
Nmap currently includes a modified version of the tcpdump.org release
of libpcap version 0.7.1 (released November 16, 2002).  My
(fyodor@insecure.org) modifications are as follows:

-- Included this file, renamed directory from libpcap-0.7.1 to
   libpcap-possiblymodified.

-- Renamed configure.in to configure.ac, which is the name now
   recommended by the autoconf project.

-- Removed the .cvsignore file, all 'CVS' directories, the 'packaging' directory, and the install-sh script.
  
-- Added the gcc debugging flag (-g) to aclocal.m4 if gcc is being used:
--- libpcap-0.7.1/aclocal.m4    Mon Dec 10 00:33:41 2001
+++ libpcap-possiblymodified/aclocal.m4 Mon Dec 16 19:04:44 2002
@@ -76,7 +76,7 @@
     if test "$GCC" = yes ; then
            if test "$SHLICC2" = yes ; then
                    ac_cv_lbl_gcc_vers=2
-                   $1="-O2"
+                   $1="-g -O2"
            else
                    AC_MSG_CHECKING(gcc version)
                    AC_CACHE_VAL(ac_cv_lbl_gcc_vers,
@@ -87,7 +87,7 @@
                                -e 's/\..*//'`)
                    AC_MSG_RESULT($ac_cv_lbl_gcc_vers)
                    if test $ac_cv_lbl_gcc_vers -gt 1 ; then
-                           $1="-O2"
+                           $1="-g -O2"
                    fi
            fi
     else

-- The config.sub and config.guess have been upgraded (in the distribution
   file they are just symlinks to the corresponding files in the nmap dir

-- Changed pcap-linux.c by adding a select() call guarding recvfrom()
   to insure that it returns after the timeout period specified in
   pcap_open_live() rather than blocking forever.
--- libpcap-0.7.1/pcap-linux.c  Sun Dec  9 23:14:16 2001
+++ libpcap-possiblymodified/pcap-linux.c       Mon Dec 16 19:24:54 2002
@@ -91,6 +91,7 @@
 #include <netinet/in.h>
 #include <linux/if_ether.h>
 #include <net/if_arp.h>
+#include <assert.h>
 
 /*
  * If PF_PACKET is defined, we can use {SOCK_RAW,SOCK_DGRAM}/PF_PACKET
@@ -425,6 +426,32 @@
        bp = handle->buffer + handle->offset;
        do {
                fromlen = sizeof(from);
+               /* If the user specified a timeout in pcap_open_live(),
+                  we will honor the timeout and return even if no packets
+                  have arrived */
+               if (handle->md.timeout > 0) {
+                 fd_set readfs;
+                 struct timeval tv;
+                  int res;
+                 
+                  FD_ZERO(&readfs);
+                  FD_SET(handle->fd, &readfs);
+                  bzero((void *) &tv, sizeof(tv));
+                  tv.tv_sec = handle->md.timeout / 1000;
+                  tv.tv_usec = (handle->md.timeout % 1000 ) * 1000;
+                  do {
+                   /* since this is in pcap-linux.c, we can assume
+                      Linux select() behavior WRT decrementing tv */
+                    res = select(handle->fd + 1, &readfs, NULL, NULL, &tv);
+                   if (res == 1) break;
+                   if (res == 0) return 0;
+                   assert(res == -1);
+                   if (errno == EINTR) continue;
+                   snprintf(handle->errbuf, sizeof(handle->errbuf), "select: %s", pcap_strerror(errno));
+                   return -1;
+                 } while (1);
+               }
+
                packet_len = recvfrom( 
                        handle->fd, bp + offset,
                        handle->bufsize - offset, MSG_TRUNC, 

-- Eliminated Lex/Yacc requirement (I now ship the generated .c
   files).  This involved:
   o Changes to Makefile.in
--- libpcap-0.7.1/Makefile.in   Wed Jan 17 20:05:12 2001
+++ libpcap-possiblymodified/Makefile.in        Mon Dec 16 19:01:48 2002
@@ -47,7 +47,7 @@
 DEFS = @DEFS@
 
 # Standard CFLAGS
-CFLAGS = $(CCOPT) $(INCLS) $(DEFS)
+CFLAGS = $(INCLS) $(CCOPT) $(DEFS)
 
 INSTALL = @INSTALL@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -59,8 +59,8 @@
 # used by the generated parser.  This allows programs to use lex/yacc
 # and link against libpcap.  If you don't have flex or bison, get them.
 #
-LEX = @V_LEX@
-YACC = @V_YACC@
+LEX = flex
+YACC = yacc
 
 # Explicitly define compilation rule since SunOS 4's make doesn't like gcc.
 # Also, gcc does not remove the .o before forking 'as', which can be a
@@ -91,7 +91,7 @@
 TAGFILES = \
        $(SRC) $(HDR) $(TAGHDR)
 
-CLEANFILES = $(OBJ) libpcap.a $(GENSRC) $(GENHDR) lex.yy.c
+CLEANFILES = $(OBJ) libpcap.a version.c lex.yy.c
 
 all: libpcap.a

  o Ripped LEX/YACC detection code from configure.in:
--- libpcap-0.7.1/configure.in  Mon Dec 10 00:33:42 2001
+++ libpcap-possiblymodified/configure.in       Mon Dec 16 19:11:03 2002
@@ -167,24 +167,6 @@
 fi
 AC_MSG_RESULT($ac_cv_lbl_proc_net_dev)
 
-AC_LBL_LEX_AND_YACC(V_LEX, V_YACC, pcap_)
-if test "$V_LEX" = lex ; then
-# Some versions of lex can't handle the definitions section of scanner.l .
-# Try lexing it and complain if it can't deal.
-       AC_CACHE_CHECK([for capable lex], tcpdump_cv_capable_lex,
-               if lex -t scanner.l > /dev/null 2>&1; then
-                       tcpdump_cv_capable_lex=yes
-               else
-                       tcpdump_cv_capable_lex=insufficient
-               fi)
-       if test $tcpdump_cv_capable_lex = insufficient ; then
-               AC_MSG_ERROR([Your operating system's lex is insufficient to compile
- libpcap.  flex is a lex replacement that has many advantages, including
- being able to compile libpcap.  For more information, see
- http://www.gnu.org/software/flex/flex.html .])
-       fi
-fi
-
 case "$host_os" in
 
 aix*)
@@ -241,10 +223,8 @@
 
 AC_SUBST(V_CCOPT)
 AC_SUBST(V_INCLS)
-AC_SUBST(V_LEX)
 AC_SUBST(V_PCAP)
 AC_SUBST(V_RANLIB)
-AC_SUBST(V_YACC)
 
 AC_PROG_INSTALL


-- Added defomed(__sparc__) as a conditional for defining LBL_ALIGN:
--- libpcap-0.7.1/bpf/net/bpf_filter.c  Mon Oct 23 12:32:21 2000
+++ libpcap-possiblymodified/bpf/net/bpf_filter.c       Mon Dec 16 20:46:08 2002
@@ -69,8 +69,8 @@
 #define u_int32 bpf_u_int32
 
 #ifndef LBL_ALIGN
-#if defined(sparc) || defined(mips) || defined(ibm032) || \
-    defined(__alpha) || defined(__hpux)
+#if defined(sparc) || defined(__sparc__) || defined(mips) || \
+    defined(ibm032) || defined(__alpha) || defined(__hpux)
 #define LBL_ALIGN
 #endif
 #endif

-- Modify pcap-linux.c to deal with the case where ARPHRD_HDLC (Cisco HDLC)
   is not defined:
--- pcap-linux-orig.c   Sun Dec 22 11:49:51 2002
+++ pcap-linux.c        Sun Dec 22 11:56:15 2002
@@ -1003,6 +1003,13 @@
                handle->linktype = DLT_LINUX_SLL;
                break;
 
+#ifndef ARPHRD_CISCO /* Cisco HDLC - From Linux 2.4.17 include/linux/if_arp.h */
+#define ARPHRD_CISCO 513
+#endif
+#ifndef ARPHRD_HDLC /* From Linux 2.4.17 */
+#define ARPHRD_HDLC ARPHRD_CISCO
+#endif
+
        case ARPHRD_HDLC:
                handle->linktype = DLT_C_HDLC;
                break;

