[Winpcap-users] Updating BPF compiler

Guy Harris guy at alum.mit.edu
Sun Dec 4 22:02:16 GMT 2005 

Deston High wrote:

> but which files i need to update exactly?
> 
> bpf/net/bpf_filter.c 
> <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/bpf/net/bpf_filter.c>

No.  That's the interpreter for BPF programs, but the BPF machine 
language doesn't know anything about PPPoE (and it only knows a *tiny* 
amount about IPv4) - the BPF machine language is lower-level than that, 
and the compiler translates higher-level filter expressions into 
low-level programs testing particular bytes in the packet.

> bpf_dump.c <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/bpf_dump.c>
> bpf_image.c <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/bpf_image.c>

No, they just print out BPF programs in human-readable form.

> ethertype.h <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/ethertype.h>

You might need that, if the PPPoE Ethernet type fields weren't already 
there.

> gencode.c <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/gencode.c>

That's the file that contains the code that generates BPF programs, so 
you *do* need that.

> gencode.h <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/gencode.h>

You might need that, if I had to add some new #define for the PPPoE code 
generator stuff.

> pcap-bpf.c <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/pcap-bpf.c>

That's not used in WinPcap - or in libpcap on Linux, Solaris, HP-UX, or 
any OSes other than the various BSDs (including the BSD-derived OS X) or 
AIX; it's one of the platform-dependent files in libpcap.  WinPcap uses 
pcap-win32.c, Linux uses pcap-linux.c, Solaris and HP-UX (and some other 
OSes) use pcap-dlpi.c, etc..

> pcap-bpf.h <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/pcap-bpf.h>

That defines stuff for the BPF machine language, which, as I note, 
didn't have to be changed to support PPPoE.

> according to your msg i need to generate source files using bison/flex 
> from:
> grammar.y <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/grammar.y>
> scanner.l <http://cvs.tcpdump.org/cgi-bin/cvsweb/libpcap/scanner.l>

YES.  The keywords "pppoed" and "pppoes" were added to the filtering 
language, so the lexical analyzer (scanner.l) had to be changed to 
recognize those keywords, and the grammar (grammar.y) had to be change 
to support them as language tokens.

So you will need to install Cygwin:

	http://www.cygwin.com/

in order to get Bison and Flex.

More information about the Winpcap-users mailing list