Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Store error message from BPF compilation

Browse source
This commit is contained in:
Tim Wojtulewicz 2022-08-12 09:13:41 -07:00
parent 767c83ede8
commit 82adecb2ad
8 changed files with 100 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/iosource/BPF_Program.cc
View file

@ -78,8 +78,7 @@ BPF_Program::~BPF_Program()
FreeCode();
}
bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, std::string& errbuf,
bool optimize)
bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, bool optimize)
{
if ( ! pcap )
return false;
@ -88,7 +87,8 @@ bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, st
if ( pcap_compile(pcap, &m_program, (char*)filter, optimize, netmask) < 0 )
{
errbuf = util::fmt("pcap_compile(%s): %s", filter, pcap_geterr(pcap));
state_message = std::string(pcap_geterr(pcap));
state = GetStateFromMessage(state_message);
return false;
}
@ -99,7 +99,7 @@ bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, st
}
bool BPF_Program::Compile(zeek_uint_t snaplen, int linktype, const char* filter, uint32_t netmask,
std::string& errbuf, bool optimize)
bool optimize)
{
FreeCode();
@ -120,12 +120,19 @@ bool BPF_Program::Compile(zeek_uint_t snaplen, int linktype, const char* filter,
int err = pcap_compile_nopcap(snaplen, linktype, &m_program, (char*)filter, optimize, netmask,
my_error);
if ( err < 0 )
errbuf = std::string(my_error);
{
state = GetStateFromMessage(errstr);
state_message = util::fmt("pcap_compile(%s): %s", filter, pcap_geterr(pcap);
}
#else
int err = pcap_compile_nopcap(static_cast<int>(snaplen), linktype, &m_program, (char*)filter, optimize, netmask);
int err = pcap_compile_nopcap(static_cast<int>(snaplen), linktype, &m_program, (char*)filter,
optimize, netmask);
// We have no way of knowing what the error actually was because pcap_compile_nocap doesn't
// return an error string nor any other information, so just assume every failure is
// fatal.
if ( err < 0 )
errbuf.clear();
state = FilterState::FATAL;
#endif
if ( err == 0 )
@ -155,4 +162,12 @@ void BPF_Program::FreeCode()
}
}
FilterState BPF_Program::GetStateFromMessage(const std::string& err)
{
if ( err.find("filtering not implemented") != std::string::npos )
return FilterState::WARNING;
return FilterState::FATAL;
}
} // namespace zeek::iosource::detail