Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

first hit packet never call callback #1254

Open
ShiverZm opened this issue Jan 10, 2024 · 6 comments
Open

first hit packet never call callback #1254

ShiverZm opened this issue Jan 10, 2024 · 6 comments

Comments

@ShiverZm
Copy link

version: lastest

env: centos 7.5

problem: use libpcap ,and first bpf hit of net behavoir never call callback function,

i found the regular problem,

just in pcap_linux.c

pcap_read_linux_mmap_v3

h.raw = RING_GET_CURRENT_FRAME(handle);
if (!packet_mmap_v3_acquire(h.h3))
     break;

this variate “handlep->filter_in_userland“ always equal 1 util packet hit and pcap_read_linux_mmap_v3 call , it changes to 0,

if (handlep->blocks_to_filter_in_userland > 0) {
				handlep->blocks_to_filter_in_userland--;
  if (handlep->blocks_to_filter_in_userland == 0) {
	  /*
		  * No more blocks need to be filtered
		  * in userland.
		  */
	  handlep->filter_in_userland = 0;
  }
}
@ShiverZm
Copy link
Author

in a addition, change
"this variate “handlep->filter_in_userland“ always equal 1 util packet hit and pcap_read_linux_mmap_v3 call , it changes to 0,"
to
"this variate “handlep->filter_in_userland“ always equal 1 util first packet hit and pcap_read_linux_mmap_v3 call , it changes to 0,"

@ShiverZm
Copy link
Author

and if handlep->filter_in_userland = 1
in pcap_handle_packet_mmap

	if (handlep->filter_in_userland && handle->fcode.bf_insns) {
		struct pcap_bpf_aux_data aux_data;

		aux_data.vlan_tag_present = tp_vlan_tci_valid;
		aux_data.vlan_tag = tp_vlan_tci & 0x0fff;

		if (pcapint_filter_with_aux_data(handle->fcode.bf_insns,
					      bp,
					      tp_len,
					      snaplen,
					      &aux_data) == 0)
			return 0;
	}

this code always return 0, so never call below callback.

@infrastation
Copy link
Member

In my quick test this problem does not reproduce. In particular, I used CentOS 7.5 from here without any updates (kernel 3.10.0-862), then git-cloned the latest libpcap and tcpdump, then built the tcpdump snapshot with the libpcap snapshot, then ran the compiled tcpdump with tcp port 80 as the live capture filter in one terminal and opened an HTTP connection in another terminal. tcpdump printed the first packet of the TCP session ([S]) as the first packet of the capture, which was the expected result.

Could you provide complete and detailed steps to reproduce the problem in addition to the code analysis?

@guyharris
Copy link
Member

this code always return 0, so never call below callback.

If that code returns 0, it's because pcapint_filter_with_aux_data() returned 0, meaning that the packet didn't match the packet filter, so the packet shouldn't be provided.

@ShiverZm
Copy link
Author

it is wired, happened to project of company, the last change i do is that modify device.name = "any" so that can capture packet of any net adapter , and then this wired problem come up. i write a demo nothing happened like this. i have to change the code to fix up my problem.

pcap_setfilter_linux_mmap(){
//...

// this change i do that can fix up my problem
// handlep->filter_in_userland = 1;
}

@infrastation
Copy link
Member

Steps to reproduce the problem please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@infrastation @guyharris @ShiverZm