Wireshark · Ethereal-dev: [Ethereal-dev] tethereal segfaults when using ring buffer

Ethereal-dev: [Ethereal-dev] tethereal segfaults when using ring buffer

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Terje Krogdahl <terje@xxxxxxxxx>

Date: Mon, 8 Mar 2004 09:57:45 +0100

Hi!

tethereal segfaults when I try to use a timed ring buffer, ie:

tethereal -a filesize:1000000 -b 10:60 -i eth0 -w ring.cap

The crash occurs just after the second file  is opened:

...
close(4)                                = 0
munmap(0x4057f000, 4096)                = 0
time(NULL)                              = 1078735706
open("ring_00002_20040308094826.cap", O_RDWR|O_CREAT|O_TRUNC, 0600) = 4
fcntl64(4, F_GETFL)                     = 0x2 (flags O_RDWR)
fstat64(4, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4057f000
_llseek(4, 0, [0], SEEK_CUR)            = 0
lseek(4, 1, SEEK_CUR)                   = 1
lseek(4, 0, SEEK_SET)                   = 0
time(NULL)                              = 1078735706
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
[root@tzu root]# 

The time specified or the filesize does not seem to matter, crashes
occur anyway, as long as the timeout occurs before the filesize limit
is reached.

I've seen this behaviour on the following systems:

RedHat 8.0:
  Linux xxx.ipnett.no 2.4.20-28.8 #1 Thu Dec 18 12:53:39 EST 2003 i686
  i686 i386 GNU/Linux

  tethereal 0.9.16
  Compiled with GLib 1.2.10, with libpcap 0.6, with libz 1.1.4,
  with Net-SNMP 5.0.9, without ADNS
  Running with libpcap (version unknown) on Linux 2.4.20-28.8

Fedora:

  Linux yyy.ipnett.no 2.4.20-28.9 #1 Thu Dec 18 13:53:00 EST 2003 i686 i686 i386 GNU/Linux

  tethereal 0.10.2
  Compiled with GLib 1.2.10, with libpcap 0.7.2, with libz 1.2.0.7,
  without libpcre, without UCD-SNMP or Net-SNMP, without ADNS.
  NOTE: this build does not support the "matches" operator for Ethereal filter
  syntax.

  Running with libpcap (version unknown) on Linux 2.4.20-28.9.

And on RedHat Enterprise Linux ES3.0:
 
  Linux zzz 2.4.21-9.ELsmp #1 SMP Thu Jan 8 17:08:56 EST 2004 i686 i686 i386 GNU/Linux

  tethereal 0.10.0a
  Compiled with GLib 1.2.10, with libpcap 0.7.2, with libz 1.1.4, without libpcre,
  with Net-SNMP 5.0.9, without ADNS.
  NOTE: this build does not support the "matches" operator
  for Ethereal filter syntax.

  Running with libpcap (version unknown) on Linux 2.4.21-9.ELsmp

-- 
Terje Krogdahl
IPnett AS

  All roads lead to Rome
     - A clearly confused router (R. Perlman)

Follow-Ups:
- Re: [Ethereal-dev] tethereal segfaults when using ring buffer
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Patch to make ethereal-0.10.2 work on Cygwin w ith packet capture
Next by Date: RE: [Ethereal-dev] Patch to make ethereal-0.10.2 work on Cygwin w ith packet capture
Previous by thread: RE: [Ethereal-dev] Would it be possible to allow filter expressio ns like:
Next by thread: Re: [Ethereal-dev] tethereal segfaults when using ring buffer
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$