Hello all,
Exported libpcap + tcpdump from CVS about 12 hours ago (20001231).
After creating an RPM of it and running on RHL62 system, I noticed it
very often crashes after printing a couple of lines:
---
$ ./tcpdump
tcpdump: listening on eth0
01:28:17.100229 xxx.fi.45811 > netcore.fi.ssh: . ack 784755934 win 17240 (DF)
01:28:17.100359 netcore.fi.ssh > xxx.fi.45811: P 1:65(64) ack 0 win 32120 (DF)
Segmentation fault (core dumped)
---
Enabling debugging shows there might in print-domain (v.1.62):
$ gdb ./tcpdump core
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `./tcpdump -i any'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libcrypto.so.0...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /lib/libnss_nisplus.so.2...done.
Reading symbols from /lib/libnss_nis.so.2...done.
Reading symbols from /lib/libnss_dns.so.2...done.
Reading symbols from /lib/libresolv.so.2...done.
#0 ns_nskip (cp=0x0, bp=0x81305fc "a\236\001") at ./print-domain.c:156
156 if (((i = *cp++) & INDIR_MASK) == INDIR_MASK)
(gdb) up
#1 0x804db8a in ns_rprint (cp=0x0, bp=0x81305fc "a\236\001") at
./print-domain.c:427
427 cp = ns_nskip(cp, bp);
(gdb) up
#2 0x804e263 in ns_print (bp=0x81305fc "a\236\001", length=45) at
./print-domain.c:653
653 if ((cp = ns_rprint(cp, bp)) == NULL)
(gdb) up
#3 0x805d40b in udp_print (bp=0x81305f4 "\n�", length=53, bp2=0x81305e0
"E", fragmented=0)
at ./print-udp.c:634
634 ns_print((const u_char *)(up + 1),
length);
(gdb) up
#4 0x805163f in ip_print (bp=0x81305e0 "E", length=73) at
./print-ip.c:370
370 udp_print(cp, len, (const u_char *)ip,
(off &~ 0x6000));
(gdb) up
#5 0x804f3b9 in ether_encap_print (ethertype=2048, p=0x81305e0 "E",
length=73, caplen=52,
extracted_ethertype=0xbffff75e) at ./print-ether.c:164
164 ip_print(p, length);
(gdb) up
#6 0x806d8a5 in sll_if_print (user=0x0, h=0xbffff7ac, p=0x81305d0 "") at
./print-sll.c:226
226 } else if (ether_encap_print(ether_type, p, length,
caplen,
(gdb) up
#7 0x806e9cf in pcap_read_packet (handle=0x8130440, callback=0x806d5f0
<sll_if_print>,
userdata=0x0) at ./pcap-linux.c:481
481 callback(userdata, &pcap_header, handle->buffer +
handle->offset);
(gdb) up
#8 0x806e6d3 in pcap_read (handle=0x8130440, max_packets=-1,
callback=0x806d5f0 <sll_if_print>,
user=0x0) at ./pcap-linux.c:259
259 status = pcap_read_packet(handle, callback, user);
#9 0x806f8c1 in pcap_loop (p=0x8130440, cnt=-1, callback=0x806d5f0
<sll_if_print>, user=0x0)
at ./pcap.c:79
79 n = pcap_read(p, cnt, callback,
user);
(gdb) up
#10 0x804a5fa in main (argc=3, argv=0xbffffa44) at ./tcpdump.c:429
429 if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
core file etc. can be supplied if they'd help in debugging this.
Ideas?
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
