This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 52562 - pcap_lookupnet() fails to return address or netmask
pcap_lookupnet() fails to return address or netmask
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: libpcap (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-25 00:49 EDT by gbanks
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-25 11:04:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Source of simple test program (543 bytes, text/plain)
2001-08-25 00:50 EDT, gbanks
no flags Details

  None (edit)
Description gbanks 2001-08-25 00:49:19 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.2-2 i686)

Description of problem:
When testing Snort built from source, I discovered that every single Snort
rule silently failed to work because $HOME_NET was correctly formatted
garbage bits.  After some debugging, it appears that pcap_lookupnet() never
writes to the variables whose addresses are passed in.  The attached test
program demonstrates the problem;
the program performs correctly on Mandrake 7.1.
A workaround is to use
var HOME_NET xx.yy.zz.ww/aa.bb.cc.dd
with your specific address and netmask instead of the default
var HOME_NET $eth0_ADDRESS
which triggers the bug.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. gcc -Wall -o test1 -I/usr/include/pcap test1.c -lpcap
2. ./test1 eth0

Actual Results:  Interface eth0 = 55555555/aaaaaaaa


Expected Results:  On a system with working libpcap, result shows actual
address and netmask.

Additional info:
Comment 1 gbanks 2001-08-25 00:50:18 EDT
Created attachment 29474 [details]
Source of simple test program
Comment 2 Tim Powers 2001-08-25 11:03:57 EDT
Reassigning to the owner of tcpdump which is the source package for libpcap.

Tim
Comment 3 Harald Hoyer 2001-09-04 05:28:49 EDT
$ gcc -o pcap-test pcap-test.c -lpcap -I/usr/include/pcap/
[harald@faro harald]$ ./pcap-test
Usage: ./pcap-test interface
[harald@faro harald]$ ./pcap-test eth0
Interface eth0 = 000210ac/00ffffff
[harald@faro harald]$ /sbin/ifconfig
eth0      Protokoll:Ethernet  Hardware Adresse 00:01:02:F1:85:F4
          inet Adresse:172.16.2.162  Bcast:172.16.2.255  Maske:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2897199 errors:0 dropped:0 overruns:1 frame:0
          TX packets:2130706 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0
          RX bytes:2521268307 (2404.4 Mb)  TX bytes:2223600408 (2120.5 Mb)

$ rpm -qf /usr/include/pcap/pcap.h
libpcap-0.6.2-9

Note You need to log in before you can comment on or make changes to this bug.