Re: [tcpdump-workers] Multiple call to pcap_open_live
On Mon, Nov 18, 2013 at 12:38:24AM -0500, Benjamin Vanheuverzwijn wrote:
> Hi,
Hi Benjamin,
>
> libpcap version: 1.4.0 (on archlinux)
I am running Fedora 19 (libpcap-1.4.0).
>
> Is it possible to have multiple call to "pcap_open_live()" followed by
> pcap_close() ?
It shouldn't be a problem.
>
> It seems like pcap_close() doesn't cleanly close opened resources, if you
> strace the following program, you will see file descriptors growing up.
I am unable to reproduce the issue. In strace output I see only descriptor 3
which is acquired and closed on every iteration. Tried with two NICs, wired and
wireless.
>
> Am i doing it wrong? How it should be done?
>From output you have provided I have a suspicion that your problem is somehow
caused by calling open() on those /sys/bus/usb/* files. I don't have those in my
strace output, probably because interface you have used is hotplugged wireless
usb dongle, I guess (judging by interface name from udev).
I might be able to try again with wireless USB dongle tomorrow. Will keep you
posted on my findings.
>
> Thanks,
Cheers,
Michal
>
> To reproduce:
> // Compile with gcc -o openlive openlive.c -l pcap
> #include
>
> int main(int argc, char *argv[]) {
> int i=0;
> for (i = 0; i != 2000; ++i) {
> char errbuf[256];
> pcap_t *pcap = pcap_open_live("wls3", 1024, 1, 0, errbuf);
> pcap_close(pcap);
> }
> return 0;
> }
>
> $ strace ./openlive
> [...]
> open("/sys/bus/usb/devices/4-2/devnum", O_RDONLY) = 16
> fstat(16, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7f5e040f
> read(16, "8\n", 4096) = 2
> [...]
> open("/sys/bus/usb/devices/usb4/speed", O_RDONLY) = 91
> fstat(91, {st_mode=S_IFREG|0444, st_size=4096, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x7fc006371000
> read(91, "480\n", 4096) = 4
>
>
> --
> Benjamin Vanheuverzwijn
> ___
> tcpdump-workers mailing list
> tcpdump-workers@lists.tcpdump.org
> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
On Mon, Nov 18, 2013 at 12:15 PM, Michal Sekletar wrote: > On Mon, Nov 18, 2013 at 12:38:24AM -0500, Benjamin Vanheuverzwijn wrote: > > Hi, > > Hi Benjamin, > Hi, thanks for your reply! > > > > > libpcap version: 1.4.0 (on archlinux) > > I am running Fedora 19 (libpcap-1.4.0). > > > > > Is it possible to have multiple call to "pcap_open_live()" followed by > > pcap_close() ? > > It shouldn't be a problem. > > > > > It seems like pcap_close() doesn't cleanly close opened resources, if you > > strace the following program, you will see file descriptors growing up. > > I am unable to reproduce the issue. In strace output I see only descriptor > 3 > which is acquired and closed on every iteration. Tried with two NICs, > wired and > wireless. > > > > > Am i doing it wrong? How it should be done? > > From output you have provided I have a suspicion that your problem is > somehow > caused by calling open() on those /sys/bus/usb/* files. I don't have those > in my > strace output, probably because interface you have used is hotplugged > wireless > usb dongle, I guess (judging by interface name from udev). > > I might be able to try again with wireless USB dongle tomorrow. Will keep > you > posted on my findings. > Actually "wls3" is a pci device: 03:00.0 Network controller: Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection (rev 61) But as you found out, i also had a USB dongle plugged in. I tried to remove the USB dongle but i have the same problem. I've attached a strace output file with 10 iterations. I'll keep experimenting. -- Benjamin Vanheuverzwijn ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
I've attached a list of opened files while i'm running "bug", they're mostly pipes. I was running on Linux 3.11.6, just upgraded to 3.12.0 and the same problem occur. -- Benjamin Vanheuverzwijn ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
On Nov 17, 2013, at 9:38 PM, Benjamin Vanheuverzwijn wrote: > libpcap version: 1.4.0 (on archlinux) > > Is it possible to have multiple call to "pcap_open_live()" followed by > pcap_close() ? Yes, modulo bugs in libpcap or libraries it uses. > It seems like pcap_close() doesn't cleanly close opened resources, if you > strace the following program, you will see file descriptors growing up. Bug in the "support on Linux for USB-attached CANbus devices" code; fixed in the libpcap trunk, and will be fixed in the 1.5 release when it comes out. ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
On Mon, Nov 18, 2013 at 4:22 PM, Guy Harris wrote: > > On Nov 17, 2013, at 9:38 PM, Benjamin Vanheuverzwijn > wrote: > > > libpcap version: 1.4.0 (on archlinux) > > > > Is it possible to have multiple call to "pcap_open_live()" followed by > > pcap_close() ? > > Yes, modulo bugs in libpcap or libraries it uses. > > > It seems like pcap_close() doesn't cleanly close opened resources, if you > > strace the following program, you will see file descriptors growing up. > > Bug in the "support on Linux for USB-attached CANbus devices" code; fixed > in the libpcap trunk, and will be fixed in the 1.5 release when it comes > out. > I've just tested against libpcap commit 11031d0f71387161c282248cddc2fa0f7bf014ce (Mon Nov 11 11:21:43 2013 -0800) that i got from here https://github.com/the-tcpdump-group/libpcap.gitand the problem still exists. I'm still not sure if the problem comes from my distro or the libpcap code. If you can't reproduce i would say that the problem comes from my distro, but i'm not sure where to look. -- Benjamin Vanheuverzwijn ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
On Nov 18, 2013, at 2:06 PM, Benjamin Vanheuverzwijn wrote:
> I've just tested against libpcap commit
> 11031d0f71387161c282248cddc2fa0f7bf014ce (Mon Nov 11 11:21:43 2013 -0800)
> that i got from here https://github.com/the-tcpdump-group/libpcap.git and the
> problem still exists.
It's still doing stuff with /sys/bus/usb?
If you add
printf("%s\n", pcap_lib_version());
to your test program (outside the loop), what does it print?
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Multiple call to pcap_open_live
On Mon, Nov 18, 2013 at 5:14 PM, Guy Harris wrote:
>
> On Nov 18, 2013, at 2:06 PM, Benjamin Vanheuverzwijn
> wrote:
>
> > I've just tested against libpcap commit
> 11031d0f71387161c282248cddc2fa0f7bf014ce (Mon Nov 11 11:21:43 2013 -0800)
> that i got from here https://github.com/the-tcpdump-group/libpcap.git and
> the problem still exists.
>
> It's still doing stuff with /sys/bus/usb?
>
> If you add
>
> printf("%s\n", pcap_lib_version());
>
> to your test program (outside the loop), what does it print?
>
Ooops my bad, i've done LD_LIBRARY_PATH=/usr/local/lib, before sudo'ing ;)
i can confirm it is fixed in the git version!
Thanks for your help guys!
--
Benjamin Vanheuverzwijn
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
