Subject: Re: Question about libpcap
To: Gerald Lee <>
From: David Maxwell <>
List: tech-net
Date: 07/20/2007 13:07:13
On Fri, Jul 20, 2007 at 09:58:03AM -0700, Gerald Lee wrote:
> David Maxwell Thursday, July 19, 2007 7:47 PM
> >When you say 'the parser' - do you mean the bpf lex/yacc machine?
> Yes, sorry to be less than complete.

Quite all right. The bpf virtual machine is a packet parser, so I was
trying to figure out if you meant rules or packets... rules. Got it.

> >I'm not following the description of the problem here.
> >pcap_compile_nopcap takes the filter program as the str argument, and
> >shouldn't be touching any file handles...
> Once more, I'm working partially off of our engineers description of
> his interaction with it.  It appears to be a an assumption that in
> the non-interactive case, yyin will be null or something like that.

I wouldn't expect an assumption like that to exist in the code, since
you can define whatever input mechanism you like...

Here's a page that describes the traditional hackey method for not using
STDIN, and a cleaner method supported by flex. Comparing these to what
you're using right now to set up string based input should give a hint
as to what's wrong.

David Maxwell,| -->
An organization gets what it rewards.
			      - Perry Metzger