Closed BruceBeanSun closed 3 years ago
Thanks for reporting this. Please answer a few questions so we can better diagnose the issue:
pcap_freealldevs()
after each call to pcap_findalldevs()
?pcap_lib_version()
) that you are loading the correct DLLs for Npcap 1.20? Mixing installations, broken installations, and not using WinPcap API Compatibility mode at install can lead to mismatches that make debugging difficult.Thank you for your reply. Here is the answer to the question:
and there is a problem when installing npcap1.00.
So were you able to resolve the problem? You say that
When npcap-1.00 is installed, the result of pcap_lib_version() is "npcap version 0.92, based on Libpcap version 1.9.1".
so it sounds as if you were able to install it.
If so, does the leak occur with 1.00?
Yes, ncap1.00 can be successfully installed. There is a memory leak problem after installing ncap1.00.
So apparently not introduced in 1.10 or 1.20, but possibly introduced in one of the 0.9x releases following 0.92, or in 1.00.
I tried using the C runtime leak detection with the master-branch pcap.c and pcap-npf.c, and with the findalldevstest test program, but it didn't find any leaks (it found deliberately-introduced leaks in both the pcap DLL and findalldevstest, but reported no leaks when those were removed).
Perhaps this is a leak in packet.dll?
I also guess it was introduced in one of the 0.9x releases following 0.92 or 1.00 release. Version 1.00 upgrades Libpcap library from 1.8.1 to 1.9.1.Is it the problem introduced by the Libpcap library version upgrade?
Is it the problem introduced by the Libpcap library version upgrade?
Probably not, as I couldn't find a leak within the libpcap code with the test I mentioned above. It may, as I suggested, be in packet.dll (there are three layers the libpcap component, wpcap.dll/npcap.dll, uses packet.dll to communicate with the driver, npcap.sys).
I can't be sure, but I think it was introduced in this change, which added calls to GlobalReAlloc()
: df3c348771b6b5035433afad2
If the reallocation fails, the original memory is leaked because the statement overwrites the original pointer with NULL
. I changed this to correctly assign to a temporary pointer and free the original buffer when it fails in 867e3d3609a1e11cb977bec36eba33923ddffb25, so I'm hopeful this will be resolved in the next release.
OK. Thank you!
@BruceBeanSun Can you confirm whether Npcap 1.31 or 1.30 resolved this issue?
I am closing this issue with the assumption that the bug I fixed is the correct one. You are welcome to open a new issue if you see further problems with Npcap 1.50 or later.
I installed npcap 1.10 on Windows 10 and called pcap_findalldevs every 5 minutes gets the network device information and sends it to the server. After running for a weekend, the memory usage increased from 2M to 50M. The same problem exists in Windows Server 2008R2 and npcap1.20. Npcap0.92 used before is normal, and there is no memory leak on Windows 10 and windows server 2008R2. I hope to be able to modify this issue.