tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

capture buffer intergrity problem

From: Alexandre Bezroutchko <abb () gremwell com>
Date: Mon, 14 Feb 2011 14:53:23 +0100
Hello,
I have tried to submit the bug through SF, but when I click on "Add new" link it just gives me a blank page. Hope it is ok if I write to this mail-list.
I am experiencing a strange behavior of libpcap and wonder if it is a my misunderstanding of the API or a bug in the library or perhaps Linux kernel. The problem can be easily seen by running the following code on a network interface carrying a lot of traffic, preferably a mix of different protocols. The full version is attached, below is the most relevant part of it: 

------------------------------------------------------------------------------
void
processPacket(const unsigned char *p, bpf_u_int32 caplen) {
    static unsigned char backup[64 * 1024];

    assert(caplen <= sizeof (backup));
    memcpy(backup, p, caplen);

    usleep(2000); // this helps making the problem worse

    assert(memcmp(backup, p, caplen) == 0);
}

    ...
    pcap_next_ex(pcap, &hp, &pp);
    processPacket(pp, hp->caplen);
    ...
------------------------------------------------------------------------------
Surprisingly enough, assert() at the bottom of processPacket() function fails. This makes me think that the buffer returned by pcap_next_ex() is prone to unexpected changes after it gets returned to the user.
Just in case it is relevant, I have found the following in the source code of libpcap (1.0.0 and 1.1.1): 
------------------------------------------------------------------------------
/*
 * Default one-shot callback; overridden for capture types where the
 * packet data cannot be guaranteed to be available after the callback
 * returns, so that a copy must be made.
 */
static void
pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt)
{
        struct oneshot_userdata *sp = (struct oneshot_userdata *)user;

        *sp->hdr = *h;
        *sp->pkt = pkt;
}
------------------------------------------------------------------------------


Some information about my system:
------------------------------------------------------------------------------
$ uname -a
Linux d820 2.6.32-28-generic-pae #55-Ubuntu SMP Mon Jan 10 22:34:08 UTC 2011 i686 GNU/Linux 

$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 10.04.2 LTS
Release:    10.04
Codename:    lucid

$ tcpdump -V
tcpdump version 4.0.0
libpcap version 1.0.0
...

$ ldd pcapbridge
    linux-gate.so.1 =>  (0xb78cd000)
    libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0xb7887000)
    libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb772d000)
    /lib/ld-linux.so.2 (0xb78ce000)

$ ls -l /usr/lib/libpcap.so*
lrwxrwxrwx 1 root root 14 2010-10-12 15:05 /usr/lib/libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 16 2010-10-06 17:22 /usr/lib/libpcap.so.0.8 -> libpcap.so.1.0.0 
-rw-r--r-- 1 root root 186400 2010-01-05 02:00 /usr/lib/libpcap.so.1.0.0

abb@d820:~/dvp/netbridge$ md5sum /usr/lib/libpcap.so.1.0.0
860d760b0f3013fa06b12a6cd6864dfc  /usr/lib/libpcap.so.1.0.0
------------------------------------------------------------------------------

Best regards,
Alexandre Bezroutchko
www.gremwell.com

Attachment: pcapbridge.c
Description: 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: