[tcpdump-workers] libpcap causing segmentation fault

[Moshe Matitya]

We are running an application using libpcap 1.2.1, on CentOS 5.6 (64-bit), on a 
machine with a 10 gigabit NIC.  We have been using this application for several 
years, using previous versions of libpcap, previous versions of Linux, and 
other NIC's, without any problems.  Also, the current version of the 
application seems to work fine on RHEL 3.8.

However, with this environment [libpcap 1.2.1, CentOS 5.6 (64-bit), 10 gigabit 
NIC], the application is repeatedly crashing with a segmentation fault.  Here 
is the stack trace info from gdb:

#0 _recv (useless=, pread=0x2aaab0106662 ) at SocketServer.cpp:67
#1 0x2b55582858fa in pcap_read_linux_mmap (handle=0x2c0016e0, 
max_packets=-1, callback=0x411d78 <_recv(u_char*, pcap_pkthdr const*, u_char 
const*)>, user=0x0) at ./pcap-linux.c:4037
#2 0x2b5558288118 in pcap_loop (p=0x2c0016e0, cnt=-1, 
callback=0x411d78 <_recv(u_char*, pcap_pkthdr const*, u_char const*)>, 
user=0x0) at ./pcap.c:527
#3 0x00411c58 in SocketServer::run (this=0x42beec70) at 
SocketServer.cpp:238
#4 0x00404e14 in socketServerThread (pointer=0x2b5558b30018) at 
PacketRelay.cpp:29
#5 0x003fb280673d in start_thread () from /lib64/libpthread.so.0 
#6 0x003fb1cd40cd in clone () from /lib64/libc.so.6

As you can see, the segfault happens in our callback function [_recv()], which 
is called by pcap_read_linux_mmap().  According to gdb, the pointer argument 
pread holds an invalid address.  And indeed, the segfault happens in the 
callback function as soon as the attempt is made to read from that address.

In other words, pcap_read_linux_mmap() is passing an invalid pointer to the 
callback.

This crash sometimes happens after the application has been running for several 
hours or days.  Also noteworthy is the fact that it has happened at times when, 
to the best of my knowledge, the application was not even receiving any network 
traffic.

Any ideas as to what may be causing this would be much appreciated.

Thanks,

Moshe

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] libpcap causing segmentation fault

[rixed]

-[ Tue, Feb 14, 2012 at 03:26:21PM +0200, Moshe Matitya ]
> Any ideas as to what may be causing this would be much appreciated.

Calling pcap_loop() after it returned something else than 0 ?

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] libpcap causing segmentation fault

[Moshe Matitya]

On Tuesday, February 14, 2012 3:40 PM, ri...@happyleptic.org wrote:
>
>Calling pcap_loop() after it returned something else than 0?

No, pcap_loop() is called only once.

Moshe

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] libpcap causing segmentation fault

[Moshe Matitya]

On Tuesday, February 14, 2012 3:57 PM, m...@sandelman.ca wrote:
>
>Whose libpcap 1.2.1 are you using?
>I assume that it is one that you built.  On RHEL 3.8 were you using
>libpcap 1.2.1?
>
>Also can you tell us what kernels are in each, as RHEL 3.8 was a long
>time ago.

Yes, we built libpcap 1.2.1 from the distribution tarball.  And yes, we are 
running it with libpcap 1.2.1 on RHEL 3.8 too (without this problem).

The kernel with CentOS 5.6 is 2.6.18-238.el5.
The kernel with RHEL 3.8 is 2.4.21-47.ELsmp.

Thanks,

Moshe


-Original Message-
From: m...@sandelman.ca [mailto:m...@sandelman.ca] 
Sent: Tuesday, February 14, 2012 3:57 PM
To: tcpdump-workers@lists.tcpdump.org
Cc: Moshe Matitya
Subject: Re: [tcpdump-workers] libpcap causing segmentation fault


Whose libpcap 1.2.1 are you using?
I assume that it is one that you built.  On RHEL 3.8 were you using
libpcap 1.2.1?

Also can you tell us what kernels are in each, as RHEL 3.8 was a long
time ago.

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] libpcap causing segmentation fault

[Michael Richardson]

Whose libpcap 1.2.1 are you using?
I assume that it is one that you built.  On RHEL 3.8 were you using
libpcap 1.2.1?

Also can you tell us what kernels are in each, as RHEL 3.8 was a long
time ago.

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Re: [tcpdump-workers] libpcap causing segmentation fault

[Michael Richardson]

> "Moshe" == Moshe Matitya  writes:
>> Whose libpcap 1.2.1 are you using?
>> I assume that it is one that you built.  On RHEL 3.8 were you using
>> libpcap 1.2.1?
>> 
>> Also can you tell us what kernels are in each, as RHEL 3.8 was a long
>> time ago.

Moshe> Yes, we built libpcap 1.2.1 from the distribution tarball.
Moshe> And yes, we are running it with libpcap 1.2.1 on RHEL 3.8 too
Moshe> (without this problem). 

Moshe> The kernel with CentOS 5.6 is 2.6.18-238.el5.
Moshe> The kernel with RHEL 3.8 is 2.4.21-47.ELsmp.

That's a significant jump in functionality. 
I don't think 2.4 had any memory mapped functionality  at all.

If 2.6.18 has any (redhat likes to backport all sorts of things), the
question becomes... does it work?  2.6.18 is 5 years old.

My suggestion is to turn off (in the source code), any of the mmap
functionality, or at least printf() what is being used.   I would also
wonder if you are doing technology renewal, why you are stopping at
Centos 5, rather than 6 (or higher?) with a linux 3.0 kernel...

-- 
]   He who is tired of Weird Al is tired of life!   |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON|net architect[
] m...@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video 
   then sign the petition. 


pgpfjOIJgK8br.pgp
Description: PGP signature

Re: [tcpdump-workers] libpcap causing segmentation fault

[Guy Harris]

On Feb 14, 2012, at 6:09 AM, Moshe Matitya wrote:

> Yes, we built libpcap 1.2.1 from the distribution tarball.

...so it's presumably 64-bit.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.