freebsd stable - Nov 2003 - Problems with libpcap on 4.9-STABLE

Hi all,
I'm developing a simple sniffer for a unix network programming course
at my university and I've found a problem with the default installation
of libpcap in FreeBSD 4.9-STABLE.

Here's the problem: I'm trying to use pcap_compile() and
pcap_setfilter() to set a filter on a given device, but the former
always returns an error complaining about a 'syntax error' even if the
filter expression is a valid one (e.g. 'tcp', 'port 22', etc.).

After a little investigation I found that the problem is the way libpcap
is compiled in /usr/src/lib/libpcap, i.e. without passing a prefix to
lex/flex and yacc/bison.

The problem is that if a program (like mine) uses lex/flex without
changing the default yy prefix, then the generated scanner will conflict
with the scanner generated by /usr/src/contrib/libpcap/scanner.l.

This problem does not exist in the other two systems I use to develop
the program: RedHat Linux 6.2 and Debian GNU/Linux 3.0 Woody (kernel
2.4.20 and USAGI extension), because I've installed libpcap from the
distribution tarball which takes care to call flex with -Ppcap_ and
bison with '-p pcap_'.

To better see what I'm saying (if you are not already bored :) ) do the
following. Compile the attached files open_netif.c and test_pcap.c into
the program test_pcap:
> gcc -c -o open_netif.o open_netif.c
> gcc -c -o test_pcap.o test_pcap.c
> gcc -o test_pcap test_pcap.o open_netif.o -lpcap
If you run this program as root you will discover that it works, because
it does not use a lex-generated scanner:

# ./test_pcap tcp
Filter compiled and set.

# ./test_pcap wrong
pcap_compile: syntax error.

# ./test_pcap 'tcp and udp'
pcap_compile: expression rejects all packets.

Now let's add a flex-generated scanner to this stupid program. First,
generate a scanner with default yy prefix from scanner.l (in attachment):
> flex -t scanner.l > scanner.c
> gcc -c -o scanner.o scanner.c
Now compile a new program test_pcap_lex.c (in attachment) that uses both
the scanner and the previous function open_netif():
> gcc -c -o test_pcap_lex.o test_pcap_lex.c
> gcc -o test_pcap_lex open_netif.o scanner.o test_pcap_lex.o -lpcap
If you run this program as root it won't work because our own scanner
conflicts with the one used by pcap_compile:

# ./test_pcap_lex tcp
Filter compiled and set.

#  ./test_pcap_lex wrong
Filter compiled and set.

# ./test_pcap_lex 'tcp and udp'
Filter compiled and set.

Obviously the program I'm developing has a different scanner and instead
of always being successfull it always return a syntax error!

Now the simple solution: recompile libpcap from /usr/src/lib/libpcap
using a different prefix, e.g pcap_ as used by the distribution tarball:

# cd /usr/src/lib/libpcap
# make -V LEX
lex
# make -V YACC
yacc
# make -E LEX LEX='flex -Ppcap_' -E YACC YACC='bison -y -ppcap_'
[ make output snipped ]
# make install
[ make output snipped ]

After running ldconfig, rerun test_pcap_lex to discover that this time it
works!

# ./test_pcap_lex tcp
Filter compiled and set.

#  ./test_pcap wrong
pcap_compile: parse error.

#  ./test_pcap 'tcp and udp'
pcap_compile: expression rejects all packets.

To avoid the problem I described, leaving the default pcap library, one
must be careful to write a scanner (and possibly a parser) so that all
globally-visible variables and function names are different from the
ones already used by libpcap.

As I've already mentioned, the distribution tarball of libpcap from
www.tcpdump.org chages the default yy prefix so that the resulting
parser will not conflict with any the user may have, and this is, I
think, the behaviour one would expect.

Can anyone solve this problem? Thank you for your patience, and please
ignore what I said if I'm completely wrong.

	Francesco Casadei
-- 
You can download my public key from http://digilander.libero.it/fcasadei/
or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...)

Key fingerprint is: 1671 9A23 ACB4 520A E7EE  00B0 7EC3 375F 164E B17B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20031108/d49d6f22/attachment.bin

On Sat, 8 Nov 2003, Francesco Casadei wrote:

  [NON-Text Body part not included]

Some changes were recently merged to -CURRENT to address this identical
problem as part of some ongoing 802.11-related work.  I'll be merge the
namespace fix for lex/yacc pollution once it's settled for a couple of
weeks.  Brian's commit message attached below. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories


Date: Mon, 3 Nov 2003 22:12:21 -0800 (PST)
From: Brian Feldman <green@FreeBSD.org>
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/lib/libpcap Makefile src/contrib/libpcap
gencode.c     
    scanner.l

green       2003/11/03 22:12:21 PST

  FreeBSD src repository

  Modified files:
    lib/libpcap          Makefile 
    contrib/libpcap      gencode.c scanner.l 
  Log:
  * Modify libpcap to work a bit better with our 802.11 code.  This means
    tcpdump -y ieee802_11 will work in the basic senses, including the
    code compilation for filters (where you may specify "link[]" to
refer
    to parts of the 802.11 header, as well as treat it like a normal
    Ethernet header).  Previously, it was just too far off to do anything
    useful for us.
  * While I'm here, fix some compile problems that will result from lex
    and yacc namespace polution when linking with -lpcap.  The namespace
    is now "pcapyy*" instead of "yy*", and it tests fine
with world and
    some external applications that may or may not use "yy*".
  
  Revision  Changes    Path
  1.12      +55 -9     src/contrib/libpcap/gencode.c
  1.9       +0 -1      src/contrib/libpcap/scanner.l
  1.32      +3 -1      src/lib/libpcap/Makefile