tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP-UX crash on inject while receiving

From: "Harley Stenzel" <hstenzel () gmail com>
Date: Mon, 31 Jul 2006 11:16:16 -0400
On 7/28/06, Guy Harris <guy () alum mit edu> wrote:

On Jul 28, 2006, at 12:51 PM, Harley Stenzel wrote:
> Show that this happens when 2 threads use pcap_t at the same time:



libpcap is, for better or worse, not thread-safe,


Good to know, thanks.


Using *different* pcap_t's in two threads should work, although pcap-
dlpi.c has static variables that it uses on HP-UX (ctlbuf and ctl),
which is a clear botch unless getmsg() is guaranteed not to modify ctl.


Also good to know.  Although with the one promiscous STREAMS accessor
per device on HP-UX, this doesn't suggest a solution.


However, the static variable isn't part of the inject code path, so
that shouldn't be causing the crash.  The claim from gdb is that

        dlp->dl_primitive = DL_HP_RAWDATA_REQ;

is crashing, but "dlp" just points to a buffer on the stack, which
*should* be thread-safe.  (The stack trace is a bit odd, given that
the crash is in dlrawdatareq().)


Right, I thought it was quite odd too, but figured it was a compiler
or debugger artifact.  I couldn't access the locals in dlrawdatareq()
with gdb.  All the debugger was able to give me was "buf" as an arg on
the previous stack frame and global "ctl", the strbuf.

(gdb) list -
1493    static int
1494    dlrawdatareq(int fd, const u_char *datap, int datalen)
1495    {
1496            struct strbuf ctl, data;
1497            long buf[MAXDLBUF];     /* XXX - char? */
1498            union DL_primitives *dlp;
1499            int dlen;
1500
1501            dlp = (union DL_primitives*) buf;
1502
(gdb) print ctl
$9 = {maxlen = 8192, len = 4, buf = 0x9fffffffef7e23a4 ""}
(gdb) print &ctl
$10 = (struct strbuf *) 0x9fffffffef7e0260
(gdb) print data
No symbol "data" in current context.
(gdb) print &data
No symbol "data" in current context.
(gdb) print dlp
No symbol "dlp" in current context.
(gdb) print &dlp
No symbol "dlp" in current context.
(gdb) print dlen
No symbol "dlen" in current context.
(gdb) print &dlen
No symbol "dlen" in current context.
(gdb) print buf
$6 = (const void *) 0x9fffffffef720890
(gdb) up
#1  0xc0000000028f6c90:0 in pcap_inject (p=0x6000000000013650,
  buf=0x9fffffffef720890, size=60) at ./pcap.c:782
782             return (p->inject_op(p, buf, size));
(gdb) print buf
$7 = (const void *) 0x9fffffffef720890

Also, it looks like ctl is only used by pcap_read_dlpi().  Is there a
reason it shouldn't be local (the way the data strbuf is)?

--Harley
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: