[Winpcap-users] struct bpf_hdr mismatch

[Gisle Vanem]

I just upgraded my MSVC environment to Visual Studio 2008
(Express Edition) and suddenly one of my WinPcap applications
stopped working. After much debugging, I isolated the problem to 
the definition 'struct bpf_hdr' in <Packet32.h>.

The following program illustrates the problem; AFAICS npf.sys
was built with another MSVC version (MSVC 6 or 7?) since the 
layout of this structure has changed. But I fail to see why; 'time_t' 
is still a 'long' from what I can see from 'cl -E'.

The program:
 ----------------- cut ------------------------
/*
 * Built as:
 *   cl -MTd -W2 struct_bpf.c -I<pcap_root>\Include
 */
#include <stdio.h>
#include <windows.h>
#include <Packet32.h>

struct my_bpf_hdr {
       struct {
         long  tv_sec;
         long  tv_usec;
       } bh_tstamp;
       UINT    bh_caplen;
       UINT    bh_datalen;
       USHORT  bh_hdrlen;
     };

/* For reference, 'struct bpf_hdr' in <Packet32.h> is:
   struct bpf_hdr {
       struct timeval bh_tstamp;   // 2*time_t = 8 bytes
       UINT    bh_caplen;
       UINT    bh_datalen;
       USHORT  bh_hdrlen;
     };
 */

int main (void)
{
  if (sizeof(struct bpf_hdr) != sizeof(struct my_bpf_hdr))
    puts ("size mismatch in 'bpf' structures");
  else
    puts ("sizes okay");
  return (0);
}

 ----------------- cut ------------------------

I tried with various cl-options (including -Zp1, -Zp4) and 
enclosing 'my_bpf_hdr' inside '#pragma pack(1)', but that gave 
no different result.

Can somebody compile the above program and report the result?

I use Win-XP SP3, NPF.SYS ver 4.0.0.1040 on a Pentium CPU.

-gv