Deprecate bpf_filter().

It takes the on-the-network length, followed by the captured length, as
arguments; apparently, some people (or LLMs?) think, perhaps based on
other code that takes the captured length first, that it's the other way
around, and their fuzz-testing finds that bug in their code.  See
issue #1442.

diff --git a/CHANGES b/CHANGES
index ca395cfa54fb6c162dbc1f2e7d15480bc0ecc7ea..75fcd17ef6e6bd346a49df7c1c9a3231a90333cf 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -47,6 +47,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Initialize the scratch memory store to 0.
       Require "[wlan] dir" integer value to be within range.
       Fix the != comparison for ATM and MTP field values.
       Initialize the scratch memory store to 0.
       Require "[wlan] dir" integer value to be within range.
       Fix the != comparison for ATM and MTP field values.

+      Deprecate bpf_filter().

     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from
     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from

diff --git a/pcap/bpf.h b/pcap/bpf.h
index 97970b795553f4b38468023dd5688adf2e597c62..473052c5bb10eefef2a3e0641a70a743ad1a6f06 100644 (file)
--- a/pcap/bpf.h
+++ b/pcap/bpf.h
@@ -263,6 +263,7 @@ struct bpf_insn {
 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
 
 PCAP_AVAILABLE_0_4
 #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k }
 
 PCAP_AVAILABLE_0_4

+PCAP_DEPRECATED("use pcap_offline_filter()")

 PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
 
 PCAP_AVAILABLE_0_6
 PCAP_API u_int bpf_filter(const struct bpf_insn *, const u_char *, u_int, u_int);
 
 PCAP_AVAILABLE_0_6