diff --git a/CHANGES b/CHANGES index 2bf013d359..3bd884315d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,19 @@ +5.2.0-dev.129 | 2022-10-21 12:24:25 -0700 + + * Remove cmake tests for LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER (Tim Wojtulewicz, Corelight) + + * Rework the non-pcap version of BPF_Program::Compile (Tim Wojtulewicz, Corelight) + + * Add btest that exercises the pcap filter warnings (Tim Wojtulewicz, Corelight) + + * Restore reporting messages for pcap filter issues (Tim Wojtulewicz, Corelight) + + * Add column to packet_filter.log for failure reason (Tim Wojtulewicz, Corelight) + + * Store error message from BPF compilation (Tim Wojtulewicz, Corelight) + + * Minor cleanup in BPF filtering code (Tim Wojtulewicz, Corelight) + 5.2.0-dev.120 | 2022-10-21 10:09:11 -0700 * Reorder includes in Options.cc (Tim Wojtulewicz, Corelight) diff --git a/VERSION b/VERSION index d6cbfb618e..2ffe7629aa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.2.0-dev.120 +5.2.0-dev.129 diff --git a/cmake b/cmake index e896b86b01..64e9d66969 160000 --- a/cmake +++ b/cmake @@ -1 +1 @@ -Subproject commit e896b86b015b94c991c340b09b2d157c76b8de3c +Subproject commit 64e9d66969364091b14e772aab342252d8ef1da9 diff --git a/doc b/doc index 654da37703..c751af2a27 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 654da377039b3ef16320988ce3af0946a46c632f +Subproject commit c751af2a2792e63d56cc9aaed1f514a8fa5e6f17 diff --git a/scripts/base/frameworks/packet-filter/main.zeek b/scripts/base/frameworks/packet-filter/main.zeek index ccf7318469..51015c307a 100644 --- a/scripts/base/frameworks/packet-filter/main.zeek +++ b/scripts/base/frameworks/packet-filter/main.zeek @@ -48,6 +48,9 @@ export { ## Indicate if the filter was applied successfully. success: bool &log &default=T; + + ## A string reason why the filter failed to be created/installed. + failure_reason: string &log &optional; }; ## The BPF filter that is used by default to define what traffic should @@ -276,22 +279,33 @@ function install(): bool return F; local ts = current_time(); + if ( ! Pcap::precompile_pcap_filter(DefaultPcapFilter, tmp_filter) ) { - NOTICE([$note=Compile_Failure, - $msg=fmt("Compiling packet filter failed"), - $sub=tmp_filter]); + local state = Pcap::get_filter_state(DefaultPcapFilter); + local error_string : string; + if ( state == Pcap::fatal ) + { + NOTICE([$note=Compile_Failure, + $msg=fmt("Compiling packet filter failed"), + $sub=tmp_filter]); - local error_string = fmt("Bad pcap filter '%s'", tmp_filter); + error_string = fmt("Bad pcap filter '%s': %s", tmp_filter, + Pcap::get_filter_state_string(DefaultPcapFilter)); - local pkt_src_error : string = Pcap::error(); - if ( pkt_src_error != "no error" ) - error_string = pkt_src_error; + if ( network_time() == 0.0 ) + Reporter::fatal(error_string); + else + Reporter::warning(error_string); + } + else if ( state == Pcap::warning ) + { + error_string = fmt("Warning while compiling pcap filter '%s': %s", + tmp_filter, + Pcap::get_filter_state_string(DefaultPcapFilter)); - if ( network_time() == 0.0 ) - Reporter::fatal(error_string); - else Reporter::warning(error_string); + } } local diff = current_time()-ts; if ( diff > max_filter_compile_time ) @@ -317,6 +331,8 @@ function install(): bool { # Installing the filter failed for some reason. info$success = F; + info$failure_reason = Pcap::get_filter_state_string(DefaultPcapFilter); + NOTICE([$note=Install_Failure, $msg=fmt("Installing packet filter failed"), $sub=current_filter]); diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index 43cd9edf74..fa8a674092 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -5146,6 +5146,13 @@ export { }; type Interfaces: set[Pcap::Interface]; + + ## The state of the compilation for a pcap filter. + type filter_state: enum { + ok, # no issues encountered + fatal, # fatal issue, something that would prevent zeek from continuing + warning # non-fatal issue that should just be logged + }; } # end export module DCE_RPC; diff --git a/src/iosource/BPF_Program.cc b/src/iosource/BPF_Program.cc index 39aabc257b..71c9f7ee27 100644 --- a/src/iosource/BPF_Program.cc +++ b/src/iosource/BPF_Program.cc @@ -71,15 +71,14 @@ static bool filter_matches_anything(const char* filter) return (! filter) || strlen(filter) == 0 || strcmp(filter, "ip or not ip") == 0; } -BPF_Program::BPF_Program() : m_compiled(), m_matches_anything(false), m_program() { } +BPF_Program::BPF_Program() : m_program() { } BPF_Program::~BPF_Program() { FreeCode(); } -bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, std::string& errbuf, - bool optimize) +bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, bool optimize) { if ( ! pcap ) return false; @@ -88,7 +87,8 @@ bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, st if ( pcap_compile(pcap, &m_program, (char*)filter, optimize, netmask) < 0 ) { - errbuf = util::fmt("pcap_compile(%s): %s", filter, pcap_geterr(pcap)); + state_message = std::string(pcap_geterr(pcap)); + state = GetStateFromMessage(state_message); return false; } @@ -98,8 +98,8 @@ bool BPF_Program::Compile(pcap_t* pcap, const char* filter, uint32_t netmask, st return true; } -bool BPF_Program::Compile(int snaplen, int linktype, const char* filter, uint32_t netmask, - std::string& errbuf, bool optimize) +bool BPF_Program::Compile(zeek_uint_t snaplen, int linktype, const char* filter, uint32_t netmask, + bool optimize) { FreeCode(); @@ -114,27 +114,18 @@ bool BPF_Program::Compile(int snaplen, int linktype, const char* filter, uint32_ return true; } -#ifdef LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER - char my_error[PCAP_ERRBUF_SIZE]; - - int err = pcap_compile_nopcap(snaplen, linktype, &m_program, (char*)filter, optimize, netmask, - my_error); - if ( err < 0 ) - errbuf = std::string(my_error); -#else - int err = pcap_compile_nopcap(snaplen, linktype, &m_program, (char*)filter, optimize, netmask); - - if ( err < 0 ) - errbuf.clear(); -#endif - - if ( err == 0 ) + pcap_t* pcap = pcap_open_dead(linktype, snaplen); + if ( ! pcap ) { - m_compiled = true; - m_matches_anything = filter_matches_anything(filter); + state = FilterState::FATAL; + state_message = "Failed to open pcap based on linktype/snaplen"; + return false; } - return err == 0; + bool status = Compile(pcap, filter, netmask, optimize); + pcap_close(pcap); + + return status; } bpf_program* BPF_Program::GetProgram() @@ -155,4 +146,12 @@ void BPF_Program::FreeCode() } } +FilterState BPF_Program::GetStateFromMessage(const std::string& err) + { + if ( err.find("filtering not implemented") != std::string::npos ) + return FilterState::WARNING; + + return FilterState::FATAL; + } + } // namespace zeek::iosource::detail diff --git a/src/iosource/BPF_Program.h b/src/iosource/BPF_Program.h index 220e67b4f1..d4f7715688 100644 --- a/src/iosource/BPF_Program.h +++ b/src/iosource/BPF_Program.h @@ -5,12 +5,24 @@ #include #include +#include "zeek/util.h" + extern "C" { #include } -namespace zeek::iosource::detail +namespace zeek::iosource + { + +enum class FilterState : uint8_t + { + OK, + FATAL, // results in Reporter::Error + WARNING // results in Reporter::Warning + }; + +namespace detail { // BPF_Programs are an abstraction around struct bpf_program, @@ -20,42 +32,69 @@ namespace zeek::iosource::detail class BPF_Program { public: - // Creates an empty, uncompiled BPF program. + /** + * Creates an empty, uncompiled BPF program. + */ BPF_Program(); ~BPF_Program(); - // Creates a BPF program for the given pcap handle. - // Parameters are like in pcap_compile(). Returns true - // for successful compilation, false otherwise. - bool Compile(pcap_t* pcap, const char* filter, uint32_t netmask, std::string& errbuf, + /** + * Creates a BPF program for a given pcap handle. The parameters match the usage + * described in the documentation for pcap_compile(). + * + * @return true on successful compilation, false otherwise. + */ + bool Compile(pcap_t* pcap, const char* filter, uint32_t netmask, bool optimize = true); + + /** + * Creates a BPF program when no pcap handle is available. The parameters match the usage + * described in the documentation for pcap_compile_nopcap(). + * + * @return true on successful compilation, false otherwise. + */ + bool Compile(zeek_uint_t snaplen, int linktype, const char* filter, uint32_t netmask, bool optimize = true); - // Creates a BPF program when no pcap handle is around, - // similarly to pcap_compile_nopcap(). Parameters are - // similar. Returns true on success. - bool Compile(int snaplen, int linktype, const char* filter, uint32_t netmask, - std::string& errbuf, bool optimize = true); - - // Returns true if this program currently contains compiled - // code, false otherwise. + /** + * Returns true if this program currently contains compiled code, false otherwise. + */ bool IsCompiled() { return m_compiled; } - // Returns true if this program matches any packets. This is not - // comprehensive, but can identify a few cases where it does. + /** + * Returns true if this program matches any packets. This is not comprehensive, but can + * identify a few cases where it does. + */ bool MatchesAnything() { return m_matches_anything; } - // Accessor to the compiled program. Returns nil when - // no program is currently compiled. + /** + * Returns the compiled program, or nullptr if no program is currently compiled. + */ bpf_program* GetProgram(); + /** + * Returns the state of the compilation process. + */ + FilterState GetState() const { return state; } + + /** + * Returns an error message, if any, that was returned from the compliation process. + */ + std::string GetStateMessage() const { return state_message; } + protected: void FreeCode(); + FilterState GetStateFromMessage(const std::string& err); + // (I like to prefix member variables with m_, makes it clear // in the implementation whether it's a global or not. --ck) - bool m_compiled; - bool m_matches_anything; + bool m_compiled = false; + bool m_matches_anything = false; struct bpf_program m_program; + + FilterState state = FilterState::OK; + std::string state_message; }; - } // namespace zeek::iosource::detail + } // namespace detail + } // namespace zeek::iosource diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index d1876f3cb1..c7c42edd68 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -203,18 +203,17 @@ bool PktSrc::ExtractNextPacketInternal() detail::BPF_Program* PktSrc::CompileFilter(const std::string& filter) { - std::string errbuf; auto code = std::make_unique(); - if ( ! code->Compile(BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask(), errbuf) ) + if ( ! code->Compile(BifConst::Pcap::snaplen, LinkType(), filter.c_str(), Netmask()) ) { std::string msg = util::fmt("cannot compile BPF filter \"%s\"", filter.c_str()); - if ( ! errbuf.empty() ) - msg += ": " + errbuf; + std::string state_msg = code->GetStateMessage(); + if ( ! state_msg.empty() ) + msg += ": " + state_msg; Error(msg); - return nullptr; } return code.release(); @@ -225,10 +224,9 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) if ( index < 0 ) return false; - // Compile filter. + // Compile filter. This will always return a pointer, but may have stored an error + // internally. auto code = CompileFilter(filter); - if ( ! code ) - return false; // Store it in vector. if ( index >= static_cast(filters.size()) ) @@ -239,7 +237,7 @@ bool PktSrc::PrecompileBPFFilter(int index, const std::string& filter) filters[index] = code; - return true; + return code->GetState() != FilterState::FATAL; } detail::BPF_Program* PktSrc::GetBPFFilter(int index) diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h index 70229ec243..f5e25a603e 100644 --- a/src/iosource/PktSrc.h +++ b/src/iosource/PktSrc.h @@ -5,6 +5,7 @@ #include // for u_char #include +#include "zeek/iosource/BPF_Program.h" #include "zeek/iosource/IOSource.h" #include "zeek/iosource/Packet.h" @@ -13,18 +14,13 @@ struct pcap_pkthdr; namespace zeek::iosource { -namespace detail - { -class BPF_Program; - } - /** * Base class for packet sources. */ class PktSrc : public IOSource { public: - static const int NETMASK_UNKNOWN = 0xffffffff; + static const uint32_t NETMASK_UNKNOWN = 0xffffffff; /** * Struct for returning statistics on a packet source. @@ -102,7 +98,7 @@ public: * Precompiles a BPF filter and associates the given index with it. * The compiled filter will be then available via \a GetBPFFilter(). * - * This is primarily a helper for packet source implementation that + * This is primarily a helper for packet source implementations that * want to apply BPF filtering to their packets. * * @param index The index to associate with the filter. @@ -139,7 +135,8 @@ public: * * @param pkt The content of the packet to filter. * - * @return True if it maches. */ + * @return True if it matches. + */ bool ApplyBPFFilter(int index, const struct pcap_pkthdr* hdr, const u_char* pkt); /** @@ -158,9 +155,9 @@ public: * Precompiles a filter and associates a given index with it. The * filter syntax is defined by the packet source's implenentation. * - * Derived classes must implement this to implement their filtering. - * If they want to use BPF but don't support it natively, they can - * call the corresponding helper method provided by \a PktSrc. + * Derived classes can override this method to implement their own + * filtering. If not overriden, it uses the pcap-based BPF filtering + * by default. * * @param index The index to associate with the filter * @@ -169,7 +166,10 @@ public: * @return True on success, false if a problem occurred or filtering * is not supported. */ - virtual bool PrecompileFilter(int index, const std::string& filter) = 0; + virtual bool PrecompileFilter(int index, const std::string& filter) + { + return PrecompileBPFFilter(index, filter); + } /** * Activates a precompiled filter with the given index. @@ -336,6 +336,16 @@ protected: */ virtual void DoneWithPacket() = 0; + /** + * Performs the actual filter compilation. This can be overridden to + * provide a different implementation of the compiilation called by + * PrecompileBPFFilter(). This is primarily used by the pcap source + * use a different version of BPF_Filter::Compile; + * + * @param filter the filtering string being compiled. + * + * @return The compiled filter or nullptr if compilation failed. + */ virtual detail::BPF_Program* CompileFilter(const std::string& filter); private: diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index 093a5f8eed..210263cf7c 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -263,25 +263,19 @@ void PcapSource::DoneWithPacket() // Nothing to do. } -bool PcapSource::PrecompileFilter(int index, const std::string& filter) - { - return PktSrc::PrecompileBPFFilter(index, filter); - } - detail::BPF_Program* PcapSource::CompileFilter(const std::string& filter) { - std::string errbuf; auto code = std::make_unique(); - if ( ! code->Compile(pd, filter.c_str(), Netmask(), errbuf) ) + if ( ! code->Compile(pd, filter.c_str(), Netmask()) ) { std::string msg = util::fmt("cannot compile BPF filter \"%s\"", filter.c_str()); - if ( ! errbuf.empty() ) - msg += ": " + errbuf; + std::string state_msg = code->GetStateMessage(); + if ( ! state_msg.empty() ) + msg += ": " + state_msg; Error(msg); - return nullptr; } return code.release(); @@ -310,14 +304,16 @@ bool PcapSource::SetFilter(int index) // since the default scripts will always attempt to compile // and install a default filter } - else + else if ( auto program = code->GetProgram() ) { - if ( pcap_setfilter(pd, code->GetProgram()) < 0 ) + if ( pcap_setfilter(pd, program) < 0 ) { PcapError(); return false; } } + else if ( code->GetState() != FilterState::OK ) + return false; #ifndef HAVE_LINUX // Linux doesn't clear counters when resetting filter. diff --git a/src/iosource/pcap/Source.h b/src/iosource/pcap/Source.h index 8c1c88992b..1f100273ea 100644 --- a/src/iosource/pcap/Source.h +++ b/src/iosource/pcap/Source.h @@ -28,9 +28,9 @@ protected: void Close() override; bool ExtractNextPacket(Packet* pkt) override; void DoneWithPacket() override; - bool PrecompileFilter(int index, const std::string& filter) override; bool SetFilter(int index) override; void Statistics(Stats* stats) override; + detail::BPF_Program* CompileFilter(const std::string& filter) override; private: diff --git a/src/iosource/pcap/pcap.bif b/src/iosource/pcap/pcap.bif index 0e0db396c8..4e8e863a5c 100644 --- a/src/iosource/pcap/pcap.bif +++ b/src/iosource/pcap/pcap.bif @@ -1,13 +1,13 @@ module Pcap; - const snaplen: count; const bufsize: count; %%{ #include +#include "zeek/iosource/BPF_Program.h" #include "zeek/iosource/Manager.h" %%} @@ -44,8 +44,13 @@ function precompile_pcap_filter%(id: PcapFilterID, s: string%): bool bool success = true; zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); - if ( ps && ! ps->PrecompileFilter(id->AsInt(), s->CheckString()) ) - success = false; + if ( ps ) + { + bool compiled = ps->PrecompileFilter(id->AsInt(), s->CheckString()); + auto filter = ps->GetBPFFilter(id->AsInt()); + if ( ! compiled || ( filter && filter->GetState() != zeek::iosource::FilterState::OK ) ) + success = false; + } return zeek::val_mgr->Bool(success); %} @@ -99,13 +104,59 @@ function error%(%): string if ( ps ) { const char* err = ps->ErrorMsg(); - if ( *err ) + if ( err && *err ) return zeek::make_intrusive(err); } return zeek::make_intrusive("no error"); %} +## Returns the initialization state of a PCAP filter, or OK if the either +## there's no active packet source or the pcap filter ID does not exist. +## +## id: The PCAP filter id of a precompiled filter. +## +## Returns: A state value denoting whether any warnings or errors were +## encountered while initializing the filter. +## +## .. zeek:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter +function get_filter_state%(id: PcapFilterID%): filter_state + %{ + EnumTypePtr filter_state = zeek::id::find_type("Pcap::filter_state"); + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); + if ( ps ) + { + if ( auto filter = ps->GetBPFFilter(id->AsInt()) ) + return filter_state->GetEnumVal(static_cast(filter->GetState())); + } + + return filter_state->GetEnumVal(static_cast(iosource::FilterState::OK)); + %} + +## Returns a string containing any error messages that were reported by +## filter initialization. +## +## id: The PCAP filter id of a precompiled filter. +## +## Returns: Warning/error strings from the initialization process, a blank +## string if none were encountered, or '' if either there +## is no active packet source or the filter ID doesn't exist. +## +## .. zeek:see:: Pcap::precompile_pcap_filter +## Pcap::install_pcap_filter +function get_filter_state_string%(id: PcapFilterID%): string + %{ + zeek::iosource::PktSrc* ps = zeek::iosource_mgr->GetPktSrc(); + if ( ps ) + { + if ( auto filter = ps->GetBPFFilter(id->AsInt()) ) + return zeek::make_intrusive(filter->GetStateMessage()); + } + + return zeek::make_intrusive(""); + %} + function findalldevs%(%): Pcap::Interfaces %{ pcap_if_t* alldevs; diff --git a/testing/btest/Baseline/core.pcap.filter-warning/notice.log b/testing/btest/Baseline/core.pcap.filter-warning/notice.log new file mode 100644 index 0000000000..901a31bc81 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/notice.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path notice +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p fuid file_mime_type file_desc proto note msg sub src dst p n peer_descr actions email_dest suppress_for remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude +#types time string addr port addr port string string string enum enum string string addr addr port count string set[enum] set[string] interval string string string double double +0.000000 - - - - - - - - - PacketFilter::Install_Failure Installing packet filter failed ip or not ip - - - - - Notice::ACTION_LOG (empty) 3600.000000 - - - - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.pcap.filter-warning/output b/testing/btest/Baseline/core.pcap.filter-warning/output new file mode 100644 index 0000000000..fdfc24df5d --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/output @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/main.zeek, line 307: Warning while compiling pcap filter 'ip or not ip': IEEE 802.15.4 link-layer type filtering not implemented diff --git a/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log b/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log new file mode 100644 index 0000000000..040588d961 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/packet_filter.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path packet_filter +#open XXXX-XX-XX-XX-XX-XX +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek ip or not ip T F IEEE 802.15.4 link-layer type filtering not implemented +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.pcap.filter-warning/reporter.log b/testing/btest/Baseline/core.pcap.filter-warning/reporter.log new file mode 100644 index 0000000000..4da94c04f6 --- /dev/null +++ b/testing/btest/Baseline/core.pcap.filter-warning/reporter.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path reporter +#open XXXX-XX-XX-XX-XX-XX +#fields ts level message location +#types time enum string string +XXXXXXXXXX.XXXXXX Reporter::WARNING Warning while compiling pcap filter 'ip or not ip': IEEE 802.15.4 link-layer type filtering not implemented <...>/main.zeek, line 307 +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log b/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log index 03bd80c102..e34b12569e 100644 --- a/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log +++ b/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log @@ -5,7 +5,7 @@ #unset_field - #path packet_filter #open XXXX-XX-XX-XX-XX-XX -#fields ts node filter init success -#types time string string bool bool -XXXXXXXXXX.XXXXXX zeek port 50000 T T +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek port 50000 T T - #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/core.print-bpf-filters/output b/testing/btest/Baseline/core.print-bpf-filters/output index 635de8454f..18fb0caca9 100644 --- a/testing/btest/Baseline/core.print-bpf-filters/output +++ b/testing/btest/Baseline/core.print-bpf-filters/output @@ -5,9 +5,9 @@ #unset_field - #path packet_filter #open XXXX-XX-XX-XX-XX-XX -#fields ts node filter init success -#types time string string bool bool -XXXXXXXXXX.XXXXXX zeek ip or not ip T T +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek ip or not ip T T - #close XXXX-XX-XX-XX-XX-XX #separator \x09 #set_separator , @@ -15,9 +15,9 @@ XXXXXXXXXX.XXXXXX zeek ip or not ip T T #unset_field - #path packet_filter #open XXXX-XX-XX-XX-XX-XX -#fields ts node filter init success -#types time string string bool bool -XXXXXXXXXX.XXXXXX zeek port 42 T T +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek port 42 T T - #close XXXX-XX-XX-XX-XX-XX #separator \x09 #set_separator , @@ -25,7 +25,7 @@ XXXXXXXXXX.XXXXXX zeek port 42 T T #unset_field - #path packet_filter #open XXXX-XX-XX-XX-XX-XX -#fields ts node filter init success -#types time string string bool bool -XXXXXXXXXX.XXXXXX zeek (vlan) and (ip or not ip) T T +#fields ts node filter init success failure_reason +#types time string string bool bool string +XXXXXXXXXX.XXXXXX zeek (vlan) and (ip or not ip) T T - #close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index f2c42d3b8f..6b1cf39c25 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -282,7 +282,7 @@ 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> 0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> -0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=])) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) -> 0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) -> @@ -469,8 +469,8 @@ 0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) -> 0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -> 0.000000 MetaHookPost CallFunction(Log::get_filter, , (SSL::LOG, default)) -> -0.000000 MetaHookPost CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)) -> -0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) -> +0.000000 MetaHookPost CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG)) -> +0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=])) -> 0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) -> 0.000000 MetaHookPost CallFunction(NetControl::init, , ()) -> 0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) -> @@ -668,7 +668,7 @@ 0.000000 MetaHookPost CallFunction(PacketFilter::build, , ()) -> 0.000000 MetaHookPost CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) -> 0.000000 MetaHookPost CallFunction(PacketFilter::install, , ()) -> -0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> +0.000000 MetaHookPost CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) -> 0.000000 MetaHookPost CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) -> 0.000000 MetaHookPost CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) -> 0.000000 MetaHookPost CallFunction(Site::update_local_nets_table, , (Site::local_nets, {})) -> @@ -1509,8 +1509,8 @@ 0.000000 MetaHookPost LoadFileExtended(1, ./programming, <...>/programming.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, ./video, <...>/video.sig) -> (-1, ) 0.000000 MetaHookPost LoadFileExtended(1, s2, ./s2.sig) -> (-1, ) -0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -> -0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) -> true +0.000000 MetaHookPost LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}) -> +0.000000 MetaHookPost LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}, ) -> true 0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false 0.000000 MetaHookPost QueueEvent(zeek_init()) -> false @@ -1797,7 +1797,7 @@ 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) 0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) -0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=])) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG)) 0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG)) @@ -1984,8 +1984,8 @@ 0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy])) 0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy])) 0.000000 MetaHookPre CallFunction(Log::get_filter, , (SSL::LOG, default)) -0.000000 MetaHookPre CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG)) -0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T])) +0.000000 MetaHookPre CallFunction(Log::log_stream_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG)) +0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=])) 0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ()) 0.000000 MetaHookPre CallFunction(NetControl::init, , ()) 0.000000 MetaHookPre CallFunction(Notice::want_pp, , ()) @@ -2183,7 +2183,7 @@ 0.000000 MetaHookPre CallFunction(PacketFilter::build, , ()) 0.000000 MetaHookPre CallFunction(PacketFilter::combine_filters, , (ip or not ip, and, )) 0.000000 MetaHookPre CallFunction(PacketFilter::install, , ()) -0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) +0.000000 MetaHookPre CallFunction(PacketFilter::log_policy, , ([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=])) 0.000000 MetaHookPre CallFunction(Pcap::install_pcap_filter, , (PacketFilter::DefaultPcapFilter)) 0.000000 MetaHookPre CallFunction(Pcap::precompile_pcap_filter, , (PacketFilter::DefaultPcapFilter, ip or not ip)) 0.000000 MetaHookPre CallFunction(Site::update_local_nets_table, , (Site::local_nets, {})) @@ -3024,8 +3024,8 @@ 0.000000 MetaHookPre LoadFileExtended(1, ./programming, <...>/programming.sig) 0.000000 MetaHookPre LoadFileExtended(1, ./video, <...>/video.sig) 0.000000 MetaHookPre LoadFileExtended(1, s2, ./s2.sig) -0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}) -0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 5, {ts (time), node (string), filter (string), init (bool), success (bool)}, ) +0.000000 MetaHookPre LogInit(Log::WRITER_ASCII, default, true, true, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}) +0.000000 MetaHookPre LogWrite(Log::WRITER_ASCII, default, packet_filter(0.0,0.0,0.0), 6, {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)}, ) 0.000000 MetaHookPre QueueEvent(NetControl::init()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking()) 0.000000 MetaHookPre QueueEvent(zeek_init()) @@ -3311,7 +3311,7 @@ 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird, policy=Weird::log_policy]) 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) -0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=]) 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG) 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG) @@ -3498,8 +3498,8 @@ 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509, policy=X509::log_policy]) 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql, policy=MySQL::log_policy]) 0.000000 | HookCallFunction Log::get_filter(SSL::LOG, default) -0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG) -0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T]) +0.000000 | HookCallFunction Log::log_stream_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG) +0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=]) 0.000000 | HookCallFunction NetControl::check_plugins() 0.000000 | HookCallFunction NetControl::init() 0.000000 | HookCallFunction Notice::want_pp() @@ -3697,7 +3697,7 @@ 0.000000 | HookCallFunction PacketFilter::build() 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, ) 0.000000 | HookCallFunction PacketFilter::install() -0.000000 | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) +0.000000 | HookCallFunction PacketFilter::log_policy([ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=], PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, path=packet_filter, path_func=, include=, exclude=, log_local=T, log_remote=T, field_name_map={}, scope_sep=., ext_prefix=_, ext_func=lambda_<2528247166937952945>, interv=0 secs, postprocessor=, config={}, policy=]) 0.000000 | HookCallFunction Pcap::install_pcap_filter(PacketFilter::DefaultPcapFilter) 0.000000 | HookCallFunction Pcap::precompile_pcap_filter(PacketFilter::DefaultPcapFilter, ip or not ip) 0.000000 | HookCallFunction Site::update_local_nets_table(Site::local_nets, {}) @@ -4538,8 +4538,8 @@ 0.000000 | HookLoadFileExtended builtin-plugins/__preload__.zeek <...>/__preload__.zeek 0.000000 | HookLoadFileExtended s1.sig ./s1.sig 0.000000 | HookLoadFileExtended s2 ./s2.sig -0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)} -0.000000 | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T] +0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool), failure_reason (string)} +0.000000 | HookLogWrite packet_filter [ts=XXXXXXXXXX.XXXXXX, node=zeek, filter=ip or not ip, init=T, success=T, failure_reason=] 0.000000 | HookQueueEvent NetControl::init() 0.000000 | HookQueueEvent filter_change_tracking() 0.000000 | HookQueueEvent zeek_init() diff --git a/testing/btest/Baseline/plugins.writer/output b/testing/btest/Baseline/plugins.writer/output index 8dfe430ca2..95cc5caef2 100644 --- a/testing/btest/Baseline/plugins.writer/output +++ b/testing/btest/Baseline/plugins.writer/output @@ -18,6 +18,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0) [http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|- [http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|- [http] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|- -[packet_filter] XXXXXXXXXX.XXXXXX|zeek|ip or not ip|T|T +[packet_filter] XXXXXXXXXX.XXXXXX|zeek|ip or not ip|T|T|- [socks] XXXXXXXXXX.XXXXXX|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688 [tunnel] XXXXXXXXXX.XXXXXX|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER diff --git a/testing/btest/Traces/ieee80211.15.4.pcap b/testing/btest/Traces/ieee80211.15.4.pcap new file mode 100644 index 0000000000..eb2295319a Binary files /dev/null and b/testing/btest/Traces/ieee80211.15.4.pcap differ diff --git a/testing/btest/core/pcap/filter-warning.zeek b/testing/btest/core/pcap/filter-warning.zeek new file mode 100644 index 0000000000..04a38f99e6 --- /dev/null +++ b/testing/btest/core/pcap/filter-warning.zeek @@ -0,0 +1,9 @@ +# Don't run for C++ scripts, since first invocation doesn't use the input +# and hence leads to complaints that there are no scripts. +# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1" +# +# @TEST-EXEC: zeek -r $TRACES/ieee80211.15.4.pcap >output 2>&1 +# @TEST-EXEC: btest-diff notice.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER='$SCRIPTS/diff-canonifier | $SCRIPTS/diff-remove-abspath' btest-diff reporter.log +# @TEST-EXEC: btest-diff packet_filter.log +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output diff --git a/testing/external/commit-hash.zeek-testing b/testing/external/commit-hash.zeek-testing index 9fd452b2cf..c25cb7e89c 100644 --- a/testing/external/commit-hash.zeek-testing +++ b/testing/external/commit-hash.zeek-testing @@ -1 +1 @@ -bf98a971e76b8b2e88bebe8ae386b3473f4f3848 +ab85877815c27e33796e20ac1868e55a6dc6d605 diff --git a/testing/external/commit-hash.zeek-testing-private b/testing/external/commit-hash.zeek-testing-private index 5e6effd0fb..a058c2528a 100644 --- a/testing/external/commit-hash.zeek-testing-private +++ b/testing/external/commit-hash.zeek-testing-private @@ -1 +1 @@ -e51c49eca62db430af35a1d8548c3ae8e421f0cf +3e7c07e9bf3b1116fa809b7fd2f116141bc4a36a diff --git a/zeek-config.h.in b/zeek-config.h.in index c80368c2da..5e68cff57a 100644 --- a/zeek-config.h.in +++ b/zeek-config.h.in @@ -75,10 +75,6 @@ /* Define if you have the header file. */ #cmakedefine HAVE_SYS_ETHERNET_H -/* Some libpcap versions use an extra parameter (error) in pcap_compile_nopcap - */ -#cmakedefine LIBPCAP_PCAP_COMPILE_NOPCAP_HAS_ERROR_PARAMETER - /* Include krb5.h */ #cmakedefine NEED_KRB5_H