Duplicate packets from afpacket.TPacket.ZeroCopyReadPacketData() #917
Description
afpacket.TPacket.ZeroCopyReadPacketData() seems to return duplicate packets. When running in a loop, the function returns twice (iterating the loop twice) for each packet.
By modifying the example in examples/afpacket/afpacket.go with the following patch:
--- main.go.orig 2021-10-27 08:55:43.527613441 +0200
+++ main.go 2021-10-27 08:59:59.462272193 +0200
@@ -176,6 +176,11 @@
}
bytes += uint64(len(data))
packets++
+ packet := gopacket.NewPacket(data, layers.LayerTypeEthernet, gopacket.Default)
+ tcpLayer := packet.Layer(layers.LayerTypeTCP)
+ tcp, _ := tcpLayer.(*layers.TCP)
+ payload := tcp.Payload
+ log.Printf("Payload: '%s'\n", payload)
if *count%*verbose == 0 {
_, afpacketStats, err := afpacketHandle.SocketStats()
if err != nil {and then running a netcat server:
$ nc -4lp 4321
foo
with a netcat client:
$ nc -t 127.0.0.1 4321
foo
I get the following output
$ sudo ./afpacket -f "dst host 127.0.0.1 and dst port 4321" -s -1 -i lo -log_every 1
2021/10/27 09:00:17 Starting on interface "lo"
2021/10/27 09:00:24 Payload: 'foo
'
2021/10/27 09:00:24 Read in 70 bytes in 1 packets
2021/10/27 09:00:24 Stats {received dropped queue-freeze}: {2 0 1}
2021/10/27 09:00:24 Payload: 'foo
'
2021/10/27 09:00:24 Read in 140 bytes in 2 packets
2021/10/27 09:00:24 Stats {received dropped queue-freeze}: {2 0 1}
So it seems like
data, _, err := source.ZeroCopyReadPacketData()
will actually return the packet data twice, source here being a afpacket.TPacket.
Running
$ sudo tcpdump -i lo dst port 4321
at the same time shows only one packet:
09:00:23.945888 IP localhost.58110 > localhost.rwhois: Flags [P.], seq 12:16, ack 1, win 512, options [nop,nop,TS val 2938365429 ecr 2937467628], length 4
System:
$ go version
go version go1.15.15 linux/amd64
$ uname -a
Linux x1c 5.14.2-arch1-2 #1 SMP PREEMPT Thu, 09 Sep 2021 09:42:35 +0000 x86_64 GNU/Linux