new bro "CURRENT" release - 0.8a58

Vern Paxson vern at icir.org
Tue Dec 16 09:02:55 PST 2003 

An updated "CURRENT" version of Bro is now available from the usual location:

	ftp://ftp.ee.lbl.gov/bro-pub-0.8-current.tar.gz

The only change is compatibility with older versions of libpcap,
contributed by Chema Gonzalez.  Patch appended.

		Vern


-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/CHANGES bro-pub-0.8a58/CHANGES
--- bro-pub-0.8a57/CHANGES	Thu Dec  4 17:24:03 2003
+++ bro-pub-0.8a58/CHANGES	Tue Dec 16 08:57:25 2003
@@ -2,6 +2,13 @@
 
 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
+
+0.8a58 Tue Dec 16 08:55:47 PST 2003
+
+- Compatibility with older versions of libpcap (Chema Gonzalez).
+
+
+0.8a57 Tue Dec  9 10:14:30 PST 2003
 
 - The format of Bro's connection summaries is changing.  The new format
   looks like
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/PktSrc.cc bro-pub-0.8a58/PktSrc.cc
--- bro-pub-0.8a57/PktSrc.cc	Tue Oct 21 12:21:01 2003
+++ bro-pub-0.8a58/PktSrc.cc	Tue Dec 16 08:55:36 2003
@@ -106,7 +106,11 @@
 	bpf_program* oldcode = (bpf_program*) filters.Lookup(hash);
 	if ( oldcode )
 		{
+#ifndef DONT_HAVE_LIBPCAP_PCAP_FREECODE
 		pcap_freecode(oldcode);
+#else
+		pcap_freecode(NULL, oldcode);
+#endif
 		delete oldcode;
 		}
 
@@ -328,3 +332,58 @@
 	{
 	delete program->bf_insns;
 	}
+
+
+
+#ifdef DONT_HAVE_LIBPCAP_PCAP_FREECODE
+extern "C" {
+#include "pcap-int.h"
+
+int pcap_freecode(pcap_t* unused, struct bpf_program* program)
+	{
+	program->bf_len = 0;
+
+	if ( program->bf_insns )
+		{
+		free((char*) program->bf_insns);
+		program->bf_insns = 0;
+		}
+
+	return 0;
+	}
+
+pcap_t* pcap_open_dead(int linktype, int snaplen)
+	{
+	pcap_t* p;
+
+	p = (pcap_t*) malloc(sizeof(*p));
+	if ( ! p )
+		return 0;
+
+	memset(p, 0, sizeof(*p));
+
+	p->fd = -1;
+	p->snapshot = snaplen;
+	p->linktype = linktype;
+
+	return p;
+	}
+
+int pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
+			struct bpf_program* program, char* buf,
+			int optimize, bpf_u_int32 mask)
+	{
+	pcap_t* p;
+	int ret;
+
+	p = pcap_open_dead(linktype_arg, snaplen_arg);
+	if ( ! p )
+		return -1;
+
+	ret = pcap_compile(p, program, buf, optimize, mask);
+	pcap_close(p);
+
+	return ret;
+	}   
+}
+#endif
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/PktSrc.h bro-pub-0.8a58/PktSrc.h
--- bro-pub-0.8a57/PktSrc.h	Tue Oct 21 12:20:41 2003
+++ bro-pub-0.8a58/PktSrc.h	Tue Dec 16 08:55:36 2003
@@ -186,5 +186,13 @@
 	PktFileSrc(const char* readfile, const char* filter, 
 			PktSrc_Filter_Type ft=TYPE_FILTER_NORMAL);
 };
+
+#ifdef DONT_HAVE_LIBPCAP_PCAP_FREECODE
+extern "C" {
+	int pcap_freecode(pcap_t*, struct bpf_program*);
+	int pcap_compile_nopcap(int, int, struct bpf_program*,
+			char*, int, bpf_u_int32);
+}
+#endif
 
 #endif
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/VERSION bro-pub-0.8a58/VERSION
--- bro-pub-0.8a57/VERSION	Thu Dec  4 15:13:05 2003
+++ bro-pub-0.8a58/VERSION	Thu Dec 11 17:20:52 2003
@@ -1,1 +1,1 @@
-0.8a57
+0.8a58
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/config.h.in bro-pub-0.8a58/config.h.in
--- bro-pub-0.8a57/config.h.in	Tue Nov 18 23:27:19 2003
+++ bro-pub-0.8a58/config.h.in	Thu Dec 11 17:21:20 2003
@@ -6,6 +6,10 @@
 /* enable IPV6 processing */
 #undef BROv6
 
+/* Old libpcap versions (< 0.6.1) need defining pcap_freecode and
+   pcap_compile_nopcap */
+#undef DONT_HAVE_LIBPCAP_PCAP_FREECODE
+
 /* should explicitly declare socket() and friends */
 #undef DO_SOCK_DECL
 
@@ -26,6 +30,9 @@
 
 /* Define to 1 if you have the `nsl' library (-lnsl). */
 #undef HAVE_LIBNSL
+
+/* Define to 1 if you have the `pcap' library (-lpcap). */
+#undef HAVE_LIBPCAP
 
 /* Define to 1 if you have the `resolv' library (-lresolv). */
 #undef HAVE_LIBRESOLV
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/configure bro-pub-0.8a58/configure
--- bro-pub-0.8a57/configure	Tue Nov 18 23:27:02 2003
+++ bro-pub-0.8a58/configure	Thu Dec 11 17:24:35 2003
@@ -6051,7 +6051,80 @@
 echo "${ECHO_T}$libpcap" >&6
     fi
     if test "x$libpcap" != "x-lpcap" ; then
-	    LIBS="$libpcap $LIBS"
+      LIBS="-L$d -lpcap $LIBS"
+    fi
+
+
+echo "$as_me:$LINENO: checking for pcap_freecode in -lpcap" >&5
+echo $ECHO_N "checking for pcap_freecode in -lpcap... $ECHO_C" >&6
+if test "${ac_cv_lib_pcap_pcap_freecode+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpcap  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+#line $LINENO "configure"
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char pcap_freecode ();
+int
+main ()
+{
+pcap_freecode ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+         { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_pcap_pcap_freecode=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_pcap_pcap_freecode=no
+fi
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_pcap_pcap_freecode" >&5
+echo "${ECHO_T}$ac_cv_lib_pcap_pcap_freecode" >&6
+if test $ac_cv_lib_pcap_pcap_freecode = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPCAP 1
+_ACEOF
+
+  LIBS="-lpcap $LIBS"
+
+fi
+
+    if test "$ac_cv_lib_pcap_pcap_freecode" = no ; then
+	    unset ac_cv_lib_pcap_pcap_freecode
+
+cat >>confdefs.h <<\_ACEOF
+#define DONT_HAVE_LIBPCAP_PCAP_FREECODE
+_ACEOF
+
     fi
 
 		    echo "$as_me:$LINENO: checking for pcap headers" >&5
diff -wcr --ignore-matching-lines=Id: bro-pub-0.8a57/lbl-aclocal.m4 bro-pub-0.8a58/lbl-aclocal.m4
--- bro-pub-0.8a57/lbl-aclocal.m4	Wed Sep  3 23:04:40 2003
+++ bro-pub-0.8a58/lbl-aclocal.m4	Tue Dec 16 08:55:37 2003
@@ -240,7 +240,14 @@
 	    AC_MSG_RESULT($libpcap)
     fi
     if test "x$libpcap" != "x-lpcap" ; then
-	    LIBS="$libpcap $LIBS"
+      LIBS="-L$d -lpcap $LIBS"
+    fi
+
+    dnl check libpcap is modern enough for Bro (>= 0.6.1)
+    AC_CHECK_LIB(pcap, pcap_freecode)
+    if test "$ac_cv_lib_pcap_pcap_freecode" = no ; then
+	    unset ac_cv_lib_pcap_pcap_freecode
+	    AC_DEFINE([DONT_HAVE_LIBPCAP_PCAP_FREECODE],[],[Old libpcap versions (< 0.6.1) need defining pcap_freecode and pcap_compile_nopcap])
     fi
 
 		dnl check pcap headers location

More information about the Bro mailing list