Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@configure`:
- Around line 123-124: The new configure flags --with-libpcap and
--without-libpcap are missing from the script's help/usage text; update the help
block printed by the configure script (the usage/help string or print_help
function) to include brief entries for "--with-libpcap    enable building with
libpcap support" and "--without-libpcap   disable libpcap support" so they
appear in ./configure --help; locate the help text area near other option
descriptions (the block that lists flags like --with-* and --without-*) and add
these two lines consistent with existing formatting.
- Around line 1537-1545: The test compilation using $XCC with _libpcap.c and
-lpcap succeeds but the fallback branch doesn't persist the linker flag to
config.mk, causing unresolved pcap_* symbols after you `#define` USE_LIBPCAP;
update the success branch (the block that runs after $XCC _libpcap.c -o libpcap
-lpcap 2>&3 and sets abort=false) to append the required linker flag into
config.mk (e.g., add the -lpcap token to whatever variable holds linker flags in
config.mk) so that builds without pkg-config still link libpcap; keep the
existing cleanup and error-exit behavior unchanged.

In `@src/bpf-bsd.c`:
- Around line 162-166: The code copies a full struct bpf_hdr into 'packet' from
'payload' before ensuring the buffer contains sizeof(packet) bytes and then
computes packet.bh_caplen+packet.bh_hdrlen which can overflow; update the logic
to first compute 'remaining = bpf->bpf_len - bpf->bpf_pos' (use size_t) and
ensure remaining >= sizeof(struct bpf_hdr) before calling memcpy into 'packet',
then verify that adding bh_hdrlen and bh_caplen cannot overflow (e.g., check
bh_hdrlen <= SIZE_MAX - bh_caplen) and that bh_hdrlen + bh_caplen <= remaining
before using them; apply the same pre-check pattern to the other memcpy site
that reads a header (the block referencing payload/memcpy around lines
~178-179).

In `@src/bpf-linux.c`:
- Around line 62-73: The bpf structure's file descriptor is left at 0 on early
failure paths, which causes eexit to mistakenly close stdin; after allocating
bpf (the calloc result used via variable bpf) set bpf->bpf_fd = -1 immediately
(right after bpf = calloc(...) and before any potential goto eexit) so any
cleanup that closes the fd (in the eexit/cleanup path) will skip closing an
invalid/standard fd; also ensure the same initialization applies before any
later failure paths around socket creation/assignment that rely on bpf->bpf_fd
(the code handling bpf->bpf_fd in the eexit block).

In `@src/bpf-pcap.c`:
- Around line 125-134: pcap_next_ex(bpf->bpf_handle, &pkt_header, &pkt_data) can
return 0 for a timeout and leaves pkt_header/pkt_data uninitialized; update the
code after calling pcap_next_ex to explicitly check for err == 0 and return 0
(no packet) before any use of pkt_header or pkt_data, keeping the existing err <
0 check unchanged and then proceed to read pkt_header->caplen and memcpy only
when err > 0.

In `@src/bpf.c`:
- Around line 365-368: The trailing unreachable "return -1;" should be removed
from the end of the function since both branches already return (calls to
bpf_setfilter and bpf_setwfilter return unconditionally); edit the block where
len is computed and the conditional on recv (the lines using len, recv,
bpf_setfilter and bpf_setwfilter) to delete the stray "return -1;" so there is
no dead code left behind.

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/bpf.c`:
- Around line 501-511: In bpf_filter_bootp, the indentation of the early return
statement in the bpf_bootp_rw(true) error branch uses spaces instead of the
file's tab-based indentation; update the indentation of the `return -1;` inside
the bpf_filter_bootp function so it uses a single leading tab (matching
surrounding lines and the style used in bpf_bootp_rw and bpf_lock branches) to
keep formatting consistent.

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/bpf-bsd.c`:
- Line 43: The exported string constant bpf_name contains a misspelling
("Berkley Packet Filter"); update the value to the correct spelling "Berkeley
Packet Filter" and make the identical fix for the same constant in the other
translation unit that defines it (the occurrence in bpf-pcap.c), ensuring both
definitions use the canonical "Berkeley" spelling to keep logs/user-facing text
consistent.

In `@src/bpf-pcap.c`:
- Line 50: The user-visible typo is in the const char *bpf_name definition
("Berkley Packet Filter (libpcap)") — update the string to "Berkeley Packet
Filter (libpcap)". Also check and fix the identical typo in the corresponding
bpf_name in src/bpf-bsd.c (the same variable/string) so both user-facing strings
read "Berkeley".
- Around line 115-139: The libpcap backend in bpf_read does not update the
BPF_BCAST flag, causing stale flag state; after a successful pcap_next_ex read
(in function bpf_read) compute cap_len as you already do, then call the existing
helper bpf_frame_bcast(pkt_data, cap_len) and, if it returns true, set
bpf->bpf_flags |= BPF_BCAST (clearing it otherwise is optional if other code
expects per-packet setting); ensure you reference pkt_data and cap_len (same
locals) and update bpf->bpf_flags before returning the captured length so
ARP/other callers see the correct BPF_BCAST state.

---

Nitpick comments:
In `@src/bpf-bsd.c`:
- Around line 162-196: The final conditional "if (bytes != -1) return bytes;" is
redundant because bytes is set to a non-negative value on every successful parse
path; remove that check and return bytes directly after memcpy/data update and
after advancing bpf->bpf_pos (i.e., replace the conditional with an
unconditional return of bytes), leaving the existing error paths that goto err:
intact; locate references to the local variable bytes, the payload/copy logic,
and the err: label in the bpf packet parsing block to make the change.
- Around line 127-131: The eexit cleanup currently closes bpf->bpf_fd and frees
bpf but forgets to free bpf->bpf_buffer; update the eexit block to check and
free bpf->bpf_buffer (e.g., if (bpf->bpf_buffer) free(bpf->bpf_buffer);) before
freeing bpf so the function mirrors the defensive cleanup used in
src/bpf-linux.c and avoids leaking the buffer if allocation succeeded earlier.

In `@src/bpf-linux.c`:
- Around line 142-167: Call recvmsg with MSG_TRUNC (e.g., recvmsg(bpf->bpf_fd,
&msg, MSG_TRUNC)) and after the call inspect msg.msg_flags for MSG_TRUNC; if set
treat the read as an error (return -1 or propagate an error) instead of silently
truncating the frame. Update the recv path that touches bpf->bpf_fd, msg,
msg.msg_flags, bpf->bpf_buffer and the existing truncation check (the
(size_t)bytes > len branch) so oversized frames (larger than ETH_FRAME_LEN or
jumbo/VLAN frames) are detected via msg.msg_flags & MSG_TRUNC and not
incorrectly processed.

In `@src/bpf-pcap.c`:
- Around line 141-160: bpf_writev currently returns pcap_inject()'s raw int
which can be <-1 and confuse callers; change bpf_writev to treat any negative
pcap_inject return as a generic error: call pcap_geterr(bpf->bpf_handle) to
obtain the libpcap error string (and log it or include it in diagnostics), set
errno to a suitable POSIX error (e.g., EIO) and return -1, otherwise return the
positive byte count as ssize_t; update references to bpf_writev and document
that callers should still check for -1.