From bf4a63bda7e9eb142402693248a347a5705f9740 Mon Sep 17 00:00:00 2001 From: Bill Fenner Date: Fri, 26 Apr 2019 04:10:59 -0700 Subject: [PATCH] Preserve references to metadata when adjusting the program. This fixes the offset issue I mention in https://github.com/the-tcpdump-group/tcpdump/issues/480#issuecomment-486827278 (cherry picked from commit eebbdd4d267217a60c87dbada2176ec51bbcd0d1) --- pcap-linux.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pcap-linux.c b/pcap-linux.c index db5a989bbe..70334b3c86 100644 --- a/pcap-linux.c +++ b/pcap-linux.c @@ -7275,6 +7275,14 @@ fix_program(pcap_t *handle, struct sock_fprog *fcode, int is_mmapped) static int fix_offset(pcap_t *handle, struct bpf_insn *p) { + /* + * Existing references to auxiliary data shouldn't be adjusted. + * + * Note that SKF_AD_OFF is negative, but p->k is unsigned, so + * we use >= and cast SKF_AD_OFF to unsigned. + */ + if (p->k >= (bpf_u_int32)SKF_AD_OFF) + return 0; if (handle->linktype == DLT_LINUX_SLL2) { /* * What's the offset?