recvfrom requeires that *fromlen holds the size of of struct sockaddr *from,
allthough passed as a pointer, which was the reason for my confusion.
so, one should fix "pcap-linux.c" in the tcpdump source tree to read
as follows:
int pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
register int datalen;
register int caplen;
struct sockaddr from;
int from_len;
char *buf;
int bufsize;
if (p->linktype == DLT_SLIP) {
buf = (char *)p->buffer+16;
bufsize = p->bufsize - 16;
memset(p->buffer,0,16);
} else {
buf = (char *)p->buffer;
bufsize = p->bufsize;
}
do {
+ from_len=sizeof(from);
datalen = recvfrom(p->fd,buf,bufsize,0,&from,&from_len);
it surprises me that it worked at all! I guess your luck only did
depend on what was put into from_len from the stack.
/herp
herbert rosmanith
herp@wildsau.idv.uni-linz.ac.at
rosmanith@edvz.uni-linz.ac.at
checked in prior kernel version.