Re: Bug in libpcap: savefile.c / get_selectable_fd()

[Guy Harris <guy () alum mit edu>]

On Mar 17, 2009, at 3:33 PM, Shaked, Nitzan wrote:

> In general, it's a bad thing to mix buffered IO (stdlib, such as  
> fread,fread,fseek, etc) with kernel io (read/write/seek/select, etc).

At least when it comes to mixing stdio and select(), it's not a bad  
thing, you just have to know what you're doing.

If you're reading from a file, doing *anything* will work, as files  
are always "ready for read".

If you're reading from a pipe/socket/tty/etc.:

        1) put the descriptor into non-blocking mode;

	2) if something is ready for reading, keep reading until you get  
EAGAIN.

> There are 2 obvious solutions, with pros and cons each

And one con that both of them have:

        they do short reads.

setvbuf(fp, NULL, _IONBF, 0) puts the FILE * into unbuffered mode, so  
an fread() will read only what you ask for; at worst, that means a ton  
of one-byte read() calls, and, at best, it means doing multi-byte  
reads but still probably does reads shorter than a good block size.

Using read() rather than fread() has the same effect.

> what do you think?

I think you should put the pipe in non-blocking mode and, when  
select() says the descriptor is readable, keep calling pcap_next()  
until you get an error or EOF indication.

If that means that you can't tell the difference between "end of file  
on the pipe", "no more packets available right now", and "an error  
occurred while reading from the pipe", as might be the case, file a  
bug on that.

> Should I provide a patch?

Not if it implements either of the two solutions proposed.

> Should I open a bug in sf.net?

Yes, if you can't (at least when using pcap_next_ex(); pcap_next()  
isn't very good at returning specific error indications) tell the  
difference between "end of file on the pipe", "no more packets  
available right now", and "an error occurred while reading from the  
pipe".
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.