diff options
| author | Guy Harris <guy@alum.mit.edu> | 2017-03-09 00:49:09 -0800 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2017-03-09 00:49:09 -0800 |
| commit | 5dd0e37550ae9e76fa755064d22934e00538317e (patch) | |
| tree | ca7961510a63fc1bc1562447a0bdccb205ce52fa /pcap-int.h | |
| parent | f55739c07564dffe5ccc541d447c169e835428aa (diff) | |
| download | libpcap-5dd0e37550ae9e76fa755064d22934e00538317e.tar.gz | |
Put back the greasy "save the capture filter string so we can tweak it" hack.
In order to be able to arrange that, when doing a remote capture, the
machine doing the capturing doesn't capture the traffic it sends
containing the captured packets, we have to tweak the user's filter to
filter out traffic to and from the port(s) being used for capturing, and
tell the remote machine to use that as the filter.
WinPcap did this by inserting a hack into pcap_compile() to save the
filter.
We do it by having a hook, called by pcap_compile(), so it doesn't have
to know anything about remote packet capture; we handle that all in our
hook routine.
Ideally, we should do this by compiling the additional filter code
ourselves and combining it with the existing filter code in our
pcap_setfilter routine, and get rid of this hack entirely. That way, we
don't have to *assume* that 1) the filter code being used was generated
by pcap_compile() (which needn't be the case), 2) the filter is in
standard pcap syntax (which it might not be - there's a pull request to
add the ability to specify raw BPF machine code, in binary form, to
pcap_compile()), and 3) nobody ever calls pcap_compile() to compile a
filter that they *aren't* going to hand to pcap_setfilter (which they
might do, e.g. if they're using BPF filters to do packet classification
on packets we hand them).
Fix up some comments while we're at it.
Diffstat (limited to 'pcap-int.h')
| -rw-r--r-- | pcap-int.h | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -123,6 +123,7 @@ typedef int (*activate_op_t)(pcap_t *); typedef int (*can_set_rfmon_op_t)(pcap_t *); typedef int (*read_op_t)(pcap_t *, int cnt, pcap_handler, u_char *); typedef int (*inject_op_t)(pcap_t *, const void *, size_t); +typedef void (*save_current_filter_op_t)(pcap_t *, const char *); typedef int (*setfilter_op_t)(pcap_t *, struct bpf_program *); typedef int (*setdirection_op_t)(pcap_t *, pcap_direction_t); typedef int (*set_datalink_op_t)(pcap_t *, int); @@ -245,6 +246,7 @@ struct pcap { activate_op_t activate_op; can_set_rfmon_op_t can_set_rfmon_op; inject_op_t inject_op; + save_current_filter_op_t save_current_filter_op; setfilter_op_t setfilter_op; setdirection_op_t setdirection_op; set_datalink_op_t set_datalink_op; |