 Nov 2003 01:51:40 -0800 (PST) Received: from mail-5.tiscali.it (mail-5.tiscali.it [195.130.225.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1458C43FE3 for ; Sat, 8 Nov 2003 01:51:40 -0800 (PST) (envelope-from fcasadei@inwind.it) Received: from goku.kasby (82.84.235.94) by mail-5.tiscali.it (6.7.019) id 3FAA8515001BA7F1 for freebsd-stable@freebsd.org; Sat, 8 Nov 2003 10:51:38 +0100 Received: (qmail 831 invoked by uid 1000); 8 Nov 2003 09:51:24 -0000 Date: Sat, 8 Nov 2003 10:51:24 +0100 From: Francesco Casadei To: freebsd-stable@freebsd.org Message-ID: <20031108095124.GA819@goku.kasby> Mail-Followup-To: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GID0FwUMdk1T2AWN" Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.9-STABLE i386 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Problems with libpcap on 4.9-STABLE X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Nov 2003 09:51:41 -0000 --GID0FwUMdk1T2AWN Content-Type: multipart/mixed; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all, I'm developing a simple sniffer for a unix network programming course at my university and I've found a problem with the default installation of libpcap in FreeBSD 4.9-STABLE. Here's the problem: I'm trying to use pcap_compile() and pcap_setfilter() to set a filter on a given device, but the former always returns an error complaining about a 'syntax error' even if the filter expression is a valid one (e.g. 'tcp', 'port 22', etc.). After a little investigation I found that the problem is the way libpcap is compiled in /usr/src/lib/libpcap, i.e. without passing a prefix to lex/flex and yacc/bison. The problem is that if a program (like mine) uses lex/flex without changing the default yy prefix, then the generated scanner will conflict with the scanner generated by /usr/src/contrib/libpcap/scanner.l. This problem does not exist in the other two systems I use to develop the program: RedHat Linux 6.2 and Debian GNU/Linux 3.0 Woody (kernel 2.4.20 and USAGI extension), because I've installed libpcap from the distribution tarball which takes care to call flex with -Ppcap_ and bison with '-p pcap_'. To better see what I'm saying (if you are not already bored :) ) do the following. Compile the attached files open_netif.c and test_pcap.c into the program test_pcap: > gcc -c -o open_netif.o open_netif.c > gcc -c -o test_pcap.o test_pcap.c > gcc -o test_pcap test_pcap.o open_netif.o -lpcap If you run this program as root you will discover that it works, because it does not use a lex-generated scanner: # ./test_pcap tcp Filter compiled and set. # ./test_pcap wrong pcap_compile: syntax error. # ./test_pcap 'tcp and udp' pcap_compile: expression rejects all packets. Now let's add a flex-generated scanner to this stupid program. First, generate a scanner with default yy prefix from scanner.l (in attachment): > flex -t scanner.l > scanner.c > gcc -c -o scanner.o scanner.c Now compile a new program test_pcap_lex.c (in attachment) that uses both the scanner and the previous function open_netif(): > gcc -c -o test_pcap_lex.o test_pcap_lex.c > gcc -o test_pcap_lex open_netif.o scanner.o test_pcap_lex.o -lpcap If you run this program as root it won't work because our own scanner conflicts with the one used by pcap_compile: # ./test_pcap_lex tcp Filter compiled and set. # ./test_pcap_lex wrong Filter compiled and set. # ./test_pcap_lex 'tcp and udp' Filter compiled and set. Obviously the program I'm developing has a different scanner and instead of always being successfull it always return a syntax error! Now the simple solution: recompile libpcap from /usr/src/lib/libpcap using a different prefix, e.g pcap_ as used by the distribution tarball: # cd /usr/src/lib/libpcap # make -V LEX lex # make -V YACC yacc # make -E LEX LEX=3D'flex -Ppcap_' -E YACC YACC=3D'bison -y -ppcap_' [ make output snipped ] # make install [ make output snipped ] After running ldconfig, rerun test_pcap_lex to discover that this time it works! # ./test_pcap_lex tcp Filter compiled and set. # ./test_pcap wrong pcap_compile: parse error. # ./test_pcap 'tcp and udp' pcap_compile: expression rejects all packets. To avoid the problem I described, leaving the default pcap library, one must be careful to write a scanner (and possibly a parser) so that all globally-visible variables and function names are different from the ones already used by libpcap. As I've already mentioned, the distribution tarball of libpcap from www.tcpdump.org chages the default yy prefix so that the resulting parser will not conflict with any the user may have, and this is, I think, the behaviour one would expect. Can anyone solve this problem? Thank you for your patience, and please ignore what I said if I'm completely wrong. Francesco Casadei --=20 You can download my public key from http://digilander.libero.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B --xHFwDpU9dbj6ez1V-- --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/rLycfsM3XxZOsXsRAi9xAKDU341WX4Cura6qj6YLjw3Ni22aZwCg0VDn wiu+zMNwxLno3104bieEUkM= =1X6e -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN--