Hi all,
I'm developing a simple sniffer for a unix network programming course
at my university and I've found a problem with the default installation
of libpcap in FreeBSD 4.9-STABLE.
Here's the problem: I'm trying to use pcap_compile() and
pcap_setfilter() to set a filter on a given device, but the former
always returns an error complaining about a 'syntax error' even if the
filter expression is a valid one (e.g. 'tcp', 'port 22', etc.).
After a little investigation I found that the problem is the way libpcap
is compiled in /usr/src/lib/libpcap, i.e. without passing a prefix to
lex/flex and yacc/bison.
The problem is that if a program (like mine) uses lex/flex without
changing the default yy prefix, then the generated scanner will conflict
with the scanner generated by /usr/src/contrib/libpcap/scanner.l.
This problem does not exist in the other two systems I use to develop
the program: RedHat Linux 6.2 and Debian GNU/Linux 3.0 Woody (kernel
2.4.20 and USAGI extension), because I've installed libpcap from the
distribution tarball which takes care to call flex with -Ppcap_ and
bison with '-p pcap_'.
To better see what I'm saying (if you are not already bored :) ) do the
following. Compile the attached files open_netif.c and test_pcap.c into
the program test_pcap:
> gcc -c -o open_netif.o open_netif.c
> gcc -c -o test_pcap.o test_pcap.c
> gcc -o test_pcap test_pcap.o open_netif.o -lpcap
If you run this program as root you will discover that it works, because
it does not use a lex-generated scanner:
# ./test_pcap tcp
Filter compiled and set.
# ./test_pcap wrong
pcap_compile: syntax error.
# ./test_pcap 'tcp and udp'
pcap_compile: expression rejects all packets.
Now let's add a flex-generated scanner to this stupid program. First,
generate a scanner with default yy prefix from scanner.l (in attachment):
> flex -t scanner.l > scanner.c
> gcc -c -o scanner.o scanner.c
Now compile a new program test_pcap_lex.c (in attachment) that uses both
the scanner and the previous function open_netif():
> gcc -c -o test_pcap_lex.o test_pcap_lex.c
> gcc -o test_pcap_lex open_netif.o scanner.o test_pcap_lex.o -lpcap
If you run this program as root it won't work because our own scanner
conflicts with the one used by pcap_compile:
# ./test_pcap_lex tcp
Filter compiled and set.
# ./test_pcap_lex wrong
Filter compiled and set.
# ./test_pcap_lex 'tcp and udp'
Filter compiled and set.
Obviously the program I'm developing has a different scanner and instead
of always being successfull it always return a syntax error!
Now the simple solution: recompile libpcap from /usr/src/lib/libpcap
using a different prefix, e.g pcap_ as used by the distribution tarball:
# cd /usr/src/lib/libpcap
# make -V LEX
lex
# make -V YACC
yacc
# make -E LEX LEX='flex -Ppcap_' -E YACC YACC='bison -y -ppcap_'
[ make output snipped ]
# make install
[ make output snipped ]
After running ldconfig, rerun test_pcap_lex to discover that this time it
works!
# ./test_pcap_lex tcp
Filter compiled and set.
# ./test_pcap wrong
pcap_compile: parse error.
# ./test_pcap 'tcp and udp'
pcap_compile: expression rejects all packets.
To avoid the problem I described, leaving the default pcap library, one
must be careful to write a scanner (and possibly a parser) so that all
globally-visible variables and function names are different from the
ones already used by libpcap.
As I've already mentioned, the distribution tarball of libpcap from
www.tcpdump.org chages the default yy prefix so that the resulting
parser will not conflict with any the user may have, and this is, I
think, the behaviour one would expect.
Can anyone solve this problem? Thank you for your patience, and please
ignore what I said if I'm completely wrong.
Francesco Casadei
--
You can download my public key from http://digilander.libero.it/fcasadei/
or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...)
Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20031108/d49d6f22/attachment.bin