Re: SEGFAULT when using multiple "instances" of libpcap

[Guy Harris <guy () alum mit edu>]

On Jul 11, 2012, at 4:36 AM, Geoffrey Bugniot wrote:

> I have a board with a PowerPC 8270 with an embedded Linux (2.6.39.4). On that
> platform, I use tcpdump and a program wich use libcap (4.1.1). Cross compiling
> is done with the ELDK 5.1 toolchain.
>
> When I launch tcpdump, it works fine. The same with my program, it works fine
> too. But if I launch both at same time,  a SEGFAULT appears, and most of the
> time this SEGAULT results in a kernel panic.
>
> First of all, I thought the problem was the code in my program wich use libpcap.
> So I launched two tcpdump and the problem was identical.
>
> After more research, It appears that the SEGFAULT is raised when there is two
> programs/processes (wich use libpcap) running at the same time.
>
> I'm stucked on this problem. Is there someone who could help ?

Somebody who works on the PF_PACKET socket code in the Linux kernel?  My *guess* is that there's something wrong with 
the code that handles memory-mapped access to the socket (if it weren't using the memory-mapped code, it might not be 
any less likely to panic, but it might be less likely to get a segmentation fault in user-mode code) when more than one 
process is using it.

netsniff-ng:

        http://netsniff-ng.org/

apparently also uses memory-mapped access to PF_PACKET sockets, and doesn't use libpcap; see what happens if you 
compile it for your embedded board and try to run two instances of it.  If you have problems with that, then libpcap 
isn't involved at all, and you'd need to get some of the Linux networking code developers involved.  (If that works, 
then it is probably still at least in part a Linux kernel issue, given that you're getting kernel panics, but there 
*might* also be an issue with how libpcap is using the memory-mapped mechanism.)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.