tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

HP-UX pcap_inject() crash

From: "Harley Stenzel" <hstenzel () gmail com>
Date: Mon, 5 Jun 2006 13:23:36 -0400
Greetings-

I'm seeing an odd behavior in my 64-bit libpcap application on HP-UX
11.23 ia64.   It crashes in pcap_inject, even though the input appears
good.  gdb information follows.

The same application works on Solaris, both 32-bit on sparc and 64-bit
on x86_64.

Additionally, my testcase application, which calls libpcap in a
similar way to the full application, does *not* exhibit the crash.
There's clearly a difference the way libpcap is being called, but I'm
not sure where to look.  The params to pcap_inject() look good,   Both
test app and full app access pcap_t from different threads, for
reading and writing at the same time.

The symbol at the crash is local to dlrawdatareq(), so it's not clear
to me why it could not be mapped.

libpcap is version 0.9.4, patched to correct the rc of pcap_inject() on HP-UX.

Any ideas?

Thanks.

--Harley

==== gdb of main application and core ====
HP gdb 5.4.0 for HP Itanium (32 or 64 bit) and target HP-UX 11.2x.
Copyright 1986 - 2001 Free Software Foundation, Inc.
Hewlett-Packard Wildebeest 5.4.0 (based on GDB) is covered by the
GNU General Public License. Type "show copying" to see the conditions to
change it and/or distribute copies. Type "show warranty" for warranty/support.
..
Program terminated with signal 11, Segmentation fault.
SEGV_MAPERR - Address not mapped to object
#0  pcap_inject_dlpi (p=0x6000000000013640, buf=0x9fffffffef6988e0)
   at ./pcap-dlpi.c:1503
1503            dlp->dl_primitive = DL_HP_RAWDATA_REQ;
(gdb) set print pretty
(gdb) up
#1  0xc000000001c01c90:0 in pcap_inject (p=0x6000000000013640,
   buf=0x9fffffffef6988e0, size=60) at ./pcap.c:782
782             return (p->inject_op(p, buf, size));
(gdb) print *p
$1 = {
 fd = 3,
 selectable_fd = 3,
 send_fd = 4,
 snapshot = 4096,
 linktype = 1,
 tzoff = 0,
 offset = 2,
 break_loop = 0,
 sf = {
   rfile = 0x0,
   swapped = 0,
   hdrsize = 0,
   lengths_swapped = NOT_SWAPPED,
   version_major = 0,
   version_minor = 0,
   base = 0x0
 },
 md = {
   stat = {
     ps_recv = 674,
     ps_drop = 0,
     ps_ifdrop = 0
   },
   use_bpf = 0,
   TotPkts = 0,
   TotAccepted = 0,
   TotDrops = 0,
   TotMissed = 0,
   OrigMissed = 0,
   device = 0x0
 },
 bufsize = 32768,
 buffer = 0x600000000001d090 "",
 bp = 0x600000000001d0c8
"\001\001\b\n\037V\355\261\a\037{\344\"\316\177d\002s\335G-\247\202\210\311x\231\324~\376k\304\264O'\225\365\346e\354\246L\316;\2540yv,\332\351\365\232+N\330&\237\303\203\213\36027\254Z\273\377\03667AQ\246U%\3654\263\027\322\303\321\205\240d\025\023\360\bo\265\221\230q\375\244\267\250\337\262\002E\215L\034\241\037P\017\372\261\013\307\206\027T\326Q;\r\375[\372h\252\231b\b`Be\002Xh\304\234\b\300\240\001",
 cc = 0,
 pkt = 0x0,
 direction = PCAP_D_INOUT,
 read_op = 0x9fffffffef7e0928,
 inject_op = 0x9fffffffef7e0938,
 setfilter_op = 0x9fffffffef7dc578,
 setdirection_op = 0,
 set_datalink_op = 0,
 getnonblock_op = 0x9fffffffef7dc588,
 setnonblock_op = 0x9fffffffef7dc598,
 stats_op = 0x9fffffffef7e0948,
 close_op = 0x9fffffffef7e0958,
 fcode = {
   bf_len = 0,
   bf_insns = 0x0
 },
 errbuf = '\000' <repeats 199 times>,
 dlt_count = 2,
 dlt_list = 0x600000000001c0b0,
 pcap_header = {
   ts = {
     tv_sec = 0,
     tv_usec = 0
   },
   caplen = 0,
   len = 0
 }
}
(gdb) print size
$2 = 60
(gdb) x /60xb buf
0x9fffffffef6988e0:     0xff    0xff    0xff    0xff    0xff    0xff
0x00    0x30
0x9fffffffef6988e8:     0x6e    0xf3    0xfe    0x51    0x08    0x06
0x00    0x01
0x9fffffffef6988f0:     0x08    0x00    0x06    0x04    0x00    0x01
0x00    0x30
0x9fffffffef6988f8:     0x6e    0xf3    0xfe    0x51    0x09    0x2a
0x72    0xd5
0x9fffffffef698900:     0x00    0x00    0x00    0x00    0x00    0x00
0x09    0x2a
0x9fffffffef698908:     0x72    0xda    0x00    0x00    0x00    0x00
0x00    0x00
0x9fffffffef698910:     0x00    0x00    0x00    0x00    0x00    0x00
0x00    0x00
0x9fffffffef698918:     0x00    0x00    0x00    0x00
(gdb) print /x *(lbeth_hdr_t *)buf
$3 = {
 eth_dhost = {
   ea = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}
 },
 eth_shost = {
   ea = {0x0, 0x30, 0x6e, 0xf3, 0xfe, 0x51}
 },
 eth_type = 0x806
}
(gdb) print /x *(lbarp_hdr_t *)(buf + sizeof(lbeth_hdr_t))
$4 = {
 arp_hwfmt = 0x1,
 arp_proto = 0x800,
 arp_hwlen = 0x6,
 arp_protolen = 0x4,
 arp_op = 0x1
}
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: