Fix a couple of issues related to the sniffer.

- Fix an issue in sniffer.c where some pointer math was giving a warning. - Fix an issue in snifftest.c where a local variable was never read. - Ignore non-TCP/IP packets in snifftest.c. Fixes some tests with pcaps with other types of packets.
2020-11-03 13:59:39 -06:00 · 2020-11-03 13:59:39 -06:00 · 3b1c536418
parent f8176dd646
commit 3b1c536418
2 changed files with 17 additions and 5 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -4730,7 +4730,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo,
        word32 i, offset, headerSz, qty, remainder;

        Trace(CHAIN_INPUT_STR);
-        headerSz = (word32)*sslFrame - (word32)chain[0].iov_base;
+        headerSz = (word32)((const byte*)*sslFrame - (const byte*)chain[0].iov_base);
        remainder = *sslBytes;

        if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) {
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@ -519,15 +519,27 @@ int main(int argc, char** argv)
        #endif
            ret = ssl_SetPrivateKey(server, port, argv[2],
                                FILETYPE_PEM, passwd, err);
+
            if (ret == 0)
                loadCount++;
-            if (loadCount > 0) {
-                ret = 0;
-            }
-            else {
+
+            if (loadCount == 0) {
                printf("Failed loading private key %d\n", ret);
                exit(EXIT_FAILURE);
            }
+
+            /* Only let through TCP/IP packets */
+            ret = pcap_compile(pcap, &fp, "(ip6 or ip) and tcp", 0, 0);
+            if (ret != 0) {
+                printf("pcap_compile failed %s\n", pcap_geterr(pcap));
+                exit(EXIT_FAILURE);
+            }
+
+            ret = pcap_setfilter(pcap, &fp);
+            if (ret != 0) {
+                printf("pcap_setfilter failed %s\n", pcap_geterr(pcap));
+                exit(EXIT_FAILURE);
+            }
        }
    }
    else {