[Winpcap-users] BUG rpcapd - inproper internal structurepcap_tusage

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Jun 23 08:30:17 PDT 2010 

I actually really want to include the patch, the problem of rpcapd depending on pcap-int.h has been a pet peeve for me too on windows for the same exact problem you had (different definitions of pcap_t causing crashes in rpcapd.exe). And it looks like the only thing that needs to be ironed out in the patch that you provided is bufsize, everything else looks good. Config.h is not available on the win32 build, so it's not an option.

I will look more into how to solve the issue, maybe using a default value for bufsize instead of taking it from pcap_t or using snaplen.

Have a nice day
GV




From: Tomas Konir 
Sent: Tuesday, June 22, 2010 10:09 PM
To: winpcap-users at winpcap.org 
Subject: Re: [Winpcap-users] BUG rpcapd - inproper internal structurepcap_tusage


Hi 
Another way would be only include config.h as first include in daemon.c.
I have used the more complicated way because i would like to see
 rpcapd independent of internal libpcap structures.


You are right, that it may affect TCP performance.
If you don't mind about dependency on pcap.
You can only include config.h and drop other changes. in this patch.


MOJE


2010/6/22 Gianluca Varenni <gianluca.varenni at cacetech.com>

  Tomas,

  I'm working on applying your patches to our codebase. I'm not completely sure about changing bufsize to snaplen. First of all, I think that 

  - startcapreply->bufsize= htonl(fp->bufsize);
  + //startcapreply->bufsize= htonl(fp->bufsize);
  + startcapreply->bufsize= startcapreq.snaplen;

  should actually read

  + startcapreply->bufsize= htonl(startcapreq.snaplen);

  Then if bufsize is snaplen, I think that the TCP performance would be affected (it looks like bufsize is used to set SO_RCVBUF of the socket itself).

  Have a nice day
  GV


  From: Tomas Konir 
  Sent: Wednesday, April 28, 2010 2:31 AM
  To: winpcap-users at winpcap.org 
  Subject: [Winpcap-users] BUG rpcapd - inproper internal structure pcap_tusage


  rpcapd use pcap-int.h and than directly pcap_t structure. 
  size of pcap_t and position of individual fields is not independent
  and depends on config.h generated by configure.
  The result is rewritten memory and bugs like: socket error, invalid socket, SIGSEGV and similar.


  I tried to remove usage of internal pcap_t structure and use rpcapd owns.


  Patch is attached, and i have two notes.


  1. timezone is set to zero (but no code in libpcap/winpcap use it)
  2. bufsize is set to snaplen instead of internal pcap_t->bufsize.


  MOJE


  P.S. another way would by use config.h from libpcap, but i don't prefer it.
    

  -- 
  Tomas Konir
  Prague
  Czech Republic
  ICQ:      25849167
  Jabber: Tomas.Konir at gmail.com



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users



  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users





-- 
Tomas Konir
Prague
Czech Republic
ICQ:      25849167
Jabber: Tomas.Konir at gmail.com



--------------------------------------------------------------------------------


_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100623/025fb2a9/attachment-0001.htm

More information about the Winpcap-users mailing list