Red Hat Bugzilla – Bug 54161
libpcap hangs if no filter set, pcap_next loses every other packet
Last modified: 2008-05-01 11:38:00 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9 i686)
Description of problem:
When using the PACKET_RX_RING interface, poll() on the packet fd will never
succeed if there is no kernel BPF filter installed.
Due to a fencepost error in packet_ring_recv, the pcap_dispatch and
pcap_loop interfaces will actually receive one more packet than requested.
The pcap_next function, which only returns one packet, effectively loses
the first one.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. write a program that uses libpcap but doesn't set a filter
2. write a program that loops calling pcap_next and prints destination
address of packet
3. run the programs and compare output to that of "tcpdump -nes 1"
Actual Results: the first program never prints anything
the second program only prints every other packet
Expected Results: the programs should print lines for every packet
Created attachment 32998 [details]
test program to demonstrate bug (& partial workaround), patch to libpcap
should be fixed in 3.6.2-10 or newer