Hi Andrew
Following up on this bugreport, if I take the current argus-server package
from unstable and try to rebuild it, I'll end up without the argus (or
argus_linux) binary in the package[0]. There seems to be a change in the
libpcap package's API. Also, you've used the pcap_read() and
pcap_offline_read()
functions. I found a similar problem in tcptrace[1] and it was suggested to
use the public pcap_dispatch() function. Since I am not using angus-server, I
have done some preliminary testing and I could at least see that angus could
record some wlan traffic and i could read it with ra. I'll try to discuss this
bug later with the libpcap maintainer (Torsten Werner) here at the BSP, but
your comments would of course be appreciated as well.
Cheers
Steffen
[0]: I think we should actually consider this a bug but let's leave it for
now.
[1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545595
--- argus-2.0.6.fixes.1.orig/common/argus_filter.c
+++ argus-2.0.6.fixes.1/common/argus_filter.c
@@ -3628,10 +3628,10 @@
#include <stdio.h>
-extern void bpf_dump(struct bpf_program *, int);
+extern void bpf_dump(const struct bpf_program *, int);
void
-bpf_dump(struct bpf_program *p, int option)
+bpf_dump(const struct bpf_program *p, int option)
{
struct bpf_insn *insn;
int i;
only in patch2:
unchanged:
--- argus-2.0.6.fixes.1.orig/include/argus_filter.h
+++ argus-2.0.6.fixes.1/include/argus_filter.h
@@ -142,7 +142,7 @@
u_int ipaddrtonetmask(u_int);
u_int getnetnumber(u_int);
-void bpf_dump(struct bpf_program *, int);
+void bpf_dump(const struct bpf_program *, int);
char *intoa(u_int);
static SIGRET nohostname(int);
@@ -225,7 +225,7 @@
extern u_int ipaddrtonetmask(u_int);
extern u_int getnetnumber(u_int);
-extern void bpf_dump(struct bpf_program *, int);
+extern void bpf_dump(const struct bpf_program *, int);
extern char *intoa(u_int);
extern char * getname(u_char *);
only in patch2:
unchanged:
--- argus-2.0.6.fixes.1.orig/server/ArgusSource.h
+++ argus-2.0.6.fixes.1/server/ArgusSource.h
@@ -324,7 +324,7 @@
int ArgusCreatePktFromFddi(const struct fddi_header *, struct ether_header *, int);
-extern char *bpf_image(struct bpf_insn *, int);
+extern char *bpf_image(const struct bpf_insn *, int);
#else /* defined(ArgusSource) */
only in patch2:
unchanged:
--- argus-2.0.6.fixes.1.orig/server/ArgusSource.c
+++ argus-2.0.6.fixes.1/server/ArgusSource.c
@@ -956,7 +956,7 @@
ArgusInterfaceIndex = i;
switch (ArgusInterface[i].ArgusInterfaceType) {
case ARGUSLIBPPKTFILE:
- if ((pcap_read (ArgusPd[i], -1, ArgusCallBack, (u_char *) NULL)) < 0) {
+ if ((pcap_dispatch (ArgusPd[i], -1, ArgusCallBack, (u_char *) NULL)) < 0) {
#ifdef ARGUSDEBUG
ArgusDebug (4, "ArgusGetPackets: pcap_read() returned %s", pcap_geterr(ArgusPd[i]));
#endif
@@ -1022,7 +1022,7 @@
} while (noerror && (Nflag != 0) && (!(ArgusShutDownStarted)));
} else {
- pcap_offline_read (ArgusPd[0], -1, ArgusCallBack, (u_char *) NULL);
+ pcap_dispatch (ArgusPd[0], -1, ArgusCallBack, (u_char *) NULL);
}
}
