Linux Socket Filter's bug?

From: Mao Yun (maoyun@263.net)
Date: Sat Aug 26 2000 - 12:36:21 EST


Hi, all.
       I'm looking at the source code of LSF(Linux Socket Filter). I am a rookie in kernel hacking. I use the libpcap-0.4 which is patched for LSF.When I set the snap_len 1500 ( the MTU in ethernet) and set a filter such as "tcp and port 80", all the packet I sniff out will be filled with zero in the last 14 bytes (more or less maybe) . What's wrong? Now my solution is enlarge the snap_len into 1600. :-) My kernel version is 2.2.14, the default choice of RedHat 6.2.
      When I look into the kernel source, I found it strange that I can only find the declaration of sk_run_filter(), but I cannot find any function which call sk_run_filter() except a EXPORT_SYMBOL(sk_run_filter). Why?
    Thank you all..
                     --- Mao Yun:.˛mkabzwmb˛mbz_^nrzh&zzޗ+^jǫym@Aa0n+d



This archive was generated by hypermail 2b29 : Thu Aug 31 2000 - 21:00:17 EST