Buffer overwrites with pcap_next_ex

[Andreas Rieke <andreas.rieke () isl de>]

Hi,

I have seen a strange behavior of pcap_next_ex where a buffer is
overwritten. When pcap_next_ex has finished, it returns a buffer for the
packet header and one for the packet data. When processing the packet
data, I have often seen strange data. For that reason, I have changed my
code to copy – for debug purposes - the packet data into a buffer, after
that process them and in the last step compare to the original data: It
has changed, although I am sure that my code does not write into that
buffer!

Although I am working in a multithreaded environment, I am sure that no
other thread calls any pcap functions. Is this a bug? Am I doing
something wrong? Is it recommended to copy the data (which takes
additional time) before processing them? In future, I would like to
process multiple interfaces using select/pcap_dispatch. Will I have the
same problems there?

There is one special thing in my environment, maybe this causes the
problem: I have compiled libpcap with gcc version 3.2 20020903 under Red
Hat Linux release 8.0 (Psyche), but my application has been compiled
(and both parts have been linked) with gcc-Version 3.3.1 (SuSE Linux)
under SuSE Linux 9.0 (i586). After that, the program runs under Redhat
Enterprise 3. Can that cause problems?

Thanks in advance,

Andreas
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.