[Oisf-devel] Is pcap_setfilter call is not thread safe issue in source_pfring
Chris Wakelin
c.d.wakelin at reading.ac.uk
Mon Jun 4 16:31:06 UTC 2012
I'm trying Suricata SVN (plus Anoop's SSL patches) now. I think this may
have been the cause of my intermittent crashes when starting Suricata
with PF_RING and a BPF filter:
> Program terminated with signal 6, Aborted.
> #0 0x00007f08eb5d7a75 in raise () from /lib/libc.so.6
> #0 0x00007f08eb5d7a75 in raise () from /lib/libc.so.6
> No symbol table info available.
> #1 0x00007f08eb5db5c0 in abort () from /lib/libc.so.6
> No symbol table info available.
> #2 0x00007f08eb61174b in ?? () from /lib/libc.so.6
> No symbol table info available.
> #3 0x00007f08eb6a37e7 in __fortify_fail () from /lib/libc.so.6
> No symbol table info available.
> #4 0x00007f08eb6a3779 in ?? () from /lib/libc.so.6
> No symbol table info available.
> #5 0x00007f08eb6a36e3 in __longjmp_chk () from /lib/libc.so.6
> No symbol table info available.
> #6 0x00007f08ec40b6bb in bpf_error () from /usr/local/lib/libpcap.so.1
> No symbol table info available.
> #7 0x00007f08ec41de41 in pcap_parse () from /usr/local/lib/libpcap.so.1
> No symbol table info available.
> #8 0x00007f08ec40bc78 in pcap_compile () from /usr/local/lib/libpcap.so.1
> No symbol table info available.
> #9 0x00007f08ec40c5eb in pcap_compile_nopcap () from /usr/local/lib/libpcap.so.1
> No symbol table info available.
> #10 0x00007f08ec4201fe in pfring_mod_set_bpf_filter () from /usr/local/lib/libpcap.so.1
> No symbol table info available.
> #11 0x0000000000418088 in ReceivePfringThreadInit (tv=0x2477380c0, initdata=0x23e8b82a0, data=0x22adc3bb8) at source-pfring.c:387
> rc = <value optimised out>
> version = 328706
> ptv = <value optimised out>
> __FUNCTION__ = "ReceivePfringThreadInit"
> #12 0x00000000004fbfa9 in TmThreadsSlotPktAcqLoop (td=0x2477380c0) at tm-threads.c:582
> s = 0x22adc3b80
> r = <value optimised out>
> slot = 0x22adc3b80
> __FUNCTION__ = "TmThreadsSlotPktAcqLoop"
> #13 0x00007f08ebda59ca in start_thread () from /lib/libpthread.so.0
> No symbol table info available.
> #14 0x00007f08eb68acdd in clone () from /lib/libc.so.6
> No symbol table info available.
> #15 0x0000000000000000 in ?? ()
> No symbol table info available.
Best Wishes,
Chris
> On 06/04/2012 02:51 PM, Luca Deri wrote:
>> Victor,
>> I have put a match in PF_RING svn to address your request.
>>
>> Regards Luca
>>
>> On Jun 4, 2012, at 1:30 PM, Victor Julien wrote:
>>
>>> Luca told me it isn't, so I've added a lock to protect setting the filter.
>>>
>>> Cheers,
>>> Victor
>>>
>>> On 05/25/2012 10:00 AM, Delta Yeh wrote:
>>>> I think we should ask Luca :)
>>>>
>>>> 2012/5/25 Victor Julien <victor at inliniac.net>:
>>>>> On 05/25/2012 05:00 AM, Delta Yeh wrote:
>>>>>> Hi all,
>>>>>> I see a fix for pcap_setfilter calls as they are not thread safe
>>>>>> issue, but I only see the fix to pcap source.
>>>>>> Does pfring source also should be fixed.
>>>>>
>>>>> Good question. It depends on how this functionality is implemented in
>>>>> pf_ring. Do you have any info on that?
>>>>>
>>>>> --
>>>>> ---------------------------------------------
>>>>> Victor Julien
>>>>> http://www.inliniac.net/
>>>>> PGP: http://www.inliniac.net/victorjulien.asc
>>>>> ---------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Oisf-devel mailing list
>>>>> Oisf-devel at openinfosecfoundation.org
>>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>>
>>>
>>>
>>> --
>>> ---------------------------------------------
>>> Victor Julien
>>> http://www.inliniac.net/
>>> PGP: http://www.inliniac.net/victorjulien.asc
>>> ---------------------------------------------
>>
>
>
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list