Closed Julian-Wollersberger closed 1 year ago
Interesting. Thanks for the report!
When I try it on my system, I get
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: PcapError("can't mmap rx ring: Invalid argument")', examples/double_free.rs:12:10
Which is safe behaviour and sort of the behaviour one would expect (supposedly the error is symptomatic of not enough memory). I use Rust 1.67, pcap 1.1.0 and libpcap 1.10.4 on Fedora 37.
I then ran it in a ubuntu:22.04
container and indeed I do get the double free.
My suspicion was then the libpcap version (we are three bugfixes apart). And indeed, the 1.10.2 changelog states that it fixes a double free: https://github.com/the-tcpdump-group/libpcap/blob/master/CHANGES#L135.
Therefore, I'm afraid the fix to this problem is to update libpcap. Would you be able to test with libpcap >= 1.10.2 keeping everything else identical? Perhaps by compiling from source?
Well, then the unsoundness is a problem that will fix itself with time. Thanks for confirming it.
My original problem was that I didn't know about immediate mode, and the example from the docs didn't seem to work with live capturing. A small buffer was the first thing that worked. I'll just use bigger buffers and immediate mode.
(I've tried to install a newer libpcap for an hour, but I give up.)
When using small numbers for
snaplen
andbuffer_size
, with immediate mode, the program crashes with the following message:tcache is a part of glibc's malloc. The exact values for snaplen and buffer_size don't follow a pattern I could recognize, but values smaller than 1000 seem to always crash.
Minimized example:
Run with:
This is probably a problem in libpcap, but since all the used pcap functions are marked safe, this violates Rust's safety guarantees.
I use Rust 1.69, pcap 1.1.0 and Ubuntu 22.04. The installed
libpcap
version is 1.10.1. (Strangely, ldd says the binary links tolibpcap.so.0.8
, but that file is a symlink tolibpcap.so.1.10.1
)