From 821c1c775569fe7ee22e4db4089b0381c5be8805 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <denis@ovsienko.info>
Date: Mon, 11 Nov 2024 20:41:32 +0000
Subject: [PATCH] SNF: Fix packet filtering with low snaplen. [skip ci]

This is the same type of bug as in DAG and elsewhere.  icmp-rfc8335.pcap
consists of short ICMP packets.  tcpreplay is sending the file on myri0,
which is connected to myri1.

 # tcpdump -D
1.myri0 (Myricom snf0)
2.myri1 (Myricom snf1)
 # tcpdump -ni myri1 -xx -c 1 -s 20 icmp

Before:

tcpdump: listening on myri1, link-type EN10MB (Ethernet), snapshot length 20 bytes
^C
0 packets captured
31 packets received by filter
0 packets dropped by kernel

After:

tcpdump: listening on myri1, link-type EN10MB (Ethernet), snapshot length 20 bytes
20:32:31.901409 IP  [|ip]
        0x0000:  5600 04a3 4c83 fe00 04a3 4c83 0800 4500
        0x0010:  0030 29a3
1 packet captured
1 packet received by filter
0 packets dropped by kernel
---
 CHANGES    |  2 ++
 pcap-snf.c | 11 ++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 57b1e0fa48..3e15af2530 100644
--- a/CHANGES
+++ b/CHANGES
@@ -85,6 +85,8 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
         0 or 16 or 32.  Likewise for ERF_DONT_STRIP_FCS (either 0 or 1).
       Remove FCS quirks specific to 4.2S and 4.23S.
       Fix packet filtering with low snaplen.
+    SNF:
+      Fix packet filtering with low snaplen.
 
 DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
   Summary for 1.10.6 libpcap release (so far!)
diff --git a/pcap-snf.c b/pcap-snf.c
index a9b4f5d055..959cf20f7a 100644
--- a/pcap-snf.c
+++ b/pcap-snf.c
@@ -182,12 +182,21 @@ snf_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 			}
 		}
 
+		/*
+		 * In this libpcap module the two length arguments of
+		 * pcapint_filter() (the wire length and the captured length)
+		 * are always equal because SNF captures full packets.
+		 *
+		 * The wire and the capture length of this packet is
+		 * req.length, the snapshot length configured for this pcap
+		 * handle is p->snapshot.
+		 */
 		caplen = req.length;
 		if (caplen > p->snapshot)
 			caplen = p->snapshot;
 
 		if ((p->fcode.bf_insns == NULL) ||
-		     pcapint_filter(p->fcode.bf_insns, req.pkt_addr, req.length, caplen)) {
+		     pcapint_filter(p->fcode.bf_insns, req.pkt_addr, req.length, req.length)) {
 			hdr.ts = snf_timestamp_to_timeval(req.timestamp, p->opt.tstamp_precision);
 			hdr.caplen = caplen;
 			hdr.len = req.length;