From a43b1c916146157ec7ec0e2ca46e64c2e07c14a9 Mon Sep 17 00:00:00 2001
From: Bill Fenner <fenner@gmail.com>
Date: Fri, 26 Apr 2019 04:10:59 -0700
Subject: [PATCH] Preserve references to metadata when adjusting the program.

This fixes the offset issue I mention in
https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278
---
 pcap-linux.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pcap-linux.c b/pcap-linux.c
index dd8795e5dc..d25bb9ea25 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -7423,6 +7423,14 @@ fix_program(pcap_t *handle, struct sock_fprog *fcode, int is_mmapped)
 static int
 fix_offset(pcap_t *handle, struct bpf_insn *p)
 {
+	/*
+	 * Existing references to auxiliary data shouldn't be adjusted.
+	 *
+	 * Note that SKF_AD_OFF is negative, but p->k is unsigned, so
+	 * we use >= and cast SKF_AD_OFF to unsigned.
+	 */
+	if (p->k >= (bpf_u_int32)SKF_AD_OFF)
+		return 0;
 	if (handle->linktype == DLT_LINUX_SLL2) {
 		/*
 		 * What's the offset?