tcpdump mailing list archives
capture buffer intergrity problem
From: Alexandre Bezroutchko <abb () gremwell com>
Date: Mon, 14 Feb 2011 14:53:23 +0100
Hello,I have tried to submit the bug through SF, but when I click on "Add new" link it just gives me a blank page. Hope it is ok if I write to this mail-list.
I am experiencing a strange behavior of libpcap and wonder if it is a my misunderstanding of the API or a bug in the library or perhaps Linux kernel. The problem can be easily seen by running the following code on a network interface carrying a lot of traffic, preferably a mix of different protocols. The full version is attached, below is the most relevant part of it:
------------------------------------------------------------------------------ void processPacket(const unsigned char *p, bpf_u_int32 caplen) { static unsigned char backup[64 * 1024]; assert(caplen <= sizeof (backup)); memcpy(backup, p, caplen); usleep(2000); // this helps making the problem worse assert(memcmp(backup, p, caplen) == 0); } ... pcap_next_ex(pcap, &hp, &pp); processPacket(pp, hp->caplen); ... ------------------------------------------------------------------------------Surprisingly enough, assert() at the bottom of processPacket() function fails. This makes me think that the buffer returned by pcap_next_ex() is prone to unexpected changes after it gets returned to the user.
Just in case it is relevant, I have found the following in the source code of libpcap (1.0.0 and 1.1.1):
------------------------------------------------------------------------------ /* * Default one-shot callback; overridden for capture types where the * packet data cannot be guaranteed to be available after the callback * returns, so that a copy must be made. */ static void pcap_oneshot(u_char *user, const struct pcap_pkthdr *h, const u_char *pkt) { struct oneshot_userdata *sp = (struct oneshot_userdata *)user; *sp->hdr = *h; *sp->pkt = pkt; } ------------------------------------------------------------------------------ Some information about my system: ------------------------------------------------------------------------------ $ uname -aLinux d820 2.6.32-28-generic-pae #55-Ubuntu SMP Mon Jan 10 22:34:08 UTC 2011 i686 GNU/Linux
$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 10.04.2 LTS Release: 10.04 Codename: lucid $ tcpdump -V tcpdump version 4.0.0 libpcap version 1.0.0 ... $ ldd pcapbridge linux-gate.so.1 => (0xb78cd000) libpcap.so.0.8 => /usr/lib/libpcap.so.0.8 (0xb7887000) libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb772d000) /lib/ld-linux.so.2 (0xb78ce000) $ ls -l /usr/lib/libpcap.so*lrwxrwxrwx 1 root root 14 2010-10-12 15:05 /usr/lib/libpcap.so -> libpcap.so.0.8 lrwxrwxrwx 1 root root 16 2010-10-06 17:22 /usr/lib/libpcap.so.0.8 -> libpcap.so.1.0.0
-rw-r--r-- 1 root root 186400 2010-01-05 02:00 /usr/lib/libpcap.so.1.0.0 abb@d820:~/dvp/netbridge$ md5sum /usr/lib/libpcap.so.1.0.0 860d760b0f3013fa06b12a6cd6864dfc /usr/lib/libpcap.so.1.0.0 ------------------------------------------------------------------------------ Best regards, Alexandre Bezroutchko www.gremwell.com
Attachment:
pcapbridge.c
Description:
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- capture buffer intergrity problem Alexandre Bezroutchko (Feb 14)